GENERALKA

1

GENERALKA

offline
  • Pridružio: 01 Sep 2007
  • Poruke: 137

Napisano: 04 Apr 2014 13:31

Opet ja,ovaj put sa desktop-a.

Problemi:
Kad se upali comp treba mu vremena da dodje sebi.
Pozadina je crna,mogu promenit al se vrati i pise
"You may be a victim of software counterfeiting.This copy of Windows did not pass genuine Windows validation."
Surfovanje zna da bude sporo a nekad nece ni da ucita iako mi je net brz.
Chrome zna iz cista mira da se ugasi uz onu poruku sa "dont send"

Dopuna: 04 Apr 2014 13:32

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2
Run by Srdjan at 13:18:36 on 2014-04-04
Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.2047.570 [GMT 2:00]
.
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Microsoft\BingBar\7.3.132.0\BBSvc.exe
C:\Program Files\DefaultTab\DefaultTabSearch.exe
C:\Documents and Settings\Srdjan\Application Data\DefaultTab\DefaultTab\DTUpdate.exe
C:\Program Files\DU Meter\DUMeterSvc.exe
C:\WINDOWS\system32\dmwu.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Telenor Internet\BackgroundService\ServiceManager.exe
C:\Program Files\T-Mobile Internet Manager\AssistantServices.exe
C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Hide My IP 2008\SecureSrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\jmdp\stij.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\NewSoft\Smart Start UP\PnPDetect.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\T-Mobile Internet Manager\UIExec.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Telenor Internet\BackgroundService\ModemListener.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Bench\BService\bservice.exe
C:\Program Files\Bench\Wd\wd.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\PROGRA~1\DUMETE~1\DUMeter.exe
C:\Program Files\MCShield\MCShieldRTM.exe
C:\Program Files\MCShield\MCShieldTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Srdjan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\Srdjan\Local Settings\Application Data\Updater21806\Updater21806.exe
C:\Documents and Settings\Srdjan\Local Settings\Application Data\Google\Update\1.3.22.3\GoogleCrashHandler.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
C:\Program Files\WinAlarm\WinAlarm.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Documents and Settings\Srdjan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Srdjan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Srdjan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Srdjan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Srdjan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Srdjan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Srdjan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Srdjan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Srdjan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\DefaultTab\DefaultTabHost.exe
C:\Documents and Settings\Srdjan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Srdjan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Srdjan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\ASUS\USB-N10 WLAN Card Utilities\Wireless.exe
C:\Documents and Settings\Srdjan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Srdjan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft\BingBar\7.3.132.0\SeaPort.exe
C:\Documents and Settings\Srdjan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\DAP\DAP.EXE
c:\program files\avira\antivir desktop\avscan.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.mysearchresults.com/?c=3513&t=01
uWindow Title = Internet Explorer, optimized for Bing and MSN
uInternet Connection Wizard,ShellNext = iexplore
uProxyOverride = local
uURLSearchHooks: Softonic English Toolbar: {930f1200-f5f1-4870-bac6-e233ec8e7023} - c:\program files\softonic_english\prxtbSof2.dll
uURLSearchHooks: SrchHook Class: {F4F10C1D-87C7-404A-B4B3-000000000000} - c:\program files\dap\SBSearch.dll
uURLSearchHooks: <No Name>: {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - c:\program files\asksbar\srchastt\1.bin\A2SRCHAS.DLL
uURLSearchHooks: BBB003 Toolbar: {ce18769b-c7fa-42d2-860d-17c4662c70ad} - c:\program files\babylon-english\prxtbBab2.dll
uURLSearchHooks: mipony-plugin Toolbar: {90d46c30-9f25-4104-aea9-35c3f84477ff} - c:\program files\mipony-plugin\prxtbmip0.dll
BHO: Ask Search Assistant BHO: {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - c:\program files\asksbar\srchastt\1.bin\A2SRCHAS.DLL
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.8.141\McAfeeMSS_IE.dll
BHO: Deals Plugin Extension: {11111111-1111-1111-1111-110211181106} - c:\program files\deals plugin extension\Deals Plugin Extension.dll
BHO: privitize Helper Object: {1ACB5ABE-4890-4747-952C-F13BDB93FB75} - c:\program files\industriya\privitize\1.8.16.22\bh\privitize.dll
BHO: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} - c:\program files\babylontoolbar\babylontoolbar\1.8.7.2\bh\BabylonToolbar.dll
BHO: FGCatchUrl: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - c:\program files\flashget\jccatch.dll
BHO: SBCONVERT Class: {3017FB3E-9A77-4396-88C5-0EC9548FB42F} - c:\program files\speedbit video downloader\toolbar\tbcore3.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Web Assistant: {336D0C35-8A85-403a-B9D2-65C292C39087} - c:\program files\web assistant\Extension32.dll
BHO: SearchPredictObj Class: {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - c:\program files\searchpredict\SearchPredict.dll
BHO: Incredibar.com Helper Object: {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - c:\program files\incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\documents and settings\srdjan\application data\defaulttab\defaulttab\DefaultTabBHO.dll
BHO: Windows Live pomagač za prijavljivanje: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: mipony-plugin Toolbar: {90d46c30-9f25-4104-aea9-35c3f84477ff} - c:\program files\mipony-plugin\prxtbmip0.dll
BHO: MAAgniPic: {91435A04-ED7F-F528-55B0-A1B32D234BE5} - c:\documents and settings\all users.windows\application data\maagnipic\517c6abd60ea9.dll
BHO: Softonic English Toolbar: {930f1200-f5f1-4870-bac6-e233ec8e7023} - c:\program files\softonic_english\prxtbSof2.dll
BHO: URLHooker2 Class: {93935F7F-9C88-42F8-8445-95251D27FABC} -
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: BBB003 Toolbar: {ce18769b-c7fa-42d2-860d-17c4662c70ad} - c:\program files\babylon-english\prxtbBab2.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.3.132.0\BingExt.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: kikin Plugin: {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Ask Toolbar BHO: {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - c:\program files\asksbar\bar\1.bin\ASKSBAR.DLL
BHO: DAPIELoader Class: {FF6C3CF0-4B15-11D1-ABED-709549C10000} - c:\program files\dap\dapieloader.dll
BHO: GrabberObj Class: {FF7C3CF0-4B15-11D1-ABED-709549C10000} - c:\program files\speedbit video downloader\toolbar\Grabber.dll
TB: Softonic English Toolbar: {930F1200-F5F1-4870-BAC6-E233EC8E7023} - c:\program files\softonic_english\prxtbSof2.dll
TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: SpeedBit Video Downloader: {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - c:\program files\speedbit video downloader\toolbar\tbcore3.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: BBB003 Toolbar: {CE18769B-C7FA-42D2-860D-17C4662C70AD} - c:\program files\babylon-english\prxtbBab2.dll
TB: mipony-plugin Toolbar: {90D46C30-9F25-4104-AEA9-35C3F84477FF} - c:\program files\mipony-plugin\prxtbmip0.dll
TB: Ask Toolbar: {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - c:\program files\asksbar\bar\1.bin\ASKSBAR.DLL
TB: Softonic English Toolbar: {930f1200-f5f1-4870-bac6-e233ec8e7023} - c:\program files\softonic_english\prxtbSof2.dll
TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: SpeedBit Video Downloader: {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - c:\program files\speedbit video downloader\toolbar\tbcore3.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Ask Toolbar: {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - c:\program files\asksbar\bar\1.bin\ASKSBAR.DLL
TB: BBB003 Toolbar: {ce18769b-c7fa-42d2-860d-17c4662c70ad} - c:\program files\babylon-english\prxtbBab2.dll
TB: mipony-plugin Toolbar: {90d46c30-9f25-4104-aea9-35c3f84477ff} - c:\program files\mipony-plugin\prxtbmip0.dll
TB: Incredibar Toolbar: {F9639E4A-801B-4843-AEE3-03D9DA199E77} - c:\program files\incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
TB: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} - c:\program files\babylontoolbar\babylontoolbar\1.8.7.2\BabylonToolbarTlbr.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\microsoft\bingbar\7.3.132.0\BingExt.dll
uRun: [PcSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\axcmd.exe" /automount
uRun: [DU Meter] c:\program files\du meter\DUMeter.exe
uRun: [MCShield] c:\program files\mcshield\MCShieldRTM.exe
uRun: [MCShieldTray] c:\program files\mcshield\MCShieldTray.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [RavenBleuSA] "c:\documents and settings\srdjan\local settings\application data\ravenbleusa\bin\1.0.11.0\RavenBleuSA.exe"
uRun: [Google Update] "c:\documents and settings\srdjan\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Updater21806.exe] c:\documents and settings\srdjan\local settings\application data\updater21806\Updater21806.exe /extensionid=21806 /extensionname='Deals Plugin Extension' /chromeid=bbhgoadfgiandmaieopaphefbhcdpfaf /stayidle /delay=300
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [PCSuiteTrayApplication] c:\program files\nokia\nokia pc suite 6\LaunchApplication.exe -onlytray
mRun: [DataLayer] c:\program files\common files\pcsuite\datalayer\DataLayer.exe
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [WinSys2] c:\windows\system32\winsys2.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RemoteControl] "c:\program files\asustek\asusdvd\PDVDServ.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Smart Start UP] c:\program files\newsoft\smart start up\PnPDetect.exe /Automation
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe
mRun: [Aimersoft Helper Compact.exe] c:\program files\common files\aimersoft\aimersoft helper compact\ASHelper.exe
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [UIExec] "c:\program files\t-mobile internet manager\UIExec.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Telenor_Montenegro Imola ModemListener] c:\program files\telenor internet\backgroundservice\ModemListener.exe start
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [BService] c:\program files\bench\bservice\bservice.exe
mRun: [Wd] c:\program files\bench\wd\wd.exe
mRunOnce: [Deals Plugin-repairJob] wscript.exe "c:\documents and settings\srdjan\local settings\application data\deals plugin\repair.js" "Deals Plugin-repairJob"
StartupFolder: c:\docume~1\srdjan\startm~1\programs\startup\shortc~1.lnk - c:\program files\winalarm\WinAlarm.exe
StartupFolder: c:\docume~1\srdjan\startm~1\programs\startup\yahoo!~1.lnk - c:\program files\yahoo!\widgets\YahooWidgets.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\asusus~1.lnk - c:\program files\asus\usb-n10 wlan card utilities\Center.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.8.141\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: &Preuzmi sa FlashGet-om - c:\program files\flashget\jc_link.htm
IE: &Preuzmi sve sa FlashGet-om - c:\program files\flashget\jc_all.htm
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: Download with Mipony - c:\program files\mipony\browser\IEContext.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\windows\system32\securenet.dll
LSP: c:\program files\avira\antivir desktop\avsda.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
TCP: NameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{9F2ADAD9-BDBE-4AF1-B36E-A2A80F54EBC3} : DHCPNameServer = 192.168.1.1 192.168.1.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 54.225.95.126 fickfgcleonkfojnjddoccbkaliaobcf
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\srdjan\application data\mozilla\firefox\profiles\0vat2lnb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2465030&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Search The Web (privitize)
FF - prefs.js: browser.startup.homepage - hxxp://searchou.com/?id=d0a1dfa6000000000000005345000000
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2465030&q=
FF - component: c:\documents and settings\srdjan\application data\mozilla\firefox\profiles\0vat2lnb.default\extensions\{90d46c30-9f25-4104-aea9-35c3f84477ff}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\srdjan\application data\mozilla\firefox\profiles\0vat2lnb.default\extensions\{90d46c30-9f25-4104-aea9-35c3f84477ff}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\srdjan\application data\mozilla\firefox\profiles\0vat2lnb.default\extensions\{aa994882-f391-4d2e-806f-8908da4814ed}\components\kikin_3_0.dll
FF - component: c:\documents and settings\srdjan\application data\mozilla\firefox\profiles\0vat2lnb.default\extensions\{aa994882-f391-4d2e-806f-8908da4814ed}\components\kikin_3_6.dll
FF - component: c:\documents and settings\srdjan\application data\mozilla\firefox\profiles\0vat2lnb.default\extensions\{b88b1d29-b49c-455d-9fd2-3acd06af56b8}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\srdjan\application data\mozilla\firefox\profiles\0vat2lnb.default\extensions\{b88b1d29-b49c-455d-9fd2-3acd06af56b8}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\srdjan\application data\mozilla\firefox\profiles\0vat2lnb.default\extensions\{ce18769b-c7fa-42d2-860d-17c4662c70ad}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\srdjan\application data\mozilla\firefox\profiles\0vat2lnb.default\extensions\{ce18769b-c7fa-42d2-860d-17c4662c70ad}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\srdjan\application data\mozilla\firefox\profiles\0vat2lnb.default\extensions\{d3dc5de2-0384-43b1-bea5-80d202086138}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\srdjan\application data\mozilla\firefox\profiles\0vat2lnb.default\extensions\{fcab6fdd-5585-425b-95c1-5ed856f3fd08}\components\nsCatcher.dll
FF - component: c:\program files\dap\dapfirefox\components\DAPFireFox.dll
FF - component: c:\program files\mozilla firefox\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\components\FFAlert.dll
FF - component: c:\program files\speedbit video downloader\spfirefox\components\Engine.dll
FF - component: c:\program files\t-mobile internet manager\addon\components\bmboc_addon3.dll
FF - plugin: c:\documents and settings\srdjan\application data\mozilla\firefox\profiles\0vat2lnb.default\extensions\{90d46c30-9f25-4104-aea9-35c3f84477ff}\plugins\np-mswmp.dll
FF - plugin: c:\documents and settings\srdjan\application data\mozilla\firefox\profiles\0vat2lnb.default\extensions\{90d46c30-9f25-4104-aea9-35c3f84477ff}\plugins\npConduitFirefoxPlugin.dll
FF - plugin: c:\documents and settings\srdjan\application data\mozilla\firefox\profiles\0vat2lnb.default\extensions\{b88b1d29-b49c-455d-9fd2-3acd06af56b8}\plugins\np-mswmp.dll
FF - plugin: c:\documents and settings\srdjan\application data\mozilla\firefox\profiles\0vat2lnb.default\extensions\{b88b1d29-b49c-455d-9fd2-3acd06af56b8}\plugins\npConduitFirefoxPlugin.dll
FF - plugin: c:\documents and settings\srdjan\application data\mozilla\firefox\profiles\0vat2lnb.default\extensions\{d3dc5de2-0384-43b1-bea5-80d202086138}\plugins\np-mswmp.dll
FF - plugin: c:\documents and settings\srdjan\application data\mozilla\firefox\profiles\0vat2lnb.default\extensions\{d3dc5de2-0384-43b1-bea5-80d202086138}\plugins\npConduitFirefoxPlugin.dll
FF - plugin: c:\documents and settings\srdjan\local settings\application data\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\documents and settings\srdjan\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\documents and settings\srdjan\local settings\application data\yahoo!\browserplus\2.4.21\plugins\npybrowserplus_2.4.21.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\heroes & generals\live\npretoxlive.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mcafee security scan\3.8.141\npMcAfeeMSS.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPAskSBr.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npkimi.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\tvuplayer\npTVUAx.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_169.dll
FF - ExtSQL: 2014-02-23 21:23; dgvcsc-tjod@u-scuyo.com; c:\documents and settings\srdjan\application data\mozilla\firefox\profiles\0vat2lnb.default\extensions\dgvcsc-tjod@u-scuyo.com
FF - ExtSQL: 2014-03-17 21:12; bd76oi@fllia.com; c:\documents and settings\srdjan\application data\mozilla\firefox\profiles\0vat2lnb.default\extensions\bd76oi@fllia.com
FF - ExtSQL: !HIDDEN! 2009-10-19 23:40; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8D0ggWG7&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - d0a1dfa6000000000000005345000000
FF - user.js: extensions.incredibar_i.instlDay - 15576
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.143:08:27
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6R8D0ggWG7
FF - user.js: extensions.incredibar_i.upn2n - 92824933240078427
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10643
FF - user.js: extensions.incredibar_i.ppd - 1
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=d0a1dfa6000000000000005345000000&q=
FF - user.js: extensions.BabylonToolbar.id - d0a1dfa6000000000000005345000000
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15714
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.7.2
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.7.2
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.7.221:29:30
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar_i.excTlbr - false
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=117023&tt=090113_ctrl_0213_2
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar.rvrt - false
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.privitize.hpOld0 - hxxp://www.mysearchresults.com/?c=3513&t=07
FF - user.js: extensions.privitize.tlbrSrchUrl - hxxp://searchou.com/?id=d0a1dfa6000000000000005345000000&q=
FF - user.js: extensions.privitize.id - d0a1dfa6000000000000005345000000
FF - user.js: extensions.privitize.appId - {301966DF-A84B-4255-AAB9-574B5CE237E4}
FF - user.js: extensions.privitize.instlDay - 15822
FF - user.js: extensions.privitize.vrsn - 1.8.16.22
FF - user.js: extensions.privitize.vrsni - 1.8.16.22
FF - user.js: extensions.privitize.vrsnTs - 1.8.16.221:36:22
FF - user.js: extensions.privitize.prtnrId - privitize
FF - user.js: extensions.privitize.prdct - privitize
FF - user.js: extensions.privitize.aflt - orgnl
FF - user.js: extensions.privitize.smplGrp - none
FF - user.js: extensions.privitize.tlbrId - base
FF - user.js: extensions.privitize.instlRef -
FF - user.js: extensions.privitize.dfltLng -
FF - user.js: extensions.privitize.excTlbr - true
FF - user.js: extensions.privitize.ffxUnstlRst - false
FF - user.js: extensions.privitize.admin - false
FF - user.js: extensions.privitize.autoRvrt - false
FF - user.js: extensions.privitize.rvrt - false
FF - user.js: extensions.privitize.hmpg - true
FF - user.js: extensions.privitize.hmpgUrl - hxxp://searchou.com/?id=d0a1dfa6000000000000005345000000
FF - user.js: extensions.privitize.dfltSrch - true
FF - user.js: extensions.privitize.srchPrvdr - Search The Web (privitize)
FF - user.js: extensions.privitize.kw_url - hxxp://searchou.com/?q={searchTerms}&id=d0a1dfa6000000000000005345000000
FF - user.js: extensions.privitize.dnsErr - true
FF - user.js: extensions.privitize.newTab - true
FF - user.js: extensions.privitize.newTabUrl - hxxp://searchou.com/?id=d0a1dfa6000000000000005345000000
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2014-2-22 37352]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2014-2-22 440400]
R2 AntiVirService;Avira Real-Time Protection;c:\program files\avira\antivir desktop\avguard.exe [2014-2-22 440400]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2014-2-22 90400]
R2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.3.132.0\BBSvc.EXE [2014-3-12 193696]
R2 DefaultTabSearch;DefaultTabSearch;c:\program files\defaulttab\DefaultTabSearch.exe [2013-12-20 574464]
R2 DefaultTabUpdate;DefaultTabUpdate;c:\documents and settings\srdjan\application data\defaulttab\defaulttab\DTUpdate.exe [2013-4-24 107520]
R2 DUMeterSvc;DU Meter Service;c:\program files\du meter\DUMeterSvc.exe [2011-7-29 1411616]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2011-8-1 38144]
R2 IBUpdaterService;IBUpdaterService;c:\windows\system32\dmwu.exe [2013-3-10 1156400]
R2 NetProbe;NetProbe Packet Driver;c:\windows\system32\drivers\NetProbe.sys [2009-3-24 5365]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users.windows\application data\skype\toolbars\skype c2c service\c2c_service.exe [2013-10-9 3275136]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]
R2 Telenor_Montenegro Imola Modem Device Helper;Telenor_Montenegro Imola Modem Device Helper;c:\program files\telenor internet\backgroundservice\servicemanager.exe -start --> c:\program files\telenor internet\backgroundservice\ServiceManager.exe -start [?]
R2 UI Assistant Service;UI Assistant Service;c:\program files\t-mobile internet manager\AssistantServices.exe [2012-9-17 245384]
R2 Web Assistant Updater;Web Assistant Updater;c:\program files\web assistant\ExtensionUpdaterService.exe [2012-8-24 188760]
R2 Web Assistant;Web Assistant;c:\program files\web assistant\ExtensionUpdaterService.exe [2012-8-24 188760]
R3 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [2009-11-8 4096]
R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.3.132.0\SeaPort.EXE [2014-3-12 247968]
R3 DUMeterDrv;Hagel Technologies DU Meter traffic accounting driver;c:\program files\du meter\DUM_XP32.sys [2011-7-29 16424]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [2011-8-11 606440]
R3 SecureSrv;SecureSrv;c:\program files\hide my ip 2008\SecureSrv.exe [2013-1-31 110880]
S2 BasicScan Service;BasicScan Service;"c:\program files\basicscan\basicscan.exe" "c:\program files\basicscan\basicscan.dll" toruxogera voqemixe --> c:\program files\basicscan\basicscan.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
S2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\speedb~2\videoacceleratorservice.exe -start -scm --> c:\progra~1\speedb~2\VideoAcceleratorService.exe -start -scm [?]
S3 BTCAMDRV;Mobiola Web Camera driver;c:\windows\system32\drivers\BTCamDrv.sys [2010-3-6 219264]
S3 cpuz134;cpuz134;c:\program files\cpuid\pc wizard 2010\pcwiz_x32.sys [2011-6-17 20328]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2011-3-17 100736]
S3 jrdusbser;Modem Interface Device for Legacy Serial Communication;c:\windows\system32\drivers\jrdusbser.sys [2014-2-1 106112]
S3 leafnets;Leaf Networks Adapter;c:\windows\system32\drivers\leafnets.sys [2007-5-3 55296]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2012-9-17 9216]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.8.141\McCHSvc.exe [2014-1-16 235696]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2011-11-27 34064]
S3 qcusbser;Mobile Connector USB Device for Legacy Serial Communication;c:\windows\system32\drivers\cmusbser.sys [2008-3-17 97408]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WPRO_40_1123;WinPcap Packet Driver (WPRO_40_1123);c:\windows\system32\drivers\wpro_40_1123.sys --> c:\windows\system32\drivers\WPRO_40_1123.sys [?]
S4 AntiVirWebService;Avira Web Protection;c:\program files\avira\antivir desktop\avwebgrd.exe [2014-2-22 1017424]
.
=============== File Associations ===============
.
ShellExec: FRONTPG.EXE: edit=c:\progra~1\micros~2\office10\FRONTPG.EXE
ShellExec: sdocs.exe: open=c:\program files\lhsp\speechdocs\programs\sdocs.exe
.
=============== Created Last 30 ================
.
2014-03-06 17:47:58 -------- d-----w- c:\documents and settings\all users.windows\application data\DeAelExpREss
.
==================== Find3M ====================
.
2014-02-22 18:32:21 90400 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-02-22 18:32:21 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2014-02-17 13:43:46 376832 ----a-w- c:\windows\system32\AegisI5Installer.exe
2014-02-17 13:43:46 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys
.
============= FINISH: 13:20:27.18 ===============

Dopuna: 04 Apr 2014 13:33

mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
Zatim klikni na Start --> Run , a zatim kopiraj pažljivo sledeci tekst

"%userprofile%\Desktop\ComboFix.exe" /KillAll;
u prozoru koji se otvori klikni "I Agree".

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.



Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku;
Nemoj kliktati u okviru ComboFix prozora dok radi jer to može usporiti rad alata;
Nemoj ponovo pokretati ComboFix na svoju ruku - javi se u temi bilo kakav problem da imaš tokom prvog pokretanja alata;
Ako nakon restarta dobijaš grešku prilikom startovanja pojedinih programa da su označeni za brisanje (Illegal operation attempted on a registry key that has been marked for deletion), onda ponovo restartuj sistem i to ce rešiti problem.

