VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

IQIYI i u mě :(

https://forum.viry.cz:443/viewtopic.php?t=146108

Stránka 1 z 1

IQIYI i u mě :(

Napsal: 19 zář 2015 12:19
od kabu.kabu
Ahoj, dostal se mi do Pc při instalaci Divx10 IQIYI, je všude. Dle zamčeného návodu tady jsem vyčistil PC adwcleanerem, ale na combofix si netroufám. Mám Win10pro. u souborů ntusers mám ještě čínský znaky (c:/user/uzivatel/), a při otevírání mozilly mi vyskakuje explorer se znakama, kolikrát i sám od sebe. Potřeboval bych se toho nějak zbavit. A určitě se najdei další bordel z logů. Pomuže mi někdo?

Re: IQIYI i u mě :(

Napsal: 19 zář 2015 15:18
od Rudy
Zdravím!
Dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .

Re: IQIYI i u mě :(

Napsal: 19 zář 2015 19:41
od kabu.kabu
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:15-09-2015
Ran by Kabu (administrator) on KABU-PC (19-09-2015 20:40:00)
Running from C:\Users\Kabu\Desktop
Loaded Profiles: Kabu (Available Profiles: Kabu)
Platform: Windows 10 Pro (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Mozilla Corporation) F:\Programy\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(forum.viry.cz) C:\Users\Kabu\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634872 2015-08-18] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2583040 2009-09-21] (VIA)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-166581830-2194561497-2853095633-1000\...\Run: [RGSC] => C:\Users\Kabu\Desktop\Rockstar Games Social Club\RGSCLauncher.exe [306088 2008-12-12] (Take-Two Interactive Software, Inc.)
IFEO\AcroRd32.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\backitup.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\bttray.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\cdspeed.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\coverdes.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\drivespeed.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\dtlite.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\excel.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\frontpg.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\infotool.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\msoxmled.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\mspub.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\mstore.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\nero.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\nerohome.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\neromediahome.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\neroscoutoptions.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\nerostartsmart.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\nerovision.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\photosnap.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\photosnapviewer.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\powerpnt.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\recode.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\setupx.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\showtime.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\skype.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\soundtrax.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\tunngle.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\unins000.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\waveedit.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\winword.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Kabu\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll [2015-08-07] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Kabu\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll [2015-08-07] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Kabu\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll [2015-08-07] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [Fatlfn] -> {646BAAE7-7538-4866-8EEE-974C0AA910AB} => C:\ProgramData\abcaaacbbbcb.dll [2015-09-19] (wenjiqiwu)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Kabu\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\FileSyncShell.dll [2015-08-07] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Kabu\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\FileSyncShell.dll [2015-08-07] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Kabu\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\FileSyncShell.dll [2015-08-07] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Fatlfn] -> {646BAAE7-7538-4866-8EEE-974C0AA910AB} => C:\ProgramData\abcaaacbbbcb.dll [2015-09-19] (wenjiqiwu)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.111.128.254 10.77.1.1
Tcpip\..\Interfaces\{21DC9072-13BC-48D6-88AF-4F3879380547}: [DhcpNameServer] 7.254.254.254
Tcpip\..\Interfaces\{49b220e7-64a1-4439-a682-3b4fccc445f4}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{87698052-a285-4c79-a288-ac6cbae32dbd}: [DhcpNameServer] 10.111.128.254 10.77.1.1
Tcpip\..\Interfaces\{b15e2948-f798-4894-bda1-9c2c8572b228}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-166581830-2194561497-2853095633-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://windows.microsoft.com/cs-cz/hotmail/home?ocid=iehp
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-16] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-16] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-16] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-16] (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

FireFox:
========
FF ProfilePath: C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\wyw69jch.default
FF Homepage: hxxps://www.seznam.cz/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-12] ()
FF Plugin: @iqiyi.com/npclient -> C:\IQIYI Video\LStyle\npclient.dll [No File]
FF Plugin: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll [No File]
FF Plugin: @java.com/DTPlugin,version=10.13.2 -> C:\Windows\system32\npDeployJava1.dll [2013-02-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-16] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-16] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-08-17] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-08-17] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [No File]
FF Plugin-x32: Adobe Reader -> F:\Programy\Adobe reader 10\Reader\AIR\nppdf32.dll [2014-09-04] (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\wyw69jch.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-03-08]
StartMenuInternet: FIREFOX.EXE - F:\Programy\Mozilla Firefox\firefox.exe

