Sign in to follow this  
Followers 0
humanatek

Farbar Recovery Scan tool unsuccessful

18 posts in this topic

Hello! I initially requested help because my computer would shut down and restart itself automatically when it was in regular mode. It does not happen when it is in safe mode. I ran Malwarebytes but it did not detect any problems with my computer. Then I downloaded Farbar Recovery Scan Tool x64 onto a flashdrive and followed the instructions you sent. But my computer would not detect it. When I clicked on "try again", it would say "The device is not ready."

I thought there might be a problem with the drive so I turned on the computer on regular mode and put in another flashdrive and the computer did detect the disc in the drive then. So, I don't think it's the drive.

What can I do now?

--Thanks!

Share this post


Link to post
Share on other sites

Put FRST64.exe on the working usb flashdrive and use that one to scan your computer.

Put the flash drive into another usb port and try again.

Share this post


Link to post
Share on other sites

My computer keeps shutting down and restarting itself. I used Piriform Ccleaner to clean up the computer and although it said it removed stuff, the computer kept shutting down and restarting, so it did not fix the problem. I used the same cleaner again and it said it removed the same stuff. So it appears that whatever is in my computer is fooling this Ccleaner.

I also tried the current version of Malwarebytes, but Malwarebytes did not detect any problems with my computer.

Then I downloaded Farbar Recovery Scan Tool onto a flashdrive and tried to clean it up that way, but that did not work. The computer would not recognize that the flashdrive was in the port.

*My computer does work on safe mode with networking capabilities, but not in regular mode.

Anything else I can try?

Share this post


Link to post
Share on other sites

Start your computer in safe mode with networking.

Then do the following:

Step 1: Gmer

Download GMER Rootkit Scanner from here or here. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**

These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

  • Click Yes.
  • Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.

If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked.

  • Click the Scan button and let the program do its work. GMER will produce a log. Click on the [save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.

Pleae attach the gmer.txt to your reply:

  1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, browse to where you saved the file, and
  2. Click Upload.

Step 2: FRST (safe mode)

Copy the FRST.exe (or FRST64.exe) you have on your usb flash device to your desktop. Run the tool by double click and hit scan.

It will produce two logfiles - post their content here.

Share this post


Link to post
Share on other sites

Scan with aswMBR

Please download aswMBR.exe to your desktop.

  • Double-click the aswMBR.exe to run it
  • When prompted with The application can use the Avast! Free Antivirus for scanning >> select No
  • Now click on the Scan button to start scan
  • On completion of the scan click Save Log, save it to your desktop and post the contents in your next reply

Note: There will also be a file on your desktop named MBR.dat(or similir) do not delete this for now it is a actual backup of the MBR(master boot record).

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.exe and save it to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

Please post the contents of that log in your next reply.

Share this post


Link to post
Share on other sites

Scan with adwCleaner

Please download AdwCleaner to your desktop.

  • Run adwcleaner.exe.
  • Hit delete.
  • When the run is finished, it will open up a text file.
  • Please post its contents within your next reply.
  • You´ll find the log file at C:\AdwCleaner[s1].txt also.

When finished, do another scan run with FRST and post up the log also.

Share this post


Link to post
Share on other sites

<p>Ok, here are the results from my FRST cleaning:</p>

<p> </p>

<div>Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-05-2013</div>

<div>Ran by De Campo at 2013-06-04 19:03:36 Run:</div>

<div>Running from J:\</div>

<div>Boot Mode: Safe Mode (with Networking)</div>

<div>==========================================================</div>

<div> </div>

<div> </div>

<div>==================== Installed Programs =======================</div>

<div> </div>

<div> Update for Microsoft Office 2007 (KB2508958)</div>

<div>µTorrent (Version: 3.1.3)</div>

<div>64 Bit HP CIO Components Installer (Version: 7.2.8)</div>

<div>7500_7600_7700_Help1 (Version: 1.00.0000)</div>

<div>7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)</div>

<div>7-Zip 9.21 (Version: 9.21.00.0)</div>

<div>Adobe Flash Player 11 ActiveX 64-bit (Version: 11.2.202.233)</div>

<div>Adobe Reader X (10.1.6) (Version: 10.1.6)</div>

<div>Apple Application Support (Version: 2.3.3)</div>

<div>Apple Mobile Device Support (Version: 6.1.0.13)</div>

<div>Apple Software Update (Version: 2.1.3.127)</div>

<div>Belkin Setup and Router Monitor</div>

<div>Belkin USB Print and Storage Center (Version: 1.1.4)</div>

<div>Bing Bar (Version: 7.1.361.0)</div>

<div>Bitdefender Antivirus Free Edition (Version: 1.0.15.946)</div>

<div>Bonjour (Version: 3.0.0.10)</div>

<div>bpd_scan_Carrier (Version: 3.00.0000)</div>

<div>BPDSoftware (Version: 140.0.000.000)</div>

<div>BPDSoftware_Ini (Version: 1.00.0000)</div>

<div>BufferChm (Version: 140.0.213.000)</div>

<div>Catalina Savings Printer (Version: 1.0.0)</div>

<div>CCleaner (Version: 4.01)</div>

<div>Check Designer (Version: 1.00.000)</div>

<div>CouponBar (Version: 5.0.0.5)</div>

<div>Destinations (Version: 130.0.0.0)</div>

<div>DeviceDiscovery (Version: 140.0.213.000)</div>

<div>DocProc (Version: 140.0.100.000)</div>

<div>ezCheckPrinting (Version: 5.0.11)</div>

<div>ezPaycheck (Version: 3.3.12)</div>

<div>Fax (Version: 140.0.213.000)</div>

<div>Google Chrome (Version: 27.0.1453.94)</div>

<div>Google Desktop (Version: 5.9.1005.12335)</div>

<div>Google Earth (Version: 6.2.1.6014)</div>

<div>Google Talk (remove only)</div>

<div>GPBaseService2 (Version: 140.0.212.000)</div>

<div>HP Customer Participation Program 14.0 (Version: 14.0)</div>

<div>HP Imaging Device Functions 14.0 (Version: 14.0)</div>

<div>HP OfficeJet L7300/L7500/7600/7700 (Version: 14.0)</div>

<div>HP Smart Web Printing 4.60 (Version: 4.60)</div>

<div>HP Solution Center 14.0 (Version: 14.0)</div>

<div>HP Update (Version: 5.005.000.002)</div>

<div>HPDiagnosticAlert (Version: 1.00.0000)</div>

<div>HPProductAssistant (Version: 140.0.213.000)</div>

<div>HPSSupply (Version: 140.0.212.000)</div>

<div>iCloud (Version: 2.1.2.8)</div>

<div>iTunes (Version: 11.0.2.26)</div>

<div>Java 7 Update 7 (Version: 7.0.70)</div>

<div>Java Auto Updater (Version: 2.1.9.0)</div>

<div>Java 6 Update 31 (Version: 6.0.310)</div>

<div>JavaFX 2.1.1 (Version: 2.1.1)</div>

<div>L7700 (Version: 140.0.000.000)</div>

<div>Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)</div>

<div>MarketResearch (Version: 140.0.214.000)</div>

<div>McAfee Security Scan Plus (Version: 2.1.121.2)</div>

<div>Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)</div>

<div>Microsoft Application Error Reporting (Version: 12.0.6015.5000)</div>

<div>Microsoft IntelliPoint 8.2 (Version: 8.20.468.0)</div>

<div>Microsoft Office 2007 Service Pack 3 (SP3)</div>

<div>Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)</div>

<div>Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)</div>

<div>Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)</div>

<div>Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)</div>

<div>Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)</div>

<div>Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)</div>

<div>Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)</div>

<div>Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)</div>

<div>Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)</div>

<div>Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)</div>

<div>Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)</div>

<div>Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)</div>

<div>Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)</div>

<div>Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)</div>

<div>Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)</div>

<div>Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)</div>

<div>Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)</div>

<div>Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)</div>

<div>Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)</div>

<div>Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)</div>

<div>Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)</div>

<div>Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)</div>

<div>Microsoft Silverlight (Version: 5.1.20125.0)</div>

<div>Mozilla Firefox 12.0 (x86 en-US) (Version: 12.0)</div>

<div>Mozilla Maintenance Service (Version: 12.0)</div>

<div>MPM (Version: 1.00.0000)</div>

<div>MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)</div>

<div>MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)</div>

<div>MySoftware Fonts</div>

<div>Network64 (Version: 140.0.215.000)</div>

<div>Network64 (Version: 140.0.221.000)</div>

<div>NVIDIA 3D Vision Driver 311.06 (Version: 311.06)</div>

<div>NVIDIA Control Panel 311.06 (Version: 311.06)</div>

<div>NVIDIA Graphics Driver 311.06 (Version: 311.06)</div>

<div>NVIDIA Install Application (Version: 2.1002.108.688)</div>

<div>NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1106)</div>

<div>NVIDIA Update 1.11.3 (Version: 1.11.3)</div>

<div>NVIDIA Update Components (Version: 1.11.3)</div>

<div>OCR Software by I.R.I.S. 14.0 (Version: 14.0)</div>

<div>ProductContext (Version: 140.0.000.000)</div>

<div>PVSonyDll (Version: 1.00.0001)</div>

<div>QuickTime (Version: 7.73.80.64)</div>

<div>Realtek High Definition Audio Driver (Version: 6.0.1.5910)</div>

<div>Scan (Version: 140.0.167.000)</div>

<div>Shop for HP Supplies (Version: 14.0)</div>

<div>Skype™ 5.9 (Version: 5.9.114)</div>

<div>SmartWebPrinting (Version: 140.0.213.000)</div>

<div>Solid Savings (Version: 1.26.153.1)</div>

<div>SolutionCenter (Version: 140.0.214.000)</div>

<div>Status (Version: 140.0.256.000)</div>

<div>Toolbox (Version: 140.0.428.000)</div>

<div>TrayApp (Version: 140.0.213.000)</div>

<div>Unity Web Player (Version: 2.5.5b4_50)</div>

<div>Update for 2007 Microsoft Office System (KB967642)</div>

<div>Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)</div>

<div>Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)</div>

<div>Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)</div>

<div>Update for Microsoft Office 2007 Help for Common Features (KB963673)</div>

<div>Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition</div>

<div>Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition</div>

<div>Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition</div>

<div>Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition</div>

<div>Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition</div>

<div>Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition</div>

<div>Update for Microsoft Office Access 2007 Help (KB963663)</div>

<div>Update for Microsoft Office Excel 2007 Help (KB963678)</div>

<div>Update for Microsoft Office Infopath 2007 Help (KB963662)</div>

<div>Update for Microsoft Office OneNote 2007 Help (KB963670)</div>

<div>Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition</div>

<div>Update for Microsoft Office Outlook 2007 Help (KB963677)</div>

<div>Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817359) 32-Bit Edition</div>

<div>Update for Microsoft Office Powerpoint 2007 Help (KB963669)</div>

<div>Update for Microsoft Office Publisher 2007 Help (KB963667)</div>

<div>Update for Microsoft Office Script Editor Help (KB963671)</div>

<div>Update for Microsoft Office Word 2007 Help (KB963665)</div>

<div>Video Mover</div>

<div>VLC media player 2.0.1 (Version: 2.0.1)</div>

<div>WebReg (Version: 140.0.213.017)</div>

<div>Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)</div>

<div> </div>

<div>==================== Restore Points  =========================</div>

<div> </div>

<div>21-05-2013 01:36:13 Scheduled Checkpoint</div>

<div>30-05-2013 02:10:12 Scheduled Checkpoint</div>

<div> </div>

<div>==================== Faulty Device Manager Devices =============</div>

<div> </div>

<div>Name: Security Processor Loader Driver</div>

<div>Description: Security Processor Loader Driver</div>

<div>Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}</div>

<div>Manufacturer: </div>

<div>Service: spldr</div>

<div>Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)</div>

<div>Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.</div>

<div>Devices stay in this state if they have been prepared for removal.</div>

<div>After you remove the device, this error disappears.Remove the device, and this error should be resolved.</div>

<div> </div>

<div>Name: eHome Infrared Receiver (USBCIR)</div>

<div>Description: eHome Infrared Receiver (USBCIR)</div>

<div>Class Guid: {36fc9e60-c465-11cf-8056-444553540000}</div>

<div>Manufacturer: Microsoft</div>

<div>Service: usbcir</div>

<div>Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)</div>

<div>Resolution: Update the driver</div>

<div> </div>

<div>Name: Officejet Pro L7700</div>

<div>Description: Officejet Pro L7700</div>

<div>Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}</div>

<div>Manufacturer: HP</div>

<div>Service: </div>

<div>Problem: : This device is disabled. (Code 22)</div>

<div>Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.</div>

<div> </div>

<div>Name: Consumer IR Devices</div>

<div>Description: Consumer IR Devices</div>

<div>Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}</div>

<div>Manufacturer: Microsoft</div>

<div>Service: circlass</div>

<div>Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)</div>

<div>Resolution: Update the driver</div>

<div> </div>

<div>Name: SXUPTP Driver</div>

<div>Description: SXUPTP Driver</div>

<div>Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}</div>

<div>Manufacturer: Belkin International, Inc.</div>

<div>Service: sxuptp</div>

<div>Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)</div>

<div>Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.</div>

<div> </div>

<div> </div>

<div>==================== Event log errors: =========================</div>

<div> </div>

<div>Application errors:</div>

<div>==================</div>

<div>Error: (06/01/2013 09:31:35 AM) (Source: NVIDIA OpenGL Driver) (User: )</div>

<div>Description: The NVIDIA OpenGL driver lost connection with the display</div>

<div>driver due to exceeding the Windows Time-Out limit and is unable to continue.</div>

<div>The application must close.</div>

<div> </div>

<div> </div>

<div>Error code: 7</div>

<div>Visit http://nvidia.custhelp.com/cgi-bin/nvidia.cfg/php/enduser/std_adp.php?p_faqid=3007 for more information.</div>

<div> </div>

<div>Error: (05/31/2013 11:18:01 PM) (Source: NVIDIA OpenGL Driver) (User: )</div>

<div>Description: The NVIDIA OpenGL driver detected a problem with the display</div>

<div>driver and is unable to continue. The application must close.</div>

<div> </div>

<div> </div>

<div>Error code: 3</div>

<div>Visit http://www.nvidia.com/page/support.html for more information.</div>

<div> </div>

<div>Error: (05/29/2013 10:38:43 PM) (Source: NVIDIA OpenGL Driver) (User: )</div>

<div>Description: The NVIDIA OpenGL driver detected a problem with the display</div>