offline
  • Pridružio: 01 Sep 2007
  • Poruke: 137

Napisano: 04 Apr 2014 15:01

ComboFix 14-04-03.01 - Srdjan 04.04.2014 14:28:46.7.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.2047.1482 [GMT 2:00]
Running from: c:\documents and settings\Srdjan\Desktop\ComboFix.exe
Command switches used :: /KillAll
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users.WINDOWS\Application Data\cbd6120657de19e9d632575fe7675108_c
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\010ADD2C.TMP
c:\documents and settings\Srdjan\Application Data\DefaultTab\DefaultTab
c:\documents and settings\Srdjan\Application Data\DefaultTab\DefaultTab\addon.ico
c:\documents and settings\Srdjan\Application Data\DefaultTab\DefaultTab\amazon_ie.ico
c:\documents and settings\Srdjan\Application Data\DefaultTab\DefaultTab\blocklist.json
c:\documents and settings\Srdjan\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.cfg
c:\documents and settings\Srdjan\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.dll
c:\documents and settings\Srdjan\Application Data\DefaultTab\DefaultTab\DefaultTabStart.exe
c:\documents and settings\Srdjan\Application Data\DefaultTab\DefaultTab\DefaultTabStart64.exe
c:\documents and settings\Srdjan\Application Data\DefaultTab\DefaultTab\DefaultTabUninstaller.exe
c:\documents and settings\Srdjan\Application Data\DefaultTab\DefaultTab\DefaultTabWrap.dll
c:\documents and settings\Srdjan\Application Data\DefaultTab\DefaultTab\DefaultTabWrap64.dll
c:\documents and settings\Srdjan\Application Data\DefaultTab\DefaultTab\DT.ico
c:\documents and settings\Srdjan\Application Data\DefaultTab\DefaultTab\DTReg.exe
c:\documents and settings\Srdjan\Application Data\DefaultTab\DefaultTab\DTUpdate.exe
c:\documents and settings\Srdjan\Application Data\DefaultTab\DefaultTab\ebay_ie.ico
c:\documents and settings\Srdjan\Application Data\DefaultTab\DefaultTab\facebook_ie.ico
c:\documents and settings\Srdjan\Application Data\DefaultTab\DefaultTab\search_here_ie.ico
c:\documents and settings\Srdjan\Application Data\DefaultTab\DefaultTab\searchhere.ico
c:\documents and settings\Srdjan\Application Data\DefaultTab\DefaultTab\twitter_ie.ico
c:\documents and settings\Srdjan\Application Data\DefaultTab\DefaultTab\uninstalldt.exe
c:\documents and settings\Srdjan\Application Data\DefaultTab\DefaultTab\update.exe
c:\documents and settings\Srdjan\Application Data\DefaultTab\DefaultTab\wikipedia_ie.ico
c:\documents and settings\Srdjan\Application Data\kikin
c:\documents and settings\Srdjan\Application Data\kikin\ff_configuration.xml
c:\documents and settings\Srdjan\Application Data\kikin\ff_kkes.xml
c:\documents and settings\Srdjan\Application Data\kikin\ff_settings.xml
c:\documents and settings\Srdjan\Application Data\kikin\ie_configuration.xml
c:\documents and settings\Srdjan\Application Data\kikin\ie_kkes.xml
c:\documents and settings\Srdjan\Application Data\kikin\ie_settings.xml
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\bd76oi@fllia.com
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\bd76oi@fllia.com\bootstrap.js
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\bd76oi@fllia.com\chrome.manifest
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\bd76oi@fllia.com\content\bg.js
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\bd76oi@fllia.com\install.rdf
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\dgvcsc-tjod@u-scuyo.com
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\dgvcsc-tjod@u-scuyo.com\bootstrap.js
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\dgvcsc-tjod@u-scuyo.com\chrome.manifest
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\dgvcsc-tjod@u-scuyo.com\content\bg.js
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\dgvcsc-tjod@u-scuyo.com\install.rdf
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\chrome.manifest
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\chrome\content\api.js
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\chrome\content\api\asyncDB.js
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\chrome\content\api\background.js
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\chrome\content\api\browserAction.js
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\chrome\content\api\contextMenu.js
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\chrome\content\api\dbManager.js
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\chrome\content\api\dom_bg.js
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\chrome\content\api\fileManager.js
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\chrome\content\api\firefox.js
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\chrome\content\api\firefoxNotifications.js
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\chrome\content\api\firefoxOmnibox.js
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\chrome\content\api\message.js
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\chrome\content\api\pageAction.js
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\chrome\content\api\request.js
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\chrome\content\api\tabs.js
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\chrome\content\api\webRequest.js
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\chrome\content\api\windowsMessagingHandler.js
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\chrome\content\background.html
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\chrome\content\baseObject.js
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\chrome\content\browser.xul
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\chrome\content\core\addressBarChangeObserver.js
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\chrome\content\core\console.js
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\chrome\content\core\consts.js
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\chrome\content\core\delegate.js
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\chrome\content\core\extensionDataStore.js
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\chrome\content\core\folderIOWrapper.js
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\chrome\content\core\httpObserver.js
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\chrome\content\core\IDBWrapper.js
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\chrome\content\core\installer.js
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\chrome\content\core\logFile.js
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\chrome\content\core\prefs.js
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\chrome\content\core\progressListenerObserver.js
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\chrome\content\core\registry.js
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\chrome\content\core\reloadObserver.js
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\chrome\content\core\reports.js
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\chrome\content\core\requestObject.js
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\chrome\content\core\searchSettings.js
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\chrome\content\core\uninstallObserver.js
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\chrome\content\core\updateManager.js
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\chrome\content\core\utils.js
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\chrome\content\core\xhr.js
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\chrome\content\dialog.js
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\chrome\content\ffCoreFilesIndex.txt
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\chrome\content\main.js
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\chrome\content\options.js
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\chrome\content\options.xul
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\chrome\content\platformVersion.js
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\chrome\content\search_dialog.xul
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\defaults\preferences\prefs.js
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\extensionData\manifest.xml
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\extensionData\plugins.json
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\extensionData\plugins\1_base.js
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\extensionData\plugins\1000014_GPL Plugin (Loader).js
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\extensionData\plugins\1000015_GPL Background (BG).js
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\extensionData\plugins\13_CrossriderAppUtils.js
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\extensionData\plugins\14_CrossriderUtils.js
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\extensionData\plugins\16_FFAppAPIWrapper.js
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\extensionData\plugins\17_jQuery.js
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\extensionData\plugins\177_crossriderDashboard.js
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\extensionData\plugins\182_openUrl.js
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\extensionData\plugins\183_tabsWrapper.js
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\extensionData\plugins\207_dbWrapper.js
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\extensionData\plugins\21_debug.js
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\extensionData\plugins\22_resources.js
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\extensionData\plugins\28_initializer.js
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\extensionData\plugins\4_jquery_1_7_1.js
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\extensionData\plugins\47_resources_background.js
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\extensionData\plugins\64_appApiMessage.js
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\extensionData\plugins\72_appApiValidation.js
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\extensionData\plugins\78_CrossriderInfo.js
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\extensionData\plugins\98_omniCommands.js
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\extensionData\userCode\background.js
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\extensionData\userCode\extension.js
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\install.rdf
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\locale\en-US\translations.dtd
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\skin\button1.png
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\skin\button2.png
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\skin\button3.png
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\skin\button4.png
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\skin\button5.png
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\skin\crossrider_statusbar.png
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\skin\icon128.png
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\skin\icon16.png
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\skin\icon24.png
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\skin\icon48.png
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\skin\panelarrow-up.png
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\skin\popup.html
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\skin\skin.css
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\extension21806@extension21806.com\skin\update.css
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\zas3l@jkrcaiea.co.uk
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\zas3l@jkrcaiea.co.uk\bootstrap.js
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\zas3l@jkrcaiea.co.uk\chrome.manifest
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\zas3l@jkrcaiea.co.uk\content\bg.js
c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\zas3l@jkrcaiea.co.uk\install.rdf
c:\documents and settings\Srdjan\Application Data\PriceGong
c:\documents and settings\Srdjan\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Srdjan\Application Data\Toolbar4
c:\documents and settings\Srdjan\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\cache\561fc09638c094093d7e73ed2e9fd71f
c:\documents and settings\Srdjan\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\cache\6f52dca438370b63146a128c3829cc7e
c:\documents and settings\Srdjan\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\cache\bbb9c886cf2ba534f4be36c9ba863f2f
c:\documents and settings\Srdjan\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\cache\ff41badd2fd5214390366f33db21e4df
c:\documents and settings\Srdjan\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\speedbit_icon0.2.png
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\databases\chrome-extension_bbhgoadfgiandmaieopaphefbhcdpfaf_0
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\databases\chrome-extension_bbhgoadfgiandmaieopaphefbhcdpfaf_0\1
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bbhgoadfgiandmaieopaphefbhcdpfaf
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bbhgoadfgiandmaieopaphefbhcdpfaf\1.25.59_0\background.html
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bbhgoadfgiandmaieopaphefbhcdpfaf\1.25.59_0\crossriderManifest.json
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bbhgoadfgiandmaieopaphefbhcdpfaf\1.25.59_0\extensionData\manifest.xml
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bbhgoadfgiandmaieopaphefbhcdpfaf\1.25.59_0\extensionData\plugins.json
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bbhgoadfgiandmaieopaphefbhcdpfaf\1.25.59_0\extensionData\plugins\1_base.js
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bbhgoadfgiandmaieopaphefbhcdpfaf\1.25.59_0\extensionData\plugins\1000014_GPL Plugin (Loader).js
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bbhgoadfgiandmaieopaphefbhcdpfaf\1.25.59_0\extensionData\plugins\1000015_GPL Background (BG).js
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bbhgoadfgiandmaieopaphefbhcdpfaf\1.25.59_0\extensionData\plugins\13_CrossriderAppUtils.js
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bbhgoadfgiandmaieopaphefbhcdpfaf\1.25.59_0\extensionData\plugins\14_CrossriderUtils.js
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bbhgoadfgiandmaieopaphefbhcdpfaf\1.25.59_0\extensionData\plugins\17_jQuery.js
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bbhgoadfgiandmaieopaphefbhcdpfaf\1.25.59_0\extensionData\plugins\19_CHAppAPIWrapper.js
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bbhgoadfgiandmaieopaphefbhcdpfaf\1.25.59_0\extensionData\plugins\21_debug.js
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bbhgoadfgiandmaieopaphefbhcdpfaf\1.25.59_0\extensionData\plugins\22_resources.js
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bbhgoadfgiandmaieopaphefbhcdpfaf\1.25.59_0\extensionData\plugins\28_initializer.js
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bbhgoadfgiandmaieopaphefbhcdpfaf\1.25.59_0\extensionData\plugins\4_jquery_1_7_1.js
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bbhgoadfgiandmaieopaphefbhcdpfaf\1.25.59_0\extensionData\plugins\47_resources_background.js
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bbhgoadfgiandmaieopaphefbhcdpfaf\1.25.59_0\extensionData\plugins\64_appApiMessage.js
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bbhgoadfgiandmaieopaphefbhcdpfaf\1.25.59_0\extensionData\plugins\72_appApiValidation.js
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bbhgoadfgiandmaieopaphefbhcdpfaf\1.25.59_0\extensionData\plugins\78_CrossriderInfo.js
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bbhgoadfgiandmaieopaphefbhcdpfaf\1.25.59_0\extensionData\plugins\80_CHPopupAppAPI.js
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bbhgoadfgiandmaieopaphefbhcdpfaf\1.25.59_0\extensionData\plugins\97_resourceApiWrapper.js
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bbhgoadfgiandmaieopaphefbhcdpfaf\1.25.59_0\extensionData\userCode\background.js
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bbhgoadfgiandmaieopaphefbhcdpfaf\1.25.59_0\extensionData\userCode\extension.js
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bbhgoadfgiandmaieopaphefbhcdpfaf\1.25.59_0\icons\actions\1.png
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bbhgoadfgiandmaieopaphefbhcdpfaf\1.25.59_0\icons\icon128.png
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bbhgoadfgiandmaieopaphefbhcdpfaf\1.25.59_0\icons\icon16.png
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bbhgoadfgiandmaieopaphefbhcdpfaf\1.25.59_0\icons\icon48.png
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bbhgoadfgiandmaieopaphefbhcdpfaf\1.25.59_0\js\api\chrome.js
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bbhgoadfgiandmaieopaphefbhcdpfaf\1.25.59_0\js\api\cookie.js
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bbhgoadfgiandmaieopaphefbhcdpfaf\1.25.59_0\js\api\message.js
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bbhgoadfgiandmaieopaphefbhcdpfaf\1.25.59_0\js\api\pageAction.js
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bbhgoadfgiandmaieopaphefbhcdpfaf\1.25.59_0\js\api\pageActionBG.js
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bbhgoadfgiandmaieopaphefbhcdpfaf\1.25.59_0\js\background.js
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bbhgoadfgiandmaieopaphefbhcdpfaf\1.25.59_0\js\lib\app_api.js
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bbhgoadfgiandmaieopaphefbhcdpfaf\1.25.59_0\js\lib\bg_app_api.js
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bbhgoadfgiandmaieopaphefbhcdpfaf\1.25.59_0\js\lib\consts.js
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bbhgoadfgiandmaieopaphefbhcdpfaf\1.25.59_0\js\lib\cookie_store.js
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bbhgoadfgiandmaieopaphefbhcdpfaf\1.25.59_0\js\lib\crossriderAPI.js
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bbhgoadfgiandmaieopaphefbhcdpfaf\1.25.59_0\js\lib\delegate.js
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bbhgoadfgiandmaieopaphefbhcdpfaf\1.25.59_0\js\lib\events.js
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bbhgoadfgiandmaieopaphefbhcdpfaf\1.25.59_0\js\lib\extensionDataStore.js
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bbhgoadfgiandmaieopaphefbhcdpfaf\1.25.59_0\js\lib\installer.js
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bbhgoadfgiandmaieopaphefbhcdpfaf\1.25.59_0\js\lib\logFile.js
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bbhgoadfgiandmaieopaphefbhcdpfaf\1.25.59_0\js\lib\logging.js
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bbhgoadfgiandmaieopaphefbhcdpfaf\1.25.59_0\js\lib\onBGDocumentLoad.js
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bbhgoadfgiandmaieopaphefbhcdpfaf\1.25.59_0\js\lib\popupResource\newPopup.js
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bbhgoadfgiandmaieopaphefbhcdpfaf\1.25.59_0\js\lib\popupResource\popup.js
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bbhgoadfgiandmaieopaphefbhcdpfaf\1.25.59_0\js\lib\reports.js
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bbhgoadfgiandmaieopaphefbhcdpfaf\1.25.59_0\js\lib\storageWrapper.js
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bbhgoadfgiandmaieopaphefbhcdpfaf\1.25.59_0\js\lib\updateManager.js
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bbhgoadfgiandmaieopaphefbhcdpfaf\1.25.59_0\js\lib\util.js
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bbhgoadfgiandmaieopaphefbhcdpfaf\1.25.59_0\js\lib\xhr.js
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bbhgoadfgiandmaieopaphefbhcdpfaf\1.25.59_0\js\main.js
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bbhgoadfgiandmaieopaphefbhcdpfaf\1.25.59_0\manifest.json
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bbhgoadfgiandmaieopaphefbhcdpfaf\1.25.59_0\popup.html
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eaojjjlcgbijkobckeokakahdacfbpfn
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eaojjjlcgbijkobckeokakahdacfbpfn\2.4_0\background.html
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eaojjjlcgbijkobckeokakahdacfbpfn\2.4_0\content.js
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eaojjjlcgbijkobckeokakahdacfbpfn\2.4_0\lsdb.js
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eaojjjlcgbijkobckeokakahdacfbpfn\2.4_0\manifest.json
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eaojjjlcgbijkobckeokakahdacfbpfn\2.4_0\W3ky.js
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hhmpmpmnjbciakhkdlkdpiliiplhjeog
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hhmpmpmnjbciakhkdlkdpiliiplhjeog\2.1\background.html
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hhmpmpmnjbciakhkdlkdpiliiplhjeog\2.1\content.js
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hhmpmpmnjbciakhkdlkdpiliiplhjeog\2.1\lsdb.js
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hhmpmpmnjbciakhkdlkdpiliiplhjeog\2.1\manifest.json
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hhmpmpmnjbciakhkdlkdpiliiplhjeog\2.1\tYg0rK2g5.js
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mbhicnffbhhdmkmichmgiibcggdapnjj
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mbhicnffbhhdmkmichmgiibcggdapnjj\1\517c6abd60c206.26119160.js
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mbhicnffbhhdmkmichmgiibcggdapnjj\1\background.html
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mbhicnffbhhdmkmichmgiibcggdapnjj\1\content.js
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mbhicnffbhhdmkmichmgiibcggdapnjj\1\lsdb.js
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mbhicnffbhhdmkmichmgiibcggdapnjj\1\manifest.json
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mbhicnffbhhdmkmichmgiibcggdapnjj\1\sqlite.js
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\bbhgoadfgiandmaieopaphefbhcdpfaf
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\bbhgoadfgiandmaieopaphefbhcdpfaf\003504.ldb
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\bbhgoadfgiandmaieopaphefbhcdpfaf\003532.ldb
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\bbhgoadfgiandmaieopaphefbhcdpfaf\003541.ldb
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\bbhgoadfgiandmaieopaphefbhcdpfaf\003565.ldb
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\bbhgoadfgiandmaieopaphefbhcdpfaf\003569.log
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\bbhgoadfgiandmaieopaphefbhcdpfaf\CURRENT
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\bbhgoadfgiandmaieopaphefbhcdpfaf\LOCK
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\bbhgoadfgiandmaieopaphefbhcdpfaf\LOG
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\bbhgoadfgiandmaieopaphefbhcdpfaf\LOG.old
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\bbhgoadfgiandmaieopaphefbhcdpfaf\MANIFEST-003567
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\mbhicnffbhhdmkmichmgiibcggdapnjj
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\mbhicnffbhhdmkmichmgiibcggdapnjj\000979.ldb
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\mbhicnffbhhdmkmichmgiibcggdapnjj\000991.ldb
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\mbhicnffbhhdmkmichmgiibcggdapnjj\000994.log
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\mbhicnffbhhdmkmichmgiibcggdapnjj\CURRENT
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\mbhicnffbhhdmkmichmgiibcggdapnjj\LOCK
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\mbhicnffbhhdmkmichmgiibcggdapnjj\LOG
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\mbhicnffbhhdmkmichmgiibcggdapnjj\LOG.old
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\mbhicnffbhhdmkmichmgiibcggdapnjj\MANIFEST-000993
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbhgoadfgiandmaieopaphefbhcdpfaf_0.localstorage-journal
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbhgoadfgiandmaieopaphefbhcdpfaf_0.localstorage
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eaojjjlcgbijkobckeokakahdacfbpfn_0.localstorage-journal
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eaojjjlcgbijkobckeokakahdacfbpfn_0.localstorage
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hhmpmpmnjbciakhkdlkdpiliiplhjeog_0.localstorage-journal
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hhmpmpmnjbciakhkdlkdpiliiplhjeog_0.localstorage
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mbhicnffbhhdmkmichmgiibcggdapnjj_0.localstorage-journal
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mbhicnffbhhdmkmichmgiibcggdapnjj_0.localstorage
c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
c:\documents and settings\Srdjan\Local Settings\Application Data\HamachiSetup-1.0.3.0-en.exe
c:\documents and settings\Srdjan\WINDOWS
c:\program files\Deals Plugin Extension\DeALs plugin extension.dll
c:\program files\DefaultTab
c:\program files\DefaultTab\DefaultTab.crx
c:\program files\DefaultTab\DefaultTabHost.exe
c:\program files\DefaultTab\DefaultTabHost.json
c:\program files\DefaultTab\DefaultTabSearch.exe
c:\program files\DefaultTab\uid
c:\program files\DefaultTab\uninstaller.exe
c:\program files\Incredibar.com
c:\program files\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibarApp.dll
c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibarEng.dll
c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibarsrv.exe
c:\program files\Incredibar.com\incredibar\1.5.11.14\inCRedibartlbr.dll
c:\program files\Incredibar.com\incredibar\1.5.11.14\uninstall.exe
c:\program files\kikin
c:\program files\kikin\default_settings.xml
c:\program files\kikin\file_list.txt
c:\program files\kikin\ie_kikin.dll
c:\program files\kikin\kikin.ico
c:\program files\kikin\KikinBroker.exe
c:\program files\kikin\KikinCrashReporter.exe
c:\program files\kikin\uninst.exe
c:\program files\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}
c:\program files\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}\chrome\basicscan.jar
c:\program files\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}\defaults\preferences\prefs.js
c:\program files\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}\install.rdf
c:\program files\Web Assistant\ExTEnsion32.dll
c:\windows\~GLC0000.TMP
c:\windows\~GLC0001.TMP
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_BASICSCAN_SERVICE
-------\Legacy_DEFAULTTABSEARCH
-------\Service_BasicScan Service
-------\Service_DefaultTabSearch
-------\Service_NPF
-------\Legacy_DefaultTabUpdate
-------\Legacy_DefaultTabUpdate
-------\Service_DefaultTabUpdate
-------\Service_DefaultTabUpdate
.
.
((((((((((((((((((((((((( Files Created from 2014-03-04 to 2014-04-04 )))))))))))))))))))))))))))))))
.
.
2014-03-06 17:47 . 2014-03-06 18:48 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\DeAelExpREss
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-22 18:32 . 2014-02-22 18:40 90400 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-02-22 18:32 . 2014-02-22 18:40 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2014-02-22 18:32 . 2014-02-22 18:40 135648 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-02-17 13:43 . 2014-02-17 13:43 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys
2014-02-17 13:43 . 2014-02-17 13:43 376832 ----a-w- c:\windows\system32\AegisI5Installer.exe
2010-04-24 16:24 . 2010-04-24 16:28 251392 ----a-w- c:\program files\opera\program\plugins\dapop.dll
2013-04-13 11:19 . 2013-03-08 13:04 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
.
[-] 2008-04-14 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-14 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys
.
[-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys
.
[-] 2008-04-14 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-14 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys
.
[-] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys
.
[-] 2008-04-14 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-14 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
[-] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntfs.sys
.
[-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
.
[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
[-] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll
.
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe
.
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2004-08-04 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netman.dll
.
[-] 2008-04-14 13:41 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\ServicePackFiles\i386\comres.dll
[-] 2008-04-14 13:41 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
[-] 2004-08-04 01:07 . 6728270CB7DBB776ED086F5AC4C82310 . 792064 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\comres.dll
.
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
[-] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll
.
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
[-] 2004-08-04 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
.
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe
[-] 2004-08-04 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\services.exe
.
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\system32\spoolsv.exe
[-] 2004-08-04 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
.
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
.
[-] 2008-04-14 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys
[-] 2008-04-14 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
[-] 2004-08-04 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ipsec.sys
.
[-] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2004-08-04 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2004-08-04 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2004-08-04 . 5AF68A5E44734A082442668E9C787743 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
.
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll
.
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-04-14 13:41 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll
[-] 2008-04-14 13:41 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
[-] 2004-08-04 01:07 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\es.dll
.
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll
.
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll
[-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2004-08-04 . 888190E31455FAD793312F8D087146EB . 983552 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kernel32.dll
.
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2004-08-04 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
.
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll
.
[-] 2010-04-16 . 6B930309A4A246D133A49EADE11E5773 . 3073024 . . [6.00.2900.5969] . . c:\windows\ie8\mshtml.dll
[-] 2010-04-16 . 9574D5B0C784DA0FD8F6A9BB37936A52 . 3073536 . . [6.00.2900.5969] . . c:\windows\$hf_mig$\KB982381\SP3QFE\mshtml.dll
[-] 2010-02-26 . 063D664850A16932F60E7F8830BDF2E1 . 3073024 . . [6.00.2900.5945] . . c:\windows\$NtUninstallKB982381$\mshtml.dll
[-] 2010-02-26 . EE6B9880933172AE78A1146BE15D6D21 . 3073536 . . [6.00.2900.5945] . . c:\windows\$hf_mig$\KB980182\SP3QFE\mshtml.dll
[-] 2009-12-22 . A758F0891A87EE005848A0BC740A5B96 . 3071488 . . [6.00.2900.5921] . . c:\windows\$NtUninstallKB980182$\mshtml.dll
[-] 2009-12-22 . AD17006339C1934D86449F335C241FF1 . 3073536 . . [6.00.2900.5921] . . c:\windows\$hf_mig$\KB978207\SP3QFE\mshtml.dll
[-] 2009-10-29 . D1CF72C34BAF70C52797D1CB78D6EE92 . 3070976 . . [6.00.2900.5897] . . c:\windows\$NtUninstallKB978207$\mshtml.dll
[-] 2009-10-29 . DA551BFEC150760A38A9AD0C95A8A71C . 3073024 . . [6.00.2900.5897] . . c:\windows\$hf_mig$\KB976325\SP3QFE\mshtml.dll
[-] 2009-10-19 . 4D1EAA7E0B845D1B2E8D711AE754D0F2 . 3070976 . . [6.00.2900.5890] . . c:\windows\$NtUninstallKB976325$\mshtml.dll
[-] 2009-10-19 . 6C1B3294BCD1A38FDE6D965A96612756 . 3072512 . . [6.00.2900.5890] . . c:\windows\$hf_mig$\KB976749\SP3QFE\mshtml.dll
[-] 2009-09-25 . 601E18A9A8F0D0ED39692B593212378F . 3070976 . . [6.00.2900.5880] . . c:\windows\$NtUninstallKB976749$\mshtml.dll
[-] 2009-09-25 . 37F578776552FA076EA6085F0365209C . 3072512 . . [6.00.2900.5880] . . c:\windows\$hf_mig$\KB974455\SP3QFE\mshtml.dll
[-] 2009-07-18 . 7467941BE64DFC5F8E9F3DC1DE920806 . 3069440 . . [6.00.2900.5848] . . c:\windows\$NtUninstallKB974455$\mshtml.dll
[-] 2009-07-18 . F3EE47F296295D08A97CB50EF57244D9 . 3069952 . . [6.00.2900.5848] . . c:\windows\$hf_mig$\KB972260\SP3QFE\mshtml.dll
[-] 2009-04-29 . ABD8093E43E53AEA5898D2214B92E9BA . 3068928 . . [6.00.2900.5803] . . c:\windows\$NtUninstallKB972260$\mshtml.dll
[-] 2009-04-29 . 06CF679E3D24C3DF270556456A0F1EDA . 3069440 . . [6.00.2900.5803] . . c:\windows\$hf_mig$\KB969897\SP3QFE\mshtml.dll
[-] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\system32\mshtml.dll
[-] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\mshtml.dll
[-] 2009-02-20 . 2F70F2F74C40397D031016FA162981C2 . 3068416 . . [6.00.2900.5764] . . c:\windows\$NtUninstallKB969897$\mshtml.dll
[-] 2009-02-20 . 1618A4A2C5DD8164B8295190C8EA6544 . 3068416 . . [6.00.2900.5764] . . c:\windows\$hf_mig$\KB963027\SP3QFE\mshtml.dll
[-] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB963027$\mshtml.dll
[-] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[-] 2004-08-04 . 376E0843B2356CA91CEC8D9837A56FF7 . 3003392 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\mshtml.dll
.
[-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2004-08-04 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll
[-] 2004-08-04 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[-] 2004-08-04 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
.
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll
[-] 2004-08-04 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\mswsock.dll
.
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll
.
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll
.
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll
.
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll
.
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[-] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe
.
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2004-08-04 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
.
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2004-08-04 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\user32.dll
.
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe
.
[-] 2010-04-16 . B43B18FB0EB577856883E5A0708AB9EF . 667136 . . [6.00.2900.5969] . . c:\windows\ie8\wininet.dll
[-] 2010-04-16 . C3052A99A24F462B418632A05328BB38 . 668672 . . [6.00.2900.5969] . . c:\windows\$hf_mig$\KB982381\SP3QFE\wininet.dll
[-] 2010-02-26 . 6F0C67BA6837D82E2366AEAD046FAF4C . 667136 . . [6.00.2900.5945] . . c:\windows\$NtUninstallKB982381$\wininet.dll
[-] 2010-02-26 . AEB15B107E1C6543F99D9104BE0DD800 . 668672 . . [6.00.2900.5945] . . c:\windows\$hf_mig$\KB980182\SP3QFE\wininet.dll
[-] 2009-12-22 . 814C265012ED921443C515A591D5BFE1 . 667136 . . [6.00.2900.5921] . . c:\windows\$NtUninstallKB980182$\wininet.dll
[-] 2009-12-22 . BD27AF5C72D2FBFE491D3A3A8429B974 . 668672 . . [6.00.2900.5921] . . c:\windows\$hf_mig$\KB978207\SP3QFE\wininet.dll
[-] 2009-10-29 . 3839BD07F2C693EFE995F96BAAB7F4BF . 667136 . . [6.00.2900.5897] . . c:\windows\$NtUninstallKB978207$\wininet.dll
[-] 2009-10-29 . 6AC4AA42CC9AAEFAB1D5E4E2AF2E3D2B . 668672 . . [6.00.2900.5897] . . c:\windows\$hf_mig$\KB976325\SP3QFE\wininet.dll
[-] 2009-09-25 . 178CF0F58C9907633AAB633860B68973 . 667136 . . [6.00.2900.5880] . . c:\windows\$NtUninstallKB976325$\wininet.dll
[-] 2009-09-25 . 406D33F9B30FFC0EEFC7C55562839931 . 668672 . . [6.00.2900.5880] . . c:\windows\$hf_mig$\KB974455\SP3QFE\wininet.dll
[-] 2009-06-26 . 70FFEA4793D7139A447B169CB0E500BC . 666624 . . [6.00.2900.5835] . . c:\windows\$NtUninstallKB974455$\wininet.dll
[-] 2009-06-26 . 8553E6D4EC1563277323E6B2D6FBB954 . 668160 . . [6.00.2900.5835] . . c:\windows\$hf_mig$\KB972260\SP3QFE\wininet.dll
[-] 2009-04-29 . 6002073519FA478BF89977369CDFD156 . 666624 . . [6.00.2900.5803] . . c:\windows\$NtUninstallKB972260$\wininet.dll
[-] 2009-04-29 . 04BCB4F87B35502568F6CF33433543A5 . 668160 . . [6.00.2900.5803] . . c:\windows\$hf_mig$\KB969897\SP3QFE\wininet.dll
[-] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\system32\wininet.dll
[-] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\wininet.dll
[-] 2009-02-20 . 5B6A3EB7BB2F338BC2CB9F2FA4AAEA9E . 666112 . . [6.00.2900.5764] . . c:\windows\$NtUninstallKB969897$\wininet.dll
[-] 2009-02-20 . 711FEABED387B29FF7ED61BC6806A06C . 667648 . . [6.00.2900.5764] . . c:\windows\$hf_mig$\KB963027\SP3QFE\wininet.dll
[-] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB963027$\wininet.dll
[-] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2004-08-04 . C0823FC5469663BA63E7DB88F9919D70 . 656384 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\wininet.dll
.
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2004-08-04 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll
.
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
[-] 2004-08-04 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2help.dll
.
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe
.
[-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe
[-] 2004-08-04 . 783AFC80383C176B22DBF8333343992D . 146432 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regedit.exe
.
[-] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ole32.dll
[-] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\system32\ole32.dll
[-] 2004-08-04 . 4FE9D9FA62D020E35E0AC6D1AEEB96F0 . 1281536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ole32.dll
.
[-] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\ServicePackFiles\i386\usp10.dll
[-] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\system32\usp10.dll
[-] 2004-08-04 . 2EB58F9DCD6AB320B46744A4EA48B2D2 . 406528 . . [1.0420.2600.2180] . . c:\windows\$NtServicePackUninstall$\usp10.dll
.
[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\ksuser.dll
[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ksuser.dll
[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\dllcache\ksuser.dll
[-] 2002-12-11 22:14 . 15914E0BF4DDA56CF797993DCCB637D1 . 4096 . . [5.3.0000000.900 built by: DIRECTX] . . c:\windows\Driver Cache\i386\ksuser.dll
[-] 2002-12-11 22:14 . 15914E0BF4DDA56CF797993DCCB637D1 . 4096 . . [5.3.0000000.900 built by: DIRECTX] . . c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\ksuser.dll
.
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\system32\shsvcs.dll
[-] 2004-08-04 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll
.
[-] 2008-04-14 . AFFC87E2501FCE8F09D4C10BA6421CCF . 4608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msimg32.dll
[-] 2008-04-14 . AFFC87E2501FCE8F09D4C10BA6421CCF . 4608 . . [5.1.2600.5512] . . c:\windows\system32\msimg32.dll
[-] 2004-08-04 . B5331F2B6F37C66C29C847F3B94FF900 . 4608 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msimg32.dll
.
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
.
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe
.
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll
.
[-] 2009-02-09 . 911DDF2E16761643A47225F654D811E5 . 714752 . . [5.1.2600.5755] . . c:\windows\system32\ntdll.dll
[-] 2009-02-09 . 911DDF2E16761643A47225F654D811E5 . 714752 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\ntdll.dll
[-] 2009-02-09 . B0913005EE3FC15D7F72472D0B8A30EB . 715264 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntdll.dll
[-] 2008-04-14 . 27D9ED8CB8B62D1E0A8E5ACE6CF52E2F . 706048 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntdll.dll
[-] 2008-04-14 . 27D9ED8CB8B62D1E0A8E5ACE6CF52E2F . 706048 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntdll.dll
[-] 2004-08-04 . BB5CBFFC096497506167BCE1D9690EF2 . 708096 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntdll.dll
.
[-] 2009-02-27 . 3F790874A85819E94574F3E7AF9C5806 . 177152 . . [5.1.2600.5768] . . c:\windows\system32\msctfime.ime
[-] 2009-02-27 . 3F790874A85819E94574F3E7AF9C5806 . 177152 . . [5.1.2600.5768] . . c:\windows\system32\dllcache\msctfime.ime
[-] 2009-02-27 . 30B7D847BA9075AA8E1122FB6AF3D1B5 . 177152 . . [5.1.2600.5768] . . c:\windows\$hf_mig$\KB961503\SP3QFE\msctfime.ime
[-] 2008-04-14 . 5733177BCF16EE78B99543C9B0AB81EA . 177152 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB961503$\msctfime.ime
[-] 2008-04-14 . 5733177BCF16EE78B99543C9B0AB81EA . 177152 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msctfime.ime
[-] 2004-08-04 . D87041EAA67ECA4394F6D5D09C0C2885 . 177152 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msctfime.ime
.
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[-] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll
.
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll
.
[-] 2008-04-14 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys
[-] 2008-04-14 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
[-] 2004-08-04 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ipsec.sys
.
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2004-08-04 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll
.
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll
.
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2004-08-04 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll
.
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\termsrv.dll
.
[-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\hnetcfg.dll
[-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
[-] 2004-08-04 . 765B30C776A1780B46B479FE614F707C . 344064 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\hnetcfg.dll
.
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\appmgmts.dll
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
[-] 2004-08-04 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\appmgmts.dll
.
[-] 2004-08-04 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
.
[-] 2008-04-14 06:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
[-] 2008-04-14 06:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\dllcache\aec.sys
[-] 2008-04-14 06:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
.
[-] 2008-04-14 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
[-] 2008-04-14 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys
.
[-] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys
.
[-] 2008-04-14 13:41 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll
[-] 2008-04-14 13:41 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll
[-] 2004-08-04 01:07 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll
.
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[-] 2004-08-04 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll
.
[-] 2006-10-19 05:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2006-10-19 05:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
[-] 2004-08-04 01:07 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
.
[-] 2010-02-16 . A046C627EC20456E2959B7BD628E1FD0 . 2066816 . . [5.1.2600.5938] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2010-02-16 . E8B8801DE921912EBDEEFC76662F7EAD . 2024448 . . [5.1.2600.5938] . . c:\windows\system32\ntkrnlpa.exe
[-] 2010-02-16 . A046C627EC20456E2959B7BD628E1FD0 . 2066816 . . [5.1.2600.5938] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2010-02-16 . DED8B5A89B085284634502E9D75AC78C . 2066944 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
[-] 2009-12-08 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe
[-] 2009-12-08 . 089F1E207B067A4DDEB2EEC37BBB1AA7 . 2023936 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe
[-] 2009-08-04 . 363B2BBEE0AEDC9E5433616D0AD0236A . 2066176 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[-] 2009-08-04 . 32B1A971183EC22DD91EEDA61C499E7C . 2023936 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntkrnlpa.exe
[-] 2009-02-06 . 65D4220799E6FC2CB079070A6393CC0E . 2023936 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
[-] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2008-04-14 . 7F653A89F6E89E3AE0D49830EECE35D4 . 2023936 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[-] 2008-04-14 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2004-08-04 . FB142B7007CA2EEA76966C6C5CC12150 . 2015232 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
.
[-] 2008-04-14 13:42 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 13:42 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2004-08-04 01:07 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll
.
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2004-08-04 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\upnphost.dll
.
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\dsound.dll
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
[-] 2004-08-04 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\dsound.dll
[-] 2004-07-09 02:27 . 033A45AB696EEF481707C2808C806E1A . 381952 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dsound.dll
[-] 2004-07-09 02:27 . 033A45AB696EEF481707C2808C806E1A . 381952 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . c:\windows\system32\dllcache\dsound.dll
.
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\d3d9.dll
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
[-] 2004-08-04 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\d3d9.dll
.
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\ddraw.dll
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
[-] 2004-08-04 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\ddraw.dll
[-] 2004-07-09 02:27 . 90114704C17A581DA1BAE029F20932BE . 292864 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\ddraw.dll
[-] 2004-07-09 02:27 . 90114704C17A581DA1BAE029F20932BE . 292864 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . c:\windows\system32\dllcache\ddraw.dll
.
[-] 2008-04-14 13:42 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll
[-] 2008-04-14 13:42 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
[-] 2004-08-04 01:07 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\olepro32.dll
.
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\perfctrs.dll
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
[-] 2004-08-04 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\perfctrs.dll
.
[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\version.dll
[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll
[-] 2004-08-04 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\version.dll
.
.
[-] 2010-02-17 . D41C3CBAD0E1C0728D1CDFD541F60CFA . 2189952 . . [5.1.2600.5938] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2010-02-17 . D41C3CBAD0E1C0728D1CDFD541F60CFA . 2189952 . . [5.1.2600.5938] . . c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2010-02-16 . 048DB3459FAB4CA741DCC84E1F374D65 . 2146304 . . [5.1.2600.5938] . . c:\windows\system32\ntoskrnl.exe
[-] 2010-02-16 . E1F653A542449D54FA2D27463D99B6B6 . 2190080 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
[-] 2009-12-08 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe
[-] 2009-12-08 . 9696C553F994340CD6AA5C5A724C3A19 . 2145280 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntoskrnl.exe
[-] 2009-08-04 . 78FCC97CD878D4CF5B5D2158A5A7CF92 . 2145280 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntoskrnl.exe
[-] 2009-08-04 . FDE779EA1A564EBFE16F4E0F82B61BAD . 2189312 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[-] 2009-02-07 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2009-02-06 . 0CBA44D0938D57F334C0862424148B70 . 2145280 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
[-] 2008-04-14 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2008-04-14 . 40F8880122A030A7E9E1FEDEA833B33D . 2145280 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[-] 2004-08-04 . 626309040459C3915997EF98EC1C8D40 . 2148352 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
.
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
.
[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\w32time.dll
[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll
[-] 2004-08-04 . 2B281958F5D0CF99ED626E3EF39D5C8D . 174592 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\w32time.dll
.
[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wiaservc.dll
[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll
[-] 2004-08-04 . D9F6C4F6B1E188ADAFC42B561D9BC2E6 . 333312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wiaservc.dll
.
[-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\midimap.dll
[-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll
[-] 2004-08-04 . 3B4702155BB2AE9DC00C06A68834BDFA . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\midimap.dll
.
[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rasadhlp.dll
[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll
[-] 2004-08-04 . 4CAEC028C1E21C75E17877D4522D3DB4 . 8192 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\rasadhlp.dll
.
[-] 2008-04-14 . 4E3D06D6E68EEDB52565080F55B460D3 . 19456 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wshtcpip.dll
[-] 2008-04-14 . 4E3D06D6E68EEDB52565080F55B460D3 . 19456 . . [5.1.2600.5512] . . c:\windows\system32\wshtcpip.dll
[-] 2004-08-04 . A7F95A53EE055115DF03588997A47D4D . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wshtcpip.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{930f1200-f5f1-4870-bac6-e233ec8e7023}"= "c:\program files\Softonic_English\prxtbSof2.dll" [2011-05-09 176936]
"{F4F10C1D-87C7-404A-B4B3-000000000000}"= "c:\progra~1\DAP\SBSearch.dll" [2010-04-24 38384]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2010-08-22 66912]
"{ce18769b-c7fa-42d2-860d-17c4662c70ad}"= "c:\program files\Babylon-English\prxtbBab2.dll" [2013-11-06 226592]
"{90d46c30-9f25-4104-aea9-35c3f84477ff}"= "c:\program files\mipony-plugin\prxtbmip0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
.
[HKEY_CLASSES_ROOT\clsid\{f4f10c1d-87c7-404a-b4b3-000000000000}]
[HKEY_CLASSES_ROOT\SearchHook.SrchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{95EFB171-F3DF-4BEC-9EF7-829A800203E6}]
[HKEY_CLASSES_ROOT\SearchHook.SrchHook]
.
[HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]
.
[HKEY_CLASSES_ROOT\clsid\{ce18769b-c7fa-42d2-860d-17c4662c70ad}]
.
[HKEY_CLASSES_ROOT\clsid\{90d46c30-9f25-4104-aea9-35c3f84477ff}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2010-08-22 16:43 66912 ----a-w- c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{3017FB3E-9A77-4396-88C5-0EC9548FB42F}]
2010-04-24 16:24 2447360 ----a-w- c:\program files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{90d46c30-9f25-4104-aea9-35c3f84477ff}]
2011-05-09 09:49 176936 ----a-w- c:\program files\mipony-plugin\prxtbmip0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{91435A04-ED7F-F528-55B0-A1B32D234BE5}]
2013-04-28 00:18 118272 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\MAAgniPic\517c6abd60ea9.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
2011-05-09 09:49 176936 ----a-w- c:\program files\Softonic_English\prxtbSof2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{ce18769b-c7fa-42d2-860d-17c4662c70ad}]
2013-11-06 11:59 226592 ----a-w- c:\program files\Babylon-English\prxtbBab2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{930f1200-f5f1-4870-bac6-e233ec8e7023}"= "c:\program files\Softonic_English\prxtbSof2.dll" [2011-05-09 176936]
"{ce18769b-c7fa-42d2-860d-17c4662c70ad}"= "c:\program files\Babylon-English\prxtbBab2.dll" [2013-11-06 226592]
"{90d46c30-9f25-4104-aea9-35c3f84477ff}"= "c:\program files\mipony-plugin\prxtbmip0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
.
[HKEY_CLASSES_ROOT\clsid\{ce18769b-c7fa-42d2-860d-17c4662c70ad}]
.
[HKEY_CLASSES_ROOT\clsid\{90d46c30-9f25-4104-aea9-35c3f84477ff}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{930F1200-F5F1-4870-BAC6-E233EC8E7023}"= "c:\program files\Softonic_English\prxtbSof2.dll" [2011-05-09 176936]
"{CE18769B-C7FA-42D2-860D-17C4662C70AD}"= "c:\program files\Babylon-English\prxtbBab2.dll" [2013-11-06 226592]
"{90D46C30-9F25-4104-AEA9-35C3F84477FF}"= "c:\program files\mipony-plugin\prxtbmip0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
.
[HKEY_CLASSES_ROOT\clsid\{ce18769b-c7fa-42d2-860d-17c4662c70ad}]
.
[HKEY_CLASSES_ROOT\clsid\{90d46c30-9f25-4104-aea9-35c3f84477ff}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-04-20 847872]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
"DU Meter"="c:\program files\DU Meter\DUMeter.exe" [2010-08-22 2931744]
"MCShield"="c:\program files\MCShield\MCShieldRTM.exe" [2011-03-26 262144]
"MCShieldTray"="c:\program files\MCShield\MCShieldTray.exe" [2010-11-04 73728]
"Updater21806.exe"="c:\documents and settings\Srdjan\Local Settings\Application Data\Updater21806\Updater21806.exe" [2013-01-06 206336]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-01-08 18705664]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-06 16380416]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-12-26 185896]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-03-22 167936]
"DataLayer"="c:\program files\Common Files\PCSuite\DataLayer\DataLayer.exe" [2005-03-31 1106944]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-04-03 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"nwiz"="nwiz.exe" [2008-05-03 1630208]
"WinSys2"="c:\windows\system32\winsys2.exe" [2008-01-18 208896]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"RemoteControl"="c:\program files\ASUSTek\ASUSDVD\PDVDServ.exe" [2003-11-01 32768]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Smart Start UP"="c:\program files\NewSoft\Smart Start UP\PnPDetect.exe" [2006-12-19 104528]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Aimersoft Helper Compact.exe"="c:\program files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe" [2012-02-20 1666560]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"UIExec"="c:\program files\T-Mobile Internet Manager\UIExec.exe" [2010-03-02 136328]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"Telenor_Montenegro Imola ModemListener"="c:\program files\Telenor Internet\BackgroundService\ModemListener.exe" [2012-03-14 109120]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-03-06 689744]
"BService"="c:\program files\Bench\BService\bservice.exe" [2014-02-21 49664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Deals Plugin-repairJob"="wscript.exe" [2008-05-08 155648]
.
c:\documents and settings\Srdjan\Start Menu\Programs\Startup\
Shortcut to WinAlarm.lnk - c:\program files\WinAlarm\WinAlarm.exe [2007-12-4 347648]
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-19 4742184]
.
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-11-3 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
ASUS USB-N10 WLAN Control Center.lnk - c:\program files\ASUS\USB-N10 WLAN Card Utilities\Center.exe -h [2011-8-1 16896]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.141\SSScheduler.exe [2014-1-16 277920]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE -b -l [1999-4-3 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Taskman"=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-06-08 23:59 136176 ----atw- c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 15:44 3883840 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\JLC's Software\\Internet TV\\Internet TV.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Veetle\\Player\\VeetleNet.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Heroes & Generals\\live\\hng.exe"=
"c:\\WINDOWS\\system32\\dmwu.exe"=
"c:\\WINDOWS\\system32\\ARFC\\wrtc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675
"58253:TCP"= 58253:TCP:Pando Media Booster
"58253:UDP"= 58253:UDP:Pando Media Booster
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6.12.2011 14:42 717296]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [22.2.2014 20:40 37352]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [22.2.2014 20:40 440400]
R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.3.132.0\BBSvc.EXE [12.3.2014 0:36 193696]
R2 DUMeterSvc;DU Meter Service;c:\program files\DU Meter\DUMeterSvc.exe [29.7.2011 18:13 1411616]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [1.8.2011 15:21 38144]
R2 IBUpdaterService;IBUpdaterService;c:\windows\system32\dmwu.exe [10.3.2013 17:57 1156400]
R2 NetProbe;NetProbe Packet Driver;c:\windows\system32\drivers\NetProbe.sys [24.3.2009 10:13 5365]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users.WINDOWS\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [9.10.2013 11:58 3275136]
R2 Telenor_Montenegro Imola Modem Device Helper;Telenor_Montenegro Imola Modem Device Helper;c:\program files\Telenor Internet\BackgroundService\ServiceManager.exe -start --> c:\program files\Telenor Internet\BackgroundService\ServiceManager.exe -start [?]
R2 UI Assistant Service;UI Assistant Service;c:\program files\T-Mobile Internet Manager\AssistantServices.exe [17.9.2012 12:34 245384]
R2 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [24.8.2012 3:06 188760]
R2 Web Assistant;Web Assistant;c:\program files\Web Assistant\ExtensionUpdaterService.exe [24.8.2012 3:06 188760]
R3 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [8.11.2009 19:22 4096]
R3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.3.132.0\SeaPort.EXE [12.3.2014 0:36 247968]
R3 DUMeterDrv;Hagel Technologies DU Meter traffic accounting driver;c:\program files\DU Meter\DUM_XP32.sys [29.7.2011 18:13 16424]
R3 Pcouffin;Low level access layer for CD devices;c:\windows\system32\drivers\Pcouffin.sys [30.12.2008 7:20 47360]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [11.8.2011 14:46 606440]
R3 SecureSrv;SecureSrv;c:\program files\Hide My IP 2008\SecureSrv.exe [31.1.2013 23:26 110880]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [8.1.2013 13:55 161536]
S2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~2\VideoAcceleratorService.exe -start -scm --> c:\progra~1\SPEEDB~2\VideoAcceleratorService.exe -start -scm [?]
S3 BTCAMDRV;Mobiola Web Camera driver;c:\windows\system32\drivers\BTCamDrv.sys [6.3.2010 20:13 219264]
S3 cpuz134;cpuz134;c:\program files\CPUID\PC Wizard 2010\pcwiz_x32.sys [17.6.2011 19:10 20328]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [17.3.2011 13:36 100736]
S3 jrdusbser;Modem Interface Device for Legacy Serial Communication;c:\windows\system32\drivers\jrdusbser.sys [1.2.2014 23:16 106112]
S3 leafnets;Leaf Networks Adapter;c:\windows\system32\drivers\leafnets.sys [3.5.2007 1:48 55296]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [17.9.2012 12:34 9216]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.141\McCHSvc.exe [16.1.2014 2:39 235696]
S3 qcusbser;Mobile Connector USB Device for Legacy Serial Communication;c:\windows\system32\drivers\cmusbser.sys [17.3.2008 14:57 97408]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 WPRO_40_1123;WinPcap Packet Driver (WPRO_40_1123);c:\windows\system32\drivers\WPRO_40_1123.sys --> c:\windows\system32\drivers\WPRO_40_1123.sys [?]
S4 AntiVirWebService;Avira Web Protection;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [22.2.2014 20:40 1017424]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - BMLoad