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155192 2015-08-18] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 MSMQ; C:\Windows\system32\mqsvc.exe [26112 2015-08-07] (Microsoft Corporation)
S4 NBService; F:\Programy\Nero 7\Nero BackItUp\NBService.exe [724992 2006-10-09] (Nero AG) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-08-18] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544568 2015-08-18] (NVIDIA Corporation)
S4 SkypeUpdate; F:\Programy\Skype\Updater\Updater.exe [315496 2014-12-11] (Skype Technologies)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2118976 2011-11-18] (TuneUp Software)
S4 TunngleService; F:\Programy\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [36504 2015-06-22] (VIA Technologies, Inc.)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [84480 2015-08-07] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [578560 2015-08-07] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] () [File not signed]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14216 2011-07-29] () [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [8456 2011-07-29] () [File not signed]
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-09-15] (GFI Software)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [175104 2015-08-07] (Microsoft Corporation)
S3 netr28ux; C:\Windows\system32\DRIVERS\netr28ux.sys [2212496 2014-07-05] (MediaTek Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-08-18] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek )
R3 RtlWlanu; C:\Windows\System32\drivers\rtwlanu.sys [3772632 2015-07-10] (Realtek Semiconductor Corporation )
R3 tap0901t; C:\Windows\System32\drivers\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [117248 2011-02-22] (Microsoft Corporation) [File not signed]
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2011-11-08] (TuneUp Software)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
U3 idsvc; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-19 20:40 - 2015-09-19 20:40 - 00016587 _____ C:\Users\Kabu\Desktop\FRST.txt
2015-09-19 20:39 - 2015-09-19 20:40 - 00000000 ____D C:\FRST
2015-09-19 20:37 - 2015-09-19 20:39 - 00112640 _____ (forum.viry.cz) C:\Users\Kabu\Desktop\FRSTLauncher.exe
2015-09-19 20:34 - 2015-09-19 20:34 - 02191360 _____ (Farbar) C:\Users\Kabu\Desktop\FRST64.exe
2015-09-19 20:23 - 2015-09-19 20:23 - 00016148 _____ C:\WINDOWS\system32\KABU-PC_Kabu_HistoryPrediction.bin
2015-09-19 07:57 - 2015-09-19 20:24 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-19 03:42 - 2015-09-19 03:42 - 00000020 ___SH C:\Users\Kabu\ntuser.ini
2015-09-19 03:39 - 2015-09-19 12:46 - 00000000 ____D C:\AdwCleaner
2015-09-19 03:35 - 2015-09-19 03:38 - 01662976 _____ C:\Users\Kabu\Desktop\adwcleaner_5.008.exe
2015-09-19 03:35 - 2015-09-19 03:35 - 05635119 _____ (Swearware) C:\Users\Kabu\Downloads\ComboFix.exe
2015-09-19 03:02 - 2015-09-19 03:02 - 00000000 ___RD C:\Users\Kabu\3D Objects
2015-09-19 01:27 - 2015-09-19 01:27 - 00000686 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-09-19 01:27 - 2015-09-19 01:27 - 00000686 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-09-19 01:15 - 2015-09-19 01:15 - 00000004 _____ C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-09-19 01:12 - 2015-09-19 01:12 - 00000000 ____D C:\Users\Kabu\AppData\Roaming\Opera Software
2015-09-19 01:12 - 2015-09-19 01:12 - 00000000 ____D C:\Users\Kabu\AppData\Local\Opera Software
2015-09-19 01:11 - 2015-09-19 01:11 - 00443200 _____ (wenjiqiwu) C:\ProgramData\abcaaacbbbcb.dll
2015-09-19 01:11 - 2015-09-19 01:11 - 00000000 ____D C:\Users\Kabu\AppData\Roaming\WB_CFG
2015-09-19 01:11 - 2015-09-19 01:11 - 00000000 _____ C:\ProgramData\inf.dat
2015-09-19 01:10 - 2015-09-19 03:02 - 00000000 ____D C:\Users\Kabu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\7k7k游戏盒子(918)
2015-09-19 01:09 - 2015-09-19 01:09 - 00000000 ____D C:\Users\Public\QiYi
2015-09-09 00:19 - 2015-08-27 08:04 - 21874688 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-09-09 00:19 - 2015-08-27 07:55 - 24594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-09-09 00:19 - 2015-08-27 07:23 - 19324416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-09-09 00:19 - 2015-08-27 07:16 - 18806272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-09-09 00:18 - 2015-09-02 03:20 - 00077400 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-09-09 00:18 - 2015-09-02 02:25 - 03586560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-09-09 00:18 - 2015-09-02 02:25 - 01382912 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-09-09 00:18 - 2015-08-27 08:36 - 03620736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-09-09 00:18 - 2015-08-27 08:32 - 00608936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-09-09 00:18 - 2015-08-27 07:59 - 02880032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-09-09 00:18 - 2015-08-27 07:54 - 00541248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-09-09 00:18 - 2015-08-27 07:54 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-09-09 00:18 - 2015-08-27 07:51 - 02350592 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-09-09 00:18 - 2015-08-27 07:51 - 01774592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2015-09-09 00:18 - 2015-08-27 07:49 - 01008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-09-09 00:18 - 2015-08-27 07:47 - 12503552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-09-09 00:18 - 2015-08-27 07:43 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-09-09 00:18 - 2015-08-27 07:43 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-09-09 00:18 - 2015-08-27 07:42 - 00596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2015-09-09 00:18 - 2015-08-27 07:42 - 00578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-09-09 00:18 - 2015-08-27 07:42 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.PicturePassword.dll