<div>driver and is unable to continue. The application must close.</div>

<div> </div>

<div> </div>

<div>Error code: 3</div>

<div>Visit http://www.nvidia.com/page/support.html for more information.</div>

<div> </div>

<div>Error: (05/29/2013 09:47:11 PM) (Source: Application Hang) (User: )</div>

<div>Description: The program PhotoScreensaver.scr version 6.1.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.</div>

<div> </div>

<div>Process ID: 146c</div>

<div> </div>

<div>Start Time: 01ce5cdfb708ea92</div>

<div> </div>

<div>Termination Time: 20</div>

<div> </div>

<div>Application Path: C:\Windows\system32\PhotoScreensaver.scr</div>

<div> </div>

<div>Report Id: f4380d42-c8e3-11e2-90f5-001e8c5c64ae</div>

<div> </div>

<div>Error: (05/20/2013 08:43:10 PM) (Source: Application Hang) (User: )</div>

<div>Description: The program chrome.exe version 26.0.1410.64 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.</div>

<div> </div>

<div>Process ID: 1298</div>

<div> </div>

<div>Start Time: 01ce55d469c3c07c</div>

<div> </div>

<div>Termination Time: 1821</div>

<div> </div>

<div>Application Path: C:\Users\De Campo\AppData\Local\Google\Chrome\Application\chrome.exe</div>

<div> </div>

<div>Report Id: 7ed19460-c1c8-11e2-a797-001e8c5c64ae</div>

<div> </div>

<div>Error: (05/20/2013 04:24:25 PM) (Source: Microsoft Security Client Setup) (User: DeCampo-PC)</div>

<div>Description: HRESULT:0x8004FF0A</div>

<div>Description:Security Essentials is still installed on your computer.. Security Essentials was not removed from your computer. It will continue to monitor your computer and help protect it from potential threats. Error code:0x8004FF0A.</div>

<div> </div>

<div>Error: (05/20/2013 04:05:43 PM) (Source: Microsoft Security Client Setup) (User: DeCampo-PC)</div>

<div>Description: HRESULT:0x8004FF11</div>

<div>Description:Can’t install Microsoft Security Essentials on a computer running in safe mode. Your computer is currently running in safe mode. To install Security Essentials, your computer must be running in normal mode. Please restart your computer in normal mode, and then try to run the Security Essentials Setup Wizard again. Error code:0x8004FF11.</div>

<div> </div>

<div>Error: (05/19/2013 10:42:03 PM) (Source: Windows Search Service) (User: )</div>

<div>Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.</div>

<div> </div>

<div> </div>

<div>Details:</div>

<div>The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)</div>

<div> </div>

<div>Error: (05/19/2013 10:42:03 PM) (Source: Windows Search Service) (User: )</div>

<div>Description: The index cannot be initialized.</div>

<div> </div>

<div> </div>

<div>Details:</div>

<div>The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)</div>

<div> </div>

<div>Error: (05/19/2013 10:42:03 PM) (Source: Windows Search Service) (User: )</div>

<div>Description: The application cannot be initialized.</div>

<div> </div>

<div>Context: Windows Application</div>

<div> </div>

<div> </div>

<div>Details:</div>

<div>The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)</div>

<div> </div>

<div> </div>

<div>System errors:</div>

<div>=============</div>

<div>Error: (06/04/2013 07:02:33 PM) (Source: Service Control Manager) (User: )</div>

<div>Description: The Computer Browser service depends on the Server service which failed to start because of the following error: </div>

<div>%%1068</div>

<div> </div>

<div>Error: (06/04/2013 07:02:33 PM) (Source: Service Control Manager) (User: )</div>

<div>Description: The Computer Browser service depends on the Server service which failed to start because of the following error: </div>

<div>%%1068</div>

<div> </div>

<div>Error: (06/04/2013 07:02:33 PM) (Source: Service Control Manager) (User: )</div>

<div>Description: The Computer Browser service depends on the Server service which failed to start because of the following error: </div>

<div>%%1068</div>

<div> </div>

<div>Error: (06/04/2013 07:00:27 PM) (Source: Service Control Manager) (User: )</div>

<div>Description: The Computer Browser service depends on the Server service which failed to start because of the following error: </div>

<div>%%1068</div>

<div> </div>

<div>Error: (06/04/2013 07:00:27 PM) (Source: Service Control Manager) (User: )</div>

<div>Description: The Computer Browser service depends on the Server service which failed to start because of the following error: </div>

<div>%%1068</div>

<div> </div>

<div>Error: (06/04/2013 07:00:27 PM) (Source: Service Control Manager) (User: )</div>

<div>Description: The Computer Browser service depends on the Server service which failed to start because of the following error: </div>

<div>%%1068</div>

<div> </div>

<div>Error: (06/04/2013 06:55:27 PM) (Source: Service Control Manager) (User: )</div>

<div>Description: The Computer Browser service depends on the Server service which failed to start because of the following error: </div>

<div>%%1068</div>

<div> </div>

<div>Error: (06/04/2013 06:55:27 PM) (Source: Service Control Manager) (User: )</div>

<div>Description: The Computer Browser service depends on the Server service which failed to start because of the following error: </div>

<div>%%1068</div>

<div> </div>

<div>Error: (06/04/2013 06:55:27 PM) (Source: Service Control Manager) (User: )</div>

<div>Description: The Computer Browser service depends on the Server service which failed to start because of the following error: </div>

<div>%%1068</div>

<div> </div>

<div>Error: (06/04/2013 06:53:45 PM) (Source: Service Control Manager) (User: )</div>

<div>Description: The Computer Browser service depends on the Server service which failed to start because of the following error: </div>

<div>%%1068</div>

<div> </div>

<div> </div>

<div>Microsoft Office Sessions:</div>

<div>=========================</div>

<div>Error: (04/11/2013 03:19:29 AM) (Source: Microsoft Office 12 Sessions)(User: )</div>

<div>Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 28250 seconds with 1680 seconds of active time.  This session ended with a crash.</div>

<div> </div>

<div> </div>

<div>CodeIntegrity Errors:</div>

<div>===================================</div>

<div>  Date: 2013-03-25 15:34:23.170</div>

<div>  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.</div>

<div> </div>

<div>  Date: 2013-03-25 15:34:23.097</div>

<div>  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.</div>

<div> </div>

<div>  Date: 2013-03-25 15:33:54.245</div>

<div>  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.</div>

<div> </div>

<div>  Date: 2013-03-25 15:33:54.169</div>

<div>  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.</div>

<div> </div>

<div>  Date: 2013-03-25 15:33:37.380</div>

<div>  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.</div>

<div> </div>

<div>  Date: 2013-03-25 15:33:37.294</div>

<div>  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.</div>

<div> </div>

<div> </div>

<div>==================== Memory info =========================== </div>

<div> </div>

<div>Percentage of memory in use: 22%</div>

<div>Total physical RAM: 3071.29 MB</div>

<div>Available physical RAM: 2385.26 MB</div>

<div>Total Pagefile: 6140.76 MB</div>

<div>Available Pagefile: 5445.12 MB</div>

<div>Total Virtual: 8192 MB</div>

<div>Available Virtual: 8191.83 MB</div>

<div> </div>

<div>==================== Drives ================================</div>

<div> </div>

<div>Drive c: () (Fixed) (Total:372.51 GB) (Free:302.18 GB) NTFS (Disk=0 Partition=2)</div>

<div>Drive j: () (Removable) (Total:3.73 GB) (Free:3.73 GB) FAT32 (Disk=5 Partition=1)</div>

<div> </div>

<div>==================== MBR & Partition Table ==================</div>

<div> </div>

<div>========================================================</div>

<div>Disk: 0 (MBR Code: Windows 7 or 8) (Size: 373 GB) (Disk ID: 6291CC88)</div>

<div>Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)</div>

<div>Partition 2: (Not Active) - (Size=373 GB) - (Type=07 NTFS)</div>

<div> </div>

<div>========================================================</div>

<div>Disk: 5 (Size: 4 GB) (Disk ID: 00000000)</div>

<div>Partition 1: (Not Active) - (Size=4 GB) - (Type=0B)</div>

<div> </div>

<div>==================== End Of Log ============================</div>

Share this post


Link to post
Share on other sites

<p>And here are the results from my AdwCleaner:</p>

<p> </p>

<div># AdwCleaner v2.301 - Logfile created 06/04/2013 at 18:50:44</div>

<div># Updated 16/05/2013 by Xplode</div>

<div># Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)</div>

<div># User : De Campo - DECAMPO-PC</div>

<div># Boot Mode : Safe mode with networking</div>

<div># Running from : C:\Users\De Campo\Desktop\adwcleaner.exe</div>

<div># Option [Delete]</div>

<div> </div>

<div> </div>

<div>***** [services] *****</div>

<div> </div>

<div>Stopped & Deleted : WajamUpdater</div>

<div> </div>

<div>***** [Files / Folders] *****</div>

<div> </div>

<div>File Deleted : C:\END</div>

<div>File Deleted : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml</div>

<div>File Deleted : C:\Users\De Campo\AppData\Roaming\Mozilla\Firefox\Profiles\zpz7tkyn.default\searchplugins\Babylon.xml</div>

<div>File Deleted : C:\Users\De Campo\AppData\Roaming\Mozilla\Firefox\Profiles\zpz7tkyn.default\searchplugins\Conduit.xml</div>

<div>File Deleted : C:\Users\De Campo\AppData\Roaming\Mozilla\Firefox\Profiles\zpz7tkyn.default\searchplugins\delta.xml</div>

<div>File Deleted : C:\Users\De Campo\AppData\Roaming\Mozilla\Firefox\Profiles\zpz7tkyn.default\searchplugins\Search_Results.xml</div>

<div>File Deleted : C:\Windows\Tasks\EPUpdater.job</div>

<div>Folder Deleted : C:\Program Files (x86)\Conduit</div>

<div>Folder Deleted : C:\Program Files (x86)\uTorrentControl2</div>

<div>Folder Deleted : C:\Program Files (x86)\Wajam</div>

<div>Folder Deleted : C:\Program Files (x86)\Yontoo</div>

<div>Folder Deleted : C:\ProgramData\Babylon</div>

<div>Folder Deleted : C:\ProgramData\boost_interprocess</div>

<div>Folder Deleted : C:\ProgramData\Tarma Installer</div>

<div>Folder Deleted : C:\Users\De Campo\AppData\Local\Conduit</div>

<div>Folder Deleted : C:\Users\De Campo\AppData\Local\Ilivid Player</div>

<div>Folder Deleted : C:\Users\De Campo\AppData\Local\Wajam</div>

<div>Folder Deleted : C:\Users\De Campo\AppData\LocalLow\Conduit</div>

<div>Folder Deleted : C:\Users\De Campo\AppData\LocalLow\PriceGong</div>

<div>Folder Deleted : C:\Users\De Campo\AppData\LocalLow\Toolbar4</div>

<div>Folder Deleted : C:\Users\De Campo\AppData\LocalLow\uTorrentControl2</div>

<div>Folder Deleted : C:\Users\De Campo\AppData\Roaming\Babylon</div>

<div>Folder Deleted : C:\Users\De Campo\AppData\Roaming\DealPly</div>

<div>Folder Deleted : C:\Users\De Campo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam</div>

<div>Folder Deleted : C:\Users\De Campo\AppData\Roaming\Mozilla\Firefox\Profiles\zpz7tkyn.default\ConduitCommon</div>

<div>Folder Deleted : C:\Users\De Campo\AppData\Roaming\Mozilla\Firefox\Profiles\zpz7tkyn.default\CT3072253</div>

<div>Folder Deleted : C:\Users\De Campo\AppData\Roaming\Mozilla\Firefox\Profiles\zpz7tkyn.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}</div>

<div>Folder Deleted : C:\Users\De Campo\AppData\Roaming\Mozilla\Firefox\Profiles\zpz7tkyn.default\extensions\plugin@yontoo.com</div>

<div>Folder Deleted : C:\Users\De Campo\AppData\Roaming\SearchProtect</div>

<div> </div>

<div>***** [Registry] *****</div>

<div> </div>

<div>Key Deleted : HKCU\Software\APN PIP</div>

<div>Key Deleted : HKCU\Software\AppDataLow\Software\Conduit</div>

<div>Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes</div>

<div>Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider</div>

<div>Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong</div>

<div>Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar</div>

<div>Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentControl2</div>

<div>Key Deleted : HKCU\Software\AppDataLow\Toolbar</div>

<div>Key Deleted : HKCU\Software\Conduit</div>

<div>Key Deleted : HKCU\Software\Cr_Installer</div>

<div>Key Deleted : HKCU\Software\DataMngr</div>

<div>Key Deleted : HKCU\Software\DataMngr_Toolbar</div>

<div>Key Deleted : HKCU\Software\InstallCore</div>

<div>Key Deleted : HKCU\Software\InstalledBrowserExtensions</div>

<div>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110211621178}</div>

<div>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{687578B9-7132-4A7A-80E4-30EE31099E03}</div>

<div>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}</div>

<div>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}</div>

<div>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}</div>

<div>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}</div>

<div>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}</div>

<div>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}</div>

<div>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110211621178}</div>

<div>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{687578B9-7132-4A7A-80E4-30EE31099E03}</div>

<div>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}</div>

<div>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}</div>

<div>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}</div>

<div>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}</div>

<div>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}</div>

<div>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}</div>

<div>Key Deleted : HKCU\Software\Wajam</div>

<div>Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}</div>

<div>Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}</div>

<div>Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}</div>

<div>Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}</div>

<div>Key Deleted : HKLM\Software\Babylon</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0026278.BHO</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0026278.BHO.1</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0026278.Sandbox</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0026278.Sandbox.1</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar.1</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898.3</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898.1</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440244624478}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1</div>

<div>Key Deleted : HKLM\Software\Conduit</div>

<div>Key Deleted : HKLM\Software\DataMngr</div>

<div>Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32</div>

<div>Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS</div>

<div>Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32</div>

<div>Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS</div>

<div>Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32</div>

<div>Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS</div>

<div>Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32</div>

<div>Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS</div>

<div>Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32</div>

<div>Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS</div>

<div>Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32</div>

<div>Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS</div>

<div>Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASAPI32</div>

<div>Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASMANCS</div>

<div>Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32</div>

<div>Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS</div>

<div>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211621178}</div>

<div>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}</div>

<div>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}</div>

<div>Key Deleted : HKLM\Software\PIP</div>

<div>Key Deleted : HKLM\Software\uTorrentControl2</div>

<div>Key Deleted : HKLM\Software\Wajam</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\5e2dadbb63bec43</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110211621178}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220222622278}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{55555555-5555-5555-5555-550255625578}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66666666-6666-6666-6666-660266626678}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211621178}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110211621178}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AE3FA6A1-E810-4F9F-9B29-CEA6625E47F3}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EF74CB1C-29B7-498A-AE47-A9445A709185}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110211621178}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578B9-7132-4A7A-80E4-30EE31099E03}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl2 Toolbar</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wajam</div>