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2014-04-03 c:\windows\Tasks\bench-S-1-5-21-1085031214-1343024091-839522115-1003.job
- c:\program files\Bench\Updater\updater.exe [2014-02-21 16:47]
.
2014-04-03 c:\windows\Tasks\bench-sys.job
- c:\program files\Bench\Updater\updater.exe [2014-02-21 16:47]
.
2014-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-04 16:41]
.
2014-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-04 16:41]
.
2014-04-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-1343024091-839522115-1003Core.job
- c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-03 23:59]
.
2014-04-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-1343024091-839522115-1003UA.job
- c:\documents and settings\Srdjan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-03 23:59]
.
2014-04-04 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-02-04 14:50]
.
2013-04-24 c:\windows\Tasks\WavePadDowngrade.job
- c:\program files\NCH Software\WavePad\wavepad.exe [2013-03-10 10:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.mysearchresults.com/?c=3513&t=01
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: &Preuzmi sa FlashGet-om - c:\program files\FlashGet\jc_link.htm
IE: &Preuzmi sve sa FlashGet-om - c:\program files\FlashGet\jc_all.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: Download with Mipony - file://c:\program files\MiPony\Browser\IEContext.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll
LSP: c:\windows\system32\securenet.dll
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2465030&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Search The Web (privitize)
FF - prefs.js: browser.startup.homepage - hxxp://searchou.com/?id=d0a1dfa6000000000000005345000000
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2465030&q=
FF - ExtSQL: 2014-02-23 21:23; dgvcsc-tjod@u-scuyo.com; c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\dgvcsc-tjod@u-scuyo.com
FF - ExtSQL: 2014-03-17 21:12; bd76oi@fllia.com; c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\bd76oi@fllia.com
FF - ExtSQL: !HIDDEN! 2009-10-19 23:40; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8D0ggWG7&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - d0a1dfa6000000000000005345000000
FF - user.js: extensions.incredibar_i.instlDay - 15576
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.143:08
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6R8D0ggWG7
FF - user.js: extensions.incredibar_i.upn2n - 92824933240078427
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10643
FF - user.js: extensions.incredibar_i.ppd - 1
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=d0a1dfa6000000000000005345000000&q=
FF - user.js: extensions.BabylonToolbar.id - d0a1dfa6000000000000005345000000
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15714
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.7.2
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.7.2
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.7.221:29
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar_i.excTlbr - false
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=117023&tt=090113_ctrl_0213_2
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar.rvrt - false
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.privitize.hpOld0 - hxxp://www.mysearchresults.com/?c=3513&t=07
FF - user.js: extensions.privitize.tlbrSrchUrl - hxxp://searchou.com/?id=d0a1dfa6000000000000005345000000&q=
FF - user.js: extensions.privitize.id - d0a1dfa6000000000000005345000000
FF - user.js: extensions.privitize.appId - {301966DF-A84B-4255-AAB9-574B5CE237E4}
FF - user.js: extensions.privitize.instlDay - 15822
FF - user.js: extensions.privitize.vrsn - 1.8.16.22
FF - user.js: extensions.privitize.vrsni - 1.8.16.22
FF - user.js: extensions.privitize.vrsnTs - 1.8.16.221:36
FF - user.js: extensions.privitize.prtnrId - privitize
FF - user.js: extensions.privitize.prdct - privitize
FF - user.js: extensions.privitize.aflt - orgnl
FF - user.js: extensions.privitize.smplGrp - none
FF - user.js: extensions.privitize.tlbrId - base
FF - user.js: extensions.privitize.instlRef -
FF - user.js: extensions.privitize.dfltLng -
FF - user.js: extensions.privitize.excTlbr - true
FF - user.js: extensions.privitize.ffxUnstlRst - false
FF - user.js: extensions.privitize.admin - false
FF - user.js: extensions.privitize.autoRvrt - false
FF - user.js: extensions.privitize.rvrt - false
FF - user.js: extensions.privitize.hmpg - true
FF - user.js: extensions.privitize.hmpgUrl - hxxp://searchou.com/?id=d0a1dfa6000000000000005345000000
FF - user.js: extensions.privitize.dfltSrch - true
FF - user.js: extensions.privitize.srchPrvdr - Search The Web (privitize)
FF - user.js: extensions.privitize.kw_url - hxxp://searchou.com/?q={searchTerms}&id=d0a1dfa6000000000000005345000000
FF - user.js: extensions.privitize.dnsErr - true
FF - user.js: extensions.privitize.newTab - true
FF - user.js: extensions.privitize.newTabUrl - hxxp://searchou.com/?id=d0a1dfa6000000000000005345000000
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll
HKCU-Run-RavenBleuSA - c:\documents and settings\Srdjan\Local Settings\Application Data\RavenBleuSA\bin\1.0.11.0\RavenBleuSA.exe
AddRemove-DefaultTab - c:\documents and settings\Srdjan\Application Data\DefaultTab\DefaultTab\uninstalldt.exe
AddRemove-DefaultTab Chrome - c:\program files\DefaultTab\uninstaller.exe
AddRemove-EoS-{5CCCD423-F673-4CD8-9464-9D950F49BBC3} - j:\new folder\Empire of Sports\Uninstall.exe
AddRemove-Football Superstars_is1 - j:\documents and settings\Srdjan\Application Data\Football Superstars\unins000.exe
AddRemove-incredibar - c:\program files\Incredibar.com\incredibar\1.5.11.14\uninstall.exe
AddRemove-Test Drive Unlimited 2_is1 - j:\new folder\Program Files\Atari\TDU2\Uninstall\unins000.exe
AddRemove-{25F259ED-12F6-429F-5783-527C3E2F8586} - c:\documents and settings\All Users.WINDOWS\Application Data\DeAelExpREss\weWNb9c.exe
AddRemove-{331ED3CF-3A1B-467C-9A62-899E2D3B20C4}_is1 - j:\new folder\Leawo\Video Converter\unins000.exe
AddRemove-{5F189DF5-2D05-472B-9091-84D9848AE48B}{2a4118be} - c:\docume~1\ALLUSE~1.WIN\APPLIC~1\ACCELE~1\ACCELE~1.DLL
AddRemove-{A3BC1DBD-64D6-4EBC-0091-24C811662D40} - c:\program files\EA Sports\Madden NFL 08\EAUninstall.exe
AddRemove-{A3EBC021-3FBA-40DB-BC59-9C5ECEF3514E}_is1 - j:\new folder\Program Files\Konami\Konami\unins000.exe
AddRemove-{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA} - c:\program files\kikin\uninst.exe
AddRemove-RavenBleuSA - c:\documents and settings\Srdjan\Local Settings\Application Data\RavenBleuSA\bin\1.0.11.0\RavenBleuUninstaller.exe
AddRemove-Super Internet TV (Free Edition)_is1 - c:\documents and settings\Srdjan\Local Settings\Application Data\Super Internet TV\unins000.exe
AddRemove-UnityWebPlayer - c:\documents and settings\Srdjan\Local Settings\Application Data\Unity\WebPlayer\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2014-04-04 14:48
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DUMeterSvc]
"ImagePath"="c:\program files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASFWHide]
"ImagePath"="\??\c:\docume~1\Srdjan\LOCALS~1\Temp\ASFWHide"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1085031214-1343024091-839522115-1003\Software\G*e*n*i*e*"!\FM Genie Scout 10]
"GameDir"="c:\\Documents and Settings\\Srdjan\\My Documents\\Sports Interactive\\Football Manager 2010\\games"
"ShortlistDir"="c:\\Documents and Settings\\Srdjan\\My Documents\\Sports Interactive\\Football Manager 2010\\shortlists"
"ScreenshotsDir"="c:\\Documents and Settings\\Srdjan\\My Documents\\Sports Interactive\\Football Manager 2010"
"SaveDir"="c:\\Documents and Settings\\Srdjan\\My Documents\\Sports Interactive\\Football Manager 2010\\"
"HistoryDir"="c:\\DOCUME~1\\Srdjan\\LOCALS~1\\Temp\\Rar$EX00.359\\FM Genie Scout 10\\History Points"
"LangDB"="c:\\Program Files\\Sports Interactive\\Football Manager 2010\\data\\db\\1000\\lang_db.dat"
"LastSaveGame"="c:\\Documents and Settings\\Srdjan\\My Documents\\Sports Interactive\\Football Manager 2010\\games\\serbia.fm"
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000008
"SkinName"="Steklo Black"
"LastUpdateCheck"=dword:00000000
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:0000006f
"UniqueID"="98-F3C5-2ED3"
"Currency"=dword:00000056
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
.
[HKEY_USERS\S-1-5-21-1085031214-1343024091-839522115-1003\Software\G*e*n*i*e*"!\FM Genie Scout 11]
"GameDir"="c:\\Documents and Settings\\Srdjan\\My Documents\\Sports Interactive\\Football Manager 2011\\games"
"ShortlistDir"="c:\\Documents and Settings\\Srdjan\\My Documents\\Sports Interactive\\Football Manager 2011\\shortlists"
"FMPath"=""
"ScreenshotsDir"="c:\\Documents and Settings\\Srdjan\\My Documents\\Sports Interactive\\Football Manager 2011"
"SaveDir"="c:\\Documents and Settings\\Srdjan\\My Documents\\Sports Interactive\\Football Manager 2011\\"
"HistoryDir"="c:\\FM Genie Scout 11\\History Points"
"LangDB"="c:\\FM Genie Scout 11\\lang_db.dat"
"LastSaveGame"="c:\\Documents and Settings\\Srdjan\\My Documents\\Sports Interactive\\Football Manager 2011\\games\\real 2012.fm"
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000000
"SkinName"="PSV Eindhoven"
"LastUpdateCheck"=dword:00009f35
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000080
"UniqueID"="98-F3C5-2ED3"
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"PlayerSearchFeatureNum"=dword:00000007
"StaffSearchFeatureNum"=dword:00000000
"ClubSearchFeatureNum"=dword:00000000
"FilterByClubFeatureNum"=dword:00000000
"CompareFeatureNum"=dword:00000000
"ShortlistFeatureNum"=dword:00000000
"ExportFeatureNum"=dword:00000000
"HistoryFeatureNum"=dword:00000000
"LanguageDBFeatureNum"=dword:00000007
"HintsFeatureNum"=dword:00000002
"GenieReportFeatureNum"=dword:00000000
"TopFormationFeatureNum"=dword:00000000
"ScreenshotFeatureNum"=dword:00000000
"Currency"=dword:00000056
.
[HKEY_USERS\S-1-5-21-1085031214-1343024091-839522115-1003\Software\G*e*n*i*e*"!\FM Genie Scout 11g]
"PicturesNumber"=dword:000014d0
.
[HKEY_USERS\S-1-5-21-1085031214-1343024091-839522115-1003\Software\G*e*n*i*e*"!\FM Genie Scout 2008]
"GameDir"=""
"ShortlistDir"=""
"ScreenshotsDir"="c:\\Documents and Settings\\Srdjan\\Desktop"
"SaveDir"=""
"HistoryDir"="c:\\DOCUME~1\\Srdjan\\LOCALS~1\\Temp\\Rar$EX00.235\\FM Genie Scout 2008\\History Points"
"LangDB"=""
"LastSaveGame"="d:\\srdjan\\Srki\\sRKI\\pesinternet\\pes2009\\fm to pes\\ALL.fm"
"Language"="English"
"LoadLangDB"=dword:00000000
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"SkinID"=dword:00000001
"LastUpdateCheck"=dword:00000000
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"WindowState"=dword:00000000
"WindowHeight"=dword:00000302
"WindowWidth"=dword:000003fc
"WindowLeft"=dword:00000082
"WindowTop"=dword:0000007f
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"Currency"=dword:00000056
.
[HKEY_USERS\S-1-5-21-1085031214-1343024091-839522115-1003\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Columns\Clubs]
"Position0"=dword:00000000
"Visible0"=dword:00000001
"Width0"=dword:0000007d
"Position1"=dword:00000001
"Visible1"=dword:00000001
"Width1"=dword:00000064
"Position2"=dword:00000002
"Visible2"=dword:00000001
"Width2"=dword:00000064
"Position3"=dword:00000003
"Visible3"=dword:00000001
"Width3"=dword:00000032
"Position4"=dword:00000004
"Visible4"=dword:00000001
"Width4"=dword:00000032
"Position5"=dword:00000005
"Visible5"=dword:00000001
"Width5"=dword:00000050
"Position6"=dword:00000006
"Visible6"=dword:00000001
"Width6"=dword:00000050
"Position7"=dword:00000007
"Visible7"=dword:00000001
"Width7"=dword:00000050
"Position8"=dword:00000008
"Visible8"=dword:00000000
"Width8"=dword:00000050
"Position9"=dword:00000009
"Visible9"=dword:00000000
"Width9"=dword:0000002d
"Position10"=dword:0000000a
"Visible10"=dword:00000000
"Width10"=dword:0000001e
"Position11"=dword:0000000b
"Visible11"=dword:00000000
"Width11"=dword:0000001e
"Position12"=dword:0000000c
"Visible12"=dword:00000000
"Width12"=dword:0000001e
"Position13"=dword:0000000d
"Visible13"=dword:00000001
"Width13"=dword:0000003c
"Position14"=dword:0000000e
"Visible14"=dword:00000000
"Width14"=dword:00000032
"Position15"=dword:0000000f
"Visible15"=dword:00000000
"Width15"=dword:00000032
"Position16"=dword:00000010
"Visible16"=dword:00000000
"Width16"=dword:00000032
"Position17"=dword:00000011
"Visible17"=dword:00000001
"Width17"=dword:00000050
"Position18"=dword:00000012
"Visible18"=dword:00000001
"Width18"=dword:00000050
"Position19"=dword:00000013
"Visible19"=dword:00000000
"Width19"=dword:00000050
.
[HKEY_USERS\S-1-5-21-1085031214-1343024091-839522115-1003\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Columns\Players]
"Position0"=dword:00000000
"Visible0"=dword:00000001
"Width0"=dword:0000008e
"Position1"=dword:00000001
"Visible1"=dword:00000001
"Width1"=dword:0000000a
"Position2"=dword:00000002
"Visible2"=dword:00000001
"Width2"=dword:0000000a
"Position3"=dword:00000003
"Visible3"=dword:00000001
"Width3"=dword:0000000a
"Position4"=dword:00000008
"Visible4"=dword:00000000
"Width4"=dword:00000023
"Position5"=dword:00000009
"Visible5"=dword:00000000
"Width5"=dword:00000028
"Position6"=dword:0000000a
"Visible6"=dword:00000000
"Width6"=dword:00000028
"Position7"=dword:0000000b
"Visible7"=dword:00000000
"Width7"=dword:0000004b
"Position8"=dword:0000000c
"Visible8"=dword:00000000
"Width8"=dword:0000004b
"Position9"=dword:0000007c
"Visible9"=dword:00000001
"Width9"=dword:00000033
"Position10"=dword:0000000e
"Visible10"=dword:00000001
"Width10"=dword:0000000a
"Position11"=dword:0000000f
"Visible11"=dword:00000000
"Width11"=dword:0000004b
"Position12"=dword:00000011
"Visible12"=dword:00000000
"Width12"=dword:0000002d
"Position13"=dword:00000012
"Visible13"=dword:00000000
"Width13"=dword:0000003c
"Position14"=dword:00000013
"Visible14"=dword:00000000
"Width14"=dword:0000004b
"Position15"=dword:00000014
"Visible15"=dword:00000000
"Width15"=dword:00000064
"Position16"=dword:00000015
"Visible16"=dword:00000000
"Width16"=dword:00000064
"Position17"=dword:00000016
"Visible17"=dword:00000000
"Width17"=dword:0000004b
"Position18"=dword:00000017
"Visible18"=dword:00000000
"Width18"=dword:00000064
"Position19"=dword:00000018
"Visible19"=dword:00000000
"Width19"=dword:0000003c
"Position20"=dword:00000019
"Visible20"=dword:00000000
"Width20"=dword:0000004b
"Position21"=dword:0000001a
"Visible21"=dword:00000000
"Width21"=dword:00000050
"Position22"=dword:0000001b
"Visible22"=dword:00000000
"Width22"=dword:00000073
"Position23"=dword:0000001c
"Visible23"=dword:00000000
"Width23"=dword:00000050
"Position24"=dword:0000001d
"Visible24"=dword:00000000
"Width24"=dword:0000005a
"Position25"=dword:0000001e
"Visible25"=dword:00000000
"Width25"=dword:0000006e
"Position26"=dword:0000001f
"Visible26"=dword:00000000
"Width26"=dword:00000064
"Position27"=dword:00000020
"Visible27"=dword:00000000
"Width27"=dword:00000087
"Position28"=dword:00000021
"Visible28"=dword:00000000
"Width28"=dword:00000064
"Position29"=dword:00000022
"Visible29"=dword:00000000
"Width29"=dword:00000064
"Position30"=dword:00000023
"Visible30"=dword:00000000
"Width30"=dword:00000046
"Position31"=dword:00000024
"Visible31"=dword:00000000
"Width31"=dword:0000004b
"Position32"=dword:00000025
"Visible32"=dword:00000000
"Width32"=dword:00000046
"Position33"=dword:0000007d
"Visible33"=dword:00000001
"Width33"=dword:0000001b
"Position34"=dword:0000007e
"Visible34"=dword:00000001
"Width34"=dword:0000001d
"Position35"=dword:00000080
"Visible35"=dword:00000001
"Width35"=dword:0000001b
"Position36"=dword:00000089
"Visible36"=dword:00000001
"Width36"=dword:0000001b
"Position37"=dword:0000008b
"Visible37"=dword:00000001
"Width37"=dword:0000001c
"Position38"=dword:00000090
"Visible38"=dword:00000001
"Width38"=dword:00000024
"Position39"=dword:00000092
"Visible39"=dword:00000001
"Width39"=dword:0000001a
"Position40"=dword:00000088
"Visible40"=dword:00000001
"Width40"=dword:00000023
"Position41"=dword:00000093
"Visible41"=dword:00000001
"Width41"=dword:00000019
"Position42"=dword:00000085
"Visible42"=dword:00000001
"Width42"=dword:0000001a
"Position43"=dword:00000083
"Visible43"=dword:00000001
"Width43"=dword:0000001b
"Position44"=dword:00000087
"Visible44"=dword:00000001
"Width44"=dword:00000024
"Position45"=dword:00000026
"Visible45"=dword:00000001
"Width45"=dword:0000000a
"Position46"=dword:00000027
"Visible46"=dword:00000001
"Width46"=dword:0000000a
"Position47"=dword:00000028
"Visible47"=dword:00000001
"Width47"=dword:0000000a
"Position48"=dword:00000029
"Visible48"=dword:00000001
"Width48"=dword:0000000a
"Position49"=dword:0000002a
"Visible49"=dword:00000001
"Width49"=dword:0000000a
"Position50"=dword:0000002b
"Visible50"=dword:00000001
"Width50"=dword:0000000a
"Position51"=dword:0000002c
"Visible51"=dword:00000001
"Width51"=dword:0000000a
"Position52"=dword:0000002d
"Visible52"=dword:00000001
"Width52"=dword:0000000a
"Position53"=dword:0000002e
"Visible53"=dword:00000001
"Width53"=dword:0000000a
"Position54"=dword:0000002f
"Visible54"=dword:00000001
"Width54"=dword:0000000a
"Position55"=dword:00000030
"Visible55"=dword:00000001
"Width55"=dword:0000000a
"Position56"=dword:00000033
"Visible56"=dword:00000001
"Width56"=dword:0000000a
"Position57"=dword:00000034
"Visible57"=dword:00000001
"Width57"=dword:0000000a
"Position58"=dword:00000035
"Visible58"=dword:00000001
"Width58"=dword:0000000a
"Position59"=dword:00000036
"Visible59"=dword:00000001
"Width59"=dword:0000000a
"Position60"=dword:00000037
"Visible60"=dword:00000001
"Width60"=dword:0000000a
"Position61"=dword:00000038
"Visible61"=dword:00000001
"Width61"=dword:0000000a
"Position62"=dword:00000039
"Visible62"=dword:00000001
"Width62"=dword:0000000a
"Position63"=dword:0000003a
"Visible63"=dword:00000001
"Width63"=dword:0000000a
"Position64"=dword:0000003b
"Visible64"=dword:00000001
"Width64"=dword:0000000a
"Position65"=dword:0000003c
"Visible65"=dword:00000001
"Width65"=dword:0000000a
"Position66"=dword:0000003d
"Visible66"=dword:00000001
"Width66"=dword:0000000a
"Position67"=dword:0000003e
"Visible67"=dword:00000001
"Width67"=dword:0000000a
"Position68"=dword:0000003f
"Visible68"=dword:00000001
"Width68"=dword:0000000a
"Position69"=dword:00000040
"Visible69"=dword:00000001
"Width69"=dword:0000000a
"Position70"=dword:00000041
"Visible70"=dword:00000001
"Width70"=dword:0000000a
"Position71"=dword:00000042
"Visible71"=dword:00000001
"Width71"=dword:0000000a
"Position72"=dword:00000043
"Visible72"=dword:00000001
"Width72"=dword:0000000a
"Position73"=dword:00000044
"Visible73"=dword:00000001
"Width73"=dword:0000000a
"Position74"=dword:00000045
"Visible74"=dword:00000001
"Width74"=dword:0000000a
"Position75"=dword:00000046
"Visible75"=dword:00000001
"Width75"=dword:0000000a
"Position76"=dword:00000047
"Visible76"=dword:00000001
"Width76"=dword:0000000a
"Position77"=dword:00000048
"Visible77"=dword:00000001
"Width77"=dword:0000000a
"Position78"=dword:00000049
"Visible78"=dword:00000001
"Width78"=dword:0000000a
"Position79"=dword:0000004a
"Visible79"=dword:00000001
"Width79"=dword:0000000a
"Position80"=dword:0000004b
"Visible80"=dword:00000001
"Width80"=dword:0000000a
"Position81"=dword:0000004c
"Visible81"=dword:00000001
"Width81"=dword:0000000a
"Position82"=dword:0000004d
"Visible82"=dword:00000001
"Width82"=dword:0000000a
"Position83"=dword:0000004e
"Visible83"=dword:00000001
"Width83"=dword:0000000a
"Position84"=dword:0000004f
"Visible84"=dword:00000001
"Width84"=dword:0000000a
"Position85"=dword:00000050
"Visible85"=dword:00000001
"Width85"=dword:0000000a
"Position86"=dword:00000051
"Visible86"=dword:00000001
"Width86"=dword:0000000a
"Position87"=dword:00000052
"Visible87"=dword:00000001
"Width87"=dword:0000000a
"Position88"=dword:00000053
"Visible88"=dword:00000001
"Width88"=dword:0000000a
"Position89"=dword:00000054
"Visible89"=dword:00000001
"Width89"=dword:0000000a
"Position90"=dword:00000055
"Visible90"=dword:00000001
"Width90"=dword:0000000a
"Position91"=dword:00000056
"Visible91"=dword:00000001
"Width91"=dword:0000000a
"Position92"=dword:00000057
"Visible92"=dword:00000001
"Width92"=dword:0000000a
"Position93"=dword:00000058
"Visible93"=dword:00000001
"Width93"=dword:0000000a
"Position94"=dword:00000059
"Visible94"=dword:00000001
"Width94"=dword:0000000a
"Position95"=dword:0000005a
"Visible95"=dword:00000001
"Width95"=dword:0000000a
"Position96"=dword:0000005b
"Visible96"=dword:00000001
"Width96"=dword:0000000a
"Position97"=dword:0000005c
"Visible97"=dword:00000001
"Width97"=dword:0000000a
"Position98"=dword:0000005d
"Visible98"=dword:00000001
"Width98"=dword:0000002f
"Position99"=dword:0000005e
"Visible99"=dword:00000001
"Width99"=dword:0000002c
"Position100"=dword:00000031
"Visible100"=dword:00000001
"Width100"=dword:0000000a
"Position101"=dword:0000005f
"Visible101"=dword:00000001
"Width101"=dword:00000028
"Position102"=dword:00000060
"Visible102"=dword:00000001
"Width102"=dword:00000024
"Position103"=dword:00000061
"Visible103"=dword:00000001
"Width103"=dword:00000029
"Position104"=dword:00000062
"Visible104"=dword:00000001
"Width104"=dword:00000026
"Position105"=dword:00000063
"Visible105"=dword:00000001
"Width105"=dword:0000002a
"Position106"=dword:00000010
"Visible106"=dword:00000000
"Width106"=dword:00000050
"Position107"=dword:0000000d
"Visible107"=dword:00000000
"Width107"=dword:00000028
"Position108"=dword:00000032
"Visible108"=dword:00000001
"Width108"=dword:0000000a
"Position109"=dword:0000008d
"Visible109"=dword:00000001
"Width109"=dword:0000001a
"Position110"=dword:0000008c
"Visible110"=dword:00000001
"Width110"=dword:0000001b
"Position111"=dword:0000008f
"Visible111"=dword:00000001
"Width111"=dword:00000022
"Position112"=dword:0000008e
"Visible112"=dword:00000001
"Width112"=dword:00000023
"Position113"=dword:00000064
"Visible113"=dword:00000000
"Width113"=dword:00000050
"Position114"=dword:00000065
"Visible114"=dword:00000001
"Width114"=dword:0000002b
"Position115"=dword:00000068
"Visible115"=dword:00000001
"Width115"=dword:00000026
"Position116"=dword:00000066
"Visible116"=dword:00000001
"Width116"=dword:00000028
"Position117"=dword:00000067
"Visible117"=dword:00000001
"Width117"=dword:00000027
"Position118"=dword:0000006a
"Visible118"=dword:00000001
"Width118"=dword:0000002d
"Position119"=dword:00000069
"Visible119"=dword:00000001
"Width119"=dword:0000002f
"Position120"=dword:0000006b
"Visible120"=dword:00000001
"Width120"=dword:00000029
"Position121"=dword:0000006e
"Visible121"=dword:00000001
"Width121"=dword:0000002a
"Position122"=dword:0000006c
"Visible122"=dword:00000001
"Width122"=dword:00000026
"Position123"=dword:0000006d
"Visible123"=dword:00000001
"Width123"=dword:0000002b
"Position124"=dword:00000071
"Visible124"=dword:00000001
"Width124"=dword:0000002d
"Position125"=dword:0000006f
"Visible125"=dword:00000001
"Width125"=dword:00000030
"Position126"=dword:00000070
"Visible126"=dword:00000001
"Width126"=dword:00000032
"Position127"=dword:00000072
"Visible127"=dword:00000001
"Width127"=dword:00000029
"Position128"=dword:00000073
"Visible128"=dword:00000001
"Width128"=dword:00000029
"Position129"=dword:00000074
"Visible129"=dword:00000000
"Width129"=dword:00000050
"Position130"=dword:00000075
"Visible130"=dword:00000000
"Width130"=dword:00000050
"Position131"=dword:00000076
"Visible131"=dword:00000000
"Width131"=dword:00000050
"Position132"=dword:00000077
"Visible132"=dword:00000000
"Width132"=dword:00000050
"Position133"=dword:00000078
"Visible133"=dword:00000000
"Width133"=dword:00000050
"Position134"=dword:00000079
"Visible134"=dword:00000000
"Width134"=dword:00000050
"Position135"=dword:0000007a
"Visible135"=dword:00000000
"Width135"=dword:00000050
"Position136"=dword:0000007b
"Visible136"=dword:00000000
"Width136"=dword:00000050
"Position137"=dword:0000007f
"Visible137"=dword:00000000
"Width137"=dword:00000050
"Position138"=dword:00000081
"Visible138"=dword:00000000
"Width138"=dword:00000050
"Position139"=dword:00000082
"Visible139"=dword:00000000
"Width139"=dword:00000050
"Position140"=dword:00000084
"Visible140"=dword:00000000
"Width140"=dword:00000050
"Position141"=dword:00000086
"Visible141"=dword:00000000
"Width141"=dword:00000050
"Position142"=dword:0000008a
"Visible142"=dword:00000000
"Width142"=dword:00000050
"Position143"=dword:00000091
"Visible143"=dword:00000000
"Width143"=dword:00000050
"Position144"=dword:00000094
"Visible144"=dword:00000000
"Width144"=dword:00000050
"Position145"=dword:00000095
"Visible145"=dword:00000000
"Width145"=dword:00000050
"Position146"=dword:00000004
"Visible146"=dword:00000000
"Width146"=dword:00000037
"Position147"=dword:00000005
"Visible147"=dword:00000000
"Width147"=dword:00000028
"Position148"=dword:00000006
"Visible148"=dword:00000000
"Width148"=dword:00000037
"Position149"=dword:00000007
"Visible149"=dword:00000000
"Width149"=dword:00000028
.
[HKEY_USERS\S-1-5-21-1085031214-1343024091-839522115-1003\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Columns\Staff]
"Position0"=dword:00000000
"Visible0"=dword:00000001
"Width0"=dword:0000007d
"Position1"=dword:00000001
"Visible1"=dword:00000001
"Width1"=dword:00000064
"Position2"=dword:00000002
"Visible2"=dword:00000001
"Width2"=dword:00000064
"Position3"=dword:00000003
"Visible3"=dword:00000001
"Width3"=dword:00000069
"Position4"=dword:00000005
"Visible4"=dword:00000001
"Width4"=dword:00000028
"Position5"=dword:00000006
"Visible5"=dword:00000001
"Width5"=dword:00000028
"Position6"=dword:00000004
"Visible6"=dword:00000001
"Width6"=dword:00000028
"Position7"=dword:00000007
"Visible7"=dword:00000001
"Width7"=dword:00000050
"Position8"=dword:00000008
"Visible8"=dword:00000000
"Width8"=dword:00000050
"Position9"=dword:00000009
"Visible9"=dword:00000000
"Width9"=dword:0000004b
"Position10"=dword:0000000a
"Visible10"=dword:00000000
"Width10"=dword:0000002d
"Position11"=dword:0000000b
"Visible11"=dword:00000000
"Width11"=dword:0000003c
"Position12"=dword:0000000c
"Visible12"=dword:00000000
"Width12"=dword:0000004b
"Position13"=dword:0000000d
"Visible13"=dword:00000000
"Width13"=dword:00000064
"Position14"=dword:0000000e
"Visible14"=dword:00000000
"Width14"=dword:00000064
"Position15"=dword:0000000f
"Visible15"=dword:00000000
"Width15"=dword:0000004b
"Position16"=dword:00000010
"Visible16"=dword:00000000
"Width16"=dword:00000064
"Position17"=dword:00000011
"Visible17"=dword:00000000
"Width17"=dword:0000003c
"Position18"=dword:00000012
"Visible18"=dword:00000000
"Width18"=dword:0000004b
"Position19"=dword:00000013
"Visible19"=dword:00000000
"Width19"=dword:00000050
"Position20"=dword:00000014
"Visible20"=dword:00000000
"Width20"=dword:00000046
"Position21"=dword:00000015
"Visible21"=dword:00000000
"Width21"=dword:0000004b
"Position22"=dword:00000016
"Visible22"=dword:00000000
"Width22"=dword:00000046
"Position23"=dword:00000017
"Visible23"=dword:00000000
"Width23"=dword:00000046
"Position24"=dword:00000018
"Visible24"=dword:00000000
"Width24"=dword:0000003c
"Position25"=dword:00000019
"Visible25"=dword:00000000
"Width25"=dword:00000041
"Position26"=dword:0000001a
"Visible26"=dword:00000000
"Width26"=dword:0000003c
"Position27"=dword:0000001b
"Visible27"=dword:00000000
"Width27"=dword:00000055
"Position28"=dword:0000001c
"Visible28"=dword:00000000
"Width28"=dword:00000069
"Position29"=dword:0000001d
"Visible29"=dword:00000000
"Width29"=dword:0000006e
"Position30"=dword:0000001e
"Visible30"=dword:00000000
"Width30"=dword:00000064
"Position31"=dword:0000001f
"Visible31"=dword:00000000
"Width31"=dword:00000078
"Position32"=dword:00000020
"Visible32"=dword:00000000
"Width32"=dword:00000064
"Position33"=dword:00000021
"Visible33"=dword:00000000
"Width33"=dword:00000087
"Position34"=dword:00000022
"Visible34"=dword:00000000
"Width34"=dword:00000069
"Position35"=dword:00000023
"Visible35"=dword:00000000
"Width35"=dword:0000006e
"Position36"=dword:00000024
"Visible36"=dword:00000000
"Width36"=dword:00000073
"Position37"=dword:00000025
"Visible37"=dword:00000000
"Width37"=dword:0000004b
"Position38"=dword:00000026
"Visible38"=dword:00000000
"Width38"=dword:0000002d
"Position39"=dword:00000027
"Visible39"=dword:00000000
"Width39"=dword:00000055
"Position40"=dword:00000028
"Visible40"=dword:00000000
"Width40"=dword:00000046
"Position41"=dword:00000029
"Visible41"=dword:00000000
"Width41"=dword:0000004b
"Position42"=dword:0000002a
"Visible42"=dword:00000000
"Width42"=dword:0000003c
"Position43"=dword:0000002b
"Visible43"=dword:00000000
"Width43"=dword:00000046
"Position44"=dword:0000002c
"Visible44"=dword:00000000
"Width44"=dword:00000073
"Position45"=dword:0000002d
"Visible45"=dword:00000000
"Width45"=dword:0000004b
"Position46"=dword:0000002e
"Visible46"=dword:00000000
"Width46"=dword:00000073
"Position47"=dword:0000002f
"Visible47"=dword:00000000
"Width47"=dword:0000007d
"Position48"=dword:00000030
"Visible48"=dword:00000000
"Width48"=dword:0000006e
"Position49"=dword:00000031
"Visible49"=dword:00000000
"Width49"=dword:00000037
"Position50"=dword:00000032
"Visible50"=dword:00000000
"Width50"=dword:00000064
"Position51"=dword:00000033
"Visible51"=dword:00000000
"Width51"=dword:00000037
"Position52"=dword:00000034
"Visible52"=dword:00000000
"Width52"=dword:0000004b
"Position53"=dword:00000035
"Visible53"=dword:00000000
"Width53"=dword:00000046
"Position54"=dword:00000036
"Visible54"=dword:00000000
"Width54"=dword:00000037
"Position55"=dword:00000037
"Visible55"=dword:00000000
"Width55"=dword:0000003c
"Position56"=dword:00000038
"Visible56"=dword:00000000
"Width56"=dword:00000055
"Position57"=dword:00000039
"Visible57"=dword:00000000
"Width57"=dword:0000003c
"Position58"=dword:0000003a
"Visible58"=dword:00000000
"Width58"=dword:0000003c
"Position59"=dword:0000003b
"Visible59"=dword:00000000
"Width59"=dword:00000055
"Position60"=dword:0000003c
"Visible60"=dword:00000000
"Width60"=dword:00000046
"Position61"=dword:0000003d
"Visible61"=dword:00000000
"Width61"=dword:0000004b
"Position62"=dword:0000003e
"Visible62"=dword:00000000
"Width62"=dword:00000055
"Position63"=dword:0000003f
"Visible63"=dword:00000000
"Width63"=dword:0000005a
"Position64"=dword:00000040
"Visible64"=dword:00000000
"Width64"=dword:0000006e
"Position65"=dword:00000041
"Visible65"=dword:00000000
"Width65"=dword:00000050
"Position66"=dword:00000042
"Visible66"=dword:00000000
"Width66"=dword:00000032
"Position67"=dword:00000043
"Visible67"=dword:00000000
"Width67"=dword:00000064
"Position68"=dword:00000044
"Visible68"=dword:00000000
"Width68"=dword:0000004b
"Position69"=dword:00000045
"Visible69"=dword:00000000
"Width69"=dword:0000002d
"Position70"=dword:00000046
"Visible70"=dword:00000000
"Width70"=dword:0000004b
"Position71"=dword:00000047
"Visible71"=dword:00000000
"Width71"=dword:0000005a
"Position72"=dword:00000048
"Visible72"=dword:00000000
"Width72"=dword:0000005a
"Position73"=dword:00000049
"Visible73"=dword:00000000
"Width73"=dword:00000050
"Position74"=dword:0000004a
"Visible74"=dword:00000000
"Width74"=dword:0000004b
"Position75"=dword:0000004b
"Visible75"=dword:00000000
"Width75"=dword:00000050
"Position76"=dword:0000004c
"Visible76"=dword:00000000
"Width76"=dword:0000005a
"Position77"=dword:0000004d
"Visible77"=dword:00000000
"Width77"=dword:00000041
"Position78"=dword:0000004e
"Visible78"=dword:00000000
"Width78"=dword:00000041
"Position79"=dword:0000004f
"Visible79"=dword:00000000
"Width79"=dword:00000041
"Position80"=dword:00000050
"Visible80"=dword:00000000
"Width80"=dword:00000041
"Position81"=dword:00000051
"Visible81"=dword:00000000
"Width81"=dword:00000041
"Position82"=dword:00000052
"Visible82"=dword:00000000
"Width82"=dword:00000041
"Position83"=dword:00000053
"Visible83"=dword:00000000
"Width83"=dword:00000041
"Position84"=dword:00000054
"Visible84"=dword:00000000
"Width84"=dword:00000041
"Position85"=dword:00000055
"Visible85"=dword:00000000
"Width85"=dword:00000041
"Position86"=dword:00000056
"Visible86"=dword:00000000
"Width86"=dword:00000050
.
[HKEY_USERS\S-1-5-21-1085031214-1343024091-839522115-1003\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Rating Coefficients]
"GKWeightCoef"=dword:00000064
"GKCurrentAbilityCoef"=dword:00000000
"GKCornersCoef"=dword:00000000
"GKCrossingCoef"=dword:00000000
"GKDribblingCoef"=dword:00000000
"GKFinishingCoef"=dword:00000000
"GKFirstTouchCoef"=dword:00000000
"GKFreeKicksCoef"=dword:00000000
"GKHeadingCoef"=dword:00000000
"GKLongShotsCoef"=dword:00000000
"GKLongThrowsCoef"=dword:00000000
"GKMarkingCoef"=dword:00000000
"GKPassingCoef"=dword:00000000
"GKPenaltiesCoef"=dword:00000000
"GKTacklingCoef"=dword:00000005
"GKTechniqueCoef"=dword:00000000
"GKLeftFootCoef"=dword:00000000
"GKRightFootCoef"=dword:00000000
"GKAggressionCoef"=dword:0000000a
"GKAnticipationCoef"=dword:00000005
"GKBraveryCoef"=dword:00000014
"GKComposureCoef"=dword:00000014
"GKConcentrationCoef"=dword:0000000a
"GKConsistencyCoef"=dword:0000000a
"GKCreativityCoef"=dword:00000000
"GKDecisionsCoef"=dword:00000014
"GKDeterminationCoef"=dword:0000000a
"GKDirtinessCoef"=dword:fffffffb
"GKFlairCoef"=dword:00000000
"GKImportantMatchesCoef"=dword:0000000a
"GKInfluenceCoef"=dword:0000000a
"GKOffTheBallCoef"=dword:00000000
"GKPositioningCoef"=dword:00000050
"GKTeamworkCoef"=dword:00000005
"GKWorkRateCoef"=dword:00000000
"GKAccelerationCoef"=dword:00000005
"GKAgilityCoef"=dword:0000000a
"GKBalanceCoef"=dword:0000000a
"GKInjuryPronenessCoef"=dword:fffffffb
"GKJumpingCoef"=dword:00000050
"GKNaturalFitnessCoef"=dword:00000005
"GKPaceCoef"=dword:00000000
"GKStaminaCoef"=dword:00000000
"GKStrengthCoef"=dword:0000000a
"GKVersatilityCoef"=dword:00000000
"GKAerialAbilityCoef"=dword:00000032
"GKCommandOfAreaCoef"=dword:00000014
"GKCommunicationCoef"=dword:00000032
"GKEccentricityCoef"=dword:ffffffec
"GKHandlingCoef"=dword:00000064
"GKKickingCoef"=dword:0000000a
"GKOneOnOnesCoef"=dword:00000032
"GKReflexesCoef"=dword:00000064
"GKRushingOutCoef"=dword:00000014
"GKTendencyToPunchCoef"=dword:fffffff6
"GKThrowingCoef"=dword:0000000a
"GKAdaptabilityCoef"=dword:00000005
"GKAmbitionCoef"=dword:0000000a
"GKControversyCoef"=dword:fffffffb
"GKLoyalityCoef"=dword:00000005
"GKPressureCoef"=dword:00000005
"GKProfessionalismCoef"=dword:00000005
"GKSportsmanshipCoef"=dword:00000005
"GKTemperamentCoef"=dword:00000005
"SWWeightCoef"=dword:00000066
"SWCurrentAbilityCoef"=dword:00000000
"SWCornersCoef"=dword:00000000
"SWCrossingCoef"=dword:00000000
"SWDribblingCoef"=dword:00000000
"SWFinishingCoef"=dword:00000000
"SWFirstTouchCoef"=dword:00000014
"SWFreeKicksCoef"=dword:0000000a
"SWHeadingCoef"=dword:00000064
"SWLongShotsCoef"=dword:0000000a
"SWLongThrowsCoef"=dword:00000000
"SWMarkingCoef"=dword:00000064
"SWPassingCoef"=dword:0000000a
"SWPenaltiesCoef"=dword:00000005
"SWTacklingCoef"=dword:00000064
"SWTechniqueCoef"=dword:0000000a
"SWLeftFootCoef"=dword:00000005
"SWRightFootCoef"=dword:00000005
"SWAggressionCoef"=dword:00000014
"SWAnticipationCoef"=dword:00000014
"SWBraveryCoef"=dword:00000028
"SWComposureCoef"=dword:00000028
"SWConcentrationCoef"=dword:0000003c
"SWConsistencyCoef"=dword:0000000a
"SWCreativityCoef"=dword:0000000a
"SWDecisionsCoef"=dword:00000014
"SWDeterminationCoef"=dword:0000000a
"SWDirtinessCoef"=dword:ffffffe7
"SWFlairCoef"=dword:00000000
"SWImportantMatchesCoef"=dword:0000000a
"SWInfluenceCoef"=dword:0000000a
"SWOffTheBallCoef"=dword:0000000a
"SWPositioningCoef"=dword:00000064
"SWTeamworkCoef"=dword:00000028
"SWWorkRateCoef"=dword:00000014
"SWAccelerationCoef"=dword:0000001e
"SWAgilityCoef"=dword:0000000a
"SWBalanceCoef"=dword:00000014
"SWInjuryPronenessCoef"=dword:fffffffb
"SWJumpingCoef"=dword:00000064
"SWNaturalFitnessCoef"=dword:00000005
"SWPaceCoef"=dword:00000014
"SWStaminaCoef"=dword:0000000a
"SWStrengthCoef"=dword:00000050
"SWVersatilityCoef"=dword:00000005
"SWAerialAbilityCoef"=dword:00000000
"SWCommandOfAreaCoef"=dword:00000000
"SWCommunicationCoef"=dword:00000000
"SWEccentricityCoef"=dword:00000000
"SWHandlingCoef"=dword:00000000
"SWKickingCoef"=dword:00000000
"SWOneOnOnesCoef"=dword:00000005
"SWReflexesCoef"=dword:00000005
"SWRushingOutCoef"=dword:00000000
"SWTendencyToPunchCoef"=dword:00000000
"SWThrowingCoef"=dword:00000000
"SWAdaptabilityCoef"=dword:00000005
"SWAmbitionCoef"=dword:0000000a
"SWControversyCoef"=dword:fffffffb
"SWLoyalityCoef"=dword:00000005
"SWPressureCoef"=dword:00000005
"SWProfessionalismCoef"=dword:00000005
"SWSportsmanshipCoef"=dword:00000005
"SWTemperamentCoef"=dword:00000005
"CBWeightCoef"=dword:00000064
"CBCurrentAbilityCoef"=dword:00000000
"CBCornersCoef"=dword:00000000
"CBCrossingCoef"=dword:00000000
"CBDribblingCoef"=dword:00000000
"CBFinishingCoef"=dword:00000000
"CBFirstTouchCoef"=dword:00000014
"CBFreeKicksCoef"=dword:0000000a
"CBHeadingCoef"=dword:00000064
"CBLongShotsCoef"=dword:0000000a
"CBLongThrowsCoef"=dword:00000000
"CBMarkingCoef"=dword:00000050
"CBPassingCoef"=dword:00000014
"CBPenaltiesCoef"=dword:00000005
"CBTacklingCoef"=dword:00000064
"CBTechniqueCoef"=dword:0000000a
"CBLeftFootCoef"=dword:00000005
"CBRightFootCoef"=dword:00000005
"CBAggressionCoef"=dword:00000014
"CBAnticipationCoef"=dword:00000014
"CBBraveryCoef"=dword:00000028
"CBComposureCoef"=dword:00000014
"CBConcentrationCoef"=dword:00000028
"CBConsistencyCoef"=dword:0000000a
"CBCreativityCoef"=dword:0000000a
"CBDecisionsCoef"=dword:00000014
"CBDeterminationCoef"=dword:0000000a
"CBDirtinessCoef"=dword:ffffffec
"CBFlairCoef"=dword:00000000
"CBImportantMatchesCoef"=dword:0000000a
"CBInfluenceCoef"=dword:0000000a
"CBOffTheBallCoef"=dword:0000000a
"CBPositioningCoef"=dword:00000050
"CBTeamworkCoef"=dword:00000028
"CBWorkRateCoef"=dword:00000014
"CBAccelerationCoef"=dword:00000028
"CBAgilityCoef"=dword:0000000a
"CBBalanceCoef"=dword:00000014
"CBInjuryPronenessCoef"=dword:fffffffb
"CBJumpingCoef"=dword:00000064
"CBNaturalFitnessCoef"=dword:00000005
"CBPaceCoef"=dword:0000001e
"CBStaminaCoef"=dword:0000000a
"CBStrengthCoef"=dword:0000003c
"CBVersatilityCoef"=dword:00000005
"CBAerialAbilityCoef"=dword:00000000
"CBCommandOfAreaCoef"=dword:00000000
"CBCommunicationCoef"=dword:00000000
"CBEccentricityCoef"=dword:00000000
"CBHandlingCoef"=dword:00000000
"CBKickingCoef"=dword:00000000
"CBOneOnOnesCoef"=dword:00000005
"CBReflexesCoef"=dword:00000005
"CBRushingOutCoef"=dword:00000000
"CBTendencyToPunchCoef"=dword:00000000
"CBThrowingCoef"=dword:00000000
"CBAdaptabilityCoef"=dword:00000005
"CBAmbitionCoef"=dword:0000000a
"CBControversyCoef"=dword:fffffffb
"CBLoyalityCoef"=dword:00000005
"CBPressureCoef"=dword:00000005
"CBProfessionalismCoef"=dword:00000005
"CBSportsmanshipCoef"=dword:00000005
"CBTemperamentCoef"=dword:00000005
"FBWeightCoef"=dword:00000069
"FBCurrentAbilityCoef"=dword:00000000
"FBCornersCoef"=dword:0000000a
"FBCrossingCoef"=dword:0000001e
"FBDribblingCoef"=dword:00000014
"FBFinishingCoef"=dword:00000000
"FBFirstTouchCoef"=dword:00000014
"FBFreeKicksCoef"=dword:0000000a
"FBHeadingCoef"=dword:0000003c
"FBLongShotsCoef"=dword:0000000a
"FBLongThrowsCoef"=dword:0000000a
"FBMarkingCoef"=dword:0000003c
"FBPassingCoef"=dword:0000001e
"FBPenaltiesCoef"=dword:00000005
"FBTacklingCoef"=dword:00000064
"FBTechniqueCoef"=dword:00000014
"FBLeftFootCoef"=dword:00000005
"FBRightFootCoef"=dword:00000005
"FBAggressionCoef"=dword:0000000f
"FBAnticipationCoef"=dword:00000050
"FBBraveryCoef"=dword:00000014
"FBComposureCoef"=dword:0000000a
"FBConcentrationCoef"=dword:0000001e
"FBConsistencyCoef"=dword:0000000a
"FBCreativityCoef"=dword:0000000a
"FBDecisionsCoef"=dword:00000014
"FBDeterminationCoef"=dword:0000000a
"FBDirtinessCoef"=dword:fffffff6
"FBFlairCoef"=dword:00000005
"FBImportantMatchesCoef"=dword:0000000a
"FBInfluenceCoef"=dword:0000000a
"FBOffTheBallCoef"=dword:00000014
"FBPositioningCoef"=dword:00000064
"FBTeamworkCoef"=dword:00000014
"FBWorkRateCoef"=dword:00000014
"FBAccelerationCoef"=dword:0000003c
"FBAgilityCoef"=dword:0000000a
"FBBalanceCoef"=dword:00000014
"FBInjuryPronenessCoef"=dword:fffffffb
"FBJumpingCoef"=dword:0000003c
"FBNaturalFitnessCoef"=dword:00000005
"FBPaceCoef"=dword:00000050
"FBStaminaCoef"=dword:0000003c
"FBStrengthCoef"=dword:00000028
"FBVersatilityCoef"=dword:00000005
"FBAerialAbilityCoef"=dword:00000000
"FBCommandOfAreaCoef"=dword:00000000
"FBCommunicationCoef"=dword:00000000
"FBEccentricityCoef"=dword:00000000
"FBHandlingCoef"=dword:00000000
"FBKickingCoef"=dword:00000000
"FBOneOnOnesCoef"=dword:00000005
"FBReflexesCoef"=dword:00000005
"FBRushingOutCoef"=dword:00000000
"FBTendencyToPunchCoef"=dword:00000000
"FBThrowingCoef"=dword:00000000
"FBAdaptabilityCoef"=dword:00000005
"FBAmbitionCoef"=dword:0000000a
"FBControversyCoef"=dword:fffffffb
"FBLoyalityCoef"=dword:00000005
"FBPressureCoef"=dword:00000005
"FBProfessionalismCoef"=dword:00000005
"FBSportsmanshipCoef"=dword:00000005
"FBTemperamentCoef"=dword:00000005
"WBWeightCoef"=dword:0000006c
"WBCurrentAbilityCoef"=dword:00000000
"WBCornersCoef"=dword:0000000a
"WBCrossingCoef"=dword:0000003c
"WBDribblingCoef"=dword:00000028
"WBFinishingCoef"=dword:0000000a
"WBFirstTouchCoef"=dword:00000014
"WBFreeKicksCoef"=dword:0000000a
"WBHeadingCoef"=dword:00000028
"WBLongShotsCoef"=dword:00000014
"WBLongThrowsCoef"=dword:0000000a
"WBMarkingCoef"=dword:0000003c
"WBPassingCoef"=dword:00000028
"WBPenaltiesCoef"=dword:00000005
"WBTacklingCoef"=dword:00000064
"WBTechniqueCoef"=dword:00000028
"WBLeftFootCoef"=dword:00000005
"WBRightFootCoef"=dword:00000005
"WBAggressionCoef"=dword:0000000a
"WBAnticipationCoef"=dword:00000050
"WBBraveryCoef"=dword:0000000a
"WBComposureCoef"=dword:0000000a
"WBConcentrationCoef"=dword:00000014
"WBConsistencyCoef"=dword:0000000a
"WBCreativityCoef"=dword:00000014
"WBDecisionsCoef"=dword:00000014
"WBDeterminationCoef"=dword:0000000a
"WBDirtinessCoef"=dword:fffffff6
"WBFlairCoef"=dword:0000000a
"WBImportantMatchesCoef"=dword:0000000a
"WBInfluenceCoef"=dword:0000000a
"WBOffTheBallCoef"=dword:00000014
"WBPositioningCoef"=dword:00000064
"WBTeamworkCoef"=dword:00000014
"WBWorkRateCoef"=dword:00000028
"WBAccelerationCoef"=dword:00000050
"WBAgilityCoef"=dword:0000000a
"WBBalanceCoef"=dword:00000014
"WBInjuryPronenessCoef"=dword:fffffffb
"WBJumpingCoef"=dword:00000014
"WBNaturalFitnessCoef"=dword:00000005
"WBPaceCoef"=dword:00000064
"WBStaminaCoef"=dword:00000050
"WBStrengthCoef"=dword:00000028
"WBVersatilityCoef"=dword:00000005
"WBAerialAbilityCoef"=dword:00000000
"WBCommandOfAreaCoef"=dword:00000000
"WBCommunicationCoef"=dword:00000000
"WBEccentricityCoef"=dword:00000000
"WBHandlingCoef"=dword:00000000
"WBKickingCoef"=dword:00000000
"WBOneOnOnesCoef"=dword:00000005
"WBReflexesCoef"=dword:00000005
"WBRushingOutCoef"=dword:00000000
"WBTendencyToPunchCoef"=dword:00000000
"WBThrowingCoef"=dword:00000000
"WBAdaptabilityCoef"=dword:00000005
"WBAmbitionCoef"=dword:0000000a
"WBControversyCoef"=dword:fffffffb
"WBLoyalityCoef"=dword:00000005
"WBPressureCoef"=dword:00000005
"WBProfessionalismCoef"=dword:00000005
"WBSportsmanshipCoef"=dword:00000005
"WBTemperamentCoef"=dword:00000005
"DMWeightCoef"=dword:00000067
"DMCurrentAbilityCoef"=dword:00000000
"DMCornersCoef"=dword:0000000a
"DMCrossingCoef"=dword:0000001e
"DMDribblingCoef"=dword:00000014
"DMFinishingCoef"=dword:0000000a
"DMFirstTouchCoef"=dword:0000001e
"DMFreeKicksCoef"=dword:0000000a
"DMHeadingCoef"=dword:00000028
"DMLongShotsCoef"=dword:00000014
"DMLongThrowsCoef"=dword:00000005
"DMMarkingCoef"=dword:0000003c
"DMPassingCoef"=dword:00000028
"DMPenaltiesCoef"=dword:00000005
"DMTacklingCoef"=dword:00000064
"DMTechniqueCoef"=dword:0000001e
"DMLeftFootCoef"=dword:00000005
"DMRightFootCoef"=dword:00000005
"DMAggressionCoef"=dword:00000028
"DMAnticipationCoef"=dword:00000028
"DMBraveryCoef"=dword:00000014
"DMComposureCoef"=dword:0000000a
"DMConcentrationCoef"=dword:00000014
"DMConsistencyCoef"=dword:0000000a
"DMCreativityCoef"=dword:00000014
"DMDecisionsCoef"=dword:00000014
"DMDeterminationCoef"=dword:0000000a
"DMDirtinessCoef"=dword:fffffff6
"DMFlairCoef"=dword:0000000a
"DMImportantMatchesCoef"=dword:0000000a
"DMInfluenceCoef"=dword:0000000a
"DMOffTheBallCoef"=dword:0000001e
"DMPositioningCoef"=dword:00000050
"DMTeamworkCoef"=dword:00000028
"DMWorkRateCoef"=dword:00000050
"DMAccelerationCoef"=dword:00000028
"DMAgilityCoef"=dword:0000000a
"DMBalanceCoef"=dword:0000000a
"DMInjuryPronenessCoef"=dword:fffffffb
"DMJumpingCoef"=dword:00000028
"DMNaturalFitnessCoef"=dword:00000005
"DMPaceCoef"=dword:00000028
"DMStaminaCoef"=dword:0000003c
"DMStrengthCoef"=dword:00000028
"DMVersatilityCoef"=dword:00000005
"DMAerialAbilityCoef"=dword:00000000
"DMCommandOfAreaCoef"=dword:00000000
"DMCommunicationCoef"=dword:00000000
"DMEccentricityCoef"=dword:00000000
"DMHandlingCoef"=dword:00000000
"DMKickingCoef"=dword:00000000
"DMOneOnOnesCoef"=dword:00000005
"DMReflexesCoef"=dword:00000005
"DMRushingOutCoef"=dword:00000000
"DMTendencyToPunchCoef"=dword:00000000
"DMThrowingCoef"=dword:00000000
"DMAdaptabilityCoef"=dword:00000005
"DMAmbitionCoef"=dword:0000000a
"DMControversyCoef"=dword:fffffffb
"DMLoyalityCoef"=dword:00000005
"DMPressureCoef"=dword:00000005
"DMProfessionalismCoef"=dword:00000005
"DMSportsmanshipCoef"=dword:00000005
"DMTemperamentCoef"=dword:00000005
"MWeightCoef"=dword:00000068
"MCurrentAbilityCoef"=dword:00000000
"MCornersCoef"=dword:0000000a
"MCrossingCoef"=dword:00000028
"MDribblingCoef"=dword:00000032
"MFinishingCoef"=dword:00000014
"MFirstTouchCoef"=dword:0000001e
"MFreeKicksCoef"=dword:0000000a
"MHeadingCoef"=dword:0000001e
"MLongShotsCoef"=dword:00000014
"MLongThrowsCoef"=dword:00000005
"MMarkingCoef"=dword:00000028
"MPassingCoef"=dword:00000046
"MPenaltiesCoef"=dword:00000005
"MTacklingCoef"=dword:0000003c
"MTechniqueCoef"=dword:00000032
"MLeftFootCoef"=dword:00000005
"MRightFootCoef"=dword:00000005
"MAggressionCoef"=dword:0000001e
"MAnticipationCoef"=dword:00000028
"MBraveryCoef"=dword:0000000a
"MComposureCoef"=dword:0000000a
"MConcentrationCoef"=dword:0000000a
"MConsistencyCoef"=dword:0000000a
"MCreativityCoef"=dword:0000003c
"MDecisionsCoef"=dword:0000001e
"MDeterminationCoef"=dword:0000000a
"MDirtinessCoef"=dword:fffffffb
"MFlairCoef"=dword:0000000a
"MImportantMatchesCoef"=dword:0000000a
"MInfluenceCoef"=dword:0000000a
"MOffTheBallCoef"=dword:00000028
"MPositioningCoef"=dword:00000028
"MTeamworkCoef"=dword:00000032
"MWorkRateCoef"=dword:00000032
"MAccelerationCoef"=dword:00000032
"MAgilityCoef"=dword:0000000a
"MBalanceCoef"=dword:0000000a
"MInjuryPronenessCoef"=dword:fffffffb
"MJumpingCoef"=dword:00000028
"MNaturalFitnessCoef"=dword:00000005
"MPaceCoef"=dword:00000028
"MStaminaCoef"=dword:0000003c
"MStrengthCoef"=dword:0000001e
"MVersatilityCoef"=dword:00000005
"MAerialAbilityCoef"=dword:00000000
"MCommandOfAreaCoef"=dword:00000000
"MCommunicationCoef"=dword:00000000
"MEccentricityCoef"=dword:00000000
"MHandlingCoef"=dword:00000000
"MKickingCoef"=dword:00000000
"MOneOnOnesCoef"=dword:00000005
"MReflexesCoef"=dword:00000005
"MRushingOutCoef"=dword:00000000
"MTendencyToPunchCoef"=dword:00000000
"MThrowingCoef"=dword:00000000
"MAdaptabilityCoef"=dword:00000005
"MAmbitionCoef"=dword:0000000a
"MControversyCoef"=dword:fffffffb
"MLoyalityCoef"=dword:00000005
"MPressureCoef"=dword:00000005
"MProfessionalismCoef"=dword:00000005
"MSportsmanshipCoef"=dword:00000005
"MTemperamentCoef"=dword:00000005
"AMWeightCoef"=dword:00000068
"AMCurrentAbilityCoef"=dword:00000000
"AMCornersCoef"=dword:0000000a
"AMCrossingCoef"=dword:0000003c
"AMDribblingCoef"=dword:00000050
"AMFinishingCoef"=dword:00000028
"AMFirstTouchCoef"=dword:0000001e
"AMFreeKicksCoef"=dword:0000000a
"AMHeadingCoef"=dword:00000014
"AMLongShotsCoef"=dword:00000014
"AMLongThrowsCoef"=dword:00000005
"AMMarkingCoef"=dword:0000000a
"AMPassingCoef"=dword:00000064
"AMPenaltiesCoef"=dword:00000005
"AMTacklingCoef"=dword:0000000a
"AMTechniqueCoef"=dword:00000050
"AMLeftFootCoef"=dword:00000005
"AMRightFootCoef"=dword:00000005
"AMAggressionCoef"=dword:0000000a
"AMAnticipationCoef"=dword:0000001e
"AMBraveryCoef"=dword:0000000a
"AMComposureCoef"=dword:0000000a
"AMConcentrationCoef"=dword:0000000a
"AMConsistencyCoef"=dword:0000000a
"AMCreativityCoef"=dword:00000064
"AMDecisionsCoef"=dword:00000028
"AMDeterminationCoef"=dword:0000000a
"AMDirtinessCoef"=dword:fffffffb
"AMFlairCoef"=dword:00000014
"AMImportantMatchesCoef"=dword:0000000a
"AMInfluenceCoef"=dword:0000000a
"AMOffTheBallCoef"=dword:0000003c
"AMPositioningCoef"=dword:00000014
"AMTeamworkCoef"=dword:0000003c
"AMWorkRateCoef"=dword:00000014
"AMAccelerationCoef"=dword:0000003c
"AMAgilityCoef"=dword:0000000a
"AMBalanceCoef"=dword:0000000a
"AMInjuryPronenessCoef"=dword:fffffffb
"AMJumpingCoef"=dword:00000014
"AMNaturalFitnessCoef"=dword:00000005
"AMPaceCoef"=dword:0000003c
"AMStaminaCoef"=dword:0000003c
"AMStrengthCoef"=dword:00000014
"AMVersatilityCoef"=dword:00000005
"AMAerialAbilityCoef"=dword:00000000
"AMCommandOfAreaCoef"=dword:00000000
"AMCommunicationCoef"=dword:00000000
"AMEccentricityCoef"=dword:00000000
"AMHandlingCoef"=dword:00000000
"AMKickingCoef"=dword:00000000
"AMOneOnOnesCoef"=dword:00000005
"AMReflexesCoef"=dword:00000005
"AMRushingOutCoef"=dword:00000000
"AMTendencyToPunchCoef"=dword:00000000
"AMThrowingCoef"=dword:00000000
"AMAdaptabilityCoef"=dword:00000005
"AMAmbitionCoef"=dword:0000000a
"AMControversyCoef"=dword:fffffffb
"AMLoyalityCoef"=dword:00000005
"AMPressureCoef"=dword:00000005
"AMProfessionalismCoef"=dword:00000005
"AMSportsmanshipCoef"=dword:00000005
"AMTemperamentCoef"=dword:00000005
"WWeightCoef"=dword:00000069
"WCurrentAbilityCoef"=dword:00000000
"WCornersCoef"=dword:0000000a
"WCrossingCoef"=dword:00000064
"WDribblingCoef"=dword:00000064
"WFinishingCoef"=dword:0000003c
"WFirstTouchCoef"=dword:0000001e
"WFreeKicksCoef"=dword:0000000a
"WHeadingCoef"=dword:00000014
"WLongShotsCoef"=dword:00000014
"WLongThrowsCoef"=dword:00000005
"WMarkingCoef"=dword:0000000a
"WPassingCoef"=dword:0000003c
"WPenaltiesCoef"=dword:00000005
"WTacklingCoef"=dword:0000000a
"WTechniqueCoef"=dword:00000050
"WLeftFootCoef"=dword:00000005
"WRightFootCoef"=dword:00000005
"WAggressionCoef"=dword:0000000a
"WAnticipationCoef"=dword:00000014
"WBraveryCoef"=dword:0000000a
"WComposureCoef"=dword:0000000a
"WConcentrationCoef"=dword:0000000a
"WConsistencyCoef"=dword:0000000a
"WCreativityCoef"=dword:0000003c
"WDecisionsCoef"=dword:00000014
"WDeterminationCoef"=dword:0000000a
"WDirtinessCoef"=dword:fffffffb
"WFlairCoef"=dword:0000000a
"WImportantMatchesCoef"=dword:00000014
"WInfluenceCoef"=dword:0000000a
"WOffTheBallCoef"=dword:0000003c
"WPositioningCoef"=dword:00000014
"WTeamworkCoef"=dword:0000001e
"WWorkRateCoef"=dword:0000001e
"WAccelerationCoef"=dword:00000050
"WAgilityCoef"=dword:00000014
"WBalanceCoef"=dword:0000000a
"WInjuryPronenessCoef"=dword:fffffffb
"WJumpingCoef"=dword:00000014
"WNaturalFitnessCoef"=dword:00000005
"WPaceCoef"=dword:00000064
"WStaminaCoef"=dword:0000003c
"WStrengthCoef"=dword:00000014
"WVersatilityCoef"=dword:00000005
"WAerialAbilityCoef"=dword:00000000
"WCommandOfAreaCoef"=dword:00000000
"WCommunicationCoef"=dword:00000000
"WEccentricityCoef"=dword:00000000
"WHandlingCoef"=dword:00000000
"WKickingCoef"=dword:00000000
"WOneOnOnesCoef"=dword:00000005
"WReflexesCoef"=dword:00000005
"WRushingOutCoef"=dword:00000000
"WTendencyToPunchCoef"=dword:00000000
"WThrowingCoef"=dword:00000000
"WAdaptabilityCoef"=dword:00000005
"WAmbitionCoef"=dword:0000000a
"WControversyCoef"=dword:fffffffb
"WLoyalityCoef"=dword:00000005
"WPressureCoef"=dword:00000005
"WProfessionalismCoef"=dword:00000005
"WSportsmanshipCoef"=dword:00000005
"WTemperamentCoef"=dword:00000005
"FSTWeightCoef"=dword:00000067
"FSTCurrentAbilityCoef"=dword:00000000
"FSTCornersCoef"=dword:0000000a
"FSTCrossingCoef"=dword:0000000a
"FSTDribblingCoef"=dword:00000050
"FSTFinishingCoef"=dword:00000064
"FSTFirstTouchCoef"=dword:00000028
"FSTFreeKicksCoef"=dword:0000000a
"FSTHeadingCoef"=dword:00000028
"FSTLongShotsCoef"=dword:00000014
"FSTLongThrowsCoef"=dword:00000000
"FSTMarkingCoef"=dword:00000000
"FSTPassingCoef"=dword:00000028
"FSTPenaltiesCoef"=dword:00000005
"FSTTacklingCoef"=dword:00000000
"FSTTechniqueCoef"=dword:00000050
"FSTLeftFootCoef"=dword:00000005
"FSTRightFootCoef"=dword:00000005
"FSTAggressionCoef"=dword:0000000a
"FSTAnticipationCoef"=dword:0000000a
"FSTBraveryCoef"=dword:0000000a
"FSTComposureCoef"=dword:0000000a
"FSTConcentrationCoef"=dword:0000000a
"FSTConsistencyCoef"=dword:0000000a
"FSTCreativityCoef"=dword:00000028
"FSTDecisionsCoef"=dword:0000000a
"FSTDeterminationCoef"=dword:0000000a
"FSTDirtinessCoef"=dword:fffffffb
"FSTFlairCoef"=dword:0000000a
"FSTImportantMatchesCoef"=dword:0000000a
"FSTInfluenceCoef"=dword:0000000a
"FSTOffTheBallCoef"=dword:00000050
"FSTPositioningCoef"=dword:0000000a
"FSTTeamworkCoef"=dword:0000000a
"FSTWorkRateCoef"=dword:0000000a
"FSTAccelerationCoef"=dword:00000064
"FSTAgilityCoef"=dword:00000028
"FSTBalanceCoef"=dword:0000000a
"FSTInjuryPronenessCoef"=dword:fffffffb
"FSTJumpingCoef"=dword:00000014
"FSTNaturalFitnessCoef"=dword:00000005
"FSTPaceCoef"=dword:00000064
"FSTStaminaCoef"=dword:00000028
"FSTStrengthCoef"=dword:00000014
"FSTVersatilityCoef"=dword:00000005
"FSTAerialAbilityCoef"=dword:00000000
"FSTCommandOfAreaCoef"=dword:00000000
"FSTCommunicationCoef"=dword:00000000
"FSTEccentricityCoef"=dword:00000000
"FSTHandlingCoef"=dword:00000000
"FSTKickingCoef"=dword:00000000
"FSTOneOnOnesCoef"=dword:00000005
"FSTReflexesCoef"=dword:00000005
"FSTRushingOutCoef"=dword:00000000
"FSTTendencyToPunchCoef"=dword:00000000
"FSTThrowingCoef"=dword:00000000
"FSTAdaptabilityCoef"=dword:00000005
"FSTAmbitionCoef"=dword:0000000a
"FSTControversyCoef"=dword:fffffffb
"FSTLoyalityCoef"=dword:00000005
"FSTPressureCoef"=dword:00000005
"FSTProfessionalismCoef"=dword:00000005
"FSTSportsmanshipCoef"=dword:00000005
"FSTTemperamentCoef"=dword:00000005
"TSTWeightCoef"=dword:00000067
"TSTCurrentAbilityCoef"=dword:00000000
"TSTCornersCoef"=dword:00000000
"TSTCrossingCoef"=dword:0000000a
"TSTDribblingCoef"=dword:0000003c
"TSTFinishingCoef"=dword:00000050
"TSTFirstTouchCoef"=dword:0000001e
"TSTFreeKicksCoef"=dword:0000000a
"TSTHeadingCoef"=dword:00000064
"TSTLongShotsCoef"=dword:00000014
"TSTLongThrowsCoef"=dword:00000000
"TSTMarkingCoef"=dword:00000000
"TSTPassingCoef"=dword:00000028
"TSTPenaltiesCoef"=dword:00000005
"TSTTacklingCoef"=dword:00000000
"TSTTechniqueCoef"=dword:00000028
"TSTLeftFootCoef"=dword:00000005
"TSTRightFootCoef"=dword:00000005
"TSTAggressionCoef"=dword:00000014
"TSTAnticipationCoef"=dword:0000000a
"TSTBraveryCoef"=dword:00000014
"TSTComposureCoef"=dword:0000000a
"TSTConcentrationCoef"=dword:0000000a
"TSTConsistencyCoef"=dword:0000000a
"TSTCreativityCoef"=dword:00000014
"TSTDecisionsCoef"=dword:0000000a
"TSTDeterminationCoef"=dword:0000000a
"TSTDirtinessCoef"=dword:fffffffb
"TSTFlairCoef"=dword:0000000a
"TSTImportantMatchesCoef"=dword:0000000a
"TSTInfluenceCoef"=dword:0000000a
"TSTOffTheBallCoef"=dword:00000050
"TSTPositioningCoef"=dword:00000014
"TSTTeamworkCoef"=dword:0000000a
"TSTWorkRateCoef"=dword:0000000a
"TSTAccelerationCoef"=dword:00000028
"TSTAgilityCoef"=dword:00000014
"TSTBalanceCoef"=dword:00000014
"TSTInjuryPronenessCoef"=dword:fffffffb
"TSTJumpingCoef"=dword:00000064
"TSTNaturalFitnessCoef"=dword:00000005
"TSTPaceCoef"=dword:00000028
"TSTStaminaCoef"=dword:00000014
"TSTStrengthCoef"=dword:00000050
"TSTVersatilityCoef"=dword:00000005
"TSTAerialAbilityCoef"=dword:00000000
"TSTCommandOfAreaCoef"=dword:00000000
"TSTCommunicationCoef"=dword:00000000
"TSTEccentricityCoef"=dword:00000000
"TSTHandlingCoef"=dword:00000000
"TSTKickingCoef"=dword:00000000
"TSTOneOnOnesCoef"=dword:00000005
"TSTReflexesCoef"=dword:00000005
"TSTRushingOutCoef"=dword:00000000
"TSTTendencyToPunchCoef"=dword:00000000
"TSTThrowingCoef"=dword:00000000
"TSTAdaptabilityCoef"=dword:00000005
"TSTAmbitionCoef"=dword:0000000a
"TSTControversyCoef"=dword:fffffffb
"TSTLoyalityCoef"=dword:00000005
"TSTPressureCoef"=dword:00000005
"TSTProfessionalismCoef"=dword:00000005
"TSTSportsmanshipCoef"=dword:00000005
"TSTTemperamentCoef"=dword:00000005
.
[HKEY_USERS\S-1-5-21-1085031214-1343024091-839522115-1003\Software\G*e*n*i*e*"!\FM Genie Scout 2009 XE]
"GameDir"="c:\\Documents and Settings\\Srdjan\\My Documents\\Sports Interactive\\Football Manager 2009\\games"
"ShortlistDir"="c:\\Documents and Settings\\Srdjan\\My Documents\\Sports Interactive\\Football Manager 2009\\shortlists"
"ScreenshotsDir"="c:\\Documents and Settings\\Srdjan\\My Documents\\Sports Interactive\\Football Manager 2009"
"SaveDir"="c:\\Documents and Settings\\Srdjan\\My Documents\\Sports Interactive\\Football Manager 2009\\"
"HistoryDir"="c:\\DOCUME~1\\Srdjan\\LOCALS~1\\Temp\\Rar$EX30.312\\FM Genie Scout 2009 XE - 930\\History Points"
"LangDB"="c:\\Program Files\\Sports Interactive\\Football Manager 2009\\data\\updates\\update-930\\db\\930\\lang_db.dat"
"LastSaveGame"="c:\\Documents and Settings\\Srdjan\\My Documents\\Sports Interactive\\Football Manager 2010\\games\\realmadrid.fm"
"Language"="English"
"LoadLangDB"=dword:00000000
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000000
"SkinName"="Champions League"
"LastUpdateCheck"=dword:00000000
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000067
"UniqueID"="98-F3C5-2ED3"
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"Currency"=dword:00000056
.
[HKEY_USERS\S-1-5-21-1085031214-1343024091-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6F40A436-3F71-7534-03BB-3D8C301F5575}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iahipjpcjkgnmpocfn"=hex:6a,61,6e,6a,68,69,68,64,6b,6c,61,61,6f,66,69,6d,6a,6f,
66,6d,00,00
"hafjnmgmcampplfe"=hex:6a,61,6e,6a,68,69,68,64,6b,6c,61,61,6f,66,69,6d,6a,6f,
66,6d,00,f8
.
[HKEY_USERS\S-1-5-21-1085031214-1343024091-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:10,78,2e,bf,4e,f8,48,e5,22,90,27,c2,f4,bc,08,c4,26,e5,8e,a9,8c,58,05,
10,93,96,4d,8f,8a,86,5d,86,1b,95,a2,19,cf,98,f3,c7,1d,92,40,c5,86,1e,2f,63,\
"??"=hex:67,ba,00,e1,d3,2b,c9,74,92,c6,ae,da,5d,ae,5d,dc
.
[HKEY_USERS\S-1-5-21-1085031214-1343024091-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:ee,1e,a7,5a,08,12,c6,7a,94,6d,bd,b4,f1,b1,d1,fa,c1,b6,f4,a6,82,
ac,4c,94,8f,e5,bc,72,fb,36,b0,96,f8,bf,d8,dd,31,af,bd,96,81,ed,c6,9d,fe,8a,\
"rkeysecu"=hex:57,fb,49,1f,0c,e7,a1,02,e5,1a,12,d2,4a,a7,72,dd
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(864)
c:\windows\system32\securenet.dll
c:\program files\Avira\AntiVir Desktop\avsda.dll
.
- - - - - - - > 'explorer.exe'(3452)
c:\program files\Bench\BService\bhelper.dll
c:\program files\Unlocker\UnlockerHook.dll
c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Telenor Internet\BackgroundService\ServiceManager.exe
c:\windows\system32\WgaTray.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\jmdp\stij.exe
c:\windows\RTHDCPL.EXE
c:\progra~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
c:\windows\system32\RUNDLL32.EXE
c:\progra~1\DUMETE~1\DUMeter.exe
c:\progra~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
c:\program files\ASUS\USB-N10 WLAN Card Utilities\Wireless.exe
.
**************************************************************************
.
Completion time: 2014-04-04 14:59:38 - machine was rebooted
ComboFix-quarantined-files.txt 2014-04-04 12:59
ComboFix2.txt 2011-07-29 23:38
.
Pre-Run: 1.466.335.232 bytes free
Post-Run: 4.224.339.968 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - AE383380034135500DF34D22A95D9867
8F558EB6672622401DA993E1E865C861