2015-09-09 00:18 - 2015-08-27 07:42 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2015-09-09 00:18 - 2015-08-27 07:39 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-09-09 00:18 - 2015-08-27 07:23 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-09-09 00:18 - 2015-08-27 07:16 - 02153472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-09-09 00:18 - 2015-08-27 07:16 - 01612288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2015-09-09 00:18 - 2015-08-27 07:12 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-09-09 00:18 - 2015-08-27 07:12 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-09-09 00:18 - 2015-08-27 07:11 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2015-09-09 00:18 - 2015-08-27 07:11 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2015-09-09 00:18 - 2015-08-27 07:09 - 11262464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-09-09 00:18 - 2015-08-27 07:08 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-09-03 17:07 - 2015-09-03 17:12 - 98132478 _____ (Aslain ) C:\Users\Kabu\Downloads\Aslains_XVM_WoT_Modpack_Installer_v.4.6.1_910.exe
2015-09-01 20:46 - 2015-09-01 20:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE
2015-09-01 20:45 - 2015-09-01 20:46 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2015-09-01 20:45 - 2015-09-01 20:45 - 00000000 ____D C:\WINDOWS\SysWOW64\xlive
2015-08-29 19:58 - 2015-08-20 08:07 - 08019296 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-08-29 19:58 - 2015-08-20 08:06 - 00609592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-08-29 19:58 - 2015-08-20 08:02 - 22324656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-08-29 19:58 - 2015-08-20 07:26 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-08-29 19:58 - 2015-08-20 07:21 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2015-08-29 19:58 - 2015-08-20 07:16 - 20857848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-08-29 19:58 - 2015-08-20 07:13 - 02235904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-08-29 19:58 - 2015-08-18 09:56 - 02498808 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-08-29 19:58 - 2015-08-18 09:55 - 00373072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-08-29 19:58 - 2015-08-18 09:54 - 01396064 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-08-29 19:58 - 2015-08-18 09:27 - 01771592 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-08-29 19:58 - 2015-08-18 09:24 - 00963920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-08-29 19:58 - 2015-08-18 09:13 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2015-08-29 19:58 - 2015-08-18 09:13 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2015-08-29 19:58 - 2015-08-18 09:12 - 02225664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-08-29 19:58 - 2015-08-18 09:07 - 02226688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2015-08-29 19:58 - 2015-08-18 09:04 - 01234944 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2015-08-29 19:58 - 2015-08-18 09:04 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-08-29 19:58 - 2015-08-18 08:59 - 01294336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcnwiz.dll
2015-08-29 19:58 - 2015-08-18 08:59 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2015-08-29 19:58 - 2015-08-18 08:58 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2015-08-29 19:58 - 2015-08-18 08:58 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWCN.dll
2015-08-29 19:58 - 2015-08-18 08:58 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdWCN.dll
2015-08-29 19:58 - 2015-08-18 08:58 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnNetsh.dll
2015-08-29 19:58 - 2015-08-18 08:57 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2015-08-29 19:58 - 2015-08-18 08:56 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
2015-08-29 19:58 - 2015-08-18 08:55 - 02178560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-08-29 19:58 - 2015-08-18 08:54 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2015-08-29 19:58 - 2015-08-18 08:54 - 00247296 _____ C:\WINDOWS\system32\facecredentialprovider.dll
2015-08-29 19:58 - 2015-08-18 08:52 - 01888768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-08-29 19:58 - 2015-08-18 08:50 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-08-29 19:58 - 2015-08-18 08:49 - 01061888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2015-08-29 19:58 - 2015-08-18 08:49 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2015-08-29 19:58 - 2015-08-18 08:49 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2015-08-29 19:58 - 2015-08-18 08:36 - 01226752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wcnwiz.dll
2015-08-29 19:58 - 2015-08-18 08:35 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll
2015-08-29 19:58 - 2015-08-18 08:35 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdWCN.dll
2015-08-29 19:58 - 2015-08-18 08:34 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2015-08-29 19:58 - 2015-08-18 08:29 - 01593344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-08-29 19:58 - 2015-08-18 08:26 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2015-08-29 19:58 - 2015-08-18 06:44 - 00008847 _____ C:\WINDOWS\system32\ResPriHMImageList
2015-08-26 20:23 - 2015-08-26 22:58 - 2145115797 _____ C:\Users\Kabu\Downloads\Terminator-Genisys-cz-title-2015-720p.mkv
2015-08-25 22:47 - 2015-08-25 22:47 - 00002206 _____ C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2015-08-25 22:46 - 2015-08-17 23:43 - 00608048 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2015-08-25 22:42 - 2015-08-18 10:48 - 31515256 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2015-08-25 22:42 - 2015-08-18 10:48 - 24200312 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2015-08-25 22:42 - 2015-08-18 10:48 - 22992048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2015-08-25 22:42 - 2015-08-18 10:48 - 17559240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2015-08-25 22:42 - 2015-08-18 10:48 - 15294072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2015-08-25 22:42 - 2015-08-18 10:48 - 13916600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-08-25 22:42 - 2015-08-18 10:48 - 13828032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-08-25 22:42 - 2015-08-18 10:48 - 11272048 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2015-08-25 22:42 - 2015-08-18 10:48 - 11209376 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2015-08-25 22:42 - 2015-08-18 10:48 - 04245808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-08-25 22:42 - 2015-08-18 10:48 - 03987760 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2015-08-25 22:42 - 2015-08-18 10:48 - 01908528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6434181.dll