<div>Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550255625578}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660266626678}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}</div>

<div>Key Deleted : HKLM\SOFTWARE\DataMngr</div>

<div>Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}</div>

<div>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}</div>

<div>Key Deleted : HKLM\SOFTWARE\Tarma Installer</div>

<div>Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{687578B9-7132-4A7A-80E4-30EE31099E03}]</div>

<div>Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]</div>

<div>Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}]</div>

<div>Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]</div>

<div>Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{687578B9-7132-4A7A-80E4-30EE31099E03}]</div>

<div>Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]</div>

<div>Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]</div>

<div> </div>

<div>***** [internet Browsers] *****</div>

<div> </div>

<div>-\\ Internet Explorer v9.0.8112.16483</div>

<div> </div>

<div>Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT3072253 --> hxxp://www.google.com</div>

<div> </div>

<div>-\\ Mozilla Firefox v12.0 (en-US)</div>

<div> </div>

<div>File : C:\Users\De Campo\AppData\Roaming\Mozilla\Firefox\Profiles\zpz7tkyn.default\prefs.js</div>

<div> </div>

<div>C:\Users\De Campo\AppData\Roaming\Mozilla\Firefox\Profiles\zpz7tkyn.default\user.js ... Deleted !</div>

<div> </div>

<div>Deleted : user_pref("CT3072253..clientLogIsEnabled", false);</div>

<div>Deleted : user_pref("CT3072253..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]</div>

<div>Deleted : user_pref("CT3072253..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]</div>

<div>Deleted : user_pref("CT3072253.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);</div>

<div>Deleted : user_pref("CT3072253.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");</div>

<div>Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129573915102477663", true);</div>

<div>Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129749445881800338", true);</div>

<div>Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129805375651312503", true);</div>

<div>Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_130067979083742856", true);</div>

<div>Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_1359634299000", true);</div>

<div>Deleted : user_pref("CT3072253.CTID", "CT3072253");</div>

<div>Deleted : user_pref("CT3072253.CurrentServerDate", "21-5-2013");</div>

<div>Deleted : user_pref("CT3072253.DSInstall", true);</div>

<div>Deleted : user_pref("CT3072253.DialogsAlignMode", "LTR");</div>

<div>Deleted : user_pref("CT3072253.DialogsGetterLastCheckTime", "Mon May 20 2013 17:19:27 GMT-0700 (Pacific Daylig[...]</div>

<div>Deleted : user_pref("CT3072253.DownloadReferralCookieData", "");</div>

<div>Deleted : user_pref("CT3072253.FirstServerDate", "21-5-2013");</div>

<div>Deleted : user_pref("CT3072253.FirstTime", true);</div>

<div>Deleted : user_pref("CT3072253.FirstTimeFF3", true);</div>

<div>Deleted : user_pref("CT3072253.FirstTimeHiddenVer", true);</div>

<div>Deleted : user_pref("CT3072253.FixPageNotFoundErrors", true);</div>

<div>Deleted : user_pref("CT3072253.GroupingServerCheckInterval", 1440);</div>

<div>Deleted : user_pref("CT3072253.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");</div>

<div>Deleted : user_pref("CT3072253.HPInstall", false);</div>

<div>Deleted : user_pref("CT3072253.HasUserGlobalKeys", true);</div>

<div>Deleted : user_pref("CT3072253.HomePageProtectorEnabled", false);</div>

<div>Deleted : user_pref("CT3072253.HomepageBeforeUnload", "chrome://branding/locale/browserconfig.properties");</div>

<div>Deleted : user_pref("CT3072253.Initialize", true);</div>

<div>Deleted : user_pref("CT3072253.InitializeCommonPrefs", true);</div>

<div>Deleted : user_pref("CT3072253.InstallationAndCookieDataSentCount", 1);</div>

<div>Deleted : user_pref("CT3072253.InstallationType", "Unknown");</div>

<div>Deleted : user_pref("CT3072253.InstalledDate", "Mon May 20 2013 17:19:27 GMT-0700 (Pacific Daylight Time)");</div>

<div>Deleted : user_pref("CT3072253.IsGrouping", false);</div>

<div>Deleted : user_pref("CT3072253.IsInitSetupIni", true);</div>

<div>Deleted : user_pref("CT3072253.IsMulticommunity", false);</div>

<div>Deleted : user_pref("CT3072253.IsOpenThankYouPage", true);</div>

<div>Deleted : user_pref("CT3072253.IsOpenUninstallPage", true);</div>

<div>Deleted : user_pref("CT3072253.IsProtectorsInit", true);</div>

<div>Deleted : user_pref("CT3072253.LanguagePackLastCheckTime", "Mon May 20 2013 17:19:27 GMT-0700 (Pacific Dayligh[...]</div>

<div>Deleted : user_pref("CT3072253.LanguagePackReloadIntervalMM", 1440);</div>

<div>Deleted : user_pref("CT3072253.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]</div>

<div>Deleted : user_pref("CT3072253.LastLogin_3.15.1.0", "Mon May 20 2013 17:19:29 GMT-0700 (Pacific Daylight Time)[...]</div>

<div>Deleted : user_pref("CT3072253.LatestVersion", "3.18.0.7");</div>

<div>Deleted : user_pref("CT3072253.Locale", "en");</div>

<div>Deleted : user_pref("CT3072253.MCDetectTooltipHeight", "83");</div>

<div>Deleted : user_pref("CT3072253.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");</div>

<div>Deleted : user_pref("CT3072253.MCDetectTooltipWidth", "295");</div>

<div>Deleted : user_pref("CT3072253.MyStuffEnabledAtInstallation", false);</div>

<div>Deleted : user_pref("CT3072253.OriginalFirstVersion", "3.15.1.0");</div>

<div>Deleted : user_pref("CT3072253.SearchCaption", "uTorrentControl2 Customized Web Search");</div>

<div>Deleted : user_pref("CT3072253.SearchEngineBeforeUnload", "uTorrentControl2 Customized Web Search");</div>

<div>Deleted : user_pref("CT3072253.SearchFromAddressBarIsInit", true);</div>

<div>Deleted : user_pref("CT3072253.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT307[...]</div>

<div>Deleted : user_pref("CT3072253.SearchInNewTabEnabled", true);</div>

<div>Deleted : user_pref("CT3072253.SearchInNewTabIntervalMM", 1440);</div>

<div>Deleted : user_pref("CT3072253.SearchInNewTabLastCheckTime", "Mon May 20 2013 17:19:29 GMT-0700 (Pacific Dayli[...]</div>

<div>Deleted : user_pref("CT3072253.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]</div>

<div>Deleted : user_pref("CT3072253.SearchInNewTabUserEnabled", false);</div>

<div>Deleted : user_pref("CT3072253.SearchProtectorEnabled", true);</div>

<div>Deleted : user_pref("CT3072253.SearchProtectorToolbarDisabled", false);</div>

<div>Deleted : user_pref("CT3072253.SendProtectorDataViaLogin", true);</div>

<div>Deleted : user_pref("CT3072253.ServiceMapLastCheckTime", "Mon May 20 2013 17:19:25 GMT-0700 (Pacific Daylight [...]</div>

<div>Deleted : user_pref("CT3072253.SettingsLastCheckTime", "Mon May 20 2013 17:19:25 GMT-0700 (Pacific Daylight Ti[...]</div>

<div>Deleted : user_pref("CT3072253.SettingsLastUpdate", "1369043102");</div>

<div>Deleted : user_pref("CT3072253.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3072253&SearchSource=13");</div>

<div>Deleted : user_pref("CT3072253.ThirdPartyComponentsInterval", 504);</div>

<div>Deleted : user_pref("CT3072253.ThirdPartyComponentsLastCheck", "Mon May 20 2013 17:19:24 GMT-0700 (Pacific Day[...]</div>

<div>Deleted : user_pref("CT3072253.ThirdPartyComponentsLastUpdate", "1331805997");</div>

<div>Deleted : user_pref("CT3072253.ToolbarShrinkedFromSetup", false);</div>

<div>Deleted : user_pref("CT3072253.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3072253");</div>

<div>Deleted : user_pref("CT3072253.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]</div>

<div>Deleted : user_pref("CT3072253.UserID", "UN52558179081925278");</div>

<div>Deleted : user_pref("CT3072253.ValidationData_Toolbar", 1);</div>

<div>Deleted : user_pref("CT3072253.alertChannelId", "1463702");</div>

<div>Deleted : user_pref("CT3072253.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B474[...]</div>

<div>Deleted : user_pref("CT3072253.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...]</div>

<div>Deleted : user_pref("CT3072253.backendstorage./9b+7e-x305", "247E29327641363937333545397E3F493B2F77317E2025203[...]</div>

<div>Deleted : user_pref("CT3072253.backendstorage./9b+7e.:2z527", "2423");</div>

<div>Deleted : user_pref("CT3072253.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...]</div>

<div>Deleted : user_pref("CT3072253.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...]</div>

<div>Deleted : user_pref("CT3072253.backendstorage./9b+7e06cg5el8:", "6E6D6B69736B7071706F");</div>

<div>Deleted : user_pref("CT3072253.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A7473716F797176777675242F4B4947[...]</div>

<div>Deleted : user_pref("CT3072253.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...]</div>

<div>Deleted : user_pref("CT3072253.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...]</div>

<div>Deleted : user_pref("CT3072253.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...]</div>

<div>Deleted : user_pref("CT3072253.backendstorage./9b+7e31;cj7fk;kg#ncep@mc+vkn", "247E61393F236B25737471712A212C6[...]</div>

<div>Deleted : user_pref("CT3072253.backendstorage./9b+7e31;cjhb>f!lad", "247E61393F236B2573737929202B6D404E434C317[...]</div>

<div>Deleted : user_pref("CT3072253.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...]</div>

<div>Deleted : user_pref("CT3072253.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...]</div>

<div>Deleted : user_pref("CT3072253.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...]</div>

<div>Deleted : user_pref("CT3072253.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...]</div>

<div>Deleted : user_pref("CT3072253.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347513[...]</div>

<div>Deleted : user_pref("CT3072253.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E7823322934495[...]</div>

<div>Deleted : user_pref("CT3072253.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...]</div>

<div>Deleted : user_pref("CT3072253.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...]</div>

<div>Deleted : user_pref("CT3072253.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...]</div>

<div>Deleted : user_pref("CT3072253.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...]</div>

<div>Deleted : user_pref("CT3072253.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...]</div>

<div>Deleted : user_pref("CT3072253.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...]</div>

<div>Deleted : user_pref("CT3072253.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...]</div>

<div>Deleted : user_pref("CT3072253.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...]</div>

<div>Deleted : user_pref("CT3072253.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4B524B4[...]</div>

<div>Deleted : user_pref("CT3072253.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...]</div>

<div>Deleted : user_pref("CT3072253.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...]</div>

<div>Deleted : user_pref("CT3072253.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...]</div>

<div>Deleted : user_pref("CT3072253.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...]</div>

<div>Deleted : user_pref("CT3072253.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934235[...]</div>

<div>Deleted : user_pref("CT3072253.backendstorage./9b-0?3g>d", "673A6B727240426D7A7845784A2048754E7D257C7E7E7D2A24[...]</div>

<div>Deleted : user_pref("CT3072253.backendstorage./9b-0?3g@6:5;", "");</div>

<div>Deleted : user_pref("CT3072253.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");</div>

<div>Deleted : user_pref("CT3072253.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F297B7E7D21202F26313E424[...]</div>

<div>Deleted : user_pref("CT3072253.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");</div>

<div>Deleted : user_pref("CT3072253.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484779213F3E484F4E4D464[...]</div>

<div>Deleted : user_pref("CT3072253.backendstorage./9b5ba==9cjag", "3C6D3E3D703F44767A7245484948497C49774D7C7E");</div>

<div>Deleted : user_pref("CT3072253.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6B69736B70717072707776");</div>

<div>Deleted : user_pref("CT3072253.backendstorage./9b9643g3/9e", "6A");</div>

<div>Deleted : user_pref("CT3072253.backendstorage./9b;45>:bi9i7ie", "2B2E2C3D");</div>

<div>Deleted : user_pref("CT3072253.backendstorage./9b<:222h64<", "393F352F3E");</div>

<div>Deleted : user_pref("CT3072253.backendstorage./9b<:222h64<l8daj", "6D70706F7674707975772A7A7B727C75757D78");</div>

<div>Deleted : user_pref("CT3072253.backendstorage./9b=+03eh8h8j?:", "4443");</div>

<div>Deleted : user_pref("CT3072253.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...]</div>

<div>Deleted : user_pref("CT3072253.backendstorage./9b?b0d:8aj62<h", "6D");</div>

<div>Deleted : user_pref("CT3072253.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");</div>

<div>Deleted : user_pref("CT3072253.backendstorage.bt_stats", "7B226C6173745F6C6F67223A313336393039353537332C227575[...]</div>

<div>Deleted : user_pref("CT3072253.backendstorage.cbfirsttime", "4D6F6E204D617920323020323031332031373A31393A33372[...]</div>

<div>Deleted : user_pref("CT3072253.backendstorage.mam_gk_appsdata", "7B2261707073223A5B7B226964223A225072696365476[...]</div>

<div>Deleted : user_pref("CT3072253.backendstorage.mam_gk_appsdefaultenabled", "74727565");</div>

<div>Deleted : user_pref("CT3072253.backendstorage.mam_gk_appstate_couponbuddy", "6F6E");</div>

<div>Deleted : user_pref("CT3072253.backendstorage.mam_gk_appstate_easytobook", "6F6E");</div>

<div>Deleted : user_pref("CT3072253.backendstorage.mam_gk_appstate_easytobook_targeted", "6F6E");</div>

<div>Deleted : user_pref("CT3072253.backendstorage.mam_gk_appstate_pricegong", "6F6E");</div>

<div>Deleted : user_pref("CT3072253.backendstorage.mam_gk_appstate_windowshopper", "6F6E");</div>

<div>Deleted : user_pref("CT3072253.backendstorage.mam_gk_appstatereporttime", "31333639303935353734393033");</div>