Dopuna: 04 Apr 2014 15:03

Ovo je bas potrajalo.
Dva puta se restartovao i primetio sam novitet.Posto mi je hard disk podeljen i imam dva windowsa,kad palim komp imam opciju koji da biram.Sad mi je bilo cetri neke stavke al nisam uspeo videt jer je samo izabralo i nastavilo.....

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Ok, idemo dalje Smile


Preuzmi smeenk-ov zoek.zip ili zoek.rar () sa ovog ili ovog linka i sačuvaj ga na Desktop.

Raspakuj arhivu u neki folder (uputstvo), a zatim:

zatvori browser i ostale pokrenute programe;
privremeno deaktiviraj zaštitni softver ( ukoliko je to potrebno ) Uputstvo ;
dvoklikom pokreni zoek na ikonicu programa ;
pričekaj da se alat startuje ...


U beli okvir prozora iskopiraj sledeći tekst:

autoclean;
emptyalltemp;
emptyclsid;
ipconfig /flushdns;b


Klikni na dugme i pričekaj da se skeniranje završi.


zoek ce po potrebi, restartovati Windows a na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Napomena:Izveštaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log)


Arrow Kopiraj sadrzaj tog loga u poruku.



Zatim



Preuzmi Farbar-ov Farbar Recovery Scan Tool () sa ove adrese na Desktop:
Postoji 32bit. i 64bit.-na verzija. Potrebno je preuzeti verziju koja je kompatibilna sa tvojim sistemom.
Ako nisi siguran koja verzija se odnosi na tvoj sistem, preuzmi ih obe i pokreni. Samo jedan od njih c´e raditi na tvom sistemu, to c´e biti prava verzija.


dvoklikom pokreni program, kada se alat pokrene klikni Yes na disclaimer prozor;
pričekati koji trenutak dok alat proverava postoji li novija verzija;
klikni na dugme Scan;
po završetku skeniranja, alat će formirati izveštaj (FRST.txt) u isti direktorijum gde je FRST alat sačuvan;
iskopiraj sadržaj FRST.txt izveštaja u poruku;
po prvom pokretanju, alat bi trebao formirati i dodatni izveštaj (Addition.txt);
okači Addition.txt izveštaj uz poruku koristeći opciju Prikači fajl

offline
  • Pridružio: 01 Sep 2007
  • Poruke: 137

Napisano: 05 Apr 2014 14:07

Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by Srdjan on sub 05.04.2014 at 13:20:57.48.
Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\Srdjan\Desktop\zoek.scr [Scan all users] [Script inserted]

==== System Restore Info ======================

5.4.2014 13:25:20 Zoek.exe System Restore Point Created Succesfully.

==== Possible Rootkit Infection ======================

C:\WINDOWS\$NtUninstallKB27543$\1998709577\U
C:\WINDOWS\$NtUninstallKB27543$\1998709577\L

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1085031214-1343024091-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully
HKEY_USERS\S-1-5-21-1085031214-1343024091-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{6DEBE277-C9DD-4F3E-8914-C7C6E45A73B6} deleted successfully
HKEY_USERS\S-1-5-21-1085031214-1343024091-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB9} deleted successfully
HKEY_USERS\S-1-5-21-1085031214-1343024091-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} deleted successfully
HKEY_USERS\S-1-5-21-1085031214-1343024091-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{BE4E2A9C-EB3A-4488-B62A-E9D08D4B31B3} deleted successfully
HKEY_USERS\S-1-5-21-1085031214-1343024091-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A} deleted successfully
HKEY_USERS\S-1-5-21-1085031214-1343024091-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{DA113174-9303-4EA8-8DA6-A56C282DEBC3} deleted successfully
HKEY_USERS\S-1-5-21-1085031214-1343024091-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{93935F7F-9C88-42F8-8445-95251D27FABC} deleted successfully
HKEY_USERS\S-1-5-21-1085031214-1343024091-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully
HKEY_USERS\S-1-5-21-1085031214-1343024091-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{93935F7F-9C88-42F8-8445-95251D27FABC} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{93935F7F-9C88-42F8-8445-95251D27FABC} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-1085031214-1343024091-839522115-1003\Software\Microsoft\Internet Explorer\Approved Extensions\{336D0C35-8A85-403a-B9D2-65C292C39087} deleted successfully
HKEY_USERS\S-1-5-21-1085031214-1343024091-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\{336D0C35-8A85-403a-B9D2-65C292C39087} deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{336D0C35-8A85-403a-B9D2-65C292C39087} deleted successfully
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\jqs@sun.com deleted successfully

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ibupdaterservice deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ibupdaterservice deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Web Assistant deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Web Assistant deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\web assistant updater deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\web assistant updater deleted successfully

==== FireFox Fix ======================

ProfilePath: C:\Documents and Settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default

---- Lines BabylonToolbar removed from prefs.js ----
user_pref("extensions.BabylonToolbar.admin", false);
user_pref("extensions.BabylonToolbar.aflt", "babsst");
user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
user_pref("extensions.BabylonToolbar.autoRvrt", "false");
user_pref("extensions.BabylonToolbar.bbDpng", "2");
user_pref("extensions.BabylonToolbar.cntry", "ME");
user_pref("extensions.BabylonToolbar.dfltLng", "en");
user_pref("extensions.BabylonToolbar.dpkLst", "");
user_pref("extensions.BabylonToolbar.excTlbr", false);
user_pref("extensions.BabylonToolbar.hdrMd5", "FAD535A9BD14B1483B834702AB0A5DED");
user_pref("extensions.BabylonToolbar.id", "d0a1dfa6000000000000005345000000");
user_pref("extensions.BabylonToolbar.instlDay", "15714");
user_pref("extensions.BabylonToolbar.instlRef", "sst");
user_pref("extensions.BabylonToolbar.lastB", "http://searchou.com/?id=d0a1dfa6000000000000005345000000");
user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.8.7.221:29:28");
user_pref("extensions.BabylonToolbar.pnu_base", "{\"newVrsn\":\"76\",\"lastVrsn\":\"76\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"true
user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar.prtkDS", 0);
user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar.rvrt", "false");
user_pref("extensions.BabylonToolbar.sg", "azb");
user_pref("extensions.BabylonToolbar.smplGrp", "azb");
user_pref("extensions.BabylonToolbar.tlbrId", "base");
user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "http://search.babylon.com/?babsrc=TB_def&mntrId=d0a1dfa6000000000000005345000000&q=");
user_pref("extensions.BabylonToolbar.vrsn", "1.8.7.2");
user_pref("extensions.BabylonToolbar.vrsni", "1.8.7.2");
user_pref("extensions.BabylonToolbar_i.babExt", "");
user_pref("extensions.BabylonToolbar_i.babTrack", "affID=117023&tt=090113_ctrl_0213_2");
user_pref("extensions.BabylonToolbar_i.excTlbr", false);
user_pref("extensions.BabylonToolbar_i.newTab", false);
user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.7.221:29:30");
---- Lines BabylonToolbar removed from user.js ----

user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "http://search.babylon.com/?babsrc=TB_def&mntrId=d0a1dfa6000000000000005345000000&q=");
user_pref("extensions.BabylonToolbar.id", "d0a1dfa6000000000000005345000000");
user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
user_pref("extensions.BabylonToolbar.instlDay", "15714");
user_pref("extensions.BabylonToolbar.vrsn", "1.8.7.2");
user_pref("extensions.BabylonToolbar.vrsni", "1.8.7.2");
user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.7.221:29:30");
user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar.aflt", "babsst");
user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
user_pref("extensions.BabylonToolbar.tlbrId", "base");
user_pref("extensions.BabylonToolbar.instlRef", "sst");
user_pref("extensions.BabylonToolbar.dfltLng", "en");
user_pref("extensions.BabylonToolbar_i.excTlbr", false);
user_pref("extensions.BabylonToolbar.excTlbr", false);
user_pref("extensions.BabylonToolbar.admin", false);
user_pref("extensions.BabylonToolbar_i.babTrack", "affID=117023&tt=090113_ctrl_0213_2");
user_pref("extensions.BabylonToolbar_i.babExt", "");
user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
user_pref("extensions.BabylonToolbar.autoRvrt", "false");
user_pref("extensions.BabylonToolbar.rvrt", "false");
user_pref("extensions.BabylonToolbar_i.newTab", false);

---- Lines incredibar removed from prefs.js ----
user_pref("extensions.ffxtlbr@incredibar.com.install-event-fired", true);
user_pref("extensions.incredibar.actvtyRptTime", "1359719348689");
user_pref("extensions.incredibar.admin", false);
user_pref("extensions.incredibar.afd-1a2d3abe806f9951da73a33d41fcfc9c", "%7B%22items%22%3A%5B%7B%22id%22%3A%22lGtla66abWFupG1lbVNlZmViVWyca2Rspmtna1Vl
user_pref("extensions.incredibar.afd-1a2d3abe806f9951da73a33d41fcfc9c_wid", "2521; expires=Thu, 13 Dec 2012 22:55:21 GMT");
user_pref("extensions.incredibar.aflt", "orgnl");
user_pref("extensions.incredibar.afterInstallRpt", "sent");
user_pref("extensions.incredibar.cntry", "RS");
user_pref("extensions.incredibar.dfltlng", "EN");
user_pref("extensions.incredibar.dfltLng", "EN");
user_pref("extensions.incredibar.dfltsrch", "false");
user_pref("extensions.incredibar.dfltSrch", false);
user_pref("extensions.incredibar.did", "10643");
user_pref("extensions.incredibar.envrmnt", "production");
user_pref("extensions.incredibar.excTlbr", false);
user_pref("extensions.incredibar.hdrMd5", "46026146D970B22E9E97AFC30EB1BCB6");
user_pref("extensions.incredibar.hmpg", false);
user_pref("extensions.incredibar.hrdid", "d0a1dfa6000000000000005345000000");
user_pref("extensions.incredibar.id", "d0a1dfa6000000000000005345000000");
user_pref("extensions.incredibar.installerproductid", "26");
user_pref("extensions.incredibar.instlday", "15576");
user_pref("extensions.incredibar.instlDay", "15576");
user_pref("extensions.incredibar.instlRef", "");
user_pref("extensions.incredibar.instlref", "");
user_pref("extensions.incredibar.isdcmntcmplt", "false");
user_pref("extensions.incredibar.isDcmntCmplt", false);
user_pref("extensions.incredibar.keywordurl", "");
user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.143:08:27");
user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
user_pref("extensions.incredibar.newtab", "false");
user_pref("extensions.incredibar.newTab", false);
user_pref("extensions.incredibar.newtaburl", "");
user_pref("extensions.incredibar.noFFXTlbr", false);
user_pref("extensions.incredibar.ppd", "1");
user_pref("extensions.incredibar.prdct", "incredibar");
user_pref("extensions.incredibar.productid", "26");
user_pref("extensions.incredibar.prtnrId", "Incredibar");
user_pref("extensions.incredibar.prtnrid", "Incredibar");
user_pref("extensions.incredibar.sg", "none");
user_pref("extensions.incredibar.smplgrp", "none");
user_pref("extensions.incredibar.smplGrp", "none");
user_pref("extensions.incredibar.srch", "");
user_pref("extensions.incredibar.srchprvdr", "");
user_pref("extensions.incredibar.tlbrId", "base");
user_pref("extensions.incredibar.tlbrid", "base");
user_pref("extensions.incredibar.tlbrsrchurl", "http://mystart.Incredibar.com/?a=6R8D0ggWG7&loc=IB_TB&i=26&search=");
user_pref("extensions.incredibar.tlbrSrchUrl", "http://mystart.Incredibar.com/?a=6R8D0ggWG7&loc=IB_TB&i=26&search=");
user_pref("extensions.incredibar.upn2", "6R8D0ggWG7");
user_pref("extensions.incredibar.upn2n", "92824933240078427");
user_pref("extensions.incredibar.vrsn", "1.5.11.14");
user_pref("extensions.incredibar.vrsni", "1.5.11.14");
user_pref("extensions.incredibar.vrsnTs", "1.5.11.143:08:27");
user_pref("extensions.incredibar.vrsnts", "1.5.11.143:08:27");
user_pref("extensions.incredibar_i.aflt", "orgnl");
user_pref("extensions.incredibar_i.dfltLng", "");
user_pref("extensions.incredibar_i.did", "10643");
user_pref("extensions.incredibar_i.excTlbr", false);
user_pref("extensions.incredibar_i.id", "d0a1dfa6000000000000005345000000");
user_pref("extensions.incredibar_i.installerproductid", "26");
user_pref("extensions.incredibar_i.instlDay", "15576");
user_pref("extensions.incredibar_i.instlRef", "");
user_pref("extensions.incredibar_i.ms_url_id", "");
user_pref("extensions.incredibar_i.newTab", false);
user_pref("extensions.incredibar_i.ppd", "1");
user_pref("extensions.incredibar_i.prdct", "incredibar");
user_pref("extensions.incredibar_i.productid", "26");
user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
user_pref("extensions.incredibar_i.smplGrp", "none");
user_pref("extensions.incredibar_i.tlbrId", "base");
user_pref("extensions.incredibar_i.tlbrSrchUrl", "http://mystart.Incredibar.com/?a=6R8D0ggWG7&loc=IB_TB&i=26&search=");
user_pref("extensions.incredibar_i.upn2", "6R8D0ggWG7");
user_pref("extensions.incredibar_i.upn2n", "92824933240078427");
user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.143:08:27");
---- Lines incredibar modified from prefs.js ----

user_pref("extensions.enabledItems", "toolbar@ask.com:3.3.3.123,{ce18769b-c7fa-42d2-860d-17c4662c70ad}:2.7.2.0,{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}:
---- Lines incredibar removed from user.js ----

user_pref("extensions.incredibar_i.newTab", false);
user_pref("extensions.incredibar_i.tlbrSrchUrl", "http://mystart.Incredibar.com/?a=6R8D0ggWG7&loc=IB_TB&i=26&search=");
user_pref("extensions.incredibar_i.id", "d0a1dfa6000000000000005345000000");
user_pref("extensions.incredibar_i.instlDay", "15576");
user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.143:08:27");
user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
user_pref("extensions.incredibar_i.prdct", "incredibar");
user_pref("extensions.incredibar_i.aflt", "orgnl");
user_pref("extensions.incredibar_i.smplGrp", "none");
user_pref("extensions.incredibar_i.tlbrId", "base");
user_pref("extensions.incredibar_i.instlRef", "");
user_pref("extensions.incredibar_i.dfltLng", "");
user_pref("extensions.incredibar_i.excTlbr", false);
user_pref("extensions.incredibar_i.ms_url_id", "");
user_pref("extensions.incredibar_i.upn2", "6R8D0ggWG7");
user_pref("extensions.incredibar_i.upn2n", "92824933240078427");
user_pref("extensions.incredibar_i.productid", "26");
user_pref("extensions.incredibar_i.installerproductid", "26");
user_pref("extensions.incredibar_i.did", "10643");
user_pref("extensions.incredibar_i.ppd", "1");