2015-08-25 22:42 - 2015-08-18 10:48 - 01556656 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6434181.dll
2015-08-25 22:42 - 2015-08-18 10:48 - 00945456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2015-08-25 22:42 - 2015-08-18 10:48 - 00908592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2015-08-25 22:42 - 2015-08-18 10:48 - 00903472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2015-08-25 22:42 - 2015-08-18 10:48 - 00870008 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2015-08-25 21:18 - 2015-08-11 06:52 - 00069416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2015-08-24 12:23 - 2015-08-24 12:30 - 00093675 _____ C:\Users\Kabu\Downloads\OPV_HPS_veteran_022012_v1(1).xls
2015-08-23 19:01 - 2015-08-13 06:22 - 02093056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2015-08-23 19:01 - 2015-08-13 06:20 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2015-08-23 19:01 - 2015-08-13 05:53 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2015-08-23 19:01 - 2015-08-11 12:04 - 04532304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-08-23 19:01 - 2015-08-11 12:04 - 02462648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-08-23 19:01 - 2015-08-11 12:04 - 01087296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-08-23 19:01 - 2015-08-11 12:03 - 00442208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2015-08-23 19:01 - 2015-08-11 12:02 - 00554744 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2015-08-23 19:01 - 2015-08-11 12:02 - 00292856 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2015-08-23 19:01 - 2015-08-11 12:02 - 00080720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2015-08-23 19:01 - 2015-08-11 11:52 - 00993104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2015-08-23 19:01 - 2015-08-11 11:50 - 01643872 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-08-23 19:01 - 2015-08-11 11:40 - 04048808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-08-23 19:01 - 2015-08-11 11:40 - 02151208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-08-23 19:01 - 2015-08-11 11:40 - 00918320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2015-08-23 19:01 - 2015-08-11 11:38 - 00454000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2015-08-23 19:01 - 2015-08-11 11:37 - 00243800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2015-08-23 19:01 - 2015-08-11 11:26 - 00845664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2015-08-23 19:01 - 2015-08-11 11:23 - 16706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-08-23 19:01 - 2015-08-11 11:21 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2015-08-23 19:01 - 2015-08-11 11:21 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2015-08-23 19:01 - 2015-08-11 11:20 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2015-08-23 19:01 - 2015-08-11 11:19 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2015-08-23 19:01 - 2015-08-11 11:18 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2015-08-23 19:01 - 2015-08-11 11:16 - 02416640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-08-23 19:01 - 2015-08-11 11:14 - 00404480 _____ C:\WINDOWS\system32\diagtrack_wininternal.dll
2015-08-23 19:01 - 2015-08-11 11:13 - 00413184 _____ C:\WINDOWS\system32\diagtrack_win.dll
2015-08-23 19:01 - 2015-08-11 11:11 - 02446336 _____ C:\WINDOWS\system32\InputService.dll
2015-08-23 19:01 - 2015-08-11 11:11 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2015-08-23 19:01 - 2015-08-11 11:10 - 00778752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2015-08-23 19:01 - 2015-08-11 11:10 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-08-23 19:01 - 2015-08-11 11:10 - 00293376 _____ C:\WINDOWS\system32\TextInputFramework.dll
2015-08-23 19:01 - 2015-08-11 11:09 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2015-08-23 19:01 - 2015-08-11 11:08 - 00893440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2015-08-23 19:01 - 2015-08-11 11:08 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2015-08-23 19:01 - 2015-08-11 11:07 - 01178112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-08-23 19:01 - 2015-08-11 11:07 - 00593920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-08-23 19:01 - 2015-08-11 11:07 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeParserTask.exe
2015-08-23 19:01 - 2015-08-11 11:06 - 07523328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-08-23 19:01 - 2015-08-11 11:06 - 02662400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2015-08-23 19:01 - 2015-08-11 11:05 - 03527168 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-08-23 19:01 - 2015-08-11 11:05 - 00996352 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-08-23 19:01 - 2015-08-11 11:05 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationGeofences.dll
2015-08-23 19:01 - 2015-08-11 11:05 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2015-08-23 19:01 - 2015-08-11 11:05 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPermissions.dll
2015-08-23 19:01 - 2015-08-11 11:05 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2015-08-23 19:01 - 2015-08-11 11:03 - 02558976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-08-23 19:01 - 2015-08-11 11:02 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2015-08-23 19:01 - 2015-08-11 11:02 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2015-08-23 19:01 - 2015-08-11 11:01 - 01334784 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-08-23 19:01 - 2015-08-11 11:00 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-08-23 19:01 - 2015-08-11 11:00 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncutil.dll