<div>Deleted : user_pref("CT3072253.backendstorage.mam_gk_configuration", "7B22636F6E66696775726174696F6E223A5B7B22[...]</div>

<div>Deleted : user_pref("CT3072253.backendstorage.mam_gk_currentversion", "312E362E302E31");</div>

<div>Deleted : user_pref("CT3072253.backendstorage.mam_gk_eventscache", "7B2236376666333838382D623737342D346165392D[...]</div>

<div>Deleted : user_pref("CT3072253.backendstorage.mam_gk_first_time", "31");</div>

<div>Deleted : user_pref("CT3072253.backendstorage.mam_gk_gadgetopen", "30");</div>

<div>Deleted : user_pref("CT3072253.backendstorage.mam_gk_lastlogintime", "31333639303935353734303638");</div>

<div>Deleted : user_pref("CT3072253.backendstorage.mam_gk_localization", "7B22676164676574436F6E74656E74506F6C69637[...]</div>

<div>Deleted : user_pref("CT3072253.backendstorage.mam_gk_settings1.6.0.1", "7B22537461747573223A227375636365656465[...]</div>

<div>Deleted : user_pref("CT3072253.backendstorage.mam_gk_showclosebutton", "74727565");</div>

<div>Deleted : user_pref("CT3072253.backendstorage.mam_gk_showwelcomegadget", "74727565");</div>

<div>Deleted : user_pref("CT3072253.backendstorage.mam_gk_userid", "34666532393130312D393532372D343064652D393264622[...]</div>

<div>Deleted : user_pref("CT3072253.backendstorage.pg_enable", "74727565");</div>

<div>Deleted : user_pref("CT3072253.backendstorage.searchappstate", "32");</div>

<div>Deleted : user_pref("CT3072253.backendstorage.searchapptracking", "73656E74");</div>

<div>Deleted : user_pref("CT3072253.backendstorage.sf_just_installed", "46414C5345");</div>

<div>Deleted : user_pref("CT3072253.backendstorage.sf_status", "454E41424C4544");</div>

<div>Deleted : user_pref("CT3072253.backendstorage.sf_user_id", "6369645F3230353230313331373139333536373938303034")[...]</div>

<div>Deleted : user_pref("CT3072253.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]</div>

<div>Deleted : user_pref("CT3072253.globalFirstTimeInfoLastCheckTime", "Mon May 20 2013 17:19:26 GMT-0700 (Pacific [...]</div>

<div>Deleted : user_pref("CT3072253.homepageProtectorEnableByLogin", true);</div>

<div>Deleted : user_pref("CT3072253.initDone", true);</div>

<div>Deleted : user_pref("CT3072253.isAppTrackingManagerOn", false);</div>

<div>Deleted : user_pref("CT3072253.myStuffEnabled", true);</div>

<div>Deleted : user_pref("CT3072253.myStuffPublihserMinWidth", 400);</div>

<div>Deleted : user_pref("CT3072253.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]</div>

<div>Deleted : user_pref("CT3072253.myStuffServiceIntervalMM", 1440);</div>

<div>Deleted : user_pref("CT3072253.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]</div>

<div>Deleted : user_pref("CT3072253.navigateToUrlOnSearch", false);</div>

<div>Deleted : user_pref("CT3072253.revertSettingsEnabled", true);</div>

<div>Deleted : user_pref("CT3072253.searchProtectorDialogDelayInSec", 10);</div>

<div>Deleted : user_pref("CT3072253.searchProtectorEnableByLogin", true);</div>

<div>Deleted : user_pref("CT3072253.testingCtid", "");</div>

<div>Deleted : user_pref("CT3072253.toolbarAppMetaDataLastCheckTime", "Mon May 20 2013 17:19:26 GMT-0700 (Pacific D[...]</div>

<div>Deleted : user_pref("CT3072253.toolbarContextMenuLastCheckTime", "Mon May 20 2013 17:19:26 GMT-0700 (Pacific D[...]</div>

<div>Deleted : user_pref("CT3072253.usagesFlag", 2);</div>

<div>Deleted : user_pref("CommunityToolbar.ConduitSearchList", "uTorrentControl2 Customized Web Search");</div>

<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3072253/CT3072253[...]</div>

<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1463702/1459356/US", "\"0\"[...]</div>

<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3072253", [...]</div>

<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]</div>

<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]</div>

<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]</div>

<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]</div>

<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]</div>

<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]</div>

<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]</div>

<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]</div>

<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]</div>

<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]</div>

<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3072253",[...]</div>

<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"c15[...]</div>

<div>Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\De Campo\\AppData\\Roaming\\Mozilla[...]</div>

<div>Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.15.1.0");</div>

<div>Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");</div>

<div>Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT3072253");</div>

<div>Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT3072253");</div>

<div>Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT3072253");</div>

<div>Deleted : user_pref("CommunityToolbar.globalUserId", "ae03f8c6-a871-46c9-a47e-2080b7014661");</div>

<div>Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);</div>

<div>Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);</div>

<div>Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3072253");</div>

<div>Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon May 20 2013 17:19:3[...]</div>

<div>Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", true);</div>

<div>Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);</div>

<div>Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Mon May 20 2013 17:19:28 GMT-070[...]</div>

<div>Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");</div>

<div>Deleted : user_pref("CommunityToolbar.notifications.locale", "en");</div>

<div>Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);</div>

<div>Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon May 20 2013 17:19:26 GMT-0700 (P[...]</div>

<div>Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");</div>

<div>Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);</div>

<div>Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");</div>

<div>Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);</div>

<div>Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);</div>

<div>Deleted : user_pref("CommunityToolbar.notifications.userId", "5866c5a6-4fdd-45cf-a5c5-414107f8dfc6");</div>

<div>Deleted : user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");</div>

<div>Deleted : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...]</div>

<div>Deleted : user_pref("browser.search.defaultthis.engineName", "uTorrentControl2 Customized Web Search");</div>

<div>Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&Sea[...]</div>

<div>Deleted : user_pref("browser.search.selectedEngine", "uTorrentControl2 Customized Web Search");</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.InstallationThankYouPage", true);</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.InstallationTime", 1365195195);</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.InstallationUserSettings.searchUserConifrmation", fal[...]</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.InstallationUserSettings.setHomepage", false);</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.InstallationUserSettings.setNewTab", false);</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.InstallationUserSettings.setSearch", false);</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.active", true);</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.addressbar", "");</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.addressbarenhanced", "");</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.backgroundjs", "\n\n//\n");</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.backgroundver", 10);</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.can_run_bg_code", true);</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.certdomaininstaller", "");</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.changeprevious", false);</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.cookie.InstallationTime.expiration", "Fri Feb 01 2030[...]</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.cookie.InstallationTime.value", "1365195195");</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.cookie.InstallerParams.expiration", "Fri Feb 01 2030 [...]</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:0[...]</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_aoi.value", "1365195195");</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_arbitrary_code.expiration", "Mon May 20 2[...]</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_arbitrary_code.value", "%22var%20start_ti[...]</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_blocklist.expiration", "Mon May 20 2013 1[...]</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_blocklist.value", "%22nonexistantdomain.c[...]</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_country_code.expiration", "Mon May 27 201[...]</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_country_code.value", "%22US%22");</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:0[...]</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_crr.value", "1369095574");</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030[...]</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_currenttime.value", "%221368543883%22");</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 0[...]</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_hotfix20111102645.value", "%221%22");</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_ib_delay.expiration", "Fri Feb 01 2030 00[...]</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_ib_delay.value", "24");</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_ib_disclosure.expiration", "Fri Feb 01 20[...]</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_ib_disclosure.value", "1369095610");</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_ib_disclosure_tmp.expiration", "Mon May 2[...]</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_ib_disclosure_tmp.value", "1369095604");</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_ib_list.expiration", "Mon May 20 2013 23:[...]</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_ib_list.value", "%7B%225a0a78b4cf7a0f072d[...]</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_ib_list_temp.expiration", "Mon May 20 201[...]</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_ib_list_temp.value", "1369095610.527");</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_installer_params.expiration", "Fri Feb 01[...]</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_installer_params.value", "%7B%22source_id[...]</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_installtime.expiration", "Fri Feb 01 2030[...]</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_installtime.value", "%221368543883%22");</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 20[...]</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_parent_zoneid.value", "%22142729%22");</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030[...]</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_pc_20120828.value", "1369095604544");</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 [...]</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_product_id.value", "%221383%22");</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:0[...]</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_zoneid.value", "%22167853%22");</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 [...]</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.cookie.dbtest.value", "1369095573181");</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.description", "Solid Savings");</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.domain", "");</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.enablesearch", false);</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.homepage", "");</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.iframe", false);</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.internaldb.InstallerIdentifiers.expiration", "Fri Feb[...]</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.internaldb.InstallerIdentifiers.value", "%7B%22instal[...]</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.internaldb.Resources_appVer.expiration", "Fri Feb 01 [...]</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.internaldb.Resources_appVer.value", "14");</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.internaldb.Resources_lastVersion.expiration", "Fri Fe[...]</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.internaldb.Resources_lastVersion.value", "1");</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.internaldb.Resources_meta.expiration", "Fri Feb 01 20[...]</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.internaldb.Resources_meta.value", "%7B%7D");</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.internaldb.Resources_nextCheck.expiration", "Mon May [...]</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.internaldb.Resources_nextCheck.value", "true");</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.internaldb.Resources_queue.expiration", "Fri Feb 01 2[...]</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.internaldb.Resources_queue.value", "%7B%7D");</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.internaldb.SoftwareDetected.expiration", "Fri Feb 01 [...]</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.internaldb.SoftwareDetected.value", "%7B%22AnySoftwar[...]</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _[...]</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.manifesturl", "");</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.name", "Solid Savings");</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.newtab", "");</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.opensearch", "");</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_1.code", "appAPI._cr_config={appID:fun[...]</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_1.name", "base");</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_1.ver", 6);</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_1000014.code", "Array.prototype.indexO[...]</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_1000014.name", "GPL Plugin (Loader)");</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_1000014.ver", 15);</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_1000015.code", "var a=appAPI.db.getLis[...]</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_1000015.name", "GPL Background (BG)");</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_1000015.ver", 38);</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_13.code", "(function(a){a.selectedText[...]</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_13.name", "CrossriderAppUtils");</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_13.ver", 3);</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_14.code", "if(typeof(appAPI)===\"undef[...]</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_14.name", "CrossriderUtils");</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_14.ver", 3);</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_16.code", "if((typeof isBackground===\[...]</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_16.name", "FFAppAPIWrapper");</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_16.ver", 7);</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_17.code", "if(typeof window!==\"undefi[...]</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_17.name", "jQuery");</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_17.ver", 4);</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_21.code", "var CrossriderDebugManager=[...]</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_21.name", "debug");</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_21.ver", 4);</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_22.code", "(function(a){appAPI.queueMa[...]</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_22.name", "resources");</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_22.ver", 4);</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_28.code", "var CrossriderInitializerPl[...]</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_28.name", "initializer");</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_28.ver", 3);</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_4.code", "var jQuery = $jquery_171 = $[...]</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_4.name", "jquery_1_7_1");</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_4.ver", 4);</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_47.code", "(function(){appAPI.ready=fu[...]</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_47.name", "resources_background");</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_47.ver", 3);</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_64.code", "(function(){var h=\"__CR_EM[...]</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_64.name", "appApiMessage");</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_64.ver", 2);</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_72.code", "if(appAPI.__should_activate[...]</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_72.name", "appApiValidation");</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_72.ver", 3);</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_78.code", "if(typeof jQuery!==\"undefi[...]</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_78.name", "CrossriderInfo");</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_78.ver", 3);</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_98.code", "(function(){var b=\"cr_\"+a[...]</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_98.name", "omniCommands");</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_98.ver", 2);</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.plugins_lists.plugins_0", "4,14,78,16,64,47,72,98,100[...]</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.plugins_lists.plugins_1", "17,14,78,13,16,64,4,1,21,2[...]</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.plugins_lists.plugins_5", "4,14,78,13,16,64,47,72");</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.pluginsurl", "hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/a[...]</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.pluginsversion", 11);</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.publisher", "Innovative Apps");</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.searchstatus", 0);</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.setnewtab", false);</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.thankyou", "");</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.updateinterval", 360);</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.26278.ver", 14);</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.apps", "26278");</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.bic", "13ec4744e4b6ab30dd9f0ee0e2913030");</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.cid", 26278);</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.firstrun", false);</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.hadappinstalled", true);</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.installationdate", 1369095557);</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.lastcheck", 22818259);</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.lastcheckitem", 22818261);</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.modetype", "production");</div>

<div>Deleted : user_pref("extensions.crossriderapp26278.reportInstall", true);</div>

<div>Deleted : user_pref("extensions.delta.admin", false);</div>

<div>Deleted : user_pref("extensions.delta.aflt", "babsst");</div>

<div>Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");</div>

<div>Deleted : user_pref("extensions.delta.autoRvrt", "false");</div>

<div>Deleted : user_pref("extensions.delta.dfltLng", "en");</div>

<div>Deleted : user_pref("extensions.delta.excTlbr", false);</div>

<div>Deleted : user_pref("extensions.delta.ffxUnstlRst", true);</div>

<div>Deleted : user_pref("extensions.delta.id", "544227020000000000000016449011d0");</div>

<div>Deleted : user_pref("extensions.delta.instlDay", "15845");</div>

<div>Deleted : user_pref("extensions.delta.instlRef", "sst");</div>

<div>Deleted : user_pref("extensions.delta.newTab", false);</div>

<div>Deleted : user_pref("extensions.delta.prdct", "delta");</div>

<div>Deleted : user_pref("extensions.delta.prtnrId", "delta");</div>

<div>Deleted : user_pref("extensions.delta.rvrt", "false");</div>

<div>Deleted : user_pref("extensions.delta.smplGrp", "none");</div>

<div>Deleted : user_pref("extensions.delta.tlbrId", "base");</div>

<div>Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");</div>

<div>Deleted : user_pref("extensions.delta.vrsn", "1.8.21.0");</div>

<div>Deleted : user_pref("extensions.delta.vrsnTs", "1.8.21.023:44:37");</div>

<div>Deleted : user_pref("extensions.delta.vrsni", "1.8.21.0");</div>

<div>Deleted : user_pref("extensions.delta_i.babExt", "");</div>

<div>Deleted : user_pref("extensions.delta_i.babTrack", "affID=119351&tt=gc_");</div>