---- Lines privitize removed from prefs.js ----
user_pref("browser.search.order.1", "Search The Web (privitize)");
user_pref("browser.search.selectedEngine", "Search The Web (privitize)");
user_pref("extensions.ffxtlbr@privitize.com.install-event-fired", true);
user_pref("extensions.privitize.admin", false);
user_pref("extensions.privitize.aflt", "orgnl");
user_pref("extensions.privitize.appId", "{301966DF-A84B-4255-AAB9-574B5CE237E4}");
user_pref("extensions.privitize.autoRvrt", "false");
user_pref("extensions.privitize.dfltLng", "");
user_pref("extensions.privitize.dfltSrch", true);
user_pref("extensions.privitize.dnsErr", true);
user_pref("extensions.privitize.excTlbr", true);
user_pref("extensions.privitize.ffxUnstlRst", false);
user_pref("extensions.privitize.hmpg", true);
user_pref("extensions.privitize.hmpgUrl", "http://searchou.com/?id=d0a1dfa6000000000000005345000000");
user_pref("extensions.privitize.hpFFXOld", "http://www.mysearchresults.com/?c=3513&t=07");
user_pref("extensions.privitize.hpOld0", "http://www.mysearchresults.com/?c=3513&t=07");
user_pref("extensions.privitize.id", "d0a1dfa6000000000000005345000000");
user_pref("extensions.privitize.instlDay", "15822");
user_pref("extensions.privitize.instlRef", "");
user_pref("extensions.privitize.kw_url", "http://searchou.com/?q={searchTerms}&id=d0a1dfa6000000000000005345000000");
user_pref("extensions.privitize.lastB", "http://www.mysearchresults.com/?c=3513&t=07");
user_pref("extensions.privitize.lastVrsnTs", "1.8.16.221:36:22");
user_pref("extensions.privitize.newTab", true);
user_pref("extensions.privitize.newTabUrl", "http://searchou.com/?id=d0a1dfa6000000000000005345000000");
user_pref("extensions.privitize.prdct", "privitize");
user_pref("extensions.privitize.prtnrId", "privitize");
user_pref("extensions.privitize.rvrt", "false");
user_pref("extensions.privitize.smplGrp", "none");
user_pref("extensions.privitize.srchPrvdr", "Search The Web (privitize)");
user_pref("extensions.privitize.tlbrId", "base");
user_pref("extensions.privitize.tlbrSrchUrl", "http://searchou.com/?id=d0a1dfa6000000000000005345000000&q=");
user_pref("extensions.privitize.vrsn", "1.8.16.22");
user_pref("extensions.privitize.vrsni", "1.8.16.22");
user_pref("extensions.privitize.vrsnTs", "1.8.16.221:36:22");
---- Lines privitize modified from prefs.js ----

user_pref("extensions.enabledAddons", "%7Be968fc70-8f95-4ab9-9e79-304de2a71ee1%7D:0.7.3,ffxtlbr%40babylon.com:1.5.0,%7BB17C1C5A-04B1-11DB-9804-B622A1E
---- Lines privitize removed from user.js ----

user_pref("extensions.privitize.hpOld0", "http://www.mysearchresults.com/?c=3513&t=07");
user_pref("extensions.privitize.tlbrSrchUrl", "http://searchou.com/?id=d0a1dfa6000000000000005345000000&q=");
user_pref("extensions.privitize.id", "d0a1dfa6000000000000005345000000");
user_pref("extensions.privitize.appId", "{301966DF-A84B-4255-AAB9-574B5CE237E4}");
user_pref("extensions.privitize.instlDay", "15822");
user_pref("extensions.privitize.vrsn", "1.8.16.22");
user_pref("extensions.privitize.vrsni", "1.8.16.22");
user_pref("extensions.privitize.vrsnTs", "1.8.16.221:36:22");
user_pref("extensions.privitize.prtnrId", "privitize");
user_pref("extensions.privitize.prdct", "privitize");
user_pref("extensions.privitize.aflt", "orgnl");
user_pref("extensions.privitize.smplGrp", "none");
user_pref("extensions.privitize.tlbrId", "base");
user_pref("extensions.privitize.instlRef", "");
user_pref("extensions.privitize.dfltLng", "");
user_pref("extensions.privitize.excTlbr", true);
user_pref("extensions.privitize.ffxUnstlRst", false);
user_pref("extensions.privitize.admin", false);
user_pref("extensions.privitize.autoRvrt", "false");
user_pref("extensions.privitize.rvrt", "false");
user_pref("extensions.privitize.hmpg", true);
user_pref("extensions.privitize.hmpgUrl", "http://searchou.com/?id=d0a1dfa6000000000000005345000000");
user_pref("extensions.privitize.dfltSrch", true);
user_pref("extensions.privitize.srchPrvdr", "Search The Web (privitize)");
user_pref("extensions.privitize.kw_url", "http://searchou.com/?q={searchTerms}&id=d0a1dfa6000000000000005345000000");
user_pref("extensions.privitize.dnsErr", true);
user_pref("extensions.privitize.newTab", true);
user_pref("extensions.privitize.newTabUrl", "http://searchou.com/?id=d0a1dfa6000000000000005345000000");

---- Lines CT2465030 removed from prefs.js ----
user_pref("browser.search.defaulturl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2465030&SearchSource=3&q={searchTerms}");
user_pref("CommunityToolbar.ETag.http://appsmetadata.toolbar.conduit-services.com/?ctid=CT2465030", "\"1367226713\"");
user_pref("CommunityToolbar.ETag.http://ip2location.conduit-services.com/ip/?ctid=CT2465030&ver=3.20.0.4&client=ToolbarConfiguration", "\"5cbc0f716c8a
user_pref("CommunityToolbar.ETag.http://servicemap.conduit-services.com/Toolbar/?ownerId=CT2465030", "\"7097fd37277b6a1b754b125bd11d0197\"");
user_pref("CommunityToolbar.ETag.http://Settings.toolbar.search.conduit.com/root/CT2465030/CT2465030", "\"bfa40aa1935b85fb0436bc259b4223a73\"");
user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2465030");
user_pref("CommunityToolbar.ToolbarsList", "CT1142338,CT2010429,CT2720081,CT2443659,CT2465030");
user_pref("CommunityToolbar.ToolbarsList2", "CT2010429,CT2720081,CT2443659,CT2465030");
user_pref("CT2465030..clientLogIsEnabled", false);
user_pref("CT2465030..clientLogServiceUrl", "http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT2465030..uninstallLogServiceUrl", "http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CT2465030.AboutPrivacyUrl", "http://www.conduit.com/privacy/default.aspx");
user_pref("CT2465030.addressBarTakeOverEnabledInHidden", "true");
user_pref("CT2465030.alertChannelId", "858666");
user_pref("CT2465030.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
user_pref("CT2465030.backendstorage.d_date_ginyas1", "31333235373735303536323638");
user_pref("CT2465030.backendstorage.d_ginyas1", "30");
user_pref("CT2465030.backendstorage.ginyasstest", "676F6F64");
user_pref("CT2465030.backendstorage.http://rv_ginyas_com/app/conduit.bbrs_affid", "626567726561745F636F6E64756974");
user_pref("CT2465030.backendstorage.http://rv_ginyas_com/app/conduit.bbrs_bguid", "626567726561745F636F6E647569742D45323434423939352D364431462D3336324
user_pref("CT2465030.backendstorage.http://rv_ginyas_com/app/conduit.bbrs_lba", "3232313330383933");
user_pref("CT2465030.backendstorage.http://rv_ginyas_com/app/conduit.bbrs_lba1", "323031322D312D3239");
user_pref("CT2465030.BrowserCompStateIsOpen_1334739083000", true);
user_pref("CT2465030.BrowserCompStateIsOpen_1366729388000", true);
user_pref("CT2465030.BrowserCompStateIsOpen_1367226296000", true);
user_pref("CT2465030.clientLogIsEnabled", false);
user_pref("CT2465030.clientLogServiceUrl", "http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT2465030.components.1000034", false);
user_pref("CT2465030.ConfigurationLastCheckTime", "Tue Apr 01 2014 14:05:55 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT2465030.countryCode", "ME");
user_pref("CT2465030.CT2465030.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"http://search.conduit.com/?gd=&ctid=CT2465030&octid=CT2465030
user_pref("CT2465030.CTID", "CT2465030");
user_pref("CT2465030.CurrentServerDate", "1-4-2014");
user_pref("CT2465030.d_date_ginyas1.from_oldbar.enc", "MTMyNTc3NTA1NjI2OA==");
user_pref("CT2465030.d_ginyas1.from_oldbar.enc", "MA==");
user_pref("CT2465030.DialogsAlignMode", "LTR");
user_pref("CT2465030.DialogsGetterLastCheckTime", "Tue Apr 01 2014 14:05:51 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT2465030.DownloadReferralCookieData", "");
user_pref("CT2465030.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2465030.FirstServerDate", "7-11-2010");
user_pref("CT2465030.FirstTime", true);
user_pref("CT2465030.firstTimeDialogOpened", true);
user_pref("CT2465030.FirstTimeFF3", true);
user_pref("CT2465030.FirstTimeSettingsDone", true);
user_pref("CT2465030.fixPageNotFoundErrorByUser", "TRUE");
user_pref("CT2465030.fixPageNotFoundErrorInHidden", "true");
user_pref("CT2465030.fullUserID", "UN06539814063218508.UP.20140401170618");
user_pref("CT2465030.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.
user_pref("CT2465030.ginyasstest.from_oldbar.enc", "Z29vZA==");
user_pref("CT2465030.GroupingServerCheckInterval", 1440);
user_pref("CT2465030.GroupingServiceUrl", "http://grouping.services.conduit.com/");
user_pref("CT2465030.HasUserGlobalKeys", true);
user_pref("CT2465030.homepageProtectorEnableByLogin", true);
user_pref("CT2465030.http___rv_ginyas_com_app_conduit.bbrs_affid.from_oldbar.enc", "YmVncmVhdF9jb25kdWl0");
user_pref("CT2465030.http___rv_ginyas_com_app_conduit.bbrs_bguid.from_oldbar.enc", "YmVncmVhdF9jb25kdWl0LUUyNDRCOTk1LTZEMUYtMzYyRi1EOEY5LUUxMTNENjNDQT
user_pref("CT2465030.http___rv_ginyas_com_app_conduit.bbrs_lba.from_oldbar.enc", "MjIxMzA4OTM=");
user_pref("CT2465030.http___rv_ginyas_com_app_conduit.bbrs_lba1.from_oldbar.enc", "MjAxMi0xLTI5");
user_pref("CT2465030.initDone", true);
user_pref("CT2465030.Initialize", true);
user_pref("CT2465030.InitializeCommonPrefs", true);
user_pref("CT2465030.InstallationAndCookieDataSentCount", 3);
user_pref("CT2465030.InstalledDate", "Sun Nov 07 2010 16:58:51 GMT+0100 (Central Europe Standard Time)");
user_pref("CT2465030.installType", "Unknown");
user_pref("CT2465030.InvalidateCache", false);
user_pref("CT2465030.isCheckedStartAsHidden", true);
user_pref("CT2465030.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2465030.isFirstTimeToolbarLoading", "false");
user_pref("CT2465030.IsGrouping", false);
user_pref("CT2465030.IsMulticommunity", false);
user_pref("CT2465030.IsOpenThankYouPage", true);
user_pref("CT2465030.IsOpenUninstallPage", true);
user_pref("CT2465030.isPerformedSmartBarTransition", "true");
user_pref("CT2465030.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
user_pref("CT2465030.keyword", true);
user_pref("CT2465030.LanguagePackLastCheckTime", "Tue Apr 01 2014 14:05:52 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT2465030.LanguagePackReloadIntervalMM", 1440);
user_pref("CT2465030.LanguagePackServiceUrl", "http://translation.users.conduit.com/Translation.ashx");
user_pref("CT2465030.LastLogin_2.7.2.0", "Thu Nov 29 2012 13:23:10 GMT+0100 (Central Europe Standard Time)");
user_pref("CT2465030.LastLogin_3.16.0.3", "Sun Feb 10 2013 21:54:45 GMT+0100 (Central Europe Standard Time)");
user_pref("CT2465030.LastLogin_3.18.0.7", "Tue Jul 23 2013 17:25:14 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT2465030.LastLogin_3.19.0.3", "Sun Sep 15 2013 12:25:09 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT2465030.LastLogin_3.20.0.4", "Tue Apr 01 2014 14:05:52 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT2465030.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"http://search.conduit.com/?gd=&ctid=CT2465030&octid=CT2465030&ISID=ISID
user_pref("CT2465030.lastVersion", "10.20.101.5");
user_pref("CT2465030.LatestVersion", "3.20.0.4");
user_pref("CT2465030.Locale", "en");
user_pref("CT2465030.LoginCache", 4);
user_pref("CT2465030.MCDetectTooltipHeight", "83");
user_pref("CT2465030.MCDetectTooltipUrl", "http://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
user_pref("CT2465030.MCDetectTooltipWidth", "295");
user_pref("CT2465030.myStuffEnabled", true);
user_pref("CT2465030.MyStuffEnabledAtInstallation", true);
user_pref("CT2465030.myStuffPublihserMinWidth", 400);
user_pref("CT2465030.myStuffSearchUrl", "http://appstrm.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
user_pref("CT2465030.myStuffServiceIntervalMM", 1440);
user_pref("CT2465030.myStuffServiceUrl", "http://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUF
user_pref("CT2465030.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"http%3A%2F%2Fwww.familycirclecup.com%2Fschedule%2F\",\"EB_MAIN_FRAME_TITLE\":\"
user_pref("CT2465030.originalSearchAddressUrl", "chrome://browser-region/locale/region.properties");
user_pref("CT2465030.RadioIsPodcast", false);
user_pref("CT2465030.RadioLastCheckTime", "Thu Nov 29 2012 13:23:08 GMT+0100 (Central Europe Standard Time)");
user_pref("CT2465030.RadioLastUpdateIPServer", "3");
user_pref("CT2465030.RadioLastUpdateServer", "3");
user_pref("CT2465030.RadioMediaID", "9962");
user_pref("CT2465030.RadioMediaType", "Media Player");
user_pref("CT2465030.RadioMenuSelectedID", "EBRadioMenu_CT24650309962");
user_pref("CT2465030.RadioStationName", "California%20Rock");
user_pref("CT2465030.RadioStationURL", "http://feedlive.net/california.asx");
user_pref("CT2465030.revertSettingsEnabled", true);
user_pref("CT2465030.SavedHomepage", "http://search.babylon.com/home");
user_pref("CT2465030.SearchAPILastCheckTime", "Tue Apr 01 2014 14:05:54 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT2465030.SearchEngine", "Search||http://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2465030&octid=EB_ORIGINAL_CTID&SearchSour
user_pref("CT2465030.searchFromAddressBarEnabledByUser", "true");
user_pref("CT2465030.SearchFromAddressBarIsInit", true);
user_pref("CT2465030.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2465030&q=");
user_pref("CT2465030.SearchInNewTabEnabled", true);
user_pref("CT2465030.searchInNewTabEnabledByUser", "true");
user_pref("CT2465030.searchInNewTabEnabledInHidden", "true");
user_pref("CT2465030.SearchInNewTabIntervalMM", 1440);
user_pref("CT2465030.SearchInNewTabLastCheckTime", "Sat Sep 14 2013 13:01:39 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT2465030.SearchInNewTabServiceUrl", "http://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
user_pref("CT2465030.SearchInNewTabURLFromSearchAPI", "http://search.conduit.com/?gd=&ctid=CT2465030&octid=CT2465030&ISID=ISID_ID&SearchSource=15&CUI=
user_pref("CT2465030.SearchInNewTabUsageUrl", "http://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID");
user_pref("CT2465030.searchProtectorDialogDelayInSec", 10);
user_pref("CT2465030.searchProtectorEnableByLogin", true);
user_pref("CT2465030.searchSuggestEnabledByUser", "false");
user_pref("CT2465030.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2465030.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT2465030.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
user_pref("CT2465030.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2465030\"}");
user_pref("CT2465030.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"http://miponyplugin.Media-Toolbar.c
user_pref("CT2465030.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"mipony-plugin \"}");
user_pref("CT2465030.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2465030.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
user_pref("CT2465030.serviceLayer_services_Configuration_lastUpdate", "1396364788190");
user_pref("CT2465030.serviceLayer_services_login_10.20.101.5_lastUpdate", "1396435440565");
user_pref("CT2465030.serviceLayer_services_searchAPI_lastUpdate", "1396364785382");
user_pref("CT2465030.serviceLayer_services_serviceMap_lastUpdate", "1396364784389");
user_pref("CT2465030.serviceLayer_services_toolbarSettings_lastUpdate", "1396435441318");
user_pref("CT2465030.serviceLayer_services_translation_lastUpdate", "1396364788062");
user_pref("CT2465030.ServiceMapLastCheckTime", "Tue Apr 01 2014 14:05:53 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT2465030.SettingsCheckIntervalMin", 120);
user_pref("CT2465030.settingsINI", true);
user_pref("CT2465030.SettingsLastCheckTime", "Tue Apr 01 2014 14:05:41 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT2465030.SettingsLastUpdate", "1396271104");
user_pref("CT2465030.showToolbarPermission", "false");
user_pref("CT2465030.SHRINK_TOOLBAR", 1);
user_pref("CT2465030.smartbar.CTID", "CT2465030");
user_pref("CT2465030.smartbar.toolbarName", "mipony-plugin ");
user_pref("CT2465030.smartbar.Uninstall", "0");
user_pref("CT2465030.testingCtid", "");
user_pref("CT2465030.ThirdPartyComponentsInterval", 504);
user_pref("CT2465030.ThirdPartyComponentsLastCheck", "Thu Nov 29 2012 13:23:07 GMT+0100 (Central Europe Standard Time)");
user_pref("CT2465030.ThirdPartyComponentsLastUpdate", "1331805997");
user_pref("CT2465030.toolbarAppMetaDataLastCheckTime", "Tue Apr 01 2014 14:05:51 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT2465030.toolbarBornServerTime", "7-11-2010");
user_pref("CT2465030.toolbarCurrentServerTime", "2-4-2014");
user_pref("CT2465030.toolbarLoginClientTime", "Tue Apr 01 2014 17:06:31 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT2465030.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,codefuel.com,tbccint.com,tro
user_pref("CT2465030.uninstallLogServiceUrl", "http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CT2465030.upgradeFromOBVersion", true);
user_pref("CT2465030.UserID", "UN06539814063218508");
user_pref("CT2465030.ValidationData_Toolbar", 2);
user_pref("CT2465030.WeatherNetwork", "");
user_pref("CT2465030.WeatherPollDate", "Thu Nov 29 2012 13:23:09 GMT+0100 (Central Europe Standard Time)");
user_pref("CT2465030.WeatherUnit", "C");
user_pref("CT2465030_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1396435429103,\"isWithState\":\"\",\"timeFromStar
user_pref("keyword.URL", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2465030&q=");
user_pref("smartbar.addressBarOwnerCTID", "CT2465030");
user_pref("smartbar.conduitSearchAddressUrlList", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2465030&q=,http://search.conduit.com/ResultsExt.as
user_pref("Smartbar.ConduitSearchUrlList", "http://search.conduit.com/ResultsExt.aspx?CUI=UN59017517916167479&ctid=CT2465030&SearchSource=3&q={searchT
user_pref("Smartbar.keywordURLSelectedCTID", "CT2465030");
---- Lines CT1142338 removed from prefs.js ----
user_pref("CT1142338.AboutPrivacyUrl", "http://www.conduit.com/privacy/Default.aspx");
user_pref("CT1142338.AllowNonPrivacy", false);
user_pref("CT1142338.CommunityChanged", false);
user_pref("CT1142338.CTID", "CT1142338");
user_pref("CT1142338.CTPBaseServerUrl", "http://grouping.services.conduit.com/");
user_pref("CT1142338.DialogsAlignMode", "LTR");
user_pref("CT1142338.EMailNotifierPollDate", "Wed Jan 27 2010 22:22:06 GMT+0100 (Central Europe Standard Time)");
user_pref("CT1142338.FeedLastCount128311388426518939", 395);
user_pref("CT1142338.FeedLastCount6562300526403385993", 650);
user_pref("CT1142338.FeedLastCount7128679457159772809", 2551);
user_pref("CT1142338.FeedPollDate128400382093694199", "Wed Aug 19 2009 02:18:02 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT1142338.FeedPollDate128400382093694200", "Wed Aug 19 2009 02:18:02 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT1142338.FeedPollDate128400382093694201", "Wed Aug 19 2009 02:18:02 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT1142338.FeedPollDate128400382093694202", "Wed Aug 19 2009 02:18:02 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT1142338.FeedPollDate128400382093694203", "Wed Aug 19 2009 02:18:02 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT1142338.FeedPollDate128400382093694204", "Wed Aug 19 2009 21:39:07 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT1142338.FeedPollDate128795189875412541", "Wed Aug 19 2009 21:39:08 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT1142338.FeedPollDate128795190048693893", "Wed Aug 19 2009 21:39:08 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT1142338.FeedPollDate128795190288694224", "Wed Aug 19 2009 21:39:08 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT1142338.FeedPollDate128795190536975738", "Wed Aug 19 2009 21:39:08 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT1142338.FeedPollDate128795190743694609", "Wed Aug 19 2009 21:39:08 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT1142338.FeedPollDate128795190874007232", "Wed Aug 19 2009 21:39:08 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT1142338.FeedPollDate128795191041350439", "Wed Aug 19 2009 21:39:08 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT1142338.FeedPollDate128795191313381778", "Wed Aug 19 2009 21:39:08 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT1142338.FeedPollDate128795191487444304", "Wed Aug 19 2009 21:39:08 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT1142338.FeedPollDate128795191630569465", "Wed Aug 19 2009 21:39:08 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT1142338.FeedPollDate128795191790100333", "Wed Aug 19 2009 21:39:08 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT1142338.FeedPollDate128795191910256261", "Wed Aug 19 2009 21:39:08 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT1142338.FeedPollDate128795192020569087", "Wed Aug 19 2009 21:39:09 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT1142338.FeedPollDate128795192359788404", "Wed Aug 19 2009 21:39:09 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT1142338.FeedPollDate6562300524687040615", "Tue Sep 29 2009 11:54:13 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT1142338.FeedPollDate6562300524833418053", "Tue Sep 29 2009 11:54:13 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT1142338.FeedPollDate6562300525204730076", "Tue Sep 29 2009 11:54:13 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT1142338.FeedPollDate6562300525232756911", "Tue Sep 29 2009 11:54:14 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT1142338.FeedPollDate6562300525238887218", "Tue Sep 29 2009 11:54:11 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT1142338.FeedPollDate6562300525420534763", "Tue Sep 29 2009 11:54:15 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT1142338.FeedPollDate6562300525437870036", "Tue Sep 29 2009 11:54:14 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT1142338.FeedPollDate6562300525572968581", "Tue Sep 29 2009 11:54:14 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT1142338.FeedPollDate6562300525615870832", "Tue Sep 29 2009 11:54:11 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT1142338.FeedPollDate6562300525629532356", "Tue Sep 29 2009 11:54:11 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT1142338.FeedPollDate6562300525690233134", "Tue Sep 29 2009 11:54:11 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT1142338.FeedPollDate6562300525748203330", "Tue Sep 29 2009 11:54:12 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT1142338.FeedPollDate6562300525799839850", "Tue Sep 29 2009 11:54:13 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT1142338.FeedPollDate6562300525855100008", "Tue Sep 29 2009 11:54:13 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT1142338.FeedPollDate6562300525859676017", "Tue Sep 29 2009 11:54:14 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT1142338.FeedPollDate6562300526025051564", "Tue Sep 29 2009 11:54:11 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT1142338.FeedPollDate6562300526048131241", "Tue Sep 29 2009 11:54:15 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT1142338.FeedPollDate6562300526112771742", "Tue Sep 29 2009 11:54:14 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT1142338.FeedPollDate6562300526174541644", "Tue Sep 29 2009 11:54:15 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT1142338.FeedPollDate6562300526260384632", "Tue Sep 29 2009 11:54:11 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT1142338.FeedPollDate6562300526261679659", "Tue Sep 29 2009 11:54:12 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT1142338.FeedPollDate6562300526322175975", "Tue Sep 29 2009 11:54:15 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT1142338.FeedPollDate6562300526651820505", "Tue Sep 29 2009 11:54:15 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT1142338.FeedPollDate6562300526682270456", "Tue Sep 29 2009 11:54:14 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT1142338.FeedPollDate6562300526693601752", "Tue Sep 29 2009 11:54:15 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT1142338.FeedPollDate6562300526777219652", "Tue Sep 29 2009 11:54:12 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT1142338.FeedPollDate6562300526819626200", "Tue Sep 29 2009 11:54:13 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT1142338.FeedPollDate6562300526850551449", "Tue Sep 29 2009 11:54:15 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT1142338.FeedPollDate6562300526860923011", "Tue Sep 29 2009 11:54:12 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT1142338.FeedPollDate6562300526938927592", "Tue Sep 29 2009 11:54:15 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT1142338.FeedPollDate6562300526967796339", "Tue Sep 29 2009 11:54:12 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT1142338.FeedPollDate6562300527093709470", "Tue Sep 29 2009 11:54:15 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT1142338.FeedPollDate6562300527154834582", "Tue Sep 29 2009 11:54:14 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT1142338.FeedPollDate6562300527216648519", "Tue Sep 29 2009 11:54:14 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT1142338.FeedPollDate6562300527309612460", "Tue Sep 29 2009 11:54:11 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT1142338.FeedPollDate6562300527326442497", "Tue Sep 29 2009 11:54:12 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT1142338.FeedPollDate6562300527554116084", "Tue Sep 29 2009 11:54:15 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT1142338.FeedPollDate6562300527737766085", "Tue Sep 29 2009 11:54:12 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT1142338.FeedPollDate6562300527744637077", "Tue Sep 29 2009 11:54:11 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT1142338.FeedPollDate6562300527813582288", "Tue Sep 29 2009 11:54:11 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT1142338.FeedPollDate6562300527841566060", "Tue Sep 29 2009 11:54:12 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT1142338.FeedPollDate6562300527843290008", "Mon Sep 28 2009 12:45:12 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT1142338.FeedPollDate6562300528058585882", "Tue Sep 29 2009 11:54:11 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT1142338.FeedPollDate6562300528101799262", "Tue Sep 29 2009 11:54:12 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT1142338.FeedPollDate6562300528113907619", "Tue Sep 29 2009 11:54:13 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT1142338.FeedPollDate6562300528188560533", "Tue Sep 29 2009 11:54:11 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT1142338.FeedPollDate6562300528357723037", "Tue Sep 29 2009 11:54:12 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT1142338.FeedPollDate6562300528359966906", "Tue Sep 29 2009 11:54:14 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT1142338.FeedPollDate6562300528531358620", "Tue Sep 29 2009 11:54:14 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT1142338.FeedPollDate6562300528697173886", "Tue Sep 29 2009 11:54:13 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT1142338.FeedPollDate6562300528719153500", "Tue Sep 29 2009 11:54:13 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT1142338.FeedPollDate7128679455443427431", "Wed Jan 27 2010 22:12:06 GMT+0100 (Central Europe Standard Time)");
user_pref("CT1142338.FeedPollDate7128679455589804869", "Wed Jan 27 2010 22:12:06 GMT+0100 (Central Europe Standard Time)");
user_pref("CT1142338.FeedPollDate7128679455961116892", "Wed Jan 27 2010 22:12:06 GMT+0100 (Central Europe Standard Time)");
user_pref("CT1142338.FeedPollDate7128679455989143727", "Wed Jan 27 2010 22:12:08 GMT+0100 (Central Europe Standard Time)");
user_pref("CT1142338.FeedPollDate7128679455995274034", "Wed Jan 27 2010 22:12:04 GMT+0100 (Central Europe Standard Time)");
user_pref("CT1142338.FeedPollDate7128679456176921579", "Wed Jan 27 2010 22:12:08 GMT+0100 (Central Europe Standard Time)");
user_pref("CT1142338.FeedPollDate7128679456194256852", "Wed Jan 27 2010 22:12:06 GMT+0100 (Central Europe Standard Time)");
user_pref("CT1142338.FeedPollDate7128679456329355397", "Wed Jan 27 2010 22:12:07 GMT+0100 (Central Europe Standard Time)");
user_pref("CT1142338.FeedPollDate7128679456372257648", "Wed Jan 27 2010 22:12:04 GMT+0100 (Central Europe Standard Time)");
user_pref("CT1142338.FeedPollDate7128679456385919172", "Wed Jan 27 2010 22:12:04 GMT+0100 (Central Europe Standard Time)");
user_pref("CT1142338.FeedPollDate7128679456446619950", "Wed Jan 27 2010 22:12:04 GMT+0100 (Central Europe Standard Time)");
user_pref("CT1142338.FeedPollDate7128679456504590146", "Wed Jan 27 2010 22:12:05 GMT+0100 (Central Europe Standard Time)");
user_pref("CT1142338.FeedPollDate7128679456556226666", "Wed Jan 27 2010 22:12:06 GMT+0100 (Central Europe Standard Time)");
user_pref("CT1142338.FeedPollDate7128679456611486824", "Wed Jan 27 2010 22:12:06 GMT+0100 (Central Europe Standard Time)");
user_pref("CT1142338.FeedPollDate7128679456616062833", "Wed Jan 27 2010 22:12:07 GMT+0100 (Central Europe Standard Time)");
user_pref("CT1142338.FeedPollDate7128679456685041025", "Sat Oct 17 2009 12:27:56 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT1142338.FeedPollDate7128679456781438380", "Wed Jan 27 2010 22:12:05 GMT+0100 (Central Europe Standard Time)");
user_pref("CT1142338.FeedPollDate7128679456804518057", "Wed Jan 27 2010 22:12:08 GMT+0100 (Central Europe Standard Time)");
user_pref("CT1142338.FeedPollDate7128679456869158558", "Wed Jan 27 2010 22:12:08 GMT+0100 (Central Europe Standard Time)");
user_pref("CT1142338.FeedPollDate7128679456930928460", "Wed Jan 27 2010 22:12:08 GMT+0100 (Central Europe Standard Time)");
user_pref("CT1142338.FeedPollDate7128679457016771448", "Wed Jan 27 2010 22:12:04 GMT+0100 (Central Europe Standard Time)");
user_pref("CT1142338.FeedPollDate7128679457018066475", "Wed Jan 27 2010 22:12:05 GMT+0100 (Central Europe Standard Time)");
user_pref("CT1142338.FeedPollDate7128679457078562791", "Wed Jan 27 2010 20:12:08 GMT+0100 (Central Europe Standard Time)");
user_pref("CT1142338.FeedPollDate7128679457408207321", "Wed Jan 27 2010 20:12:08 GMT+0100 (Central Europe Standard Time)");
user_pref("CT1142338.FeedPollDate7128679457438657272", "Wed Jan 27 2010 22:12:07 GMT+0100 (Central Europe Standard Time)");
user_pref("CT1142338.FeedPollDate7128679457449988568", "Wed Jan 27 2010 22:12:08 GMT+0100 (Central Europe Standard Time)");
user_pref("CT1142338.FeedPollDate7128679457533606468", "Wed Jan 27 2010 22:12:04 GMT+0100 (Central Europe Standard Time)");
user_pref("CT1142338.FeedPollDate7128679457576013016", "Wed Jan 27 2010 22:12:06 GMT+0100 (Central Europe Standard Time)");
user_pref("CT1142338.FeedPollDate7128679457606938265", "Wed Jan 27 2010 22:12:08 GMT+0100 (Central Europe Standard Time)");
user_pref("CT1142338.FeedPollDate7128679457617309827", "Wed Jan 27 2010 22:12:05 GMT+0100 (Central Europe Standard Time)");
user_pref("CT1142338.FeedPollDate7128679457695314408", "Wed Jan 27 2010 20:12:08 GMT+0100 (Central Europe Standard Time)");
user_pref("CT1142338.FeedPollDate7128679457724183155", "Wed Jan 27 2010 22:12:05 GMT+0100 (Central Europe Standard Time)");
user_pref("CT1142338.FeedPollDate7128679457850096286", "Wed Jan 27 2010 22:12:08 GMT+0100 (Central Europe Standard Time)");
user_pref("CT1142338.FeedPollDate7128679457911221398", "Wed Jan 27 2010 22:12:08 GMT+0100 (Central Europe Standard Time)");
user_pref("CT1142338.FeedPollDate7128679457973035335", "Wed Jan 27 2010 22:12:06 GMT+0100 (Central Europe Standard Time)");
user_pref("CT1142338.FeedPollDate7128679458065999276", "Wed Jan 27 2010 22:12:04 GMT+0100 (Central Europe Standard Time)");
user_pref("CT1142338.FeedPollDate7128679458082829313", "Wed Jan 27 2010 22:12:06 GMT+0100 (Central Europe Standard Time)");
user_pref("CT1142338.FeedPollDate7128679458310502900", "Wed Jan 27 2010 22:12:08 GMT+0100 (Central Europe Standard Time)");
user_pref("CT1142338.FeedPollDate7128679458494152901", "Wed Jan 27 2010 22:12:05 GMT+0100 (Central Europe Standard Time)");
user_pref("CT1142338.FeedPollDate7128679458501023893", "Wed Jan 27 2010 22:12:05 GMT+0100 (Central Europe Standard Time)");
user_pref("CT1142338.FeedPollDate7128679458569969104", "Wed Jan 27 2010 22:12:05 GMT+0100 (Central Europe Standard Time)");
user_pref("CT1142338.FeedPollDate7128679458597952876", "Wed Jan 27 2010 22:12:05 GMT+0100 (Central Europe Standard Time)");
user_pref("CT1142338.FeedPollDate7128679458599676824", "Wed Jan 27 2010 20:12:06 GMT+0100 (Central Europe Standard Time)");
user_pref("CT1142338.FeedPollDate7128679458723761838", "Wed Jan 27 2010 20:12:07 GMT+0100 (Central Europe Standard Time)");
user_pref("CT1142338.FeedPollDate7128679458814972698", "Wed Jan 27 2010 22:12:04 GMT+0100 (Central Europe Standard Time)");
user_pref("CT1142338.FeedPollDate7128679458858186078", "Wed Jan 27 2010 22:12:05 GMT+0100 (Central Europe Standard Time)");
user_pref("CT1142338.FeedPollDate7128679458870294435", "Wed Jan 27 2010 22:12:06 GMT+0100 (Central Europe Standard Time)");
user_pref("CT1142338.FeedPollDate7128679458944947349", "Wed Jan 27 2010 22:12:05 GMT+0100 (Central Europe Standard Time)");
user_pref("CT1142338.FeedPollDate7128679459114109853", "Wed Jan 27 2010 22:12:05 GMT+0100 (Central Europe Standard Time)");
user_pref("CT1142338.FeedPollDate7128679459116353722", "Wed Jan 27 2010 22:12:07 GMT+0100 (Central Europe Standard Time)");
user_pref("CT1142338.FeedPollDate7128679459287745436", "Wed Jan 27 2010 22:12:08 GMT+0100 (Central Europe Standard Time)");
user_pref("CT1142338.FeedPollDate7128679459453560702", "Wed Jan 27 2010 22:12:06 GMT+0100 (Central Europe Standard Time)");
user_pref("CT1142338.FeedPollDate7128679459475540316", "Wed Jan 27 2010 22:12:06 GMT+0100 (Central Europe Standard Time)");
user_pref("CT1142338.FirstTime", true);
user_pref("CT1142338.FirstTimeFF3", true);
user_pref("CT1142338.Initialize", true);
user_pref("CT1142338.InitializeCommonPrefs", true);
user_pref("CT1142338.IsGrouping", false);
user_pref("CT1142338.IsMulticommunity", false);
user_pref("CT1142338.IsOpenThankYouPage", true);
user_pref("CT1142338.IsOpenUninstallPage", true);
user_pref("CT1142338.LanguagePackLastCheckTime", "Wed Jan 27 2010 20:12:08 GMT+0100 (Central Europe Standard Time)");
user_pref("CT1142338.LanguagePackReloadInterval", "24");
user_pref("CT1142338.LastLogin", "Wed Jan 27 2010 20:12:05 GMT+0100 (Central Europe Standard Time)");
user_pref("CT1142338.Locale", "en-us");
user_pref("CT1142338.LoginCache", "4");
user_pref("CT1142338.MCDetectTooltipHeight", "83");
user_pref("CT1142338.MCDetectTooltipUrl", "http://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
user_pref("CT1142338.MCDetectTooltipWidth", "295");
user_pref("CT1142338.MyGadgetsServerUrl", "http://services.MyStuff.u-page.com/MyStuffService.asmx/LegacyLogin");
user_pref("CT1142338.MyGadgetsTrustedDomains", "conduit.com");
user_pref("CT1142338.RadioIsPodcast", false);
user_pref("CT1142338.RadioLastCheckTime", "Wed Jan 27 2010 20:12:08 GMT+0100 (Central Europe Standard Time)");
user_pref("CT1142338.RadioLastUpdateIPServer", "4");
user_pref("CT1142338.RadioLastUpdateServer", "128929877726170000");
user_pref("CT1142338.RadioMediaID", "6866669");
user_pref("CT1142338.RadioMediaType", "Media Player");
user_pref("CT1142338.RadioMenuSelectedID", "EBRadioMenu_CT11423386866669");
user_pref("CT1142338.RadioStationName", "MTV");
user_pref("CT1142338.RadioStationURL", "http://www.radios.com.br/asx/dmtvgo-br.asx");
user_pref("CT1142338.SearchFromAddressBarIsInit", true);
user_pref("CT1142338.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT1142338&SearchSource=2&q=");
user_pref("CT1142338.Server", "http://users.conduit.com");
user_pref("CT1142338.SettingsLastUpdate", "1264097292");
user_pref("CT1142338.SHRINK_TOOLBAR", 1);
user_pref("CT1142338.ThirdPartyComponentsInterval", "72");
user_pref("CT1142338.ThirdPartyComponentsLastCheck", "Fri Jan 30 2009 01:48:44 GMT-0800 (Pacific Standard Time)");
user_pref("CT1142338.ThirdPartyComponentsLastUpdate", "1230122563");
user_pref("CT1142338.ToolbarAlignMode", "SYSTEM");
user_pref("CT1142338.ToolbarName", "Softonic English");
user_pref("CT1142338.TrusteLinkUrl", "http://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112");
user_pref("CT1142338.UserID", "UN20090130014842251");
user_pref("CT1142338.VusualLastUpdateTime", "1264097292");
user_pref("CT1142338.WeatherNetwork", "");
user_pref("CT1142338.WeatherPollDate", "Wed Jan 27 2010 22:10:05 GMT+0100 (Central Europe Standard Time)");
user_pref("CT1142338.WeatherUnit", "C");
---- Lines CT2010429 removed from prefs.js ----
user_pref("CommunityToolbar.ETag.http://appsmetadata.toolbar.conduit-services.com/?ctid=CT2010429", "\"1367215463\"");
user_pref("CommunityToolbar.ETag.http://ip2location.conduit-services.com/ip/?ctid=CT2010429&ver=3.20.0.4&client=ToolbarConfiguration", "\"5cbc0f716c8a
user_pref("CommunityToolbar.ETag.http://servicemap.conduit-services.com/Toolbar/?ownerId=CT2010429", "\"7097fd37277b6a1b754b125bd11d0197\"");
user_pref("CommunityToolbar.ETag.http://Settings.toolbar.search.conduit.com/root/CT2010429/CT2010429", "\"28c2be4fd4df7651cd9a8802ad63f0203\"");
user_pref("CT2010429..clientLogIsEnabled", false);
user_pref("CT2010429..clientLogServiceUrl", "http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT2010429..uninstallLogServiceUrl", "http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CT2010429.AboutPrivacyUrl", "http://www.conduit.com/privacy/default.aspx");
user_pref("CT2010429.addressBarTakeOverEnabledInHidden", "true");
user_pref("CT2010429.alertChannelId", "492777");
user_pref("CT2010429.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
user_pref("CT2010429.BrowserCompStateIsOpen_1367159896000", true);
user_pref("CT2010429.clientLogIsEnabled", false);
user_pref("CT2010429.clientLogServiceUrl", "http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT2010429.components.1000082", true);
user_pref("CT2010429.ConfigurationLastCheckTime", "Tue Apr 01 2014 14:05:52 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT2010429.countryCode", "ME");
user_pref("CT2010429.CT2010429.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"http://search.conduit.com/?gd=&ctid=CT2010429&octid=CT2010429
user_pref("CT2010429.CTID", "CT2010429");
user_pref("CT2010429.CurrentServerDate", "1-4-2014");
user_pref("CT2010429.DialogsAlignMode", "LTR");
user_pref("CT2010429.DialogsGetterLastCheckTime", "Tue Apr 01 2014 14:05:52 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT2010429.DownloadReferralCookieData", "");
user_pref("CT2010429.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2010429.FeedLastCount128892253208343847", 20);
user_pref("CT2010429.FeedPollDate128909605711044026", "Wed Jan 27 2010 20:12:05 GMT+0100 (Central Europe Standard Time)");
user_pref("CT2010429.FeedTTL128909605711044026", 40);
user_pref("CT2010429.FirstServerDate", "13-12-2012");
user_pref("CT2010429.FirstTime", true);
user_pref("CT2010429.firstTimeDialogOpened", true);
user_pref("CT2010429.FirstTimeFF3", true);
user_pref("CT2010429.fixPageNotFoundErrorByUser", "TRUE");
user_pref("CT2010429.fixPageNotFoundErrorInHidden", "true");
user_pref("CT2010429.fullUserID", "UN23522896938602245.UP.20140401170619");
user_pref("CT2010429.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.
user_pref("CT2010429.GroupingServerCheckInterval", 1440);
user_pref("CT2010429.GroupingServiceUrl", "http://grouping.services.conduit.com/");
user_pref("CT2010429.HasUserGlobalKeys", true);
user_pref("CT2010429.homepageProtectorEnableByLogin", true);
user_pref("CT2010429.initDone", true);
user_pref("CT2010429.Initialize", true);
user_pref("CT2010429.InitializeCommonPrefs", true);
user_pref("CT2010429.InstallationAndCookieDataSentCount", 3);
user_pref("CT2010429.InstallationType", "Unknown");
user_pref("CT2010429.InstalledDate", "Fri Jan 22 2010 00:02:48 GMT+0100 (Central Europe Standard Time)");
user_pref("CT2010429.installType", "Unknown");
user_pref("CT2010429.InvalidateCache", false);
user_pref("CT2010429.isCheckedStartAsHidden", true);
user_pref("CT2010429.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2010429.isFirstTimeToolbarLoading", "false");
user_pref("CT2010429.IsGrouping", false);
user_pref("CT2010429.IsMulticommunity", false);
user_pref("CT2010429.IsOpenThankYouPage", true);
user_pref("CT2010429.IsOpenUninstallPage", true);
user_pref("CT2010429.isPerformedSmartBarTransition", "true");
user_pref("CT2010429.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
user_pref("CT2010429.keyword", true);
user_pref("CT2010429.LanguagePackLastCheckTime", "Tue Apr 01 2014 14:05:52 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT2010429.LanguagePackReloadIntervalMM", 1440);
user_pref("CT2010429.LanguagePackServiceUrl", "http://translation.users.conduit.com/Translation.ashx");
user_pref("CT2010429.LastLogin_2.4.0.4", "Wed Jan 27 2010 20:12:08 GMT+0100 (Central Europe Standard Time)");
user_pref("CT2010429.LastLogin_3.15.1.0", "Mon Dec 24 2012 17:53:46 GMT+0100 (Central Europe Standard Time)");
user_pref("CT2010429.LastLogin_3.16.0.3", "Sun Feb 10 2013 21:54:48 GMT+0100 (Central Europe Standard Time)");
user_pref("CT2010429.LastLogin_3.18.0.7", "Tue Jul 23 2013 17:25:21 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT2010429.LastLogin_3.19.0.3", "Sun Sep 15 2013 12:25:10 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT2010429.LastLogin_3.20.0.4", "Tue Apr 01 2014 14:05:53 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT2010429.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"http://search.conduit.com/?gd=&ctid=CT2010429&octid=CT2010429&ISID=ISID
user_pref("CT2010429.lastVersion", "10.23.0.822");
user_pref("CT2010429.LatestVersion", "3.20.0.4");
user_pref("CT2010429.Locale", "en-us");
user_pref("CT2010429.LoginCache", 4);
user_pref("CT2010429.MCDetectTooltipHeight", "83");
user_pref("CT2010429.MCDetectTooltipUrl", "http://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
user_pref("CT2010429.MCDetectTooltipWidth", "295");
user_pref("CT2010429.myStuffEnabled", true);
user_pref("CT2010429.MyStuffEnabledAtInstallation", true);
user_pref("CT2010429.myStuffPublihserMinWidth", 400);
user_pref("CT2010429.myStuffSearchUrl", "http://appstrm.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
user_pref("CT2010429.myStuffServiceIntervalMM", 1440);
user_pref("CT2010429.myStuffServiceUrl", "http://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUF
user_pref("CT2010429.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"http%3A%2F%2Fwww.familycirclecup.com%2Fschedule%2F\",\"
user_pref("CT2010429.originalSearchAddressUrl", "chrome://browser-region/locale/region.properties");
user_pref("CT2010429.RadioIsPodcast", false);
user_pref("CT2010429.RadioLastCheckTime", "Wed Jan 27 2010 20:12:06 GMT+0100 (Central Europe Standard Time)");
user_pref("CT2010429.RadioLastUpdateIPServer", "4");
user_pref("CT2010429.RadioLastUpdateServer", "0");
user_pref("CT2010429.RadioMediaID", "9962");
user_pref("CT2010429.RadioMediaType", "Media Player");
user_pref("CT2010429.RadioMenuSelectedID", "EBRadioMenu_CT20104299962");
user_pref("CT2010429.RadioStationName", "California%20Rock");
user_pref("CT2010429.RadioStationURL", "http://feedlive.net/california.asx");
user_pref("CT2010429.revertSettingsEnabled", true);
user_pref("CT2010429.SearchAPILastCheckTime", "Tue Apr 01 2014 14:05:51 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT2010429.SearchEngine", "Search||http://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2010429&octid=EB_ORIGINAL_CTID");
user_pref("CT2010429.searchFromAddressBarEnabledByUser", "false");
user_pref("CT2010429.SearchFromAddressBarIsInit", true);
user_pref("CT2010429.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2010429&SearchSource=2&q=");
user_pref("CT2010429.SearchInNewTabEnabled", true);
user_pref("CT2010429.searchInNewTabEnabledByUser", "true");
user_pref("CT2010429.searchInNewTabEnabledInHidden", "true");
user_pref("CT2010429.SearchInNewTabIntervalMM", 1440);
user_pref("CT2010429.SearchInNewTabLastCheckTime", "Sat Sep 14 2013 13:01:39 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT2010429.SearchInNewTabServiceUrl", "http://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
user_pref("CT2010429.SearchInNewTabURLFromSearchAPI", "http://search.conduit.com/?gd=&ctid=CT2010429&octid=CT2010429&ISID=ISID_ID&SearchSource=15&CUI=
user_pref("CT2010429.SearchInNewTabUsageUrl", "http://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
user_pref("CT2010429.searchProtectorDialogDelayInSec", 10);
user_pref("CT2010429.searchProtectorEnableByLogin", true);
user_pref("CT2010429.searchSuggestEnabledByUser", "false");
user_pref("CT2010429.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2010429.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT2010429.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
user_pref("CT2010429.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2010429\"}");
user_pref("CT2010429.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"http://ThemeXPToolbar.OurToolbar.co
user_pref("CT2010429.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"Theme XP \"}");
user_pref("CT2010429.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2010429.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"1\"}");
user_pref("CT2010429.serviceLayer_services_Configuration_lastUpdate", "1396364785375");
user_pref("CT2010429.serviceLayer_services_login_10.23.0.822_lastUpdate", "1396435441893");
user_pref("CT2010429.serviceLayer_services_searchAPI_lastUpdate", "1396364788321");
user_pref("CT2010429.serviceLayer_services_serviceMap_lastUpdate", "1396364784468");
user_pref("CT2010429.serviceLayer_services_toolbarSettings_lastUpdate", "1396435442427");
user_pref("CT2010429.serviceLayer_services_translation_lastUpdate", "1396364788300");
user_pref("CT2010429.ServiceMapLastCheckTime", "Tue Apr 01 2014 14:05:53 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT2010429.SettingsCheckIntervalMin", 120);
user_pref("CT2010429.settingsINI", true);
user_pref("CT2010429.SettingsLastCheckTime", "Tue Apr 01 2014 14:05:42 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT2010429.SettingsLastUpdate", "1396269581");
user_pref("CT2010429.showToolbarPermission", "false");
user_pref("CT2010429.SHRINK_TOOLBAR", 1);
user_pref("CT2010429.smartbar.CTID", "CT2010429");
user_pref("CT2010429.smartbar.toolbarName", "Theme XP ");
user_pref("CT2010429.smartbar.Uninstall", "0");
user_pref("CT2010429.testingCtid", "");
user_pref("CT2010429.ThirdPartyComponentsInterval", 504);
user_pref("CT2010429.ThirdPartyComponentsLastCheck", "Fri Jan 22 2010 00:02:37 GMT+0100 (Central Europe Standard Time)");
user_pref("CT2010429.ThirdPartyComponentsLastUpdate", "1250280007");
user_pref("CT2010429.toolbarAppMetaDataLastCheckTime", "Tue Apr 01 2014 14:05:51 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT2010429.toolbarBornServerTime", "13-12-2012");
user_pref("CT2010429.toolbarCurrentServerTime", "2-4-2014");
user_pref("CT2010429.toolbarLoginClientTime", "Tue Apr 01 2014 17:06:31 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT2010429.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,codefuel.com,tbccint.com,tro
user_pref("CT2010429.uninstallLogServiceUrl", "http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CT2010429.usagesFlag", 2);
user_pref("CT2010429.UserID", "UN23522896938602245");
user_pref("CT2010429.ValidationData_Toolbar", 0);
user_pref("CT2010429.WeatherNetwork", "");
user_pref("CT2010429.WeatherPollDate", "Wed Jan 27 2010 20:12:06 GMT+0100 (Central Europe Standard Time)");
user_pref("CT2010429.WeatherUnit", "C");
user_pref("CT2010429_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1396435429938,\"isWithState\":\"\",\"timeFromStar
---- Lines CT2443659 removed from prefs.js ----
user_pref("CommunityToolbar.ETag.http://appsmetadata.toolbar.conduit-services.com/?ctid=CT2443659", "\"0\"");
user_pref("CommunityToolbar.ETag.http://ip2location.conduit-services.com/ip/?ctid=CT2443659&ver=3.20.0.4&client=ToolbarConfiguration", "\"5cbc0f716c8a
user_pref("CommunityToolbar.ETag.http://servicemap.conduit-services.com/Toolbar/?ownerId=CT2443659", "\"7097fd37277b6a1b754b125bd11d0197\"");
user_pref("CommunityToolbar.ETag.http://Settings.toolbar.search.conduit.com/root/CT2443659/CT2443659", "\"f66987de2b4af124882c95ff6f53f03e3\"");
user_pref("CT2443659..clientLogIsEnabled", false);
user_pref("CT2443659..clientLogServiceUrl", "http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT2443659..uninstallLogServiceUrl", "http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CT2443659.2443659a129490722519862522000000paramsgk.from_oldbar.enc", "eyJ1cGRhdGVSZXFUaW1lIjoxMzIxODE2OTUwMzQ4LCJ1cGRhdGVSZXNwVGltZSI6MTMyM
user_pref("CT2443659.AboutPrivacyUrl", "http://www.conduit.com/privacy/default.aspx");
user_pref("CT2443659.addressBarTakeOverEnabledInHidden", "true");
user_pref("CT2443659.alertChannelId", "837702");
user_pref("CT2443659.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
user_pref("CT2443659.backendstorage.2443659a129490722519862522000000paramsgk", "7B2275706461746552657154696D65223A313332313831363935303334382C22757064
user_pref("CT2443659.clientLogIsEnabled", true);
user_pref("CT2443659.clientLogServiceUrl", "http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT2443659.components.1000082", true);
user_pref("CT2443659.components.1000234", true);
user_pref("CT2443659.ConfigurationLastCheckTime", "Tue Apr 01 2014 14:05:52 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT2443659.countryCode", "ME");
user_pref("CT2443659.CT2443659.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"http://search.conduit.com/?gd=&ctid=CT2443659&octid=CT2443659
user_pref("CT2443659.CTID", "CT2443659");
user_pref("CT2443659.CurrentServerDate", "1-4-2014");
user_pref("CT2443659.DialogsAlignMode", "LTR");
user_pref("CT2443659.DialogsGetterLastCheckTime", "Tue Apr 01 2014 14:05:53 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT2443659.DownloadReferralCookieData", "{\"BannerName\":\"\",\"BannerTypeId\":\"\",\"BannerCulture\":\"\",\"DownloadTime\":\"9/4/2010 8:56:
user_pref("CT2443659.EMailNotifierPollDate", "Sun Nov 20 2011 22:35:44 GMT+0100 (Central Europe Standard Time)");
user_pref("CT2443659.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2443659.FeedLastCount129023331966275212", 50);
user_pref("CT2443659.FeedPollDate129023331967837745", "Sun Nov 20 2011 22:05:45 GMT+0100 (Central Europe Standard Time)");
user_pref("CT2443659.FeedTTL129023331967837745", 40);
user_pref("CT2443659.FirstServerDate", "4-9-2010");
user_pref("CT2443659.FirstTime", true);
user_pref("CT2443659.firstTimeDialogOpened", true);
user_pref("CT2443659.FirstTimeFF3", true);
user_pref("CT2443659.FirstTimeSettingsDone", true);
user_pref("CT2443659.fixPageNotFoundErrorByUser", "TRUE");
user_pref("CT2443659.fixPageNotFoundErrorInHidden", "true");
user_pref("CT2443659.FixPageNotFoundErrors", true);
user_pref("CT2443659.fullUserID", "UN59017517916167479.UP.20140401170620");
user_pref("CT2443659.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.
user_pref("CT2443659.GroupingServerCheckInterval", 1440);
user_pref("CT2443659.GroupingServiceUrl", "http://grouping.services.conduit.com/");
user_pref("CT2443659.HasUserGlobalKeys", true);
user_pref("CT2443659.homepageProtectorEnableByLogin", true);
user_pref("CT2443659.initDone", true);
user_pref("CT2443659.Initialize", true);
user_pref("CT2443659.InitializeCommonPrefs", true);
user_pref("CT2443659.InstallationAndCookieDataSentCount", 3);
user_pref("CT2443659.InstalledDate", "Sat Sep 04 2010 19:56:03 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT2443659.installType", "Unknown");
user_pref("CT2443659.InvalidateCache", false);
user_pref("CT2443659.isCheckedStartAsHidden", true);
user_pref("CT2443659.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2443659.isFirstTimeToolbarLoading", "false");
user_pref("CT2443659.IsGrouping", false);
user_pref("CT2443659.IsMulticommunity", false);
user_pref("CT2443659.IsOpenThankYouPage", true);
user_pref("CT2443659.IsOpenUninstallPage", true);
user_pref("CT2443659.isPerformedSmartBarTransition", "true");
user_pref("CT2443659.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
user_pref("CT2443659.keyword", true);
user_pref("CT2443659.LanguagePackLastCheckTime", "Tue Apr 01 2014 14:05:52 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT2443659.LanguagePackReloadIntervalMM", 1440);
user_pref("CT2443659.LanguagePackServiceUrl", "http://translation.users.conduit.com/Translation.ashx");
user_pref("CT2443659.LastLogin_2.7.2.0", "Sun Nov 20 2011 20:41:52 GMT+0100 (Central Europe Standard Time)");
user_pref("CT2443659.LastLogin_3.15.1.0", "Mon Dec 24 2012 17:53:45 GMT+0100 (Central Europe Standard Time)");
user_pref("CT2443659.LastLogin_3.16.0.3", "Sun Feb 10 2013 21:54:47 GMT+0100 (Central Europe Standard Time)");
user_pref("CT2443659.LastLogin_3.18.0.7", "Tue Jul 23 2013 17:25:19 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT2443659.LastLogin_3.19.0.3", "Fri Oct 04 2013 19:32:26 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT2443659.LastLogin_3.20.0.4", "Tue Apr 01 2014 14:05:53 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT2443659.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"http://search.conduit.com/?gd=&ctid=CT2443659&octid=CT2443659&ISID=ISID
user_pref("CT2443659.lastVersion", "10.23.0.822");
user_pref("CT2443659.LatestVersion", "3.20.0.4");
user_pref("CT2443659.Locale", "en");
user_pref("CT2443659.LoginCache", 4);
user_pref("CT2443659.MCDetectTooltipHeight", "83");
user_pref("CT2443659.MCDetectTooltipUrl", "http://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
user_pref("CT2443659.MCDetectTooltipWidth", "295");
user_pref("CT2443659.myStuffEnabled", true);
user_pref("CT2443659.MyStuffEnabledAtInstallation", true);
user_pref("CT2443659.myStuffPublihserMinWidth", 400);
user_pref("CT2443659.myStuffSearchUrl", "http://appstrm.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
user_pref("CT2443659.myStuffServiceIntervalMM", 1440);
user_pref("CT2443659.myStuffServiceUrl", "http://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUF
user_pref("CT2443659.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"http%3A%2F%2Fwww.familycirclecup.com%2Fschedule%2F\",\"
user_pref("CT2443659.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT2443659.originalSearchAddressUrl", "chrome://browser-region/locale/region.properties");
user_pref("CT2443659.RadioIsPodcast", false);
user_pref("CT2443659.RadioLastCheckTime", "Sun Nov 20 2011 19:11:56 GMT+0100 (Central Europe Standard Time)");
user_pref("CT2443659.RadioLastUpdateIPServer", "3");
user_pref("CT2443659.RadioLastUpdateServer", "0");
user_pref("CT2443659.RadioMediaID", "9962");
user_pref("CT2443659.RadioMediaType", "Media Player");
user_pref("CT2443659.RadioMenuSelectedID", "EBRadioMenu_CT24436599962");
user_pref("CT2443659.RadioShrinked", "expanded");
user_pref("CT2443659.RadioStationName", "California%20Rock");
user_pref("CT2443659.RadioStationURL", "http://feedlive.net/california.asx");
user_pref("CT2443659.revertSettingsEnabled", true);
user_pref("CT2443659.SearchAPILastCheckTime", "Tue Apr 01 2014 14:05:52 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT2443659.SearchEngine", "Search||http://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2443659&octid=EB_ORIGINAL_CTID&SearchSour
user_pref("CT2443659.searchFromAddressBarEnabledByUser", "false");
user_pref("CT2443659.SearchFromAddressBarIsInit", true);
user_pref("CT2443659.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2443659&q=");
user_pref("CT2443659.SearchInNewTabEnabled", true);
user_pref("CT2443659.searchInNewTabEnabledByUser", "true");
user_pref("CT2443659.searchInNewTabEnabledInHidden", "true");
user_pref("CT2443659.SearchInNewTabIntervalMM", 1440);
user_pref("CT2443659.SearchInNewTabLastCheckTime", "Fri Oct 04 2013 19:32:23 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT2443659.SearchInNewTabServiceUrl", "http://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
user_pref("CT2443659.SearchInNewTabURLFromSearchAPI", "http://search.conduit.com/?gd=&ctid=CT2443659&octid=CT2443659&ISID=ISID_ID&SearchSource=15&CUI=
user_pref("CT2443659.SearchInNewTabUsageUrl", "http://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID");
user_pref("CT2443659.searchProtectorDialogDelayInSec", 10);
user_pref("CT2443659.searchProtectorEnableByLogin", true);
user_pref("CT2443659.searchSuggestEnabledByUser", "false");
user_pref("CT2443659.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2443659.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT2443659.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
user_pref("CT2443659.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2443659\"}");
user_pref("CT2443659.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"http://ENRealMadridFC.OurToolbar.co
user_pref("CT2443659.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"EN - Real Madrid FC \"}");
user_pref("CT2443659.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2443659.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"1\"}");
user_pref("CT2443659.serviceLayer_services_Configuration_lastUpdate", "1396364785367");
user_pref("CT2443659.serviceLayer_services_login_10.23.0.822_lastUpdate", "1396435442134");
user_pref("CT2443659.serviceLayer_services_searchAPI_lastUpdate", "1396364788869");
user_pref("CT2443659.serviceLayer_services_serviceMap_lastUpdate", "1396364784438");
user_pref("CT2443659.serviceLayer_services_toolbarSettings_lastUpdate", "1396435442774");
user_pref("CT2443659.serviceLayer_services_translation_lastUpdate", "1396364788809");
user_pref("CT2443659.ServiceMapLastCheckTime", "Tue Apr 01 2014 14:05:52 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT2443659.SettingsCheckIntervalMin", 120);
user_pref("CT2443659.settingsINI", true);
user_pref("CT2443659.SettingsLastCheckTime", "Tue Apr 01 2014 14:05:42 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT2443659.SettingsLastUpdate", "1396270689");
user_pref("CT2443659.SHRINK_TOOLBAR", 1);
user_pref("CT2443659.smartbar.CTID", "CT2443659");
user_pref("CT2443659.smartbar.toolbarName", "EN - Real Madrid FC ");
user_pref("CT2443659.smartbar.Uninstall", "0");
user_pref("CT2443659.testingCtid", "");
user_pref("CT2443659.ThirdPartyComponentsInterval", 504);
user_pref("CT2443659.ThirdPartyComponentsLastCheck", "Mon Nov 07 2011 22:19:06 GMT+0100 (Central Europe Standard Time)");
user_pref("CT2443659.ThirdPartyComponentsLastUpdate", "1246790578");
user_pref("CT2443659.toolbarAppMetaDataLastCheckTime", "Tue Apr 01 2014 14:05:52 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT2443659.toolbarBornServerTime", "4-9-2010");
user_pref("CT2443659.toolbarCurrentServerTime", "2-4-2014");
user_pref("CT2443659.toolbarLoginClientTime", "Tue Apr 01 2014 17:06:32 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT2443659.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,codefuel.com,tbccint.com,tro
user_pref("CT2443659.uninstallLogServiceUrl", "http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CT2443659.upgradeFromOBVersion", true);
user_pref("CT2443659.usagesFlag", 2);
user_pref("CT2443659.UserID", "UN59017517916167479");
user_pref("CT2443659.ValidationData_Toolbar", 2);
user_pref("CT2443659.WeatherNetwork", "");
user_pref("CT2443659.WeatherPollDate", "Sun Nov 20 2011 22:35:52 GMT+0100 (Central Europe Standard Time)");
user_pref("CT2443659.WeatherUnit", "C");
user_pref("CT2443659_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1396435430863,\"isWithState\":\"\",\"timeFromStar
user_pref("valueApps.CT2443659.mam_gk_currentVersion", "312E31332E302E3137");
user_pref("valueApps.CT2443659.mam_gk_currentVersion.storedInFile", false);
user_pref("valueApps.CT2443659.mam_gk_migrated_from_ls", "31");
user_pref("valueApps.CT2443659.mam_gk_migrated_from_ls.storedInFile", false);
user_pref("valueApps.CT2443659.mam_gk_userBornDate", "4E2F41");
user_pref("valueApps.CT2443659.mam_gk_userBornDate.storedInFile", false);
---- Lines CT2720081 removed from prefs.js ----
user_pref("CT2720081.AboutPrivacyUrl", "http://www.conduit.com/privacy/Default.aspx");
user_pref("CT2720081.alertChannelId", "1112366");
user_pref("CT2720081.clientLogIsEnabled", true);
user_pref("CT2720081.clientLogServiceUrl", "http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT2720081.CTID", "CT2720081");
user_pref("CT2720081.CurrentServerDate", "4-9-2010");
user_pref("CT2720081.DialogsAlignMode", "LTR");
user_pref("CT2720081.DownloadReferralCookieData", "");
user_pref("CT2720081.EMailNotifierPollDate", "Sat Sep 04 2010 20:10:53 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT2720081.FeedLastCount129248891425073064", 186);
user_pref("CT2720081.FeedPollDate129225116238185771", "Sat Sep 04 2010 19:37:31 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT2720081.FeedPollDate129225147492879732", "Sat Sep 04 2010 19:37:31 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT2720081.FeedPollDate129245643951202078", "Sat Sep 04 2010 19:37:31 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT2720081.FeedPollDate129245643951202084", "Sat Sep 04 2010 19:37:31 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT2720081.FeedTTL129225116238185771", 40);
user_pref("CT2720081.FeedTTL129225147492879732", 40);
user_pref("CT2720081.FeedTTL129245643951202078", 40);
user_pref("CT2720081.FeedTTL129245643951202084", 40);
user_pref("CT2720081.FirstServerDate", "1-9-2010");
user_pref("CT2720081.FirstTime", true);
user_pref("CT2720081.FirstTimeFF3", true);
user_pref("CT2720081.FirstTimeSettingsDone", true);
user_pref("CT2720081.FixPageNotFoundErrors", true);
user_pref("CT2720081.GroupingServerCheckInterval", 1440);
user_pref("CT2720081.GroupingServiceUrl", "http://grouping.services.conduit.com/");
user_pref("CT2720081.Initialize", true);
user_pref("CT2720081.InitializeCommonPrefs", true);
user_pref("CT2720081.InstallationAndCookieDataSentCount", 3);
user_pref("CT2720081.InstallationType", "UnknownIntegration");
user_pref("CT2720081.InstalledDate", "Wed Sep 01 2010 17:59:31 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT2720081.InvalidateCache", false);
user_pref("CT2720081.IsGrouping", false);
user_pref("CT2720081.IsMulticommunity", false);
user_pref("CT2720081.IsOpenThankYouPage", false);
user_pref("CT2720081.IsOpenUninstallPage", true);
user_pref("CT2720081.LanguagePackLastCheckTime", "Sat Sep 04 2010 11:05:40 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT2720081.LanguagePackReloadIntervalMM", 1440);
user_pref("CT2720081.LanguagePackServiceUrl", "http://translation.users.conduit.com/Translation.ashx");
user_pref("CT2720081.LastLogin_2.7.2.0", "Sat Sep 04 2010 19:55:56 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT2720081.LatestVersion", "2.7.2.0");
user_pref("CT2720081.Locale", "en");
user_pref("CT2720081.LoginCache", 4);
user_pref("CT2720081.MCDetectTooltipHeight", "83");
user_pref("CT2720081.MCDetectTooltipUrl", "http://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
user_pref("CT2720081.MCDetectTooltipWidth", "295");
user_pref("CT2720081.myStuffEnabled", true);
user_pref("CT2720081.myStuffPublihserMinWidth", 400);
user_pref("CT2720081.myStuffSearchUrl", "http://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"
user_pref("CT2720081.myStuffServiceIntervalMM", 1440);
user_pref("CT2720081.myStuffServiceUrl", "http://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUF
user_pref("CT2720081.RadioIsPodcast", false);
user_pref("CT2720081.RadioLastCheckTime", "Fri Sep 03 2010 23:38:01 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT2720081.RadioLastUpdateIPServer", "3");
user_pref("CT2720081.RadioLastUpdateServer", "129248947734170000");
user_pref("CT2720081.RadioMediaID", "21079850");
user_pref("CT2720081.RadioMediaType", "Media Player");
user_pref("CT2720081.RadioMenuSelectedID", "EBRadioMenu_CT272008121079850");
user_pref("CT2720081.RadioStationName", "AHL%20-%20Grand%20Rapids%20Griffins");
user_pref("CT2720081.RadioStationURL", "http://cdncon.wm.llnwd.net/cdncon_neulion1_ahl_griffins?eid=2037&pid=2037&gid=101]]");
user_pref("CT2720081.SearchEngine", "Search||http://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2720081&octid=EB_ORIGINAL_CTID&SearchSour
user_pref("CT2720081.SearchFromAddressBarIsInit", true);
user_pref("CT2720081.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2720081&q=");
user_pref("CT2720081.SearchInNewTabEnabled", true);
user_pref("CT2720081.SearchInNewTabIntervalMM", 1440);
user_pref("CT2720081.SearchInNewTabLastCheckTime", "Fri Sep 03 2010 23:38:01 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT2720081.SearchInNewTabServiceUrl", "http://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
user_pref("CT2720081.SearchInNewTabUsageUrl", "http://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
user_pref("CT2720081.SettingsCheckIntervalMin", 120);
user_pref("CT2720081.SettingsLastCheckTime", "Sat Sep 04 2010 19:37:29 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT2720081.SettingsLastUpdate", "1283363605");
user_pref("CT2720081.SHRINK_TOOLBAR", 1);
user_pref("CT2720081.ThirdPartyComponentsInterval", 504);
user_pref("CT2720081.ThirdPartyComponentsLastCheck", "Wed Sep 01 2010 17:59:26 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT2720081.ThirdPartyComponentsLastUpdate", "1246790578");
user_pref("CT2720081.TrusteLinkUrl", "http://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112");
user_pref("CT2720081.uninstallLogServiceUrl", "http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CT2720081.UserID", "UN94289844176283578");
user_pref("CT2720081.WeatherNetwork", "");
user_pref("CT2720081.WeatherPollDate", "Sat Sep 04 2010 20:07:55 GMT+0200 (Central Europe Daylight Time)");
user_pref("CT2720081.WeatherUnit", "C");
---- Lines conduit removed from prefs.js ----
user_pref("CommunityToolbar.alert.clientsServerUrl", "http://alert.client.conduit.com");
user_pref("CommunityToolbar.alert.servicesServerUrl", "http://alert.services.conduit.com");
user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15.1.0", "\"0343677cfb1cd1:0\"");
user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16.0.3", "\"0343677cfb1cd1:0\"");
user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18.0.7", "\"0343677cfb1cd1:0\"");
user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.19.0.3", "\"97e416bb586ce1:0\"");
user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.20.0.4", "\"dfe74040abc2ce1:0\"");
user_pref("CommunityToolbar.ETag.http://translation.toolbar.conduit-services.com/?locale=en-us", "\"f4006385da8a3ea2c255df21ee98e396\"");
user_pref("CommunityToolbar.ETag.http://translation.toolbar.conduit-services.com/?locale=en", "\"d622e869ad0a8a80208a18f8f4908246\"");
user_pref("plugin.state.npconduitfirefoxplugin", 2);
---- Lines babsrc removed from prefs.js ----
user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_blackList", "form=CONTLB|babsrc=toolbar|babsrc=tb_ss|invocationType=tb50-ie-aolsofton
user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_referrer", "http://isearch.babylon.com/?affID=117023&tt=090113_ctrl_0213_2&babsrc=NT_
---- Lines valueApps removed from prefs.js ----
user_pref("valueApps.storage.mam_gk_userId", "38303138336566612D333935642D343134642D613734632D396339353632613630346130");
---- Lines searchou removed from prefs.js ----
user_pref("browser.startup.homepage", "http://searchou.com/?id=d0a1dfa6000000000000005345000000");
---- Lines ask.com removed from prefs.js ----
user_pref("extensions.asktb.default-channel-url-mask", "http://www.ask.com/web?q={query}&o={o}&l={l}&qsrc={qsrc}");
user_pref("extensions.toolbar@ask.com.install-event-fired", true);
---- Lines ask.com modified from prefs.js ----