2015-08-23 19:01 - 2015-08-11 10:59 - 01106432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2015-08-23 19:01 - 2015-08-11 10:59 - 00642560 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll
2015-08-23 19:01 - 2015-08-11 10:59 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2015-08-23 19:01 - 2015-08-11 10:59 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tetheringclient.dll
2015-08-23 19:01 - 2015-08-11 10:58 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2015-08-23 19:01 - 2015-08-11 10:57 - 13024768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-08-23 19:01 - 2015-08-11 10:57 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2015-08-23 19:01 - 2015-08-11 10:51 - 01916928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-08-23 19:01 - 2015-08-11 10:51 - 01823232 _____ C:\WINDOWS\SysWOW64\InputService.dll
2015-08-23 19:01 - 2015-08-11 10:50 - 00420352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2015-08-23 19:01 - 2015-08-11 10:50 - 00200704 _____ C:\WINDOWS\SysWOW64\TextInputFramework.dll
2015-08-23 19:01 - 2015-08-11 10:50 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2015-08-23 19:01 - 2015-08-11 10:49 - 00586752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2015-08-23 19:01 - 2015-08-11 10:49 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-08-23 19:01 - 2015-08-11 10:48 - 00671232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2015-08-23 19:01 - 2015-08-11 10:47 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2015-08-23 19:01 - 2015-08-11 10:45 - 01820672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2015-08-23 19:01 - 2015-08-11 10:43 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-08-23 19:01 - 2015-08-11 10:42 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-08-23 19:01 - 2015-08-11 10:40 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-08-23 19:01 - 2015-08-11 10:40 - 01112064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-08-23 19:01 - 2015-08-11 10:39 - 00280576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-08-23 19:01 - 2015-08-11 10:38 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReInfo.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-19 20:33 - 2013-11-21 00:16 - 00000976 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-19 20:30 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-09-19 20:30 - 2012-03-07 22:08 - 00004192 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B7F5A213-945C-4928-A1F8-7783D54D5DE6}
2015-09-19 20:29 - 2012-04-06 17:29 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-09-19 20:23 - 2013-11-21 00:16 - 00000972 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-19 20:22 - 2015-08-07 10:24 - 00000000 ____D C:\ProgramData\NVIDIA
2015-09-19 20:22 - 2015-07-10 14:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-19 20:22 - 2015-05-28 23:10 - 00000375 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2015-09-19 13:45 - 2015-07-10 11:05 - 00131072 ___SH C:\WINDOWS\system32\config\BBI
2015-09-19 13:44 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\sru
2015-09-19 03:42 - 2015-08-07 10:30 - 00000000 ____D C:\Users\Kabu
2015-09-19 03:11 - 2014-04-15 19:43 - 00000000 ____D C:\Users\Kabu\AppData\Local\Unity
2015-09-19 02:57 - 2013-11-21 00:16 - 00000000 ____D C:\Program Files (x86)\Google
2015-09-19 02:54 - 2014-01-01 20:41 - 00000000 ____D C:\Users\Kabu\AppData\Roaming\TS3Client
2015-09-19 02:53 - 2012-11-29 23:24 - 00002224 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2015-09-19 01:29 - 2013-08-23 21:18 - 00000000 ____D C:\Users\Kabu\AppData\Roaming\Seznam.cz
2015-09-19 01:21 - 2015-07-10 14:20 - 00350072 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-09-17 23:28 - 2013-11-21 00:16 - 00004034 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-17 23:28 - 2013-11-21 00:16 - 00003802 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-16 23:43 - 2015-08-07 13:05 - 00000000 ____D C:\Users\Kabu\AppData\Local\Packages
2015-09-09 15:17 - 2015-07-10 18:05 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-09 15:17 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-09-09 13:42 - 2015-07-10 12:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-09-09 13:41 - 2013-08-15 19:41 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-09-09 13:41 - 2012-03-08 00:29 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-09-08 00:09 - 2012-07-18 12:18 - 00003160 _____ C:\WINDOWS\System32\Tasks\Adobe online aktualizační program
2015-09-07 23:30 - 2012-04-22 16:20 - 00040711 _____ C:\Users\Kabu\Desktop\Stavy.xlsx
2015-09-07 21:58 - 2015-08-15 13:33 - 00000147 _____ C:\Users\Kabu\Desktop\LOVE!!! Schovka!!.txt
2015-09-02 17:36 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\rescache
2015-09-02 13:54 - 2015-08-07 14:28 - 00000000 ____D C:\WINDOWS\Minidump
2015-09-02 13:54 - 2015-08-07 10:27 - 02030404 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-09-02 13:54 - 2015-07-10 18:02 - 00839086 _____ C:\WINDOWS\system32\perfh005.dat
2015-09-02 13:54 - 2015-07-10 18:02 - 00191414 _____ C:\WINDOWS\system32\perfc005.dat
2015-08-30 23:52 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-08-26 18:37 - 2012-03-07 20:30 - 134753440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-08-25 22:47 - 2012-05-23 13:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-08-25 22:45 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-08-25 21:19 - 2015-08-07 10:24 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-08-25 21:19 - 2013-09-20 19:15 - 00001450 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2015-08-24 01:50 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns

==================== Files in the root of some directories =======

2015-08-07 16:21 - 2015-08-07 16:21 - 0000000 _____ () C:\Program Files\Microsoft Security Client
2012-03-09 02:19 - 2012-03-09 02:19 - 0099384 _____ () C:\Users\Kabu\AppData\Roaming\inst.exe
2015-04-14 18:28 - 2015-04-14 18:28 - 0004387 _____ () C:\Users\Kabu\AppData\Roaming\iP8mT1vdxLANOLI1HtoC
2015-04-20 16:05 - 2015-04-20 16:05 - 1246720 _____ () C:\Users\Kabu\AppData\Roaming\iP8mT1vdxLANOLI1HtoC.exe
2002-08-29 19:33 - 2002-08-29 19:33 - 0319488 ____R () C:\Users\Kabu\AppData\Roaming\MafiaSetup.exe
2014-05-05 22:05 - 2014-05-05 22:05 - 0000023 _____ () C:\Users\Kabu\AppData\Roaming\MoZiLive.ini
2012-03-09 02:19 - 2012-03-09 02:19 - 0007859 _____ () C:\Users\Kabu\AppData\Roaming\pcouffin.cat
2012-03-09 02:19 - 2012-03-09 02:19 - 0001167 _____ () C:\Users\Kabu\AppData\Roaming\pcouffin.inf
2012-03-09 02:19 - 2012-03-09 02:19 - 0000034 _____ () C:\Users\Kabu\AppData\Roaming\pcouffin.log
2012-03-09 02:19 - 2012-03-09 02:19 - 0082816 _____ (VSO Software) C:\Users\Kabu\AppData\Roaming\pcouffin.sys
2012-03-09 02:19 - 2014-06-26 13:56 - 0000671 _____ () C:\Users\Kabu\AppData\Roaming\vso_ts_preview.xml
2012-08-16 17:03 - 2012-08-16 17:03 - 0003584 _____ () C:\Users\Kabu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-18 13:25 - 2014-02-18 13:25 - 0000001 _____ () C:\Users\Kabu\AppData\Local\llftool.4.40.agreement
2015-08-03 22:21 - 2015-08-03 22:21 - 0000218 _____ () C:\Users\Kabu\AppData\Local\recently-used.xbel
2012-03-09 04:06 - 2015-01-08 19:15 - 0007598 _____ () C:\Users\Kabu\AppData\Local\Resmon.ResmonCfg
2015-09-19 01:11 - 2015-09-19 01:11 - 0443200 _____ (wenjiqiwu) C:\ProgramData\abcaaacbbbcb.dll
2015-09-19 01:11 - 2015-09-19 01:11 - 0000000 _____ () C:\ProgramData\inf.dat
2012-09-16 22:58 - 2013-08-24 18:16 - 0000000 _____ () C:\ProgramData\LauncherAccess.dt

Files to move or delete:
====================
C:\ProgramData\abcaaacbbbcb.dll
C:\ProgramData\inf.dat