<div>Deleted : user_pref("extensions.delta_i.srcExt", "ss");</div>

<div>Deleted : user_pref("extensions.wajam.affiliate_id", "3220");</div>

<div>Deleted : user_pref("extensions.wajam.firstrun", "false");</div>

<div>Deleted : user_pref("extensions.wajam.log_send_info", "false");</div>

<div>Deleted : user_pref("extensions.wajam.mappingListJsonString", "{\"version\":\"0.21086\",\"supported_sites\":{\[...]</div>

<div>Deleted : user_pref("extensions.wajam.no_trace", "false");</div>

<div>Deleted : user_pref("extensions.wajam.server_current_mapping_version", "0.21086");</div>

<div>Deleted : user_pref("extensions.wajam.supported_sites.bing.wajam_yahoo_se_js", "try {window['APP_LABEL_NAME'] [...]</div>

<div>Deleted : user_pref("extensions.wajam.trace_log", "1369095554437 - processInstallationUpgrade - version set to[...]</div>

<div>Deleted : user_pref("extensions.wajam.unique_id", "156A783D980BB9B74AADB993A3479F3D");</div>

<div>Deleted : user_pref("extensions.wajam.user_current_mapping_version", "0");</div>

<div>Deleted : user_pref("extensions.wajam.version", "1.26");</div>

<div>Deleted : user_pref("extentions.y2layers.installId", "F1E30034-D5B5-5203-B5BD-FCB9EC40F037");</div>

<div>Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=[...]</div>

<div> </div>

<div>-\\ Google Chrome v27.0.1453.94</div>

<div> </div>

<div>File : C:\Users\De Campo\AppData\Local\Google\Chrome\User Data\Default\Preferences</div>

<div> </div>

<div>Deleted [l.63] : icon_url = "hxxp://www.delta-search.com/favicon.ico",</div>

<div>Deleted [l.66] : keyword = "delta-search.com",</div>

<div>Deleted [l.70] : search_url = "hxxp://www1.delta-search.com/?q={searchTerms}&affID=119351&tt=gc_&babsrc=SP_ss&[...]</div>

<div>Deleted [l.2720] : homepage = "hxxp://www1.delta-search.com/?affID=119351&tt=gc_&babsrc=HP_ss&mntrId=54420016449011[...]</div>

<div> </div>

<div>*************************</div>

<div> </div>

<div>AdwCleaner[R1].txt - [59764 octets] - [04/06/2013 18:49:18]</div>

<div>AdwCleaner[s1].txt - [60357 octets] - [04/06/2013 18:50:44]</div>

<div> </div>

<div>########## EOF - C:\AdwCleaner[s1].txt - [60418 octets] ##########</div>

<div> </div>

Share this post


Link to post
Share on other sites

Please run another scan with FRST and post up the log.

Also, do the following:

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender

    [*]Press "Scan".[*]It will create a log (FSS.txt) in the same directory the tool is run.[*]Please copy and paste the log to your reply.

Share this post


Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-05-2013 (ATTENTION: FRST version is 12 days old)

Ran by De Campo (administrator) on 04-06-2013 22:33:08

Running from J:\

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Safe Mode (with Networking)

==================== Processes (Whitelisted) =================

(Google Inc.) C:\Users\De Campo\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\De Campo\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\De Campo\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\De Campo\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\De Campo\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\De Campo\AppData\Local\Google\Chrome\Application\chrome.exe

(Farbar) J:\FRST64.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)

HKCU\...\Run: [Google Update] "C:\Users\De Campo\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-08-31] (Google Inc.)

HKCU\...\RunOnce: [Report] C:\AdwCleaner[s1].txt [60400 2013-06-04] ()

HKLM-x32\...\Run: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart [3739648 2007-01-01] (Google)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup [30192 2012-04-30] (Google)

HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)

HKLM-x32\...\Run: [] [x]

HKU\UpdatusUser\...\Run: [Google Update] "C:\Users\De Campo\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-08-31] (Google Inc.)

HKU\UpdatusUser\...\RunOnce: [Checksoft Express] C:\Windows\Temp\CheckSoftExpress\Setup.exe [x]

AppInit_DLLs: [0 ] ()

Startup: C:\ProgramData\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/

SearchScopes: HKCU - {92184379-3D34-4641-A377-94F8C502FE58} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO-x32: RapidFinda - {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - C:\Users\De Campo\AppData\Local\RapidFinda\temp.dat ()

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)

Toolbar: HKLM-x32 - Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll ()

Toolbar: HKCU - No Name - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - No File

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

Winsock: Catalog5 05 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [65024] (Microsoft Corporation)

Winsock: Catalog5-x64 05 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:

========

FF ProfilePath: C:\Users\De Campo\AppData\Roaming\Mozilla\Firefox\Profiles\zpz7tkyn.default

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @unity3d.com/UnityPlayer - C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Extension: No Name - C:\Users\De Campo\AppData\Roaming\Mozilla\Firefox\Profiles\zpz7tkyn.default\Extensions\9518042e-7ad6-4dac-b377-056e28d00c8f@f1cc0a13-4df1-4d66-938f-088db8838882.com

FF Extension: RapidFinda - C:\Users\De Campo\AppData\Roaming\Mozilla\Firefox\Profiles\zpz7tkyn.default\Extensions\ibsexciz@gytykyyiftpbivojcu.net

Chrome:

=======

CHR HomePage: hxxp://www.google.com/

CHR DefaultSearchURL: (Delta Search) - http://www1.delta-search.com/?q={searchTerms}&affID=119351&tt=gc_&babsrc=SP_ss&mntrId=54420016449011D0

CHR DefaultSuggestURL: (Delta Search) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}

CHR Plugin: (Remoting Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Users\De Campo\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Users\De Campo\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll ()

CHR Plugin: (Shockwave Flash) - C:\Users\De Campo\AppData\Local\Google\Chrome\Application\27.0.1453.94\gcswf32.dll No File

CHR Plugin: (Shockwave Flash) - C:\Users\De Campo\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll No File

CHR Plugin: (Conduit Chrome Plugin) - C:\Users\De Campo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll No File

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll No File

CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll No File

CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)

CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

CHR Plugin: (Java Platform SE 7 U5) - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)

CHR Plugin: (Java Deployment Toolkit 7.0.50.255) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

CHR Plugin: (Unity Player) - C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (Google Update) - C:\Users\De Campo\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File

CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File

CHR Extension: (YouTube) - C:\Users\De Campo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0

CHR Extension: (Solid Savings) - C:\Users\De Campo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cijeeimilokkhlfjombmalgpabbonmah\1.23.13_0

CHR Extension: (Google Search) - C:\Users\De Campo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0

CHR Extension: (Realm of the Mad God) - C:\Users\De Campo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhjfmaldpppkmjjgkmadddbanpabfflp\1.0.0.3_0

CHR Extension: (Facebook for Chrome) - C:\Users\De Campo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdalhedleemkkdjddjgfjmcnbpejpapp\6.2.2_0

CHR Extension: (RapidFinda) - C:\Users\De Campo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjkpcnacdgdlpfejlgflolpaigoicibh\1_0

CHR Extension: (Spotify Chrome Extension) - C:\Users\De Campo\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbjmlahipheaaghllkabfkpolljilkjb\1.0.3_0

CHR Extension: (Landscape View Minecraft Theme) - C:\Users\De Campo\AppData\Local\Google\Chrome\User Data\Default\Extensions\miebnjdihfgdpjmgfdfgilbgclmdbknn\1_0

CHR Extension: (My Robot Nation) - C:\Users\De Campo\AppData\Local\Google\Chrome\User Data\Default\Extensions\okmedjidogeeadcippfjfhplchokdhhc\1.0.0.0_0

CHR Extension: (Instagram for Chrome) - C:\Users\De Campo\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb\4.5.2_0

CHR Extension: (Gmail) - C:\Users\De Campo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

S2 AffinegyService; C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe [562592 2011-05-27] (Affinegy, Inc.)

S2 Belkin Local Backup Service; C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [181760 2011-04-19] ()

S2 Belkin Network USB Helper; C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [55296 2010-02-09] ()

S3 GoogleDesktopManager-051210-111108; C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [30192 2012-04-30] (Google)

S2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [30240 2013-05-14] (Bitdefender)

S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [227232 2010-09-02] (McAfee, Inc.)

==================== Drivers (Whitelisted) ====================

S0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender)

S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)

R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-04-17] (Bitdefender SRL)

S3 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)

S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

S2 sxuptp; C:\Windows\System32\DRIVERS\sxuptp.sys [291352 2009-06-22] (silex technology, Inc.)

S0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [350160 2012-10-31] (BitDefender S.R.L.)

S3 VST64HWBS2; C:\Windows\System32\DRIVERS\VSTBS26.SYS [411136 2009-06-10] (Conexant Systems, Inc.)

S3 VST64_DPV; C:\Windows\System32\DRIVERS\VSTDPV6.SYS [1485312 2009-06-10] (Conexant Systems, Inc.)

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit

C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit

C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit

C:\Windows\system32\drivers\afd.sys 1C7857B62DE5994A75B054A9FD4C3825

C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit

C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit

C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit

C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49

C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit

C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048

C:\Windows\system32\drivers\appid.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit

C:\Windows\system32\drivers\atapi.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\avc3.sys AAE1DAE483DD57D0E267FCA42FCB5133

C:\Windows\System32\DRIVERS\avckf.sys 8183B715BD56561C27BEBB68B1192B7A

C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit

C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys 35B68270AAC55930D1159F552047FED3

C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit

C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit

C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit

C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit

C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit

C:\Windows\system32\drivers\cdrom.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\circlass.sys ==> MD5 is legit

C:\Windows\System32\CLFS.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit

C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit

C:\Windows\System32\Drivers\cng.sys 9AC4F97C2D3E93367E2148EA940CD2CD

C:\Windows\system32\DRIVERS\compbatt.sys ==> MD5 is legit

C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit

C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit

C:\Windows\System32\drivers\discache.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\Dot4.sys ==> MD5 is legit

C:\Windows\system32\drivers\Dot4Prt.sys E9F5969233C5D89F3C35E3A66A52A361

C:\Windows\System32\DRIVERS\dot4usb.sys ==> MD5 is legit

C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit

C:\Windows\System32\drivers\dxgkrnl.sys AF2E16242AA723F68F461B6EAE2EAD3D

C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit

C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit

C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit

C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit

C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit

C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit

C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit

C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit

C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B

C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0

C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F

C:\Windows\System32\DRIVERS\gzflt.sys 408B664926675C270D911160F1631D6B

C:\Windows\System32\drivers\HCW85BDA.sys 98405343D7DCD330FE1B08C8F4C3900C

C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit

C:\Windows\system32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A

C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\hidir.sys ==> MD5 is legit

C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit

C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit

C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit

C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit

C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit

C:\Windows\System32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366

C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit

C:\Windows\System32\drivers\RTKVHD64.sys BFBABCB231628A4551DBB10D0EA25D62

C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit

C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit

C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit

C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit

C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit

C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit

C:\Windows\system32\drivers\kbdclass.sys ==> MD5 is legit

C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit

C:\Windows\System32\Drivers\ksecdd.sys 97A7070AEA4C058B6418519E869A63B4

C:\Windows\System32\Drivers\ksecpkg.sys 26C43A7C2862447EC59DEDA188D1DA07

C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit

C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\lvrs64.sys 0C85B2B6FB74B36A251792D45E0EF860

C:\Windows\System32\DRIVERS\lvuvc64.sys FF3A488924B0032B1A9CA6948C1FA9E8

C:\Windows\system32\drivers\mbam.sys 0BB97D43299910CBFBA59C461B99B910

C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit

C:\Windows\System32\drivers\modem.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit

C:\Windows\system32\drivers\mouclass.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit

C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit

C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit

C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC

C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163

C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C

C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit

C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit

C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit

C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit

C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit

C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit

C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit

C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit

C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit

C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit

C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit

C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit

C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88

C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit

C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\netr7364.sys 81B8D0C1CE44A7FDBD596B693783950C

C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit

C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit

C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0

C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\nvlddmkm.sys FCBA1C22727939E7CFF9EB08FE9692AB

C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD

C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A

C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit

C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit

C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C

C:\Windows\System32\drivers\pci.sys ==> MD5 is legit

C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit

C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit

C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\point64.sys 4F0878FD62D5F7444C5F1C4C66D9D293

C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit

C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit

C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit

C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit

C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A

C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\Rt64win7.sys BAEFEE35D27A5440D35092CE10267BEC

C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit

C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit

C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit

C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit

C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit

C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B

C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28

C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3

C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\serscan.sys DECACB6921DED1A38642642685D77DAC

C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\sxuptp.sys 52EB25BD8AB4E331028C48B178441B36

C:\Windows\System32\drivers\tcpip.sys B62A953F2BF3922C8764A29C34A22899

C:\Windows\System32\DRIVERS\tcpip.sys B62A953F2BF3922C8764A29C34A22899

C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC

C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit

C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8

C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit

C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\trufos.sys B66EE1D68197DFB9AA24F961E68ACDCC

C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit

C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit

C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit

C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit

C:\Windows\System32\Drivers\usbaapl64.sys C9E9D59C0099A9FF51697E9306A44240

C:\Windows\system32\drivers\usbaudio.sys 82E8F44688E6FAC57B5B7C6FC7ADBC2A

C:\Windows\System32\DRIVERS\usbccgp.sys 6F1A3157A1C89435352CEB543CDB359C

C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\usbehci.sys C025055FE7B87701EB042095DF1A2D7B

C:\Windows\System32\DRIVERS\usbhub.sys 287C6C9410B111B68B52CA298F7B8C24

C:\Windows\system32\drivers\usbohci.sys 9840FC418B4CBD632D3D0A667A725C31

C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\usbscan.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6

C:\Windows\System32\DRIVERS\usbuhci.sys 62069A34518BCF9C1FD9E74B3F6DB7CD

C:\Windows\System32\Drivers\usbvideo.sys 454800C2BC7F3927CE030141EE4F4C50

C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit

C:\Windows\System32\drivers\vga.sys ==> MD5 is legit

C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit

C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit

C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit

C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit

C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\VSTBS26.SYS 93132C69394A99D992095D8CFE464801

C:\Windows\System32\DRIVERS\VSTDPV6.SYS 02071D207A9858FBE3A48CBFD59C4A04

C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit

C:\Windows\System32\drivers\Wdf01000.sys 442783E2CB0DA19873B7A63833FF4CB4

C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit

C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\VSTCNXT6.SYS 18E40C245DBFAF36FD0134A7EF2DF396