user_pref("extensions.enabledItems", "toolbar@ask.com:3.3.3.123,{ce18769b-c7fa-42d2-860d-17c4662c70ad}:2.7.2.0,{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}:
---- Lines Web Search removed from prefs.js ----
user_pref("browser.search.defaultenginename", "EN - Real Madrid FC Customized Web Search");
user_pref("browser.search.defaultthis.engineName", "mipony-plugin Customized Web Search");
---- Lines asktb removed from prefs.js ----
user_pref("extensions.asktb.cbid", "SQ");
user_pref("extensions.asktb.fresh-install", false);
user_pref("extensions.asktb.l", "dis");
user_pref("extensions.asktb.last-config-req", "4082012139357");
user_pref("extensions.asktb.locale", "en_US");
user_pref("extensions.asktb.o", "14088");
user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
user_pref("extensions.asktb.qsrc", "2871");
user_pref("extensions.asktb.r", "2");
---- Lines speedbit removed from prefs.js ----
user_pref("speedbit.dap_installed", true);
user_pref("speedbitvdownloader.auto_search", false);
user_pref("speedbitvdownloader.buttons.highlighter", false);
user_pref("speedbitvdownloader.buttons.showlabels", false);
user_pref("speedbitvdownloader.click_selects_all", true);
user_pref("speedbitvdownloader.ctrl_search", false);
user_pref("speedbitvdownloader.enable_auto_complete", false);
user_pref("speedbitvdownloader.focus_key", false);
user_pref("speedbitvdownloader.search_in_tab", false);
user_pref("speedbitvdownloader.search_on_drag_drop", false);
user_pref("speedbitvdownloader.shift_ctrl_search", false);
user_pref("speedbitvdownloader.shift_search", false);
user_pref("speedbitvdownloader.use_inline_complete", false);
user_pref("speedbitvdownloader.warn_on_form_history", false);
user_pref("speedbitvideodownloader.cache.tbs_include_xml_spd", "54/17/13/11/112");
user_pref("speedbitvideodownloader.firstlaunch", "0");
user_pref("speedbitvideodownloader.guid", "%7BF4BAB276-C757-BABE-9858-3E928C1BA02F%7D");
user_pref("speedbitvideodownloader.popupblockedcnt", "156");
user_pref("speedbitvideodownloader.userId", "%12");
user_pref("speedbitvideodownloader.Var1", "0");
user_pref("speedbitvideodownloader.Var10", "0");
user_pref("speedbitvideodownloader.Var2", "0");
user_pref("speedbitvideodownloader.Var3", "0");
user_pref("speedbitvideodownloader.Var4", "0");
user_pref("speedbitvideodownloader.Var5", "0");
user_pref("speedbitvideodownloader.Var6", "0");
user_pref("speedbitvideodownloader.Var7", "0");
user_pref("speedbitvideodownloader.Var8", "0");
user_pref("speedbitvideodownloader.Var9", "0");
user_pref("speedbitvideodownloader_installed_version", "2.2.4");
---- Lines CommunityToolbar removed from prefs.js ----
user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sat Jun 30 2012 20:02:19 GMT+0200 (Central Europe Daylight Time)");
user_pref("CommunityToolbar.alert.locale", "en");
user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sat Jun 30 2012 20:02:19 GMT+0200 (Central Europe Daylight Time)");
user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");
user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
user_pref("CommunityToolbar.alert.showTrayIcon", false);
user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
user_pref("CommunityToolbar.alert.userId", "{32cfcf01-d52d-4031-9525-73681c6dc37f}");
user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Fri Sep 03 2010 23:38:01 GMT+0200 (Central Europe Daylight Time)");
user_pref("CommunityToolbar.globalUserId", "16b59a31-155e-4e12-be38-36ccbe6724ab");
user_pref("CommunityToolbar.MyGadgetsIntervalMM", 1440);
user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
user_pref("CommunityToolbar.twitter.user_14293310.LastCheckTime", "Sat Sep 04 2010 19:37:34 GMT+0200 (Central Europe Daylight Time)");
user_pref("CommunityToolbar.twitter.user_14872237.LastCheckTime", "Sun Nov 20 2011 22:05:45 GMT+0100 (Central Europe Standard Time)");
user_pref("CommunityToolbar.twitter.user_2557521.LastCheckTime", "Sat Sep 04 2010 19:37:34 GMT+0200 (Central Europe Daylight Time)");
user_pref("CommunityToolbar.twitter.user_31109891.LastCheckTime", "Wed Jan 27 2010 20:12:06 GMT+0100 (Central Europe Standard Time)");
user_pref("CommunityToolbar.twitter.user_428333.LastCheckTime", "Sat Sep 04 2010 19:37:34 GMT+0200 (Central Europe Daylight Time)");
user_pref("CommunityToolbar.twitter.user_807095.LastCheckTime", "Sat Sep 04 2010 19:37:34 GMT+0200 (Central Europe Daylight Time)");
---- Lines crossrider removed from prefs.js ----
user_pref("extensions.crossrider.bic", "13d5bf3b79d89eeffcf1ba0d3bfaf145");
user_pref("extensions.crossriderapp21806.21806.active", true);
user_pref("extensions.crossriderapp21806.21806.addressbar", "NA");
user_pref("extensions.crossriderapp21806.21806.addressbarenhanced", "");
user_pref("extensions.crossriderapp21806.21806.asyncdb.was_copied", "true");
user_pref("extensions.crossriderapp21806.21806.asyncdb_dbWasSet", true);
user_pref("extensions.crossriderapp21806.21806.asyncdb_dbWasSet_FF25_FIX", true);
user_pref("extensions.crossriderapp21806.21806.asyncinternaldb.was_copied", "true");
user_pref("extensions.crossriderapp21806.21806.asyncinternaldb_dbWasSet", true);
user_pref("extensions.crossriderapp21806.21806.asyncinternaldb_dbWasSet_FF25_FIX", true);
user_pref("extensions.crossriderapp21806.21806.backgroundjs", "\n\n//\n");
user_pref("extensions.crossriderapp21806.21806.backgroundver", 38);
user_pref("extensions.crossriderapp21806.21806.can_run_bg_code", true);
user_pref("extensions.crossriderapp21806.21806.certdomaininstaller", "");
user_pref("extensions.crossriderapp21806.21806.changeprevious", false);
user_pref("extensions.crossriderapp21806.21806.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Central Europe Standard Time)");
user_pref("extensions.crossriderapp21806.21806.cookie._GPL_aoi.value", "1363047265");
user_pref("extensions.crossriderapp21806.21806.cookie._GPL_blocklist.expiration", "Wed Apr 02 2014 13:01:01 GMT+0200 (Central Europe Daylight Time)");
user_pref("extensions.crossriderapp21806.21806.cookie._GPL_blocklist.value", "%22*%2Cnonexistantdomain.com%22");
user_pref("extensions.crossriderapp21806.21806.cookie._GPL_country_code.expiration", "Tue Apr 08 2014 14:05:53 GMT+0200 (Central Europe Daylight Time)
user_pref("extensions.crossriderapp21806.21806.cookie._GPL_country_code.value", "%22RS%22");
user_pref("extensions.crossriderapp21806.21806.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Central Europe Standard Time)");
user_pref("extensions.crossriderapp21806.21806.cookie._GPL_crr.value", "1396436332");
user_pref("extensions.crossriderapp21806.21806.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Central Europe Standard Time)"
user_pref("extensions.crossriderapp21806.21806.cookie._GPL_currenttime.value", "%221392016071%22");
user_pref("extensions.crossriderapp21806.21806.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Central Europe Standard
user_pref("extensions.crossriderapp21806.21806.cookie._GPL_hotfix20111102645.value", "%221%22");
user_pref("extensions.crossriderapp21806.21806.cookie._GPL_ib_disclosure_tmp.expiration", "Wed Apr 02 2014 13:06:01 GMT+0200 (Central Europe Daylight
user_pref("extensions.crossriderapp21806.21806.cookie._GPL_ib_disclosure_tmp.value", "1396436161");
user_pref("extensions.crossriderapp21806.21806.cookie._GPL_installer_params.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Central Europe Standard T
user_pref("extensions.crossriderapp21806.21806.cookie._GPL_installer_params.value", "%7B%22source_id%22%3A%2255443%22%2C%22sub_id%22%3A%22default%22%2
user_pref("extensions.crossriderapp21806.21806.cookie._GPL_installtime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Central Europe Standard Time)"
user_pref("extensions.crossriderapp21806.21806.cookie._GPL_installtime.value", "%221362693779%22");
user_pref("extensions.crossriderapp21806.21806.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Central Europe Standard Time
user_pref("extensions.crossriderapp21806.21806.cookie._GPL_parent_zoneid.value", "%2214019%22");
user_pref("extensions.crossriderapp21806.21806.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Central Europe Standard Time)"
user_pref("extensions.crossriderapp21806.21806.cookie._GPL_pc_20120828.value", "1363047439942");
user_pref("extensions.crossriderapp21806.21806.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Central Europe Standard Time)")
user_pref("extensions.crossriderapp21806.21806.cookie._GPL_product_id.value", "%221180%22");
user_pref("extensions.crossriderapp21806.21806.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Central Europe Standard Time)");
user_pref("extensions.crossriderapp21806.21806.cookie._GPL_zoneid.value", "%22156286%22");
user_pref("extensions.crossriderapp21806.21806.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Central Europe Standard Time)");
user_pref("extensions.crossriderapp21806.21806.cookie.dbtest.value", "1363047376614");
user_pref("extensions.crossriderapp21806.21806.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Central Europe Standard Time)"
user_pref("extensions.crossriderapp21806.21806.cookie.InstallationTime.value", "1363047265");
user_pref("extensions.crossriderapp21806.21806.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Central Europe Standard Time)")
user_pref("extensions.crossriderapp21806.21806.crossriderapp21806_dbWasSet", true);
user_pref("extensions.crossriderapp21806.21806.crossriderapp21806_dbWasSet_FF25_FIX", true);
user_pref("extensions.crossriderapp21806.21806.description", "Deals Plugin");
user_pref("extensions.crossriderapp21806.21806.domain", "");
user_pref("extensions.crossriderapp21806.21806.enablesearch", false);
user_pref("extensions.crossriderapp21806.21806.fbremoteurl", "");
user_pref("extensions.crossriderapp21806.21806.group", 0);
user_pref("extensions.crossriderapp21806.21806.homepage", "");
user_pref("extensions.crossriderapp21806.21806.iframe", false);
user_pref("extensions.crossriderapp21806.21806.InstallationThankYouPage", true);
user_pref("extensions.crossriderapp21806.21806.InstallationTime", 1363047265);
user_pref("extensions.crossriderapp21806.21806.InstallationUserSettings.searchUserConifrmation", false);
user_pref("extensions.crossriderapp21806.21806.InstallationUserSettings.setHomepage", false);
user_pref("extensions.crossriderapp21806.21806.InstallationUserSettings.setNewTab", false);
user_pref("extensions.crossriderapp21806.21806.InstallationUserSettings.setSearch", false);
user_pref("extensions.crossriderapp21806.21806.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Central Europe Standar
user_pref("extensions.crossriderapp21806.21806.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%22F7AD076943BB4486848889F61645EE18IE
user_pref("extensions.crossriderapp21806.21806.internaldb.InstallerParamsCache.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Central Europe Standar
user_pref("extensions.crossriderapp21806.21806.internaldb.InstallerParamsCache.value", "%7B%22source_id%22%3A%220%22%2C%22sub_id%22%3A%220%22%2C%22uzi
user_pref("extensions.crossriderapp21806.21806.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Central Europe Standard Ti
user_pref("extensions.crossriderapp21806.21806.internaldb.Resources_appVer.value", "61");
user_pref("extensions.crossriderapp21806.21806.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Central Europe Standa
user_pref("extensions.crossriderapp21806.21806.internaldb.Resources_lastVersion.value", "1");
user_pref("extensions.crossriderapp21806.21806.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Central Europe Standard Time
user_pref("extensions.crossriderapp21806.21806.internaldb.Resources_meta.value", "%7B%7D");
user_pref("extensions.crossriderapp21806.21806.internaldb.Resources_nextCheck.expiration", "Wed Apr 02 2014 18:43:53 GMT+0200 (Central Europe Daylight
user_pref("extensions.crossriderapp21806.21806.internaldb.Resources_nextCheck.value", "true");
user_pref("extensions.crossriderapp21806.21806.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Central Europe Standard Tim
user_pref("extensions.crossriderapp21806.21806.internaldb.Resources_queue.value", "%7B%7D");
user_pref("extensions.crossriderapp21806.21806.internaldb.Resources_remote_resources.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Central Europe S
user_pref("extensions.crossriderapp21806.21806.internaldb.Resources_remote_resources.value", "%7B%22remoteId%22%3A0%7D");
user_pref("extensions.crossriderapp21806.21806.internaldb.SoftwareDetected.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Central Europe Standard Ti
user_pref("extensions.crossriderapp21806.21806.internaldb.SoftwareDetected.value", "%7B%22AnySoftware%22%3Afalse%2C%22Wireshark%22%3Afalse%2C%22Virtua
user_pref("extensions.crossriderapp21806.21806.js", "\n\nif(\"undefined\"1180,baseCDN:\"contentcache-a.akamaihd.net\"})};$jquery(document).ready(_GPL_
user_pref("extensions.crossriderapp21806.21806.lastDailyReport", "1396435409513");
user_pref("extensions.crossriderapp21806.21806.lastUpdate", "1396435428472");
user_pref("extensions.crossriderapp21806.21806.manifesturl", "");
user_pref("extensions.crossriderapp21806.21806.name", "Deals Plugin Extension");
user_pref("extensions.crossriderapp21806.21806.newtab", "");
user_pref("extensions.crossriderapp21806.21806.opensearch", "");
user_pref("extensions.crossriderapp21806.21806.plugins.plugin_1.name", "base");
user_pref("extensions.crossriderapp21806.21806.plugins.plugin_1.ver", 7);
user_pref("extensions.crossriderapp21806.21806.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
user_pref("extensions.crossriderapp21806.21806.plugins.plugin_1000014.ver", 16);
user_pref("extensions.crossriderapp21806.21806.plugins.plugin_1000015.name", "GPL Background (BG)");
user_pref("extensions.crossriderapp21806.21806.plugins.plugin_1000015.ver", 39);
user_pref("extensions.crossriderapp21806.21806.plugins.plugin_13.name", "CrossriderAppUtils");
user_pref("extensions.crossriderapp21806.21806.plugins.plugin_13.ver", 3);
user_pref("extensions.crossriderapp21806.21806.plugins.plugin_14.name", "CrossriderUtils");
user_pref("extensions.crossriderapp21806.21806.plugins.plugin_14.ver", 9);
user_pref("extensions.crossriderapp21806.21806.plugins.plugin_16.name", "FFAppAPIWrapper");
user_pref("extensions.crossriderapp21806.21806.plugins.plugin_16.ver", 10);
user_pref("extensions.crossriderapp21806.21806.plugins.plugin_17.name", "jQuery");
user_pref("extensions.crossriderapp21806.21806.plugins.plugin_17.ver", 4);
user_pref("extensions.crossriderapp21806.21806.plugins.plugin_21.name", "debug");
user_pref("extensions.crossriderapp21806.21806.plugins.plugin_21.ver", 4);
user_pref("extensions.crossriderapp21806.21806.plugins.plugin_22.name", "resources");
user_pref("extensions.crossriderapp21806.21806.plugins.plugin_22.ver", 5);
user_pref("extensions.crossriderapp21806.21806.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){var c={appId:appAPI._cr_config.a
user_pref("extensions.crossriderapp21806.21806.plugins.plugin_28.name", "initializer");
user_pref("extensions.crossriderapp21806.21806.plugins.plugin_28.ver", 3);
user_pref("extensions.crossriderapp21806.21806.plugins.plugin_4.name", "jquery_1_7_1");
user_pref("extensions.crossriderapp21806.21806.plugins.plugin_4.ver", 4);
user_pref("extensions.crossriderapp21806.21806.plugins.plugin_47.name", "resources_background");
user_pref("extensions.crossriderapp21806.21806.plugins.plugin_47.ver", 3);
user_pref("extensions.crossriderapp21806.21806.plugins.plugin_64.name", "appApiMessage");
user_pref("extensions.crossriderapp21806.21806.plugins.plugin_64.ver", 3);
user_pref("extensions.crossriderapp21806.21806.plugins.plugin_72.name", "appApiValidation");
user_pref("extensions.crossriderapp21806.21806.plugins.plugin_72.ver", 3);
user_pref("extensions.crossriderapp21806.21806.plugins.plugin_78.name", "CrossriderInfo");
user_pref("extensions.crossriderapp21806.21806.plugins.plugin_78.ver", 4);
user_pref("extensions.crossriderapp21806.21806.plugins.plugin_98.code", "(function(){var b=\"cr_\"+appAPI.appID+\"internalMessage\";var a=function(){v
user_pref("extensions.crossriderapp21806.21806.plugins.plugin_98.name", "omniCommands");
user_pref("extensions.crossriderapp21806.21806.plugins.plugin_98.ver", 2);
user_pref("extensions.crossriderapp21806.21806.plugins_lists.plugins_0", "4,14,78,16,64,47,72,98,1000015");
user_pref("extensions.crossriderapp21806.21806.plugins_lists.plugins_1", "17,14,78,13,16,64,4,1,21,22,72,98,1000014,28");
user_pref("extensions.crossriderapp21806.21806.plugins_lists.plugins_5", "4,14,78,13,16,64,47,72");
user_pref("extensions.crossriderapp21806.21806.pluginsurl", "https://w9u6a2p6.ssl.hwcdn.net/plugin/apps/21806/plugins/094/ff/plugins.json");
user_pref("extensions.crossriderapp21806.21806.pluginsversion", 55);
user_pref("extensions.crossriderapp21806.21806.publisher", "Innovative Apps");
user_pref("extensions.crossriderapp21806.21806.searchstatus", 0);
user_pref("extensions.crossriderapp21806.21806.setnewtab", false);
user_pref("extensions.crossriderapp21806.21806.settingsurl", "");
user_pref("extensions.crossriderapp21806.21806.thankyou", "");
user_pref("extensions.crossriderapp21806.21806.updateinterval", 360);
user_pref("extensions.crossriderapp21806.21806.ver", 61);
user_pref("extensions.crossriderapp21806.apps", "21806");
user_pref("extensions.crossriderapp21806.bic", "13d5bf3b79d89eeffcf1ba0d3bfaf145");
user_pref("extensions.crossriderapp21806.cid", 21806);
user_pref("extensions.crossriderapp21806.FilesValidatorDueTime", "1396435465165");
user_pref("extensions.crossriderapp21806.firstrun", false);
user_pref("extensions.crossriderapp21806.hadappinstalled", true);
user_pref("extensions.crossriderapp21806.installationdate", 1363047332);
user_pref("extensions.crossriderapp21806.lastcheck", 22977344);
user_pref("extensions.crossriderapp21806.lastcheckitem", 22977344);
user_pref("extensions.crossriderapp21806.modetype", "production");
user_pref("extensions.crossriderapp21806.reportInstall", true);
user_pref("extensions.crossriderapp21806.statsDailyCounter", 267);
---- Lines mysearch removed from prefs.js ----
user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_temp_referer", "http://www.mysearchresults.com/?c=3513&t=07");
---- Lines defaulttab removed from prefs.js ----
user_pref("extensions.addon@defaulttab.com.install-event-fired", true);
user_pref("extensions.defaulttab.installdate", 1396353938);
user_pref("extensions.defaulttab.lastUsed", 1377607536);
user_pref("extensions.defaulttab.useNewTabWhiteList", false);
---- Lines defaulttab modified from prefs.js ----