Some files in TEMP:
====================
C:\Users\Kabu\AppData\Local\Temp\7076.exe
C:\Users\Kabu\AppData\Local\Temp\DivX.Web.Player.Installer__8420_i1656193664_il316641.exe
C:\Users\Kabu\AppData\Local\Temp\DivXInstaller.exe
C:\Users\Kabu\AppData\Local\Temp\IQIYIsetup_spl004@kb037.exe
C:\Users\Kabu\AppData\Local\Temp\Opera_NI_stable.exe
C:\Users\Kabu\AppData\Local\Temp\ppstreamsetup_unfix.exe
C:\Users\Kabu\AppData\Local\Temp\qdsetup12.exe
C:\Users\Kabu\AppData\Local\Temp\qqpcmgr_v10.11.16575.227_8881494_Silence.exe
C:\Users\Kabu\AppData\Local\Temp\setup3.exe
C:\Users\Kabu\AppData\Local\Temp\sqlite3.dll
C:\Users\Kabu\AppData\Local\Temp\wgjiklit_533_setup.exe
C:\Users\Kabu\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Kabu\Desktop" je 12138 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000


==================== End Of Log ==============================

Re: IQIYI i u mě :(

Napsal: 19 zář 2015 20:10
od Rudy
Teď spusťte tuto utilitu:
Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

Re: IQIYI i u mě :(

Napsal: 19 zář 2015 20:20
od kabu.kabu
Jak jsem psal na začátku, to už jsem pouštěl včera (resp dnes ve 3 ráno). Nyní :
# AdwCleaner v5.008 - Logfile created 19/09/2015 at 21:15:23
# Updated 18/09/2015 by Xplode
# Database : 2015-09-17.3 [Server]
# Operating system : Windows 10 Pro (x64)
# Username : Kabu - KABU-PC
# Running from : C:\Users\Kabu\Desktop\adwcleaner_5.008.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [602 bytes] ##########

Re: IQIYI i u mě :(

Napsal: 19 zář 2015 20:21
od kabu.kabu
První spuštění adw:
# AdwCleaner v5.008 - Logfile created 19/09/2015 at 03:40:12
# Updated 18/09/2015 by Xplode
# Database : 2015-09-17.3 [Server]
# Operating system : Windows 10 Pro (x64)
# Username : Kabu - KABU-PC
# Running from : C:\Users\Kabu\Downloads\adwcleaner_5.008.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\IQIYI Video
[-] Folder Deleted : C:\Program Files (x86)\globalUpdate
[-] Folder Deleted : C:\Program Files (x86)\MyPC Backup
[-] Folder Deleted : C:\ProgramData\DeviceVM
[-] Folder Deleted : C:\ProgramData\ParetoLogic
[-] Folder Deleted : C:\ProgramData\StarApp
[-] Folder Deleted : C:\ProgramData\Fighters
[-] Folder Deleted : C:\ProgramData\IQIYI Video
[-] Folder Deleted : C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[-] Folder Deleted : C:\ProgramData\{8533ADFA-85F0-4dc1-946A-2A0BA58E78E3}
[-] Folder Deleted : C:\Users\Kabu\AppData\Local\Conduit
[-] Folder Deleted : C:\Users\Kabu\AppData\Local\globalUpdate
[-] Folder Deleted : C:\Users\Kabu\AppData\Local\Crossbrowse
[-] Folder Deleted : C:\Users\Kabu\AppData\Local\SysassistByHotWheel
[-] Folder Deleted : C:\Users\Kabu\AppData\LocalLow\adawaretb
[-] Folder Deleted : C:\Users\Kabu\AppData\LocalLow\Conduit
[-] Folder Deleted : C:\Users\Kabu\AppData\Roaming\DeviceVM
[-] Folder Deleted : C:\Users\Kabu\AppData\Roaming\DriverCure
[-] Folder Deleted : C:\Users\Kabu\AppData\Roaming\ExpressFiles
[-] Folder Deleted : C:\Users\Kabu\AppData\Roaming\EZDownloader
[-] Folder Deleted : C:\Users\Kabu\AppData\Roaming\goforfiles
[-] Folder Deleted : C:\Users\Kabu\AppData\Roaming\ParetoLogic
[-] Folder Deleted : C:\Users\Kabu\AppData\Roaming\SimpleFiles
[-] Folder Deleted : C:\Users\Kabu\AppData\Roaming\Fighters
[-] Folder Deleted : C:\Users\Kabu\AppData\Roaming\IQIYI Video
[-] Folder Deleted : C:\Users\Kabu\AppData\Roaming\ppslog
[-] Folder Deleted : C:\Users\Kabu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\???
[-] Folder Deleted : C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\ConduitCommon
[-] Folder Deleted : C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\ICQToolbarData
[-] Folder Deleted : C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\Extensions\{800B5000-A755-47E1-992B-48A1C1357F07}
[-] Folder Deleted : C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\Extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[-] Folder Deleted : C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\wyw69jch.default\adawaretb
[-] Folder Deleted : C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\wyw69jch.default\Extensions\aooac@gykoeo.org
[-] Folder Deleted : C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\wyw69jch.default\Extensions\ijsp0ei@ueiyooep.edu
[-] Folder Deleted : C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\wyw69jch.default\Extensions\AVJYFVOD75109374@HCDE39471360.com