C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D

C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit

C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit

C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F

C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-06-04 19:06 - 2013-06-04 19:06 - 00000600 ____A C:\Users\De Campo\Desktop\FRST64 - Shortcut.lnk

2013-06-04 19:02 - 2013-06-04 19:02 - 00000000 ____D C:\FRST

2013-06-04 18:50 - 2013-06-04 18:51 - 00060400 ____A C:\AdwCleaner[s1].txt

2013-06-04 18:49 - 2013-06-04 18:49 - 00059764 ____A C:\AdwCleaner[R1].txt

2013-06-04 17:01 - 2013-06-04 17:01 - 00632031 ____A C:\Users\De Campo\Desktop\adwcleaner.exe

2013-06-03 18:02 - 2013-06-03 18:02 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\De Campo\Desktop\tdsskiller.exe

2013-06-03 17:59 - 2013-06-03 17:59 - 00001508 ____A C:\Users\De Campo\Desktop\aswMBR.txt

2013-06-03 17:59 - 2013-06-03 17:59 - 00000512 ____A C:\Users\De Campo\Desktop\MBR.dat

2013-06-03 17:48 - 2013-06-03 17:49 - 04745728 ____A (AVAST Software) C:\Users\De Campo\Desktop\aswMBR.exe

2013-06-03 13:59 - 2013-06-03 13:59 - 00040336 ____A C:\FRST.txt

2013-06-03 13:51 - 2013-06-03 13:51 - 00000000 ____D C:\Program Files\FRST

2013-06-03 13:46 - 2013-06-03 13:50 - 00368554 ____A C:\Users\De Campo\Desktop\Gmer.txt

2013-06-01 09:34 - 2013-06-01 09:34 - 00409032 ____A C:\Windows\Minidump\060113-17830-01.dmp

2013-06-01 09:32 - 2013-06-01 09:32 - 00000000 ____A C:\Windows\System32\Drivers\avchv.sys.gzip

2013-06-01 09:25 - 2013-06-01 09:25 - 00366840 ____A C:\Windows\Minidump\060113-32354-01.dmp

2013-06-01 01:17 - 2013-06-01 01:17 - 00376696 ____A C:\Windows\Minidump\060113-32027-01.dmp

2013-06-01 01:15 - 2013-06-01 01:15 - 00000000 ____A C:\Windows\Minidump\060113-34554-01.dmp

2013-06-01 01:12 - 2013-06-01 01:12 - 00000000 ____A C:\Windows\Minidump\060113-34304-01.dmp

2013-06-01 01:09 - 2013-06-01 01:09 - 00334552 ____A C:\Windows\Minidump\060113-33103-01.dmp

2013-06-01 01:02 - 2013-06-01 01:02 - 00376832 ____A C:\Windows\Minidump\060113-32510-01.dmp

2013-06-01 01:00 - 2013-06-01 01:00 - 00000000 ____A C:\Windows\Minidump\060113-35147-01.dmp

2013-06-01 00:53 - 2013-06-01 00:54 - 00333920 ____A C:\Windows\Minidump\060113-33119-01.dmp

2013-06-01 00:50 - 2013-06-01 00:50 - 00334400 ____A C:\Windows\Minidump\060113-31917-01.dmp

2013-06-01 00:40 - 2013-06-01 00:40 - 00334416 ____A C:\Windows\Minidump\060113-32916-01.dmp

2013-06-01 00:32 - 2013-06-01 00:32 - 00325000 ____A C:\Windows\Minidump\060113-23540-01.dmp

2013-06-01 00:26 - 2013-06-01 00:27 - 00334088 ____A C:\Windows\Minidump\060113-26364-01.dmp

2013-06-01 00:24 - 2013-06-01 00:24 - 00334560 ____A C:\Windows\Minidump\060113-25350-01.dmp

2013-06-01 00:21 - 2013-06-01 00:21 - 00334536 ____A C:\Windows\Minidump\060113-23727-01.dmp

2013-06-01 00:14 - 2013-06-01 00:14 - 00339592 ____A C:\Windows\Minidump\060113-24289-01.dmp

2013-06-01 00:07 - 2013-05-20 19:00 - 00000000 ____A C:\Windows\System32\Drivers\avchv.sys

2013-05-31 23:58 - 2013-05-31 23:58 - 00334344 ____A C:\Windows\Minidump\053113-25006-01.dmp

2013-05-31 23:53 - 2013-05-31 23:53 - 00339056 ____A C:\Windows\Minidump\053113-24476-01.dmp

2013-05-31 23:44 - 2013-05-31 23:44 - 00330392 ____A C:\Windows\Minidump\053113-24242-01.dmp

2013-05-31 23:20 - 2013-05-31 23:21 - 00482528 ____A C:\Windows\Minidump\053113-23493-01.dmp

2013-05-31 23:14 - 2013-05-31 23:14 - 00585104 ____A C:\Windows\Minidump\053113-28626-01.dmp

2013-05-31 20:40 - 2013-05-31 20:40 - 00678880 ____A C:\Windows\Minidump\053113-27456-01.dmp

2013-05-29 23:03 - 2013-05-29 23:03 - 00506040 ____A C:\Windows\Minidump\052913-16536-01.dmp

2013-05-21 22:23 - 2013-05-21 22:23 - 00000000 ____D C:\Windows\Sun

2013-05-20 20:54 - 2013-05-20 20:54 - 00376008 ____A C:\Windows\Minidump\052013-23961-01.dmp

2013-05-20 20:51 - 2013-05-20 20:51 - 00000000 ____A C:\Windows\Minidump\052013-24726-01.dmp

2013-05-20 19:01 - 2013-05-20 19:01 - 00182745 ____A C:\ProgramData\1369101381.bdinstall.bin

2013-05-20 19:00 - 2013-04-17 14:59 - 00718840 ____A (BitDefender) C:\Windows\System32\Drivers\avc3.sys

2013-05-20 19:00 - 2013-04-17 14:59 - 00593144 ____A (BitDefender) C:\Windows\System32\Drivers\avckf.sys

2013-05-20 18:57 - 2013-05-20 18:57 - 00000000 ____D C:\Users\De Campo\AppData\Roaming\QuickScan

2013-05-20 18:56 - 2013-05-20 19:00 - 00000000 ____D C:\Program Files\Bitdefender

2013-05-20 18:56 - 2013-04-22 13:21 - 00148696 ____A (BitDefender LLC) C:\Windows\System32\Drivers\gzflt.sys

2013-05-20 18:56 - 2012-10-31 13:13 - 00350160 ____A (BitDefender S.R.L.) C:\Windows\System32\Drivers\trufos.sys

2013-05-20 18:52 - 2013-05-20 18:53 - 00000420 ____A C:\ProgramData\1369101166.5860.bin

2013-05-20 18:52 - 2013-05-20 18:52 - 00029075 ____A C:\ProgramData\1369101166.3684.bin

2013-05-20 18:52 - 2013-05-20 18:52 - 00002061 ____A C:\ProgramData\1369101166.1604.bin

2013-05-20 18:46 - 2013-05-20 18:46 - 00030293 ____A C:\ProgramData\1369100796.bdinstall.bin

2013-05-20 16:13 - 2013-05-20 16:13 - 00030424 ____A C:\ProgramData\1369091608.bdinstall.bin

2013-05-20 16:07 - 2013-05-20 16:07 - 00019743 ____A C:\ProgramData\1369091232.bdinstall.bin

2013-05-20 16:07 - 2013-05-20 16:07 - 00019743 ____A C:\ProgramData\1369091215.bdinstall.bin

2013-05-20 16:06 - 2013-05-20 16:06 - 00025659 ____A C:\ProgramData\1369091203.1508.bin

2013-05-20 16:06 - 2013-05-20 16:06 - 00002061 ____A C:\ProgramData\1369091203.1952.bin

2013-05-20 16:06 - 2013-05-20 16:06 - 00000189 ____A C:\ProgramData\1369091203.1460.bin

2013-05-20 16:05 - 2013-05-20 16:05 - 00030425 ____A C:\ProgramData\1369091064.bdinstall.bin

2013-05-20 16:04 - 2013-05-20 16:06 - 08513768 ____A C:\Users\De Campo\Downloads\Antivirus_Free_Edition_x64.exe

2013-05-20 00:52 - 2013-05-20 00:52 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-05-20 00:52 - 2013-05-20 00:52 - 00000000 ____D C:\Users\De Campo\AppData\Roaming\Malwarebytes

2013-05-20 00:52 - 2013-05-20 00:52 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-05-20 00:52 - 2013-05-20 00:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-05-20 00:52 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2013-05-20 00:50 - 2013-05-20 00:50 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\De Campo\Downloads\mbam-setup-1.75.0.1300.exe

2013-05-20 00:25 - 2013-05-20 00:25 - 00364032 ____A C:\Windows\Minidump\052013-24648-01.dmp

2013-05-20 00:06 - 2013-05-20 00:06 - 00080456 ____A (Malwarebytes Corporation) C:\Users\De Campo\Downloads\mbam-clean-1.60.2.0003.exe

2013-05-19 23:44 - 2013-05-19 23:44 - 00000000 ____D C:\Users\De Campo\AppData\Local\RapidFinda

2013-05-19 23:41 - 2013-05-19 23:41 - 00607664 ____A C:\Users\De Campo\Downloads\malawarebytes dwnld.exe

2013-05-19 23:00 - 2013-06-01 09:33 - 395111877 ____A C:\Windows\MEMORY.DMP

2013-05-19 23:00 - 2013-05-19 23:00 - 00479568 ____A C:\Windows\Minidump\051913-22651-01.dmp

2013-05-19 22:57 - 2013-05-20 00:16 - 00045916 ____A C:\Windows\PFRO.log

2013-05-19 22:44 - 2013-06-01 09:29 - 00283019 ____A C:\Windows\WindowsUpdate.log

2013-05-19 22:42 - 2013-05-19 22:42 - 00271280 ____A C:\Users\De Campo\AppData\Local\GDIPFONTCACHEV1.DAT

2013-05-19 22:41 - 2013-06-01 09:25 - 00002642 ____A C:\Windows\setupact.log

2013-05-19 22:41 - 2013-05-19 22:41 - 00775648 ____A C:\Windows\System32\FNTCACHE.DAT

2013-05-19 22:41 - 2013-05-19 22:41 - 00000000 ____A C:\Windows\setuperr.log

2013-05-18 15:05 - 2013-05-18 15:05 - 04346816 ____A (Piriform Ltd) C:\Users\De Campo\Downloads\ccsetup401 (1).exe

2013-05-18 14:59 - 2013-05-18 14:59 - 00000000 ____D C:\ProgramData\Symantec

2013-05-18 14:59 - 2013-05-18 14:59 - 00000000 ____D C:\ProgramData\Norton

2013-05-18 14:58 - 2013-05-19 22:54 - 00000000 ____D C:\Program Files (x86)\FindLyrics

2013-05-18 14:58 - 2013-05-18 14:58 - 00607664 ____A C:\Users\De Campo\Downloads\setup (3).exe

2013-05-18 08:04 - 2013-05-05 14:36 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-05-18 08:04 - 2013-05-05 14:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-05-18 08:04 - 2013-05-05 12:25 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-05-18 08:04 - 2013-05-05 12:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-05-18 08:01 - 2013-04-04 18:19 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2013-05-18 08:01 - 2013-04-04 18:08 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2013-05-18 08:01 - 2013-04-04 18:01 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2013-05-18 08:01 - 2013-04-04 18:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2013-05-18 08:01 - 2013-04-04 17:59 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2013-05-18 08:01 - 2013-04-04 17:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2013-05-18 08:01 - 2013-04-04 17:57 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2013-05-18 08:01 - 2013-04-04 17:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2013-05-18 08:01 - 2013-04-04 17:55 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2013-05-18 08:01 - 2013-04-04 17:55 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2013-05-18 08:01 - 2013-04-04 17:54 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2013-05-18 08:01 - 2013-04-04 17:54 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2013-05-18 08:01 - 2013-04-04 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2013-05-18 08:01 - 2013-04-04 17:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2013-05-18 08:01 - 2013-04-04 15:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-05-18 08:01 - 2013-04-04 15:09 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-05-18 08:01 - 2013-04-04 15:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2013-05-18 08:01 - 2013-04-04 15:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-05-18 08:01 - 2013-04-04 15:02 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-05-18 08:01 - 2013-04-04 15:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2013-05-18 08:01 - 2013-04-04 14:59 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-05-18 08:01 - 2013-04-04 14:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-05-18 08:01 - 2013-04-04 14:58 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2013-05-18 08:01 - 2013-04-04 14:57 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2013-05-18 08:01 - 2013-04-04 14:56 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-05-18 08:01 - 2013-04-04 14:55 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-05-18 08:01 - 2013-04-04 14:54 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2013-05-18 08:01 - 2013-04-04 14:50 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-05-17 22:15 - 2013-04-09 23:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys

2013-05-17 22:15 - 2013-04-09 23:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys

2013-05-17 22:15 - 2013-03-18 22:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll

2013-05-17 22:15 - 2013-03-18 22:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll

2013-05-17 22:15 - 2013-02-26 23:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe

2013-05-17 22:15 - 2013-02-26 22:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2013-05-17 22:15 - 2013-02-26 22:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll

2013-05-17 22:15 - 2013-02-26 22:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll

2013-05-17 22:15 - 2013-02-26 22:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll

2013-05-17 22:15 - 2013-02-26 21:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2013-05-17 22:15 - 2013-02-26 21:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll

2013-05-17 22:15 - 2013-02-26 21:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

2013-05-17 22:15 - 2011-02-03 04:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll

2013-05-17 22:14 - 2013-04-09 20:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2013-05-17 22:06 - 2013-06-01 09:34 - 00000000 ____D C:\Windows\Minidump

==================== One Month Modified Files and Folders =======

2013-06-04 19:06 - 2013-06-04 19:06 - 00000600 ____A C:\Users\De Campo\Desktop\FRST64 - Shortcut.lnk

2013-06-04 19:02 - 2013-06-04 19:02 - 00000000 ____D C:\FRST

2013-06-04 18:51 - 2013-06-04 18:50 - 00060400 ____A C:\AdwCleaner[s1].txt

2013-06-04 18:49 - 2013-06-04 18:49 - 00059764 ____A C:\AdwCleaner[R1].txt

2013-06-04 17:01 - 2013-06-04 17:01 - 00632031 ____A C:\Users\De Campo\Desktop\adwcleaner.exe

2013-06-03 18:02 - 2013-06-03 18:02 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\De Campo\Desktop\tdsskiller.exe