user_pref("extensions.enabledAddons", "%7Be968fc70-8f95-4ab9-9e79-304de2a71ee1%7D:0.7.3,ffxtlbr%40babylon.com:1.5.0,%7BB17C1C5A-04B1-11DB-9804-B622A1E
---- Lines Sweet removed from prefs.js ----
user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
user_pref("sweetim.toolbar.previous.keyword.URL", "");
user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
user_pref("sweetim.toolbar.searchguard.enable", "");
user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
---- Lines smartbar removed from prefs.js ----
user_pref("smartbar.machineId", "OKMBAUY2AFEO6LO6GGYY0AWEF9G8WLGER4LT+IO2PKOEHWY9KF2MJNKN71W2JAWXUJCBYZXHLSZIX2EUBZHRSQ");
user_pref("Smartbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
---- Lines extensions.517c6abd60db5 removed from prefs.js ----
user_pref("extensions.517c6abd60db5.epoch", "1396440353");
user_pref("extensions.517c6abd60db5.url", "http://getitjpi.info/sync2/?ext=mag&pid=580&country=ME®d=130428001805&lsd=140401120504&ver=7&ind=7401453
---- Lines extensions.RbuoQTdoc removed from prefs.js ----
user_pref("extensions.RbuoQTdoc.epoch", "1396440354");
user_pref("extensions.RbuoQTdoc.url", "http://discountgetdirect.ru/sync2/?q=hfZ9oeZ4AchEAen0rchTB6lKDzt4ok8xtNtVh7n0rjnErHa7rjC9qTr7tMFHhd9Fqda9rdwFrT
---- Lines extensions.VGeP removed from prefs.js ----
user_pref("extensions.VGeP.epoch", "1396440354");
user_pref("extensions.VGeP.url", "http://driverguidemy.ru/sync2/?q=hfZ9oexIDzgMCyVUojaMg708BNmGWj8qmihGheDUojw9rdsFpdwErjwHrShIC7n0rjnEqdaFrjsEqjk5tNh
---- Lines {336D0C35-8A85-403a-B9D2-65C292C39087} removed from prefs.js ----
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.extensionFirstRun", false);
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.lastExtensionVersion", "2.0.0.474");
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_installer_name", "sg_6R8D0ggWG7_active_MB179_MB180_UA-25323614-19_2012-08-24-03-06-49");
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_product_name", "Web Assistant");
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_product_version", "2.0.0.474");
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_temp_installer_name", "sg_6R8D0ggWG7_active_MB179_MB180_UA-25323614-19_2012-08-24-03-06-4
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_toolbarID", "efd5c2c1412a45a8b3790f85240000c6");
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_dailyPing", "true|||1354658990123");
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_debugMode", "not set");
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_gtQueryParam", "UA-25323614-19");
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_inactive_by_user", "not set");
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_installedPing", "true|||8641354191807315");
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_lastUpdate", "1354572582705|||8641354572582706");
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_redirectQueryParam1", "MB179");
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_redirectQueryParam2", "MB180");
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_showDialog", "not set");
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_status", "active");
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_temp_referer", "http://us.yhs4.search.yahoo.com/yhs/search?fr=altavista&itag=ody&q=ht
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_toolbar_query", "not set");
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_upn2", "6R8D0ggWG7");
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.setdefaultsearch_2.0.0.474", false);
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.setdnscatch_2.0.0.413", false);
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.setdnscatch_2.0.0.474", false);
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.sethomepage_2.0.0.474", false);
user_pref("extensions.{336D0C35-8A85-403a-B9D2-65C292C39087}.install-event-fired", true);
---- Lines jqs@sun.com removed from prefs.js ----
user_pref("extensions.jqs@sun.com.install-event-fired", true);
---- Lines jqs@sun.com modified from prefs.js ----

user_pref("extensions.enabledItems", "toolbar@disabled:3.3.3.123,{ce18769b-c7fa-42d2-860d-17c4662c70ad}:2.7.2.0,{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}
---- FireFox user.js and prefs.js backups ----

user_05.04.2014_1340_.backup
prefs_05.04.2014_1340_.backup

ProfilePath: C:\Documents and Settings\yuser1\Application Data\Mozilla\Firefox\Profiles\78a867m5.default

---- Lines search.com removed from prefs.js ----
user_pref("browser.startup.homepage", "http://www.daemon-search.com/default");
---- Lines crossrider removed from prefs.js ----
user_pref("extensions.crossriderapp21806.adsOldValue", -1);
---- FireFox user.js and prefs.js backups ----

user_05.04.2014_1340_.backup
prefs_05.04.2014_1340_.backup

==== Batch Command(s) Run By Tool======================


==== Deleting Files \ Folders ======================

C:\Program Files\AskSBar deleted
C:\Program Files\BabylonToolbar deleted
C:\Documents and Settings\Srdjan\Application Data\BabylonToolbar deleted
C:\Program Files\Deals Plugin Extension deleted
C:\Program Files\Video Converter Ultimate deleted
C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\32bffc53f0072850 deleted
C:\Program Files\GUM3.tmp deleted
C:\Program Files\GUM66.tmp deleted
C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml deleted
C:\Program Files\Mozilla Firefox\defaults\preferences\autoconfig.js deleted
C:\Program Files\Softonic_English deleted
C:\Program Files\7plugincoupon deleted
C:\Program Files\MagniPic deleted
C:\Program Files\Avant Browser deleted
C:\Program Files\Conduit deleted
C:\Program Files\Free Download Manager deleted
C:\Program Files\DAEMON Tools Toolbar deleted
C:\Program Files\SpeedBit Video Downloader deleted
C:\Program Files\SopCast deleted
C:\Program Files\Babylon deleted
C:\Program Files\Babylon-English deleted
C:\Program Files\Internet Download Manager deleted
C:\Program Files\Wondershare deleted
C:\Program Files\Industriya deleted
C:\Program Files\Ask.com deleted
C:\Program Files\Perion deleted
C:\Program Files\SearchPredict deleted
C:\Program Files\Web Assistant deleted
C:\Documents and Settings\Srdjan\Application Data\Microsoft\Internet Explorer\Quick Launch\Search.lnk deleted
C:\Documents and Settings\Srdjan\Application Data\UserFlag.ini deleted
C:\Documents and Settings\Srdjan\Application Data\Thinstall deleted
C:\Documents and Settings\Srdjan\Application Data\Industriya deleted
C:\Documents and Settings\Srdjan\Application Data\Babylon deleted
C:\Documents and Settings\Srdjan\Application Data\DefaultTab deleted
C:\Documents and Settings\Srdjan\Application Data\GetRightToGo deleted
C:\Documents and Settings\Srdjan\Application Data\OpenCandy deleted
C:\Documents and Settings\yuser1\Application Data\Yahoo! deleted
C:\Documents and Settings\Srdjan\evkzcw.bat deleted
C:\Documents and Settings\Srdjan\qxekfye.bat deleted
C:\Documents and Settings\Srdjan\udscfux.bat deleted
C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Setting.dat deleted
C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\boost_interprocess deleted
C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\MAAgniPic deleted
C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\CLSoft LTD deleted
C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SpeedBit deleted
C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\InstallMate deleted
C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Babylon deleted
C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Trymedia deleted
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Babylon-English deleted
C:\Documents and Settings\Srdjan\Local Settings\Application Data\check.vbs deleted
C:\Documents and Settings\Srdjan\Local Settings\Application Data\crt.vbs deleted
C:\Documents and Settings\Srdjan\Local Settings\Application Data\zlib1.dll deleted
C:\Documents and Settings\Srdjan\Local Settings\Application Data\Deals Plugin deleted
C:\Documents and Settings\Srdjan\Local Settings\Application Data\eSupport.com deleted
C:\Documents and Settings\Srdjan\Local Settings\Application Data\BenchUpdater deleted
C:\Documents and Settings\Srdjan\Local Settings\Application Data\PackageAware deleted
C:\Documents and Settings\Srdjan\Local Settings\Application Data\AskToolbar deleted
C:\Documents and Settings\Srdjan\Local Settings\Application Data\Babylon deleted
C:\Documents and Settings\Srdjan\Local Settings\Application Data\Babylon-English deleted
C:\Documents and Settings\Srdjan\Local Settings\Application Data\Conduit deleted
C:\Documents and Settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd deleted
C:\Documents and Settings\yuser1\Local Settings\Application Data\Conduit deleted
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\MAAgniPic deleted
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Wondershare deleted
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\SpeedBit Video Downloader deleted
C:\Documents and Settings\Srdjan\Start Menu\Programs\Search.lnk deleted
C:\WINDOWS\003025_.tmp deleted
C:\WINDOWS\SET3.tmp deleted
C:\WINDOWS\SET4.tmp deleted
C:\WINDOWS\SET8.tmp deleted
C:\WINDOWS\wininit.ini deleted
C:\WINDOWS\tasks\bench-S-1-5-21-1085031214-1343024091-839522115-1003.job deleted
C:\WINDOWS\tasks\bench-sys.job deleted
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job deleted
C:\user.js deleted
C:\END deleted
C:\WINDOWS\System32\ARFC deleted
C:\WINDOWS\System32\WNLT deleted
C:\Documents and Settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\searchplugins\babylon1.xml deleted
C:\Documents and Settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\searchplugins\daemon-search.xml deleted
C:\Documents and Settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\searchplugins\live-search.xml deleted
C:\Documents and Settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\searchplugins\MyStart Search.xml deleted
C:\Documents and Settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\searchplugins\search-here.xml deleted
C:\Documents and Settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\searchplugins\web-search.xml deleted
C:\Documents and Settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\ffxtlbr@babylon.com deleted
C:\Documents and Settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\valueApps deleted
C:\Documents and Settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\GoogleToolbarData deleted
C:\Documents and Settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\CT1142338 deleted
C:\Documents and Settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\CT2010429 deleted
C:\Documents and Settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\CT2443659 deleted
C:\Documents and Settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\CT2465030 deleted
C:\Documents and Settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\CT2720081 deleted
C:\Documents and Settings\yuser1\Application Data\Mozilla\Firefox\Profiles\78a867m5.default\searchplugins\daemon-search.xml deleted
C:\Documents and Settings\yuser1\Application Data\Mozilla\Firefox\Profiles\78a867m5.default\extensions\extension21806@extension21806.com deleted
C:\Documents and Settings\yuser1\Application Data\Mozilla\Firefox\Profiles\78a867m5.default\GoogleToolbarData deleted
C:\Documents and Settings\All Users.WINDOWS\Desktop\Sothink Web Video Downloader.lnk deleted
C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} deleted
C:\Documents and Settings\Srdjan\Desktop\SRDJAN\oi_setup_aa-mp3exe.exe deleted
C:\Documents and Settings\Srdjan\Desktop\SRDJAN\just see\SoftonicDownloader_for_safari.exe deleted
C:\Documents and Settings\Srdjan\Desktop\SRDJAN\Temporary Files\SoftonicDownloader_for_freez-flv-to-mp3-converter.exe deleted
C:\Documents and Settings\Srdjan\Desktop\SRDJAN\Temporary Files\SoftonicDownloader_for_sony-vegas-video.exe deleted
C:\Documents and Settings\Srdjan\EoS-PreInstall.exe deleted
C:\Documents and Settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\{90d46c30-9f25-4104-aea9-35c3f84477ff} deleted
C:\Documents and Settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\{b88b1d29-b49c-455d-9fd2-3acd06af56b8} deleted
C:\Documents and Settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\{ce18769b-c7fa-42d2-860d-17c4662c70ad} deleted
C:\Documents and Settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\{d3dc5de2-0384-43b1-bea5-80d202086138} deleted
C:\Documents and Settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\ffxtlbr@incredibar.com deleted
C:\Documents and Settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\ffxtlbr@privitize.com deleted
C:\Documents and Settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\conduit deleted
C:\Documents and Settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\conduitCommon deleted
C:\Documents and Settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\toolbar@ask.com deleted
C:\Documents and Settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\smartbar deleted
C:\Documents and Settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\addon@defaulttab.com.xpi deleted
"C:\Documents and Settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\searchplugins\privitize.xml" deleted
"C:\Documents and Settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\searchplugins\conduit.xml" deleted
"C:\Documents and Settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\defaulttab.config" deleted
"C:\WINDOWS\System32\dmwu.exe" deleted
"C:\WINDOWS\system32\ImHttpComm.dll" deleted
"C:\WINDOWS\system32\dmwu.exe" deleted
"C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\eaojjjlcgbijkobckeokakahdacfbpfn\eaojjjlcgbijkobckeokakahdacfbpfn.crx" deleted
"C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\eaojjjlcgbijkobckeokakahdacfbpfn\update.xml" deleted
"C:\Documents and Settings\Srdjan\Local Settings\Application Data\Updater21806\Updater21806.exe" deleted
"C:\WINDOWS\System32\jmdp\lmrn.dll" deleted
"C:\WINDOWS\System32\jmdp\sqlite3.dll" deleted
"C:\WINDOWS\System32\jmdp\stij.exe" deleted
"C:\Program Files\Bench\BService\bhelper.dll" deleted
"C:\Program Files\Bench\BService\bservice.exe" deleted
"C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\eaojjjlcgbijkobckeokakahdacfbpfn" deleted
"C:\Documents and Settings\Srdjan\Application Data\temp" deleted
"C:\Documents and Settings\Srdjan\Application Data\DMCache" deleted
"C:\Program Files\Bench" not deleted
"C:\Documents and Settings\Srdjan\Local Settings\Application Data\Updater21806" deleted
"C:\WINDOWS\System32\jmdp" deleted
"C:\Program Files\Bench\BService" not deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{8E9E3331-D360-4f87-8803-52DE43566502}"="C:\Program Files\Web Assistant\Firefox" []
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{8E9E3331-D360-4f87-8803-52DE43566502}"="C:\Program Files\Web Assistant\Firefox" []
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"support@easy-hide-ip.com"="C:\Program Files\Easy-Hide-IP\ff-extension" [26.01.2012 23:25]

==== Firefox Extensions ======================

ProfilePath: C:\Documents and Settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default
- Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Flash Video Downloader - Full HD Download - %ProfilePath%\extensions\artur.dubovoy@gmail.com
- TVU Web Player - %ProfilePath%\extensions\firefox@tvunetworks.com
- RapidShare DownloadHelper - %ProfilePath%\extensions\rsDownloadHelper@yevgenyandrov.net
- vShare Plugin - %ProfilePath%\extensions\vshare@toolbar
- IE Tab - %ProfilePath%\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
- kikin plugin - %ProfilePath%\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}
- DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
- Torbutton - %ProfilePath%\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
- User Agent Switcher - %ProfilePath%\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
- Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
- Password Exporter - %ProfilePath%\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi
- Fast Video Download with SearchMenu - %ProfilePath%\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi
- Sothink Web Video Downloader for Firefox - %ProfilePath%\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}.xpi

ProfilePath: C:\Documents and Settings\yuser1\Application Data\Mozilla\Firefox\Profiles\78a867m5.default
- Undetermined - %ProfilePath%\extensions\fdm_ffext@freedownloadmanager.org
- TVU Web Player - %ProfilePath%\extensions\firefox@tvunetworks.com
- Undetermined - %ProfilePath%\extensions\staged-xpis
- FlashGot - %ProfilePath%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
- PDF Download - %ProfilePath%\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
- Yahoo Toolbar - %ProfilePath%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
- Megaupload Toolbar - %ProfilePath%\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D}
- DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
- DownThemAll - %ProfilePath%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}

AppDir: C:\Program Files\Mozilla Firefox
- Hide My IP - %AppDir%\extensions\staff@hide-my-ip.com
- Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Softonic English Toolbar - %AppDir%\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Undetermined - %AppDir%\extensions\support@daemon-tools.cc

==== Firefox Plugins ======================

Profilepath: C:\Documents and Settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default
63EE2015B877A2E472CC59E05291AA39 - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMSS.dll - McAfee Security Scanner +
C36444D7301A8C881FC7296B092609C7 - C:\Documents and Settings\Srdjan\Local Settings\Application Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll - Google Update
C36444D7301A8C881FC7296B092609C7 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll - Google Update
5B92CB0A3EEE50F6B9AE036B4F9B0F0C - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin
F7E72D3A281F922BACEC1A71A826D4C2 - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll - Shockwave Flash
D8EBF6A12964A58C10914DA54E175538 - C:\Program Files\QuickTime\Plugins\npqtplugin7.dll - QuickTime Plug-in 7.7.2
D8EBF6A12964A58C10914DA54E175538 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll - QuickTime Plug-in 7.7.2
6E9CE4DC2EAA92855480C9281D3AFFF5 - C:\Program Files\QuickTime\Plugins\npqtplugin6.dll - QuickTime Plug-in 7.7.2
6E9CE4DC2EAA92855480C9281D3AFFF5 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll - QuickTime Plug-in 7.7.2
29F9D1A7D3D63FD2D10CE06901475888 - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.2
29F9D1A7D3D63FD2D10CE06901475888 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.2
CF758AC229C1F082F179B3F7D14EF78B - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.2
CF758AC229C1F082F179B3F7D14EF78B - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.2
629F9B5B99B80679520623655E31B5D1 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.2
629F9B5B99B80679520623655E31B5D1 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.2
65CE2E25E04D7C750BF8B30B2D34DCD7 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.2
65CE2E25E04D7C750BF8B30B2D34DCD7 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.2
2F7480A40151EB2E483CF6524EDBA3F7 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.2
2F7480A40151EB2E483CF6524EDBA3F7 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll - QuickTime Plug-in 7.7.2
C04FCB7EEBEB5097B30468828F20FB9E - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U9
C7794A997CEC29173A4401F3AE16C51F - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin
711A2E6A55EC7BFD59B5F649D58B704B - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll - Silverlight Plug-In
61FAF4A10CD6A2A691A86FB9C5EDB3F7 - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll - Pando Web Plugin
4B76EFB51EC0900B6459BA0F588CE8A1 - C:\Program Files\Veetle\plugins\npVeetle.dll - Veetle TV Core
A1B2B09240361031D1D794D57FC7359C - C:\Program Files\Veetle\Player\npvlc.dll - Veetle TV Player
3D3AF7420B5B01F591163BB3CEA89877 - C:\Documents and Settings\Srdjan\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player
67FC9D52CE19778DD64DBB4F373D9038 - C:\Program Files\Mozilla Firefox\plugins\NPAskSBr.dll - Ask Toolbar Plugin Stub
8E9A08E2092B3E1ADFF3C46BC1A5124B - C:\Program Files\TVUPlayer\npTVUAx.dll - TVU Web Player for FireFox
689B2614DE4057F7C2E1D340D279928D - C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll - Java Deployment Toolkit 6.0.160.1
3509063A268A4197CF8E713BD22B0978 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live® Photo Gallery
4C23E74EF7F99D8B07C9AA7DC087E200 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll - RealJukebox NS Plugin
29B060079A9129553E3FA75EDB8243BB - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll - RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)
3D84A7E0CD7A1FC93EAB9F2D50E5BD9C - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll - RealPlayer Version Plugin
AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
28000D7EEB2FD95A36E1A7539F599C3B - C:\Program Files\Windows Media Player\npdrmv2.dll - Microsoft® DRM
5D41BCD19A3D90E4EBB58A6BFB79E4F7 - C:\Program Files\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library
8B6884E3E1E5F8ABA5FA0C6A2B13181D - C:\Program Files\Windows Media Player\npwmsdrm.dll - Microsoft® DRM
73F8CD6B33887EAFA6BEEEAD93101868 - C:\Program Files\Mozilla Firefox\plugins\npkimi.dll - Imikimi.com Plugin
99F97C9FE748C37528C338A423577FCB - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll - Microsoft® Windows Media Player Firefox Plugin
C9C865EB0212DC5F28B934EF377E6459 - C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll - Yahoo activeX Plug-in Bridge
C289CF2DE3E7116FC21FCD0E683A485F - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll - DivX Player Netscape Plugin
C289CF2DE3E7116FC21FCD0E683A485F - C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll - DivX Player Netscape Plugin
6AB651E1CDF4F62DEE4AB61F4CEA3691 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll - DivX® Web Player
6AB651E1CDF4F62DEE4AB61F4CEA3691 - C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll - DivX® Web Player
108D9340A386974336D049A41DB6D2B1 - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll - DivX® Content Upload Plugin
9A6101F29E2E9D41B99CBCC8F106E8FE - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL - 2007 Microsoft Office system
A795A7F26131D0B10F6EE75C4DE3D320 - C:\Program Files\Adobe\Reader 8.0\Reader\browser\nppdf32.dll - Adobe Acrobat
A795A7F26131D0B10F6EE75C4DE3D320 - C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll - Adobe Acrobat
4356F21FB6D547F22BFBC91164A597A6 - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll - RealNetworks Rhapsody Player Engine
21A55BABD31DA624449F06A591AE73ED - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrlui.dll - Microsoft (R) Silverlight


==== Deleted Firefox Extensions ======================

C:\Documents and Settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED} deleted
C:\Documents and Settings\yuser1\Application Data\Mozilla\Firefox\Profiles\78a867m5.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} deleted

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
bopakagnckmlgajfccecajhnimjiiedh - No path found[]
dhkplhfnhceodhffomolpfigojocbpcb - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonChrome.crx[]
dlnembnfbcpjnepmfjmngjenhhajpdfd - C:\Program Files\Web Assistant\source.crx[]
egnimkioipookhfihpljiedpgjffibpa - C:\Program Files (x86)\MyBrowserCash\MBC_chrome.crx[]
jifflliplgeajjdhmkcfnngfpgbjonjg - C:\Program Files\Perion\NewTab\newTab.crx[]
kdidombaedgpfiiedeimiebkmbilgmlc - C:\Program Files\DefaultTab\DefaultTab.crx[]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[09.10.2013 11:59]

DefaultTab - LocalService.NT AUTHORITY\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Videos Downloader - Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\afnpjphnldlhnfgfkjcmpffbfieojdbo
YTO - Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bdokagampppgbnjfdlkfpphniapiiifn
Sothink Flash Downloader for Chrome - Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\biceobciobbhhkplgocbaigojbnepcoi
Babylon Translator - Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
AllTuubeNooAds - Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eaojjjlcgbijkobckeokakahdacfbpfn
Deals Plugin - Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fickfgcleonkfojnjddoccbkaliaobcf
Vimeo\u2122 Download Videos - Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\geeljcibkkackafmeepgadbfgmpjmdeg
SERVER DOWN FOR MAINTENANCE - Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gipagccjgllldagledholndpobccanod
New tab for Chrome\u2122 - Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
DefaultTab - Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Show media files - Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\khbkckdkhakengfjmejmiabaakdlhaab
MultiPartTube - Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lafgflilldkcacihcmgjpmadpabgkooe
Downloader - Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp
Skype Click to Call - Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl

==== Chrome Fix ======================

C:\Documents and Settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_log.incredibar-search.com_0.localstorage deleted successfully
C:\Documents and Settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_log.incredibar-search.com_0.localstorage-journal deleted successfully
C:\Documents and Settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_mystart.incredibar.com_0.localstorage deleted successfully
C:\Documents and Settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_mystart.incredibar.com_0.localstorage-journal deleted successfully
C:\Documents and Settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_search.incredibar.com_0.localstorage deleted successfully
C:\Documents and Settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_search.incredibar.com_0.localstorage-journal deleted successfully
C:\Documents and Settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_www.incredibar-search.com_0.localstorage deleted successfully
C:\Documents and Settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_www.incredibar-search.com_0.localstorage-journal deleted successfully
C:\Documents and Settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_www.babylon.com_0.localstorage deleted successfully
C:\Documents and Settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_www.babylon.com_0.localstorage-journal deleted successfully
C:\Documents and Settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_b.scorecardresearch.com_0.localstorage deleted successfully
C:\Documents and Settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_b.scorecardresearch.com_0.localstorage-journal deleted successfully
C:\Documents and Settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_continuetosave.info_0.localstorage deleted successfully
C:\Documents and Settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_continuetosave.info_0.localstorage-journal deleted successfully
C:\Documents and Settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb deleted successfully
C:\Documents and Settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dlnembnfbcpjnepmfjmngjenhhajpdfd_0.localstorage deleted successfully
C:\Documents and Settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dlnembnfbcpjnepmfjmngjenhhajpdfd_0.localstorage-journal deleted successfully
C:\Documents and Settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg deleted successfully
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc deleted successfully
C:\Documents and Settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc deleted successfully
C:\Documents and Settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kdidombaedgpfiiedeimiebkmbilgmlc_0.localstorage deleted successfully
C:\Documents and Settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kdidombaedgpfiiedeimiebkmbilgmlc_0.localstorage-journal deleted successfully
C:\Documents and Settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eaojjjlcgbijkobckeokakahdacfbpfn deleted successfully
C:\Documents and Settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eaojjjlcgbijkobckeokakahdacfbpfn_0.localstorage deleted successfully
C:\Documents and Settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eaojjjlcgbijkobckeokakahdacfbpfn_0.localstorage-journal deleted successfully
C:\Documents and Settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fickfgcleonkfojnjddoccbkaliaobcf deleted successfully
C:\Documents and Settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fickfgcleonkfojnjddoccbkaliaobcf_0.localstorage deleted successfully
C:\Documents and Settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fickfgcleonkfojnjddoccbkaliaobcf_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.mysearchresults.com/?c=3513&t=01"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Unknown Url="http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC"
{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} Unknown Url="Not_Found"
{33524C00-63FB-43DB-A6BF-0A4E14B24649} BasicScan Url="http://www.basicscan.com/?prt=BscscnPB&keywords={searchTerms}"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{DA4BB562-0F6F-489D-96FB-9CFF15967118} Live Search Url="http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1085031214-1343024091-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{930f1200-f5f1-4870-bac6-e233ec8e7023} deleted successfully
HKEY_USERS\S-1-5-21-1085031214-1343024091-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{930f1200-f5f1-4870-bac6-e233ec8e7023} deleted successfully
HKEY_USERS\S-1-5-21-1085031214-1343024091-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully
HKEY_USERS\S-1-5-21-1085031214-1343024091-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully
HKEY_USERS\S-1-5-21-1085031214-1343024091-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0329E7D6-6F54-462D-93F6-F5C3118BADF2} deleted successfully
HKEY_USERS\S-1-5-21-1085031214-1343024091-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0329E7D6-6F54-462D-93F6-F5C3118BADF2} deleted successfully
HKEY_USERS\S-1-5-21-1085031214-1343024091-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} deleted successfully
HKEY_USERS\S-1-5-21-1085031214-1343024091-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} deleted successfully
HKEY_USERS\S-1-5-21-1085031214-1343024091-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ce18769b-c7fa-42d2-860d-17c4662c70ad} deleted successfully
HKEY_USERS\S-1-5-21-1085031214-1343024091-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ce18769b-c7fa-42d2-860d-17c4662c70ad} deleted successfully
HKEY_USERS\S-1-5-21-1085031214-1343024091-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully
HKEY_USERS\S-1-5-21-1085031214-1343024091-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully
HKEY_USERS\S-1-5-21-1085031214-1343024091-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} deleted successfully
HKEY_USERS\S-1-5-21-1085031214-1343024091-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} deleted successfully
HKEY_USERS\S-1-5-21-1085031214-1343024091-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} deleted successfully
HKEY_USERS\S-1-5-21-1085031214-1343024091-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4a99-B4B6-146BF802613B} deleted successfully
HKEY_USERS\S-1-5-21-1085031214-1343024091-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4a99-B4B6-146BF802613B} deleted successfully
HKEY_USERS\S-1-5-21-1085031214-1343024091-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3017FB3E-9A77-4396-88C5-0EC9548FB42F} deleted successfully
HKEY_USERS\S-1-5-21-1085031214-1343024091-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3017FB3E-9A77-4396-88C5-0EC9548FB42F} deleted successfully
HKEY_USERS\S-1-5-21-1085031214-1343024091-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{91435A04-ED7F-F528-55B0-A1B32D234BE5} deleted successfully
HKEY_USERS\S-1-5-21-1085031214-1343024091-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{91435A04-ED7F-F528-55B0-A1B32D234BE5} deleted successfully
HKEY_USERS\S-1-5-21-1085031214-1343024091-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} deleted successfully
HKEY_USERS\S-1-5-21-1085031214-1343024091-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} deleted successfully
HKEY_USERS\S-1-5-21-1085031214-1343024091-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FF7C3CF0-4B15-11D1-ABED-709549C10000} deleted successfully
HKEY_USERS\S-1-5-21-1085031214-1343024091-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FF7C3CF0-4B15-11D1-ABED-709549C10000} deleted successfully
HKEY_USERS\S-1-5-21-1085031214-1343024091-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{930f1200-f5f1-4870-bac6-e233ec8e7023} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{930f1200-f5f1-4870-bac6-e233ec8e7023} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{0329E7D6-6F54-462D-93F6-F5C3118BADF2} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{ce18769b-c7fa-42d2-860d-17c4662c70ad} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ce18769b-c7fa-42d2-860d-17c4662c70ad} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{3017FB3E-9A77-4396-88C5-0EC9548FB42F} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3017FB3E-9A77-4396-88C5-0EC9548FB42F} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{91435A04-ED7F-F528-55B0-A1B32D234BE5} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{91435A04-ED7F-F528-55B0-A1B32D234BE5} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{FF7C3CF0-4B15-11D1-ABED-709549C10000} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FF7C3CF0-4B15-11D1-ABED-709549C10000} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-1085031214-1343024091-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{930f1200-f5f1-4870-bac6-e233ec8e7023} deleted successfully
HKEY_USERS\S-1-5-21-1085031214-1343024091-839522115-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\{930f1200-f5f1-4870-bac6-e233ec8e7023} deleted successfully
HKEY_USERS\S-1-5-21-1085031214-1343024091-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully
HKEY_USERS\S-1-5-21-1085031214-1343024091-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0329E7D6-6F54-462D-93F6-F5C3118BADF2} deleted successfully
HKEY_USERS\S-1-5-21-1085031214-1343024091-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} deleted successfully
HKEY_USERS\S-1-5-21-1085031214-1343024091-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} deleted successfully
HKEY_USERS\S-1-5-21-1085031214-1343024091-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{ce18769b-c7fa-42d2-860d-17c4662c70ad} deleted successfully
HKEY_USERS\S-1-5-21-1085031214-1343024091-839522115-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\{ce18769b-c7fa-42d2-860d-17c4662c70ad} deleted successfully
HKEY_USERS\S-1-5-21-1085031214-1343024091-839522115-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{930f1200-f5f1-4870-bac6-e233ec8e7023} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\{0329E7D6-6F54-462D-93F6-F5C3118BADF2} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0329E7D6-6F54-462D-93F6-F5C3118BADF2} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{ce18769b-c7fa-42d2-860d-17c4662c70ad} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052} deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052} deleted successfully
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\{8E9E3331-D360-4f87-8803-52DE43566502} deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{8E9E3331-D360-4f87-8803-52DE43566502} deleted successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7244E4C9-4DBC-4322-A1C9-059EA9A7C63F} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7251C788-FB74-7A9D-2B4F-9D60E64420EE} deleted successfully
HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\ExtensionInstallForcelist deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\egnimkioipookhfihpljiedpgjffibpa deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Deals Plugin Extension deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\GoogleVideoPlayer deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F16247B8-CD07-40C4-8C96-FC2568G29E8F}}_is1 deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Softonic_English Toolbar deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WNLT deleted successfully

==== Empty IE Cache ======================

C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\yuser1\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\Srdjan\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Documents and Settings\Srdjan\Local Settings\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\Cache emptied successfully
C:\Documents and Settings\yuser1\Local Settings\Application Data\Mozilla\Firefox\Profiles\78a867m5.default\Cache emptied successfully
C:\Documents and Settings\yuser1\Application Data\Mozilla\Firefox\Profiles\78a867m5.default\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D}\cache emptied successfully

==== Empty Chrome Cache ======================

C:\Documents and Settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=5105 folders=972 376639461 bytes)

==== Empty Temp Folders ======================

C:\Documents and Settings\Administrator\Local Settings\temp emptied successfully
C:\Documents and Settings\Administrator.SRDJAN-2651065A\Local Settings\temp emptied successfully
C:\Documents and Settings\Default User\Local Settings\temp emptied successfully
C:\Documents and Settings\Default User.WINDOWS\Local Settings\temp emptied successfully
C:\Documents and Settings\LocalService\Local Settings\Temp emptied successfully
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\temp emptied successfully
C:\Documents and Settings\NetworkService\Local Settings\Temp emptied successfully
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\temp emptied successfully
C:\Documents and Settings\Srdjan\Local Settings\temp will be emptied at reboot
C:\Documents and Settings\yuser1\Local Settings\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\Srdjan\LOCALS~1\Temp successfully emptied

==== Deleting Files / Folders ======================

"C:\WINDOWS\System32\dmwu.exesearch" not found
"C:\WINDOWS\system32\ImHttpComm.dllsearch" not found
"C:\WINDOWS\system32\dmwu.exesearch" not found
"C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Documents and Settings\Srdjan\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Program Files\Bench" not found

==== EOF on sub 05.04.2014 at 13:56:13.09 ======================


restartovao se na kraj i kad se podigo windows izbacio je:
Can not find script file "C:\Documents and settings\Srdjan\Local Settings\Application Data\Deals Plugin\repair.js

sad cu i drugi dio

Dopuna: 05 Apr 2014 14:13

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01
Ran by Srdjan (administrator) on SRDJAN-2651065A on 05-04-2014 14:10:18
Running from C:\Documents and Settings\Srdjan\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.3.132.0\BBSvc.exe
(Hagel Technologies Ltd.) C:\Program Files\DU Meter\DUMeterSvc.exe
() C:\WINDOWS\system32\PnkBstrA.exe
() C:\WINDOWS\system32\PnkBstrB.exe
(Skype Technologies S.A.) C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Rocket Division Software) C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
() C:\Program Files\Telenor Internet\BackgroundService\ServiceManager.exe
() C:\Program Files\T-Mobile Internet Manager\AssistantServices.exe
(Microsoft Corporation) C:\WINDOWS\system32\WgaTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(RealNetworks, Inc.) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
(Nokia) C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
(Nokia.) C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
(Nokia Mobile Phones Ltd.) C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
(Nuance Communications, Inc.) C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
(Cyberlink Corp.) C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(NewSoft Technology Corporation) C:\Program Files\NewSoft\Smart Start UP\PnPDetect.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\Unlocker\UnlockerAssistant.exe
() C:\Program Files\T-Mobile Internet Manager\UIExec.exe
(Apple Inc.) C:\Program Files\QuickTime\QTTask.exe
() C:\Program Files\Telenor Internet\BackgroundService\ModemListener.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Time Information Services Ltd.) C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
() C:\Program Files\Hide My IP 2008\SecureSrv.exe
(Nokia Corporation) C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
() C:\Program Files\MCShield\MCShieldRTM.exe
(Hagel Technologies Ltd.) C:\Program Files\DU Meter\DUMeter.exe
() C:\Program Files\MCShield\MCShieldTray.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
() C:\Program Files\WinAlarm\WinAlarm.exe
(ASUSTeK COMPUTER INC.) C:\Program Files\ASUS\USB-N10 WLAN Card Utilities\Wireless.exe
(Google Inc.) C:\Documents and Settings\Srdjan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Srdjan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Srdjan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Srdjan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.3.132.0\SeaPort.exe
(Google Inc.) C:\Documents and Settings\Srdjan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.EXE [16380416 2007-07-06] (Realtek Semiconductor Corp.)
HKLM\...\Run: [TkBellExe] - C:\Program Files\Common Files\Real\Update_OB\realsched.exe [185896 2008-12-26] (RealNetworks, Inc.)
HKLM\...\Run: [PCSuiteTrayApplication] - C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [167936 2005-03-22] (Nokia)
HKLM\...\Run: [DataLayer] - C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe [1106944 2005-03-31] (Nokia Mobile Phones Ltd.)
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [644696 2007-04-03] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1603152 2007-04-03] (CANON INC.)
HKLM\...\Run: [SSBkgdUpdate] - C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM\...\Run: [OpwareSE4] - C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe [79400 2007-02-04] (Nuance Communications, Inc.)
HKLM\...\Run: [NvCplDaemon] - C:\WINDOWS\system32\NvCpl.dll [13529088 2008-05-03] (NVIDIA Corporation)
HKLM\...\Run: [nwiz] - nwiz.exe /install
HKLM\...\Run: [WinSys2] - C:\WINDOWS\system32\winsys2.exe [208896 2008-01-18] ()
HKLM\...\Run: [NvMediaCenter] - C:\WINDOWS\system32\NvMcTray.dll [86016 2008-05-03] (NVIDIA Corporation)
HKLM\...\Run: [RemoteControl] - C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe [32768 2003-11-01] (Cyberlink Corp.)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [Smart Start UP] - C:\Program Files\NewSoft\Smart Start UP\PnPDetect.exe [104528 2006-12-19] (NewSoft Technology Corporation)
HKLM\...\Run: [Malwarebytes Anti-Malware (reboot)] - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [1047208 2011-08-31] (Malwarebytes Corporation)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [NeroCheck] - C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [Aimersoft Helper Compact.exe] - C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [1666560 2012-02-20] (AimerSoft)
HKLM\...\Run: [UnlockerAssistant] - C:\Program Files\Unlocker\UnlockerAssistant.exe [17408 2010-07-04] ()
HKLM\...\Run: [UIExec] - C:\Program Files\T-Mobile Internet Manager\UIExec.exe [136328 2010-03-02] ()
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [Telenor_Montenegro Imola ModemListener] - C:\Program Files\Telenor Internet\BackgroundService\ModemListener.exe [109120 2012-03-14] ()
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-03-06] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [BService] - C:\Program Files\Bench\BService\bservice.exe
HKU\S-1-5-21-1085031214-1343024091-839522115-1003\...\Run: [PcSync] - C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe [847872 2005-04-20] (Time Information Services Ltd.)
HKU\S-1-5-21-1085031214-1343024091-839522115-1003\...\Run: [AlcoholAutomount] - C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [203928 2009-04-24] (Alcohol Soft Development Team)
HKU\S-1-5-21-1085031214-1343024091-839522115-1003\...\Run: [DU Meter] - C:\Program Files\DU Meter\DUMeter.exe [2931744 2010-08-22] (Hagel Technologies Ltd.)
HKU\S-1-5-21-1085031214-1343024091-839522115-1003\...\Run: [MCShield] - C:\Program Files\MCShield\MCShieldRTM.exe [262144 2011-03-26] ()
HKU\S-1-5-21-1085031214-1343024091-839522115-1003\...\Run: [MCShieldTray] - C:\Program Files\MCShield\MCShieldTray.exe [73728 2010-11-04] ()
HKU\S-1-5-21-1085031214-1343024091-839522115-1003\...\Run: [Updater21806.exe] - C:\Documents and Settings\Srdjan\Local Settings\Application Data\Updater21806\Updater21806.exe /extensionid=21806 /extensionname='Deals Plugin Extension' /chromeid=bbhgoadfgiandmaieopaphefbhcdpfaf /stayidle /delay=300
HKU\S-1-5-21-1085031214-1343024091-839522115-1003\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [18705664 2013-01-08] (Skype Technologies S.A.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
ShortcutTarget: Adobe Reader Speed Launch.lnk -> C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
ShortcutTarget: Adobe Reader Synchronizer.lnk -> C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Internet Bilo Gdje.lnk
ShortcutTarget: Internet Bilo Gdje.lnk -> C:\Program Files\Internet Bilo Gdje\Internet Bilo Gdje\Internet Bilo Gdje.exe (Promonte GSM)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
ShortcutTarget: Adobe Reader Speed Launch.lnk -> C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
ShortcutTarget: Adobe Reader Synchronizer.lnk -> C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe ()
Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\ASUS USB-N10 WLAN Control Center.lnk
ShortcutTarget: ASUS USB-N10 WLAN Control Center.lnk -> C:\Program Files\ASUS\USB-N10 WLAN Card Utilities\Center.exe (ASUSTeK COMPUTER INC.)
Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\Srdjan\Start Menu\Programs\Startup\Shortcut to WinAlarm.lnk
ShortcutTarget: Shortcut to WinAlarm.lnk -> C:\Program Files\WinAlarm\WinAlarm.exe ()
Startup: C:\Documents and Settings\Srdjan\Start Menu\Programs\Startup\Yahoo! Widgets.lnk
ShortcutTarget: Yahoo! Widgets.lnk -> C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
Startup: C:\Documents and Settings\yuser1\Start Menu\Programs\Startup\OpenOffice.org 2.2.lnk
ShortcutTarget: OpenOffice.org 2.2.lnk -> C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKCU - SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - C:\Program Files\DAP\SBSearch.dll (SpeedBit Ltd.)
URLSearchHook: HKCU - mipony-plugin Toolbar - {90d46c30-9f25-4104-aea9-35c3f84477ff} - C:\Program Files\mipony-plugin\prxtbmip0.dll (Conduit Ltd.)
SearchScopes: HKCU - {33524C00-63FB-43DB-A6BF-0A4E14B24649} URL = basicscan.com/?prt=BscscnPB&keywords={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: FGCatchUrl - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live pomagač za prijavljivanje - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: mipony-plugin Toolbar - {90d46c30-9f25-4104-aea9-35c3f84477ff} - C:\Program Files\mipony-plugin\prxtbmip0.dll (Conduit Ltd.)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)
Toolbar: HKLM - mipony-plugin Toolbar - {90d46c30-9f25-4104-aea9-35c3f84477ff} - C:\Program Files\mipony-plugin\prxtbmip0.dll (Conduit Ltd.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - mipony-plugin Toolbar - {90D46C30-9F25-4104-AEA9-35C3F84477FF} - C:\Program Files\mipony-plugin\prxtbmip0.dll (Conduit Ltd.)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} go.microsoft.com/fwlink/?linkid=39204
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} dl.tvunetworks.com/TVUAx.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\WINDOWS\system32\securenet.dll [151552] ()
Winsock: Catalog9 02 C:\WINDOWS\system32\securenet.dll [151552] ()
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 10 C:\WINDOWS\system32\securenet.dll [151552] ()
Winsock: Catalog9 25 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", "");
FF NetworkProxy: "backup.ftp", "174.142.104.57:3128"
FF NetworkProxy: "backup.ftp_port", 43
FF NetworkProxy: "backup.gopher", "174.142.104.57:3128"
FF NetworkProxy: "backup.gopher_port", 43
FF NetworkProxy: "backup.socks", "174.142.104.57:3128"
FF NetworkProxy: "backup.socks_port", 43
FF NetworkProxy: "backup.ssl", "174.142.104.57:3128"
FF NetworkProxy: "backup.ssl_port", 43
FF NetworkProxy: "no_proxies_on", ""
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks_version", 4
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Content Upload Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @live.heroesandgenerals.com/npretox - C:\Program Files\Heroes & Generals\live\npretoxlive.dll (Reto-Moto ApS)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pages.tvunetworks.com/WebPlayer - C:\Program Files\TVUPlayer\npTVUAx.dll (TVU networks)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @real.com/nppl3260;version=6.0.12.46 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.3.46 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.46 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.0 - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @veetle.com/veetleCorePlugin,version=0.9.19 - C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin: @veetle.com/veetlePlayerPlugin,version=0.9.18 - C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin: @videolan.org/vlc,version=2.0.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 - C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF Plugin HKCU: @real.com/RhapsodyPlayerEngine - C:\Documents and Settings\Srdjan\Application Data\nprhapengine.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Srdjan\Local Settings\Application Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Srdjan\Local Settings\Application Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Documents and Settings\Srdjan\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: @yahoo.com/BrowserPlus,version=2.4.21 - C:\Documents and Settings\Srdjan\Local Settings\Application Data\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserplus_2.4.21.dll (Yahoo! Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPAskSBr.dll (Ask.com)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeploytk.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdivx32.dll (DivX,Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npkimi.dll ( )
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\zwangie127.xml
FF Extension: Flash Video Downloader - Full HD Download - C:\Documents and Settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\Extensions\artur.dubovoy@gmail.com [2014-04-01]
FF Extension: TVU Web Player - C:\Documents and Settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\Extensions\firefox@tvunetworks.com [2010-05-22]
FF Extension: RapidShare DownloadHelper - C:\Documents and Settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\Extensions\rsDownloadHelper@yevgenyandrov.net [2010-05-22]
FF Extension: vShare Plugin - C:\Documents and Settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\Extensions\vshare@toolbar [2010-08-29]
FF Extension: IE Tab - C:\Documents and Settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\Extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} [2013-05-08]
FF Extension: DownloadHelper - C:\Documents and Settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-04-01]
FF Extension: Torbutton - C:\Documents and Settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\Extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca} [2010-05-21]
FF Extension: User Agent Switcher - C:\Documents and Settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1} [2012-11-29]
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012-12-13]
FF Extension: Password Exporter - C:\Documents and Settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi [2013-02-12]
FF Extension: Fast Video Download (with SearchMenu) - C:\Documents and Settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\Extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi [2012-12-13]
FF Extension: Sothink Web Video Downloader for Firefox - C:\Documents and Settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\0vat2lnb.default\Extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}.xpi [2012-12-13]
FF Extension: Hide My IP - C:\Program Files\Mozilla Firefox\extensions\staff@hide-my-ip.com [2013-03-08]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-11-20]
FF Extension: Softonic English Toolbar - C:\Program Files\Mozilla Firefox\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023} [2013-03-08]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-11-20]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Program Files\Real\RealPlayer\browserrecord
FF Extension: RealPlayer Browser Record Plugin - C:\Program Files\Real\RealPlayer\browserrecord [2008-12-26]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files\T-Mobile Internet Manager\addon
FF Extension: Bytemobile Optimization Client - C:\Program Files\T-Mobile Internet Manager\addon [2012-09-17]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF HKCU\...\Firefox\Extensions: [{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}] - C:\Program Files\DAP\DAPFireFox
FF Extension: Download Accelerator Plus (DAP) extension - C:\Program Files\DAP\DAPFireFox [2010-04-24]
FF HKCU\...\Firefox\Extensions: [support@easy-hide-ip.com] - C:\Program Files\Easy-Hide-IP\ff-extension
FF Extension: No Name - C:\Program Files\Easy-Hide-IP\ff-extension [2010-05-26]

Chrome:
=======
CHR Extension: (Google Docs) - C:\Documents and Settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-04]
CHR Extension: (Google Drive) - C:\Documents and Settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-04]
CHR Extension: (YouTube) - C:\Documents and Settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-17]
CHR Extension: (Google Search) - C:\Documents and Settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-17]
CHR Extension: (Skype Click to Call) - C:\Documents and Settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-11-20]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Documents and Settings\Srdjan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-17]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Srdjan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-03-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-03-06] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-03-06] (Avira Operations GmbH & Co. KG)
R2 DUMeterSvc; C:\Program Files\DU Meter\DUMeterSvc.exe [1411616 2010-08-19] (Hagel Technologies Ltd.)
S2 gupdate1c9ccd72fb9a3e0; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-05-04] (Google Inc.)
S3 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [97432 2007-04-13] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [235696 2014-01-16] (McAfee, Inc.)
R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [75064 2011-11-23] ()
R2 PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [214520 2012-11-26] ()
R3 SecureSrv; C:\Program Files\Hide My IP 2008\SecureSrv.exe [110880 2008-09-05] ()
R2 Skype C2C Service; C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
R2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software)
R2 Telenor_Montenegro Imola Modem Device Helper; C:\Program Files\Telenor Internet\BackgroundService\ServiceManager.exe [53312 2012-03-14] ()
R2 UI Assistant Service; C:\Program Files\T-Mobile Internet Manager\AssistantServices.exe [245384 2010-03-02] ()
S2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
S2 NVSvc; %SystemRoot%\system32\nvsvc32.exe [X]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
S2 VideoAcceleratorService; C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe -start -scm [X]

==================== Drivers (Whitelisted) ====================

R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21361 2014-02-17] (Cisco Systems, Inc.)
R2 atksgt; C:\WINDOWS\System32\DRIVERS\atksgt.sys [281760 2010-04-26] ()
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [90400 2014-02-22] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [135648 2014-02-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [37352 2014-02-22] (Avira Operations GmbH & Co. KG)
R3 bbcap; C:\WINDOWS\System32\DRIVERS\bbcap.sys [4096 2009-11-08] (Windows (R) Codename Longhorn DDK provider)
S3 BTCAMDRV; C:\WINDOWS\System32\DRIVERS\BTCamDrv.sys [219264 2006-11-01] (Windows (R) 2000 DDK provider)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [16384 2004-07-09] (Microsoft Corporation)
S3 cpuz134; C:\Program Files\CPUID\PC Wizard 2010\pcwiz_x32.sys [20328 2010-07-09] (Windows (R) Win 7 DDK provider)
R3 DUMeterDrv; C:\Program Files\DU Meter\DUM_XP32.SYS [16424 2010-08-19] (Hagel Technologies Ltd.)
R2 EAPPkt; C:\WINDOWS\System32\DRIVERS\EAPPkt.sys [38144 2011-08-01] (Realtek)
S3 hamachi; C:\WINDOWS\System32\DRIVERS\hamachi.sys [25280 2010-05-09] (LogMeIn, Inc.)
R0 imagedrv; C:\WINDOWS\System32\Drivers\imagedrv.sys [5504 2004-03-03] (Ahead Software AG)
R0 imagesrv; C:\WINDOWS\System32\DRIVERS\imagesrv.sys [125184 2004-03-03] (Ahead Software AG)
S3 jrdusbser; C:\WINDOWS\System32\DRIVERS\jrdusbser.sys [106112 2011-06-20] (TCT International Mobile Ltd)
S3 leafnets; C:\WINDOWS\System32\DRIVERS\leafnets.sys [55296 2007-05-03] (Leaf Networks)
R2 lirsgt; C:\WINDOWS\System32\DRIVERS\lirsgt.sys [25888 2010-04-26] ()
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10112 2004-07-09] (Microsoft Corporation)
R2 NetProbe; C:\WINDOWS\System32\DRIVERS\netprobe.sys [5365 2009-03-24] ()
S3 nm; C:\WINDOWS\System32\DRIVERS\NMnt.sys [40320 2008-04-14] (Microsoft Corporation)
S3 Nokia USB Generic; C:\WINDOWS\System32\drivers\nmwcdc.sys [6300 2005-02-15] (Nokia)
S3 Nokia USB Modem; C:\WINDOWS\System32\drivers\nmwcdcm.sys [9021 2005-02-15] (Nokia)
S3 Nokia USB Phone Parent; C:\WINDOWS\System32\drivers\nmwcd.sys [140619 2005-02-17] (Nokia)
R2 PCASp50; C:\WINDOWS\System32\Drivers\PCASp50.sys [27072 2011-08-01] (Printing Communications Assoc., Inc. (PCAUSA))
R1 prodrv06; C:\WINDOWS\System32\drivers\prodrv06.sys [53920 2004-08-09] (Protection Technology)
R0 prohlp02; C:\WINDOWS\System32\drivers\prohlp02.sys [114016 2004-08-09] (Protection Technology)
S3 qcusbser; C:\WINDOWS\System32\DRIVERS\cmusbser.sys [97408 2007-10-16] (Mobile Connector)
R0 sfhlp01; C:\WINDOWS\System32\drivers\sfhlp01.sys [4832 2003-12-01] (Protection Technology)
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [717296 2011-12-06] ()
R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [28520 2014-02-22] (Avira GmbH)
S3 ASFWHide; \??\C:\DOCUME~1\Srdjan\LOCALS~1\Temp\ASFWHide [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS [X]
S4 IntelIde; No ImagePath
S3 NTACCESS; \??\E:\NTACCESS.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
S3 SetupNTGLM7X; \??\E:\NTGLM7X.sys [X]
S3 StarOpen; No ImagePath
S3 WPRO_40_1123; system32\drivers\WPRO_40_1123.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-05 14:10 - 2014-04-05 14:10 - 00035284 _____ () C:\Documents and Settings\Srdjan\Desktop\FRST.txt
2014-04-05 14:09 - 2014-04-05 14:10 - 01145856 _____ () C:\Documents and Settings\Srdjan\Desktop\FRST_1.exe.dap
2014-04-05 14:08 - 2014-04-05 14:10 - 00000000 ____D () C:\FRST
2014-04-05 14:07 - 2014-04-05 14:07 - 01145856 _____ (Farbar) C:\Documents and Settings\Srdjan\Desktop\FRST.exe
2014-04-05 14:07 - 2014-04-05 14:07 - 00002721 _____ () C:\ADS12.tmp
2014-04-05 14:07 - 2014-04-05 14:07 - 00001065 _____ () C:\ZAU16.tmp
2014-04-05 14:07 - 2014-04-05 14:07 - 00000442 _____ () C:\ZAF19.tmp
2014-04-05 14:07 - 2014-04-05 14:07 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Speedbit
2014-04-05 13:53 - 2014-02-13 23:59 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2014-04-05 13:25 - 2014-04-05 13:56 - 00154980 _____ () C:\zoek-results.log
2014-04-05 13:12 - 2014-04-05 13:48 - 00000000 ____D () C:\zoek_backup
2014-04-05 13:12 - 2014-03-08 11:05 - 01414742 _____ () C:\Documents and Settings\Srdjan\Desktop\zoek.scr
2014-04-05 13:12 - 2014-03-08 11:05 - 01414742 _____ () C:\Documents and Settings\Srdjan\Desktop\zoek.pif
2014-04-05 13:12 - 2014-03-08 11:05 - 01414742 _____ () C:\Documents and Settings\Srdjan\Desktop\zoek.com
2014-04-04 14:59 - 2014-04-04 14:59 - 00169207 _____ () C:\ComboFix.txt
2014-04-04 14:17 - 2014-04-04 14:17 - 00000000 _RSHD () C:\cmdcons
2014-04-04 14:17 - 2012-10-07 00:14 - 00000345 _____ () C:\Boot.bak
2014-04-04 14:17 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr
2014-04-04 14:13 - 2011-06-26 08:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-04-04 14:13 - 2010-11-07 19:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-04-04 14:13 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-04-04 14:13 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-04-04 14:13 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-04-04 14:13 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-04-04 14:13 - 2000-08-31 02:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-04-04 14:13 - 2000-08-31 02:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-04-04 14:13 - 2000-08-31 02:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-04-04 14:12 - 2014-04-04 14:59 - 00000000 ____D () C:\Qoobox
2014-04-04 14:09 - 2014-04-04 14:11 - 05193944 ____R (Swearware) C:\Documents and Settings\Srdjan\Desktop\ComboFix.exe
2014-04-04 14:08 - 2014-04-04 14:09 - 05193944 _____ () C:\Documents and Settings\Srdjan\Desktop\ComboFix.exe.dap
2014-04-04 13:20 - 2014-04-04 13:20 - 00036121 _____ () C:\Documents and Settings\Srdjan\Desktop\dds.txt
2014-04-04 13:20 - 2014-04-04 13:20 - 00018408 _____ () C:\Documents and Settings\Srdjan\Desktop\attach.txt
2014-04-04 13:17 - 2014-04-04 13:18 - 00688992 ____R (Swearware) C:\Documents and Settings\Srdjan\Desktop\dds.scr
2014-03-23 20:29 - 2014-03-23 20:39 - 00000000 ____D () C:\Documents and Settings\Srdjan\Desktop\france songs
2014-03-11 19:16 - 2014-03-19 21:02 - 00000000 ____D () C:\Documents and Settings\Srdjan\Desktop\UPR
2014-03-11 19:05 - 2014-03-11 19:05 - 00033138 _____ () C:\Documents and Settings\Srdjan\Desktop\Modul_1_Zadatak_2.xlsx
2014-03-11 19:05 - 2014-03-11 19:05 - 00029738 _____ () C:\Documents and Settings\Srdjan\Desktop\Modul_1_Zadatak_1.xlsx
2014-03-11 18:57 - 2014-03-11 18:57 - 00043788 _____ () C:\Documents and Settings\Srdjan\Desktop\Modul_2_Zadatak1.xlsx
2014-03-11 18:57 - 2014-03-11 18:57 - 00036738 _____ () C:\Documents and Settings\Srdjan\Desktop\Modul_2_Zadatak_2.xlsx
2014-03-11 18:53 - 2014-03-11 18:53 - 00099470 _____ () C:\Documents and Settings\Srdjan\Desktop\Modul_3_Zadatak2.xlsx
2014-03-06 19:47 - 2014-03-06 20:48 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\DeAelExpREss

==================== One Month Modified Files and Folders =======

2014-04-05 14:10 - 2014-04-05 14:10 - 00035284 _____ () C:\Documents and Settings\Srdjan\Desktop\FRST.txt
2014-04-05 14:10 - 2014-04-05 14:09 - 01145856 _____ () C:\Documents and Settings\Srdjan\Desktop\FRST_1.exe.dap
2014-04-05 14:10 - 2014-04-05 14:08 - 00000000 ____D () C:\FRST
2014-04-05 14:07 - 2014-04-05 14:07 - 01145856 _____ (Farbar) C:\Documents and Settings\Srdjan\Desktop\FRST.exe
2014-04-05 14:07 - 2014-04-05 14:07 - 00002721 _____ () C:\ADS12.tmp
2014-04-05 14:07 - 2014-04-05 14:07 - 00001065 _____ () C:\ZAU16.tmp
2014-04-05 14:07 - 2014-04-05 14:07 - 00000442 _____ () C:\ZAF19.tmp
2014-04-05 14:07 - 2014-04-05 14:07 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Speedbit
2014-04-05 13:58 - 2011-07-26 21:43 - 00000000 ____D () C:\Documents and Settings\Srdjan\Application Data\MCShield
2014-04-05 13:58 - 2009-10-09 11:22 - 00000000 ____D () C:\Documents and Settings\Srdjan\Application Data\Skype
2014-04-05 13:58 - 2009-01-23 01:06 - 00000104 _____ () C:\WINDOWS\system32\nvapps.xml
2014-04-05 13:58 - 2009-01-20 23:06 - 00845156 _____ () C:\WINDOWS\system32\SecureSrv.log
2014-04-05 13:56 - 2014-04-05 13:25 - 00154980 _____ () C:\zoek-results.log
2014-04-05 13:56 - 2009-07-01 01:21 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-05 13:56 - 2008-12-20 09:31 - 01326745 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-05 13:56 - 2004-08-04 03:07 - 00002228 _____ () C:\WINDOWS\system32\wpa.dbl
2014-04-05 13:55 - 2009-11-08 20:29 - 00000031 _____ () C:\WINDOWS\system32\bbcap.err
2014-04-05 13:55 - 2008-12-20 09:37 - 00000278 ___SH () C:\Documents and Settings\Srdjan\ntuser.ini
2014-04-05 13:55 - 2008-12-20 09:36 - 00032620 _____ () C:\WINDOWS\SchedLgU.Txt
2014-04-05 13:55 - 2008-12-20 09:36 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-04-05 13:55 - 2008-12-20 01:23 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-04-05 13:55 - 2008-12-20 01:23 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2014-04-05 13:48 - 2014-04-05 13:12 - 00000000 ____D () C:\zoek_backup
2014-04-05 13:45 - 2013-05-17 03:09 - 00000000 ____D () C:\Documents and Settings\Srdjan\Desktop\SRDJAN
2014-04-05 13:45 - 2008-12-20 09:37 - 00000000 ____D () C:\Documents and Settings\Srdjan
2014-04-05 13:44 - 2008-04-21 21:23 - 00000000 ____D () C:\Program Files\Yahoo!
2014-04-05 13:24 - 2009-07-01 01:21 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-05 13:23 - 2010-02-04 14:50 - 00001016 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-1343024091-839522115-1003UA.job
2014-04-04 14:59 - 2014-04-04 14:59 - 00169207 _____ () C:\ComboFix.txt
2014-04-04 14:59 - 2014-04-04 14:12 - 00000000 ____D () C:\Qoobox
2014-04-04 14:47 - 2004-08-04 03:07 - 00000284 _____ () C:\WINDOWS\system.ini
2014-04-04 14:46 - 2008-12-20 01:18 - 00262144 _____ () C:\WINDOWS\system32\config\SECURITY.bak
2014-04-04 14:46 - 2008-12-20 01:18 - 00028672 _____ () C:\WINDOWS\system32\config\SAM.bak
2014-04-04 14:46 - 2008-12-20 01:17 - 44826624 _____ () C:\WINDOWS\system32\config\software.bak
2014-04-04 14:46 - 2008-12-20 01:17 - 08912896 _____ () C:\WINDOWS\system32\config\system.bak
2014-04-04 14:46 - 2008-12-20 01:17 - 00524288 _____ () C:\WINDOWS\system32\config\default.bak
2014-04-04 14:44 - 2011-07-27 20:42 - 00008192 ____H () C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2014-04-04 14:43 - 2011-07-26 23:29 - 00000000 ____D () C:\WINDOWS\ERDNT
2014-04-04 14:26 - 2007-10-25 17:40 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-04-04 14:17 - 2014-04-04 14:17 - 00000000 _RSHD () C:\cmdcons
2014-04-04 14:17 - 2007-10-25 19:25 - 00000461 __RSH () C:\boot.ini
2014-04-04 14:11 - 2014-04-04 14:09 - 05193944 ____R (Swearware) C:\Documents and Settings\Srdjan\Desktop\ComboFix.exe
2014-04-04 14:09 - 2014-04-04 14:08 - 05193944 _____ () C:\Documents and Settings\Srdjan\Desktop\ComboFix.exe.dap
2014-04-04 13:26 - 2013-04-24 01:31 - 00001108 __RSH () C:\Documents and Settings\Srdjan\ntuser.pol
2014-04-04 13:20 - 2014-04-04 13:20 - 00036121 _____ () C:\Documents and Settings\Srdjan\Desktop\dds.txt
2014-04-04 13:20 - 2014-04-04 13:20 - 00018408 _____ () C:\Documents and Settings\Srdjan\Desktop\attach.txt
2014-04-04 13:18 - 2014-04-04 13:17 - 00688992 ____R (Swearware) C:\Documents and Settings\Srdjan\Desktop\dds.scr
2014-04-04 13:11 - 2011-11-20 15:51 - 00683978 _____ () C:\WINDOWS\setupapi.log
2014-04-03 15:23 - 2010-02-04 14:50 - 00000964 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-1343024091-839522115-1003Core.job
2014-04-02 12:43 - 2013-03-08 15:04 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-04-01 20:42 - 2010-04-24 02:05 - 00000000 ____D () C:\Documents and Settings\Srdjan\Application Data\vlc
2014-03-30 11:00 - 2008-12-20 01:19 - 00605412 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-03-27 23:52 - 2008-12-26 08:07 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-03-23 20:39 - 2014-03-23 20:29 - 00000000 ____D () C:\Documents and Settings\Srdjan\Desktop\france songs
2014-03-23 20:28 - 2008-12-20 09:28 - 00094815 _____ () C:\WINDOWS\wmsetup.log
2014-03-22 22:23 - 2008-09-13 17:32 - 00000000 ____D () C:\WINDOWS\system32\NtmsData
2014-03-22 22:23 - 2007-10-25 17:39 - 00000000 ____D () C:\WINDOWS\Registration
2014-03-22 21:01 - 2012-11-29 17:17 - 00000000 ____D () C:\Documents and Settings\Srdjan\.3gpplayer
2014-03-19 21:02 - 2014-03-11 19:16 - 00000000 ____D () C:\Documents and Settings\Srdjan\Desktop\UPR
2014-03-12 02:35 - 2008-12-26 10:12 - 00000000 ____D () C:\Documents and Settings\Srdjan\Local Settings\Application Data\Paint.NET
2014-03-11 20:05 - 2014-02-03 20:16 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Accelesys
2014-03-11 19:05 - 2014-03-11 19:05 - 00033138 _____ () C:\Documents and Settings\Srdjan\Desktop\Modul_1_Zadatak_2.xlsx
2014-03-11 19:05 - 2014-03-11 19:05 - 00029738 _____ () C:\Documents and Settings\Srdjan\Desktop\Modul_1_Zadatak_1.xlsx
2014-03-11 18:57 - 2014-03-11 18:57 - 00043788 _____ () C:\Documents and Settings\Srdjan\Desktop\Modul_2_Zadatak1.xlsx
2014-03-11 18:57 - 2014-03-11 18:57 - 00036738 _____ () C:\Documents and Settings\Srdjan\Desktop\Modul_2_Zadatak_2.xlsx
2014-03-11 18:53 - 2014-03-11 18:53 - 00099470 _____ () C:\Documents and Settings\Srdjan\Desktop\Modul_3_Zadatak2.xlsx
2014-03-09 20:09 - 2008-12-20 09:37 - 00116736 _____ () C:\Documents and Settings\Srdjan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-08 11:05 - 2014-04-05 13:12 - 01414742 _____ () C:\Documents and Settings\Srdjan\Desktop\zoek.scr
2014-03-08 11:05 - 2014-04-05 13:12 - 01414742 _____ () C:\Documents and Settings\Srdjan\Desktop\zoek.pif
2014-03-08 11:05 - 2014-04-05 13:12 - 01414742 _____ () C:\Documents and Settings\Srdjan\Desktop\zoek.com
2014-03-06 20:48 - 2014-03-06 19:47 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\DeAelExpREss

Files to move or delete:
====================
C:\Documents and Settings\yuser1\USERDATA.DAT


Some content of TEMP:
====================
C:\Documents and Settings\Srdjan\Local Settings\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

Dopuna: 05 Apr 2014 14:14

mycity.rs/must-login.png

Dopuna: 07 Apr 2014 13:40

Jesam ja nesto propustio pa se ceka ili ste zauzeti?

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Izvini na cekanju Smile


Iz Control Panel obrisi sledece programe:
- toolbar on IE and Chrome
- Adobe Reader 8 --> nova verzija http://get.adobe.com/uk/reader/ . Decekiraj McAfee
- Ask Toolbar
- Babylon-English Toolbar
- DAEMON Tools Toolbar
- Deals Plugin
- Java 7 Update 9
- Java(TM) 6 Update 16 --> nova verzija http://www.java.com/en/
- McAfee Security Scan Plus
- Web Assistant 2.0.0.603

I sve sto ti ne treba, a ne znas sta je.



Zatim



1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:
HKLM\...\Run: [WinSys2] - C:\WINDOWS\system32\winsys2.exe [208896 2008-01-18] ()
C:\WINDOWS\system32\winsys2.exe
HKLM\...\Run: [BService] - C:\Program Files\Bench\BService\bservice.exe
C:\Program Files\Bench
HKU\S-1-5-21-1085031214-1343024091-839522115-1003\...\Run: [Updater21806.exe] - C:\Documents and Settings\Srdjan\Local Settings\Application Data\Updater21806\Updater21806.exe /extensionid=21806 /extensionname='Deals Plugin Extension' /chromeid=bbhgoadfgiandmaieopaphefbhcdpfaf /stayidle /delay=300
:\Documents and Settings\Srdjan\Local Settings\Application Data\Updater21806
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPAskSBr.dll (Ask.com)
FF Extension: Softonic English Toolbar - C:\Program Files\Mozilla Firefox\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023} [2013-03-08]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S3 ASFWHide; \??\C:\DOCUME~1\Srdjan\LOCALS~1\Temp\ASFWHide [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS [X]
S4 IntelIde; No ImagePath
S3 NTACCESS; \??\E:\NTACCESS.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
S3 SetupNTGLM7X; \??\E:\NTGLM7X.sys [X]
S3 StarOpen; No ImagePath
S3 WPRO_40_1123; system32\drivers\WPRO_40_1123.sys [X]
C:\Documents and Settings\yuser1\USERDATA.DAT
C:\Documents and Settings\Srdjan\Local Settings\Temp
AlternateDataStreams: C:\Program Files\SBC:{2B006500-7400-7300-5700-4C0037004F00}
AlternateDataStreams: C:\WINDOWS\$NtUninstallKB27543$:SummaryInformation
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:010ADD2C
AlternateDataStreams: C:\Documents and Settings\Srdjan\My Documents\CENE.mdb:SummaryInformation
AlternateDataStreams: C:\Documents and Settings\Srdjan\My Documents\CENE.mdb:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Documents and Settings\yuser1\My Documents\CENE.mdb:SummaryInformation
AlternateDataStreams: C:\Documents and Settings\yuser1\My Documents\CENE.mdb:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
hosts:

2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.

offline
  • Pridružio: 01 Sep 2007
  • Poruke: 137

Napisano: 08 Apr 2014 20:16

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014 01
Ran by Srdjan at 2014-04-08 20:10:04 Run:2
Running from C:\Documents and Settings\Srdjan\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM\...\Run: [WinSys2] - C:\WINDOWS\system32\winsys2.exe [208896 2008-01-18] ()
C:\WINDOWS\system32\winsys2.exe
HKLM\...\Run: [BService] - C:\Program Files\Bench\BService\bservice.exe
C:\Program Files\Bench
HKU\S-1-5-21-1085031214-1343024091-839522115-1003\...\Run: [Updater21806.exe] - C:\Documents and Settings\Srdjan\Local Settings\Application Data\Updater21806\Updater21806.exe /extensionid=21806 /extensionname='Deals Plugin Extension' /chromeid=bbhgoadfgiandmaieopaphefbhcdpfaf /stayidle /delay=300
:\Documents and Settings\Srdjan\Local Settings\Application Data\Updater21806
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPAskSBr.dll (Ask.com)
FF Extension: Softonic English Toolbar - C:\Program Files\Mozilla Firefox\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023} [2013-03-08]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S3 ASFWHide; \??\C:\DOCUME~1\Srdjan\LOCALS~1\Temp\ASFWHide [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS [X]
S4 IntelIde; No ImagePath
S3 NTACCESS; \??\E:\NTACCESS.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
S3 SetupNTGLM7X; \??\E:\NTGLM7X.sys [X]
S3 StarOpen; No ImagePath
S3 WPRO_40_1123; system32\drivers\WPRO_40_1123.sys [X]
C:\Documents and Settings\yuser1\USERDATA.DAT
C:\Documents and Settings\Srdjan\Local Settings\Temp
AlternateDataStreams: C:\Program Files\SBC:{2B006500-7400-7300-5700-4C0037004F00}
AlternateDataStreams: C:\WINDOWS\$NtUninstallKB27543$:SummaryInformation
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:010ADD2C
AlternateDataStreams: C:\Documents and Settings\Srdjan\My Documents\CENE.mdb:SummaryInformation
AlternateDataStreams: C:\Documents and Settings\Srdjan\My Documents\CENE.mdb:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Documents and Settings\yuser1\My Documents\CENE.mdb:SummaryInformation
AlternateDataStreams: C:\Documents and Settings\yuser1\My Documents\CENE.mdb:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
hosts:
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\WinSys2 => Value not found.
"C:\WINDOWS\system32\winsys2.exe" => File/Directory not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\BService => Value not found.
"C:\Program Files\Bench" => File/Directory not found.
HKU\S-1-5-21-1085031214-1343024091-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Updater21806.exe => Value not found.
C:\Program Files\Mozilla Firefox\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023} => not found.
HKLM\SOFTWARE\Policies\Google => Key not found.
ASFWHide => Service not found.
catchme => Service not found.
GMSIPCI => Service not found.
IntelIde => Service not found.
NTACCESS => Service not found.
ScsiPort => Service not found.
SetupNTGLM7X => Service not found.
StarOpen => Service not found.
WPRO_40_1123 => Service not found.
"C:\Documents and Settings\yuser1\USERDATA.DAT" => File/Directory not found.

"C:\Documents and Settings\Srdjan\Local Settings\Temp" directory move:

Could not move "C:\Documents and Settings\Srdjan\Local Settings\Temp\Perflib_Perfdata_778.dat" => Scheduled to move on reboot.
Could not move "C:\Documents and Settings\Srdjan\Local Settings\Temp\~DF144F.tmp" => Scheduled to move on reboot.
Could not move "C:\Documents and Settings\Srdjan\Local Settings\Temp\~DF27B2.tmp" => Scheduled to move on reboot.
Could not move "C:\Documents and Settings\Srdjan\Local Settings\Temp" directory. => Scheduled to move on reboot.

"C:\Program Files\SBC" => ":{2B006500-7400-7300-5700-4C0037004F00}" ADS not found.
"C:\WINDOWS\$NtUninstallKB27543$" => ":SummaryInformation" ADS not found.
"C:\Documents and Settings\All Users\Application Data\TEMP" => ":05EE1EEF" ADS not found.
"C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP" => ":010ADD2C" ADS not found.
"C:\Documents and Settings\Srdjan\My Documents\CENE.mdb" => ":SummaryInformation" ADS not found.
"C:\Documents and Settings\Srdjan\My Documents\CENE.mdb" => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS not found.
"C:\Documents and Settings\yuser1\My Documents\CENE.mdb" => ":SummaryInformation" ADS not found.
"C:\Documents and Settings\yuser1\My Documents\CENE.mdb" => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-04-08 20:12:44)<=

C:\Documents and Settings\Srdjan\Local Settings\Temp\Perflib_Perfdata_778.dat => Is moved successfully.
C:\Documents and Settings\Srdjan\Local Settings\Temp\~DF144F.tmp => Is moved successfully.
C:\Documents and Settings\Srdjan\Local Settings\Temp\~DF27B2.tmp => Is moved successfully.
C:\Documents and Settings\Srdjan\Local Settings\Temp => Moved successfully.

==== End of Fixlog ====

Dopuna: 08 Apr 2014 20:20

prvi put kad sam probao FIX krenulo je i stalo a avira izbacila da je blokirala nesto.zatim sam iskljucio aviru kao sto ste rekli,frst je krasovao.zatim ga opet pokrenem,ovaj put avira iskljucena,idem fix ali ovaj put ni sekundu nije trajalo.trazio je restart,restartovao sam ga i dobio ovo sto sam kopirao.valjda ga je valjano odradio.

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Da, valjano je Smile

Kazi mi kakva je sada situacija?

offline
  • Pridružio: 01 Sep 2007
  • Poruke: 137

Napisano: 08 Apr 2014 21:13

komp je brzi kod podizanja,ali ostalo mi je "You may be a victim of software counterfeiting"
"This copy of Windows did not pass genuine Windows validation."

Dopuna: 08 Apr 2014 21:16

i jos nesto novo od kad smo krenuli ovaj poduhvat kod podizanja nemam dve opcije kod biranja WINDOWSA(particije) vec cetri,ali ne uspem ni da vidim koje su to ono odma nastavi iako sam pre imao 20 tak sekundi da izaberem.

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Prva stvar je to da ti Windows nije legalan, i tu ti ne mogu pomoci jer ne vodimo diskusiju o tome na forumu.

Oko druge stvari, da li si imao jedan sistem instaliran ili vise? Posto je dok smo cistili kompjuter intaliran Recovery Console radi sigurnosti. Ako zelis mozemo to obrisati.

Ko je trenutno na forumu
 

Ukupno su 1355 korisnika na forumu :: 31 registrovanih, 7 sakrivenih i 1317 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., Ageofloneliness, babaroga, bojcistv, darkangel, Dorcolac, FileFinder, GandorCC, Georgius, hatman, kinez88, kolle.the.kid, Marko Marković, MB120mm, Mixelotti, nebkv, Nemanja.M, nenaddz, oganj123, procesor, RJ, rodoljub, royst33, S2M, Skywhaler, Toper, vathra, VitezKoja, vladulns, YugoSlav, zlaya011