***** [ Files ] *****

[-] File Deleted : C:\END
[-] File Deleted : C:\Users\Kabu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Goodgame Empire.lnk
[-] File Deleted : C:\Users\Kabu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\???PPS??.LNK
[-] File Deleted : C:\Users\Kabu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Goodgame Empire.lnk
[-] File Deleted : C:\Users\Kabu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\???PPS??.LNK
[-] File Deleted : C:\Users\Kabu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\???PPS??.LNK
[-] File Deleted : C:\Users\Kabu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\???PPS??.LNK
[-] File Deleted : C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\searchplugins\icqplugin-1.xml
[-] File Deleted : C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\searchplugins\icqplugin-2.xml
[-] File Deleted : C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\searchplugins\icqplugin-3.xml
[-] File Deleted : C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\searchplugins\icqplugin.gif
[-] File Deleted : C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\searchplugins\icqplugin.src
[-] File Deleted : C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\searchplugins\icqplugin.xml
[-] File Deleted : C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\Extensions\{285ACFBB-8E53-4feb-90E6-F02A128927F3}.xpi
[-] File Deleted : C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\user.js
[-] File Deleted : C:\WINDOWS\Sysnative\roboot64.exe

***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

[-] Task Deleted : Express FilesUpdate
[-] Task Deleted : GoforFilesUpdate
[-] Task Deleted : amiupdaterExd
[-] Task Deleted : amiupdaterExi

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\SMBarBroker.EXE
[-] Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
[-] Key Deleted : HKCU\Software\MozillaPlugins\@iqiyi.com/npWebPlayer
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@iqiyi.com/npWebPlayer
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@iqiyi.com/npclient
[-] Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [HCDNClient]
[-] Key Deleted : HKLM\SOFTWARE\Classes\qygameclient
[-] Key Deleted : HKLM\SOFTWARE\Classes\HCDNProxy
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\GEEPLAYER.DIR
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\APPLICATIONS\GEEPLAYER.EXE
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3A188115-B81B-48F2-A958-F974C8F3F309}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB4F6285-4C32-49F2-950F-A5998F9CEC6C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{085CB97F-6D0B-487D-B94C-E11A736C38CE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{307B3CDB-9EE3-4137-9D18-F9AD6537ECEB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CF3CDEFB-31BE-43AE-B064-B9C62C883259}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D96C1D26-5CDF-4506-9244-57233C3984DF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{78CE34FD-F6D4-4866-B79C-A37268D06A04}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{80904944-C726-4C7D-A452-3FFF2A882095}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B6360BD3-5CD0-40D3-BD87-DAFF37889F50}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E1D75F62-CBBD-45C7-9D1D-6B5ECEC2E006}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FB4F6285-4C32-49F2-950F-A5998F9CEC6C}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB4F6285-4C32-49F2-950F-A5998F9CEC6C}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FB4F6285-4C32-49F2-950F-A5998F9CEC6C}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E6A8DA1-1731-465B-B036-B9E16EF26CAC}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E6BE0FB-8B18-4DFC-959F-233651CC4D7F}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2E6A8DA1-2731-465B-B036-B9E16EF26CAC}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAC94FEE-45B4-4FD4-9EEA-D8978EC96C6E}
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{687578B9-7132-4A7A-80E4-30EE31099E03}]
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{085CB97F-6D0B-487D-B94C-E11A736C38CE}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5CD76C57-6893-478A-B776-47E7C82504BE}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{78CE34FD-F6D4-4866-B79C-A37268D06A04}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{80904944-C726-4C7D-A452-3FFF2A882095}
[-] Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
[-] Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E6A8DA1-1731-465B-B036-B9E16EF26CAC}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2E6A8DA1-2731-465B-B036-B9E16EF26CAC}
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
[-] Key Deleted : HKCU\Software\GlobalUpdate
[-] Key Deleted : HKCU\Software\OCS
[-] Key Deleted : HKCU\Software\ParetoLogic
[-] Key Deleted : HKCU\Software\SimpleFiles
[-] Key Deleted : HKCU\Software\WEDLMNGR
[-] Key Deleted : HKCU\Software\Crossbrowse
[-] Key Deleted