2013-06-03 17:59 - 2013-06-03 17:59 - 00001508 ____A C:\Users\De Campo\Desktop\aswMBR.txt

2013-06-03 17:59 - 2013-06-03 17:59 - 00000512 ____A C:\Users\De Campo\Desktop\MBR.dat

2013-06-03 17:49 - 2013-06-03 17:48 - 04745728 ____A (AVAST Software) C:\Users\De Campo\Desktop\aswMBR.exe

2013-06-03 13:59 - 2013-06-03 13:59 - 00040336 ____A C:\FRST.txt

2013-06-03 13:51 - 2013-06-03 13:51 - 00000000 ____D C:\Program Files\FRST

2013-06-03 13:50 - 2013-06-03 13:46 - 00368554 ____A C:\Users\De Campo\Desktop\Gmer.txt

2013-06-01 09:34 - 2013-06-01 09:34 - 00409032 ____A C:\Windows\Minidump\060113-17830-01.dmp

2013-06-01 09:34 - 2013-05-17 22:06 - 00000000 ____D C:\Windows\Minidump

2013-06-01 09:33 - 2013-05-19 23:00 - 395111877 ____A C:\Windows\MEMORY.DMP

2013-06-01 09:32 - 2013-06-01 09:32 - 00000000 ____A C:\Windows\System32\Drivers\avchv.sys.gzip

2013-06-01 09:30 - 2012-06-03 20:47 - 00000000 ____D C:\Users\De Campo\AppData\Roaming\.minecraft

2013-06-01 09:30 - 2009-07-13 22:13 - 00726316 ____A C:\Windows\System32\PerfStringBackup.INI

2013-06-01 09:29 - 2013-05-19 22:44 - 00283019 ____A C:\Windows\WindowsUpdate.log

2013-06-01 09:26 - 2012-05-30 13:13 - 00000374 ____A C:\Windows\System32\Drivers\etc\hosts.ics

2013-06-01 09:26 - 2009-07-13 22:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-06-01 09:25 - 2013-06-01 09:25 - 00366840 ____A C:\Windows\Minidump\060113-32354-01.dmp

2013-06-01 09:25 - 2013-05-19 22:41 - 00002642 ____A C:\Windows\setupact.log

2013-06-01 09:25 - 2012-06-24 20:16 - 00000000 ____D C:\ProgramData\NVIDIA

2013-06-01 01:17 - 2013-06-01 01:17 - 00376696 ____A C:\Windows\Minidump\060113-32027-01.dmp

2013-06-01 01:15 - 2013-06-01 01:15 - 00000000 ____A C:\Windows\Minidump\060113-34554-01.dmp

2013-06-01 01:12 - 2013-06-01 01:12 - 00000000 ____A C:\Windows\Minidump\060113-34304-01.dmp

2013-06-01 01:09 - 2013-06-01 01:09 - 00334552 ____A C:\Windows\Minidump\060113-33103-01.dmp

2013-06-01 01:02 - 2013-06-01 01:02 - 00376832 ____A C:\Windows\Minidump\060113-32510-01.dmp

2013-06-01 01:00 - 2013-06-01 01:00 - 00000000 ____A C:\Windows\Minidump\060113-35147-01.dmp

2013-06-01 00:54 - 2013-06-01 00:53 - 00333920 ____A C:\Windows\Minidump\060113-33119-01.dmp

2013-06-01 00:50 - 2013-06-01 00:50 - 00334400 ____A C:\Windows\Minidump\060113-31917-01.dmp

2013-06-01 00:40 - 2013-06-01 00:40 - 00334416 ____A C:\Windows\Minidump\060113-32916-01.dmp

2013-06-01 00:32 - 2013-06-01 00:32 - 00325000 ____A C:\Windows\Minidump\060113-23540-01.dmp

2013-06-01 00:27 - 2013-06-01 00:26 - 00334088 ____A C:\Windows\Minidump\060113-26364-01.dmp

2013-06-01 00:24 - 2013-06-01 00:24 - 00334560 ____A C:\Windows\Minidump\060113-25350-01.dmp

2013-06-01 00:21 - 2013-06-01 00:21 - 00334536 ____A C:\Windows\Minidump\060113-23727-01.dmp

2013-06-01 00:14 - 2013-06-01 00:14 - 00339592 ____A C:\Windows\Minidump\060113-24289-01.dmp

2013-06-01 00:07 - 2012-04-21 06:41 - 00000920 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1249241786-1830826861-2120781325-1001UA.job

2013-06-01 00:05 - 2009-07-13 21:45 - 00018928 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-06-01 00:05 - 2009-07-13 21:45 - 00018928 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-05-31 23:58 - 2013-05-31 23:58 - 00334344 ____A C:\Windows\Minidump\053113-25006-01.dmp

2013-05-31 23:54 - 2012-04-21 06:42 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-05-31 23:53 - 2013-05-31 23:53 - 00339056 ____A C:\Windows\Minidump\053113-24476-01.dmp

2013-05-31 23:44 - 2013-05-31 23:44 - 00330392 ____A C:\Windows\Minidump\053113-24242-01.dmp

2013-05-31 23:21 - 2013-05-31 23:20 - 00482528 ____A C:\Windows\Minidump\053113-23493-01.dmp

2013-05-31 23:14 - 2013-05-31 23:14 - 00585104 ____A C:\Windows\Minidump\053113-28626-01.dmp

2013-05-31 20:40 - 2013-05-31 20:40 - 00678880 ____A C:\Windows\Minidump\053113-27456-01.dmp

2013-05-29 23:03 - 2013-05-29 23:03 - 00506040 ____A C:\Windows\Minidump\052913-16536-01.dmp

2013-05-29 18:11 - 2012-04-21 06:41 - 00002385 ____A C:\Users\De Campo\Desktop\Google Chrome.lnk

2013-05-21 22:23 - 2013-05-21 22:23 - 00000000 ____D C:\Windows\Sun

2013-05-20 23:07 - 2012-04-21 06:41 - 00000868 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1249241786-1830826861-2120781325-1001Core.job

2013-05-20 20:54 - 2013-05-20 20:54 - 00376008 ____A C:\Windows\Minidump\052013-23961-01.dmp

2013-05-20 20:51 - 2013-05-20 20:51 - 00000000 ____A C:\Windows\Minidump\052013-24726-01.dmp

2013-05-20 19:01 - 2013-05-20 19:01 - 00182745 ____A C:\ProgramData\1369101381.bdinstall.bin

2013-05-20 19:00 - 2013-06-01 00:07 - 00000000 ____A C:\Windows\System32\Drivers\avchv.sys

2013-05-20 19:00 - 2013-05-20 18:56 - 00000000 ____D C:\Program Files\Bitdefender

2013-05-20 18:57 - 2013-05-20 18:57 - 00000000 ____D C:\Users\De Campo\AppData\Roaming\QuickScan

2013-05-20 18:53 - 2013-05-20 18:52 - 00000420 ____A C:\ProgramData\1369101166.5860.bin

2013-05-20 18:52 - 2013-05-20 18:52 - 00029075 ____A C:\ProgramData\1369101166.3684.bin

2013-05-20 18:52 - 2013-05-20 18:52 - 00002061 ____A C:\ProgramData\1369101166.1604.bin

2013-05-20 18:47 - 2012-04-21 06:48 - 00001945 ____A C:\Windows\epplauncher.mif

2013-05-20 18:46 - 2013-05-20 18:46 - 00030293 ____A C:\ProgramData\1369100796.bdinstall.bin

2013-05-20 16:13 - 2013-05-20 16:13 - 00030424 ____A C:\ProgramData\1369091608.bdinstall.bin

2013-05-20 16:07 - 2013-05-20 16:07 - 00019743 ____A C:\ProgramData\1369091232.bdinstall.bin

2013-05-20 16:07 - 2013-05-20 16:07 - 00019743 ____A C:\ProgramData\1369091215.bdinstall.bin

2013-05-20 16:06 - 2013-05-20 16:06 - 00025659 ____A C:\ProgramData\1369091203.1508.bin

2013-05-20 16:06 - 2013-05-20 16:06 - 00002061 ____A C:\ProgramData\1369091203.1952.bin

2013-05-20 16:06 - 2013-05-20 16:06 - 00000189 ____A C:\ProgramData\1369091203.1460.bin

2013-05-20 16:06 - 2013-05-20 16:04 - 08513768 ____A C:\Users\De Campo\Downloads\Antivirus_Free_Edition_x64.exe

2013-05-20 16:05 - 2013-05-20 16:05 - 00030425 ____A C:\ProgramData\1369091064.bdinstall.bin

2013-05-20 00:52 - 2013-05-20 00:52 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-05-20 00:52 - 2013-05-20 00:52 - 00000000 ____D C:\Users\De Campo\AppData\Roaming\Malwarebytes

2013-05-20 00:52 - 2013-05-20 00:52 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-05-20 00:52 - 2013-05-20 00:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-05-20 00:50 - 2013-05-20 00:50 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\De Campo\Downloads\mbam-setup-1.75.0.1300.exe

2013-05-20 00:25 - 2013-05-20 00:25 - 00364032 ____A C:\Windows\Minidump\052013-24648-01.dmp

2013-05-20 00:17 - 2009-07-13 22:08 - 00032558 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2013-05-20 00:16 - 2013-05-19 22:57 - 00045916 ____A C:\Windows\PFRO.log

2013-05-20 00:06 - 2013-05-20 00:06 - 00080456 ____A (Malwarebytes Corporation) C:\Users\De Campo\Downloads\mbam-clean-1.60.2.0003.exe

2013-05-19 23:44 - 2013-05-19 23:44 - 00000000 ____D C:\Users\De Campo\AppData\Local\RapidFinda

2013-05-19 23:41 - 2013-05-19 23:41 - 00607664 ____A C:\Users\De Campo\Downloads\malawarebytes dwnld.exe

2013-05-19 23:00 - 2013-05-19 23:00 - 00479568 ____A C:\Windows\Minidump\051913-22651-01.dmp

2013-05-19 22:54 - 2013-05-18 14:58 - 00000000 ____D C:\Program Files (x86)\FindLyrics

2013-05-19 22:42 - 2013-05-19 22:42 - 00271280 ____A C:\Users\De Campo\AppData\Local\GDIPFONTCACHEV1.DAT

2013-05-19 22:41 - 2013-05-19 22:41 - 00775648 ____A C:\Windows\System32\FNTCACHE.DAT

2013-05-19 22:41 - 2013-05-19 22:41 - 00000000 ____A C:\Windows\setuperr.log

2013-05-18 15:06 - 2012-04-30 19:04 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk

2013-05-18 15:06 - 2012-04-30 19:04 - 00000000 ____D C:\Program Files\CCleaner

2013-05-18 15:05 - 2013-05-18 15:05 - 04346816 ____A (Piriform Ltd) C:\Users\De Campo\Downloads\ccsetup401 (1).exe

2013-05-18 14:59 - 2013-05-18 14:59 - 00000000 ____D C:\ProgramData\Symantec

2013-05-18 14:59 - 2013-05-18 14:59 - 00000000 ____D C:\ProgramData\Norton

2013-05-18 14:58 - 2013-05-18 14:58 - 00607664 ____A C:\Users\De Campo\Downloads\setup (3).exe

2013-05-18 14:02 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache

2013-05-18 10:25 - 2012-04-21 06:42 - 00000000 ____D C:\Users\De Campo\AppData\Roaming\uTorrent

2013-05-18 08:15 - 2012-04-21 07:43 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-05-17 22:06 - 2012-04-21 06:19 - 00000000 ____D C:\users\De Campo

2013-05-17 18:41 - 2009-07-14 00:44 - 00000000 ___RD C:\Users\Public\Recorded TV

2013-05-17 18:41 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\registration

2013-05-17 18:41 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\AppCompat

2013-05-17 18:41 - 2009-07-13 20:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared

2013-05-05 14:36 - 2013-05-18 08:04 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-05-05 14:16 - 2013-05-18 08:04 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-05-05 12:25 - 2013-05-18 08:04 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-05-05 12:12 - 2013-05-18 08:04 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== BCD ================================

Windows Boot Manager

--------------------

identifier {bootmgr}

device partition=\Device\HarddiskVolume1

description Windows Boot Manager

locale en-US

inherit {globalsettings}

default {current}

resumeobject {bb187470-8bbb-11e1-81df-d3eeabbef435}

displayorder {current}

toolsdisplayorder {memdiag}

timeout 30

Windows Boot Loader

-------------------

identifier {current}

device partition=C:

path \Windows\system32\winload.exe

description Windows 7

locale en-US

inherit {bootloadersettings}

recoverysequence {bb187472-8bbb-11e1-81df-d3eeabbef435}

recoveryenabled Yes

osdevice partition=C:

systemroot \Windows

resumeobject {bb187470-8bbb-11e1-81df-d3eeabbef435}

nx OptIn

Windows Boot Loader

-------------------

identifier {bb187472-8bbb-11e1-81df-d3eeabbef435}

device ramdisk=[C:]\Recovery\bb187472-8bbb-11e1-81df-d3eeabbef435\Winre.wim,{bb187473-8bbb-11e1-81df-d3eeabbef435}

path \windows\system32\winload.exe

description Windows Recovery Environment

inherit {bootloadersettings}

osdevice ramdisk=[C:]\Recovery\bb187472-8bbb-11e1-81df-d3eeabbef435\Winre.wim,{bb187473-8bbb-11e1-81df-d3eeabbef435}

systemroot \windows

nx OptIn

winpe Yes

Resume from Hibernate

---------------------

identifier {bb187470-8bbb-11e1-81df-d3eeabbef435}

device partition=C:

path \Windows\system32\winresume.exe

description Windows Resume Application

locale en-US

inherit {resumeloadersettings}

filedevice partition=C:

filepath \hiberfil.sys

debugoptionenabled No

Windows Memory Tester

---------------------

identifier {memdiag}

device partition=\Device\HarddiskVolume1

path \boot\memtest.exe

description Windows Memory Diagnostic

locale en-US

inherit {globalsettings}

badmemoryaccess Yes

EMS Settings

------------

identifier {emssettings}

bootems Yes

Debugger Settings

-----------------

identifier {dbgsettings}

debugtype Serial

debugport 1

baudrate 115200

RAM Defects

-----------

identifier {badmemory}

Global Settings

---------------

identifier {globalsettings}

inherit {dbgsettings}

{emssettings}

{badmemory}

Boot Loader Settings

--------------------

identifier {bootloadersettings}

inherit {globalsettings}

{hypervisorsettings}

Hypervisor Settings

-------------------

identifier {hypervisorsettings}

hypervisordebugtype Serial

hypervisordebugport 1

hypervisorbaudrate 115200

Resume Loader Settings

----------------------

identifier {resumeloadersettings}

inherit {globalsettings}

Device options

--------------

identifier {bb187473-8bbb-11e1-81df-d3eeabbef435}

description Ramdisk Options

ramdisksdidevice partition=C:

ramdisksdipath \Recovery\bb187472-8bbb-11e1-81df-d3eeabbef435\boot.sdi

Last Boot: 2013-05-29 19:03

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-05-2013

Ran by De Campo at 2013-06-04 22:33:42 Run:

Running from J:\

Boot Mode: Safe Mode (with Networking)

==========================================================

==================== Installed Programs =======================

Update for Microsoft Office 2007 (KB2508958)

µTorrent (Version: 3.1.3)

64 Bit HP CIO Components Installer (Version: 7.2.8)

7500_7600_7700_Help1 (Version: 1.00.0000)

7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)

7-Zip 9.21 (Version: 9.21.00.0)

Adobe Flash Player 11 ActiveX 64-bit (Version: 11.2.202.233)

Adobe Reader X (10.1.6) (Version: 10.1.6)

Apple Application Support (Version: 2.3.3)

Apple Mobile Device Support (Version: 6.1.0.13)

Apple Software Update (Version: 2.1.3.127)

Belkin Setup and Router Monitor

Belkin USB Print and Storage Center (Version: 1.1.4)

Bing Bar (Version: 7.1.361.0)

Bitdefender Antivirus Free Edition (Version: 1.0.15.946)

Bonjour (Version: 3.0.0.10)

bpd_scan_Carrier (Version: 3.00.0000)

BPDSoftware (Version: 140.0.000.000)

BPDSoftware_Ini (Version: 1.00.0000)

BufferChm (Version: 140.0.213.000)

Catalina Savings Printer (Version: 1.0.0)

CCleaner (Version: 4.01)

Check Designer (Version: 1.00.000)

CouponBar (Version: 5.0.0.5)

Destinations (Version: 130.0.0.0)

DeviceDiscovery (Version: 140.0.213.000)

DocProc (Version: 140.0.100.000)

ezCheckPrinting (Version: 5.0.11)

ezPaycheck (Version: 3.3.12)

Fax (Version: 140.0.213.000)

Google Chrome (Version: 27.0.1453.94)

Google Desktop (Version: 5.9.1005.12335)

Google Earth (Version: 6.2.1.6014)

Google Talk (remove only)

GPBaseService2 (Version: 140.0.212.000)

HP Customer Participation Program 14.0 (Version: 14.0)

HP Imaging Device Functions 14.0 (Version: 14.0)

HP OfficeJet L7300/L7500/7600/7700 (Version: 14.0)

HP Smart Web Printing 4.60 (Version: 4.60)

HP Solution Center 14.0 (Version: 14.0)

HP Update (Version: 5.005.000.002)

HPDiagnosticAlert (Version: 1.00.0000)

HPProductAssistant (Version: 140.0.213.000)

HPSSupply (Version: 140.0.212.000)

iCloud (Version: 2.1.2.8)

iTunes (Version: 11.0.2.26)

Java 7 Update 7 (Version: 7.0.70)

Java Auto Updater (Version: 2.1.9.0)

Java 6 Update 31 (Version: 6.0.310)

JavaFX 2.1.1 (Version: 2.1.1)

L7700 (Version: 140.0.000.000)

Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)

MarketResearch (Version: 140.0.214.000)

McAfee Security Scan Plus (Version: 2.1.121.2)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft Application Error Reporting (Version: 12.0.6015.5000)

Microsoft IntelliPoint 8.2 (Version: 8.20.468.0)

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)

Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)

Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)

Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)

Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Silverlight (Version: 5.1.20125.0)

Mozilla Firefox 12.0 (x86 en-US) (Version: 12.0)

Mozilla Maintenance Service (Version: 12.0)

MPM (Version: 1.00.0000)

MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)

MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)

MySoftware Fonts

Network64 (Version: 140.0.215.000)

Network64 (Version: 140.0.221.000)

NVIDIA 3D Vision Driver 311.06 (Version: 311.06)

NVIDIA Control Panel 311.06 (Version: 311.06)

NVIDIA Graphics Driver 311.06 (Version: 311.06)

NVIDIA Install Application (Version: 2.1002.108.688)

NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1106)

NVIDIA Update 1.11.3 (Version: 1.11.3)

NVIDIA Update Components (Version: 1.11.3)

OCR Software by I.R.I.S. 14.0 (Version: 14.0)

ProductContext (Version: 140.0.000.000)

PVSonyDll (Version: 1.00.0001)

QuickTime (Version: 7.73.80.64)

Realtek High Definition Audio Driver (Version: 6.0.1.5910)

Scan (Version: 140.0.167.000)

Shop for HP Supplies (Version: 14.0)

Skype™ 5.9 (Version: 5.9.114)

SmartWebPrinting (Version: 140.0.213.000)

Solid Savings (Version: 1.26.153.1)

SolutionCenter (Version: 140.0.214.000)

Status (Version: 140.0.256.000)

Toolbox (Version: 140.0.428.000)

TrayApp (Version: 140.0.213.000)

Unity Web Player (Version: 2.5.5b4_50)

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817359) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Video Mover

VLC media player 2.0.1 (Version: 2.0.1)

WebReg (Version: 140.0.213.017)

Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)

==================== Restore Points =========================

21-05-2013 01:36:13 Scheduled Checkpoint

30-05-2013 02:10:12 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver

Description: Security Processor Loader Driver

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer:

Service: spldr

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: eHome Infrared Receiver (USBCIR)

Description: eHome Infrared Receiver (USBCIR)

Class Guid: {36fc9e60-c465-11cf-8056-444553540000}

Manufacturer: Microsoft

Service: usbcir

Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)

Resolution: Update the driver

Name: Officejet Pro L7700

Description: Officejet Pro L7700

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: HP

Service:

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Consumer IR Devices

Description: Consumer IR Devices

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: circlass

Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)

Resolution: Update the driver

Name: SXUPTP Driver

Description: SXUPTP Driver

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: Belkin International, Inc.

Service: sxuptp

Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)

Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

==================== Event log errors: =========================

Application errors:

==================

Error: (06/01/2013 09:31:35 AM) (Source: NVIDIA OpenGL Driver) (User: )

Description: The NVIDIA OpenGL driver lost connection with the display

driver due to exceeding the Windows Time-Out limit and is unable to continue.

The application must close.

Error code: 7

Visit http://nvidia.custhelp.com/cgi-bin/nvidia.cfg/php/enduser/std_adp.php?p_faqid=3007 for more information.

Error: (05/31/2013 11:18:01 PM) (Source: NVIDIA OpenGL Driver) (User: )

Description: The NVIDIA OpenGL driver detected a problem with the display

driver and is unable to continue. The application must close.

Error code: 3

Visit http://www.nvidia.com/page/support.html for more information.

Error: (05/29/2013 10:38:43 PM) (Source: NVIDIA OpenGL Driver) (User: )

Description: The NVIDIA OpenGL driver detected a problem with the display

driver and is unable to continue. The application must close.

Error code: 3

Visit http://www.nvidia.com/page/support.html for more information.

Error: (05/29/2013 09:47:11 PM) (Source: Application Hang) (User: )

Description: The program PhotoScreensaver.scr version 6.1.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 146c

Start Time: 01ce5cdfb708ea92

Termination Time: 20

Application Path: C:\Windows\system32\PhotoScreensaver.scr

Report Id: f4380d42-c8e3-11e2-90f5-001e8c5c64ae

Error: (05/20/2013 08:43:10 PM) (Source: Application Hang) (User: )

Description: The program chrome.exe version 26.0.1410.64 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1298

Start Time: 01ce55d469c3c07c

Termination Time: 1821

Application Path: C:\Users\De Campo\AppData\Local\Google\Chrome\Application\chrome.exe

Report Id: 7ed19460-c1c8-11e2-a797-001e8c5c64ae

Error: (05/20/2013 04:24:25 PM) (Source: Microsoft Security Client Setup) (User: DeCampo-PC)

Description: HRESULT:0x8004FF0A

Description:Security Essentials is still installed on your computer.. Security Essentials was not removed from your computer. It will continue to monitor your computer and help protect it from potential threats. Error code:0x8004FF0A.

Error: (05/20/2013 04:05:43 PM) (Source: Microsoft Security Client Setup) (User: DeCampo-PC)

Description: HRESULT:0x8004FF11

Description:Can’t install Microsoft Security Essentials on a computer running in safe mode. Your computer is currently running in safe mode. To install Security Essentials, your computer must be running in normal mode. Please restart your computer in normal mode, and then try to run the Security Essentials Setup Wizard again. Error code:0x8004FF11.

Error: (05/19/2013 10:42:03 PM) (Source: Windows Search Service) (User: )

Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:

The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/19/2013 10:42:03 PM) (Source: Windows Search Service) (User: )

Description: The index cannot be initialized.

Details:

The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/19/2013 10:42:03 PM) (Source: Windows Search Service) (User: )

Description: The application cannot be initialized.

Context: Windows Application

Details:

The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

System errors:

=============

Error: (06/04/2013 10:28:58 PM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error:

%%1068

Error: (06/04/2013 10:28:58 PM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error:

%%1068

Error: (06/04/2013 10:28:58 PM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error:

%%1068

Error: (06/04/2013 10:26:52 PM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error:

%%1068

Error: (06/04/2013 10:26:52 PM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error:

%%1068

Error: (06/04/2013 10:26:52 PM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error:

%%1068

Error: (06/04/2013 10:21:52 PM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error:

%%1068

Error: (06/04/2013 10:21:52 PM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error:

%%1068

Error: (06/04/2013 10:21:52 PM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error:

%%1068

Error: (06/04/2013 10:19:44 PM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error:

%%1068

Microsoft Office Sessions:

=========================

Error: (04/11/2013 03:19:29 AM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 28250 seconds with 1680 seconds of active time. This session ended with a crash.

CodeIntegrity Errors:

===================================

Date: 2013-03-25 15:34:23.170

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-03-25 15:34:23.097

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-03-25 15:33:54.245

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-03-25 15:33:54.169

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-03-25 15:33:37.380

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-03-25 15:33:37.294

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Percentage of memory in use: 24%

Total physical RAM: 3071.29 MB

Available physical RAM: 2321.14 MB

Total Pagefile: 6140.76 MB

Available Pagefile: 5390.97 MB

Total Virtual: 8192 MB

Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:372.51 GB) (Free:302.15 GB) NTFS (Disk=0 Partition=2)

Drive j: () (Removable) (Total:3.73 GB) (Free:3.73 GB) FAT32 (Disk=5 Partition=1)

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 373 GB) (Disk ID: 6291CC88)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=373 GB) - (Type=07 NTFS)

========================================================

Disk: 5 (Size: 4 GB) (Disk ID: 00000000)

Partition 1: (Not Active) - (Size=4 GB) - (Type=0B)

==================== End Of Log ============================

Farbar Service Scanner Version: 31-05-2013 01

Ran by De Campo (administrator) on 04-06-2013 at 22:45:26

Running from "C:\Users\De Campo\Downloads"

Windows 7 Home Premium Service Pack 1 (X64)

Boot Mode: Network

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

System Restore:

============

SDRSVC Service is not running. Checking service configuration:

The start type of SDRSVC service is OK.

The ImagePath of SDRSVC service is OK.

The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:

The start type of VSS service is OK.

The ImagePath of VSS service is OK.

System Restore Disabled Policy:

========================

Action Center:

============

wscsvc Service is not running. Checking service configuration:

The start type of wscsvc service is OK.

The ImagePath of wscsvc service is OK.

The ServiceDll of wscsvc service is OK.

Windows Update:

============

wuauserv Service is not running. Checking service configuration:

The start type of wuauserv service is OK.

The ImagePath of wuauserv service is OK.

The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:

The start type of BITS service is OK.

The ImagePath of BITS service is OK.

The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:

The start type of EventSystem service is OK.

The ImagePath of EventSystem service is OK.

The ServiceDll of EventSystem service is OK.

Windows Autoupdate Disabled Policy:

============================

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

The start type of WinDefend service is set to Demand. The default start type is Auto.

The ImagePath of WinDefend service is OK.

The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:

==========================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware"=DWORD:1

Other Services:

==============

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll => MD5 is legit

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll => MD5 is legit

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\wscsvc.dll => MD5 is legit

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll => MD5 is legit

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

Share this post


Link to post
Share on other sites

Seems to be no malware related problem...

System File Check

  • Press the Windows key to open the start menu.
  • Don´t highlight anything, just write cmd.
  • The start menu will offer you an entry named cmd.
  • Right click it and select "run as administrator"
  • Within the opening window, write the following:

sfc /scannow

(See the blank within).

  • Hit enter. Your system will be checked for damaged system files.
  • Tell me the result of that scan in here (as the tool produces no log).

Share this post


Link to post
Share on other sites

It said: Windows Resource Protection found corrupt files but was unable to fix some of the problem.

Share this post


Link to post
Share on other sites

That´s what I expected...

Please download Windows Repair (all in one) from here.

Install the program then run it.

Go to step 2 and allow it to run Disk check.

Capture3.gif

Once that is done then go to step 3 and allow it to run SFC

Capture.gif

On the the Start Repairs tab, unselect all.

Check only the following:

  • Reset Registry Permissions
  • Reset File Permissions
  • Register System Files
  • Windows Firewall
  • Repair Windows Updates

then click on Start

DON'T use the computer while each scan is in progress.

Restart may be needed to finish the repair procedure.

Let me know how that worked out for you.

Share this post


Link to post
Share on other sites

I did the repairs in safe mode with networking capabilities because I was having the problems with my computer in regular mode. It warned me that the repairs might not work in regular mode, but I proceeded anyway. During Step 1, I said no malicious items were detected. During Step 2, it restarted the computer on safe mode with networking but when it downloaded the files, it stopped and restarted itself again. The rest of the process went well ( I think). Now I'm using my computer in regular mode so we'll see.

Thank you SO MUCH for your step by step guidance. You're a life saver!!

Share this post


Link to post
Share on other sites

We´re not finished yet!

Please post up another log of Farbar´s Service Scanner.

Also, uninstall the following programs...

CouponBar

McAfee Security Scan Plus

Share this post


Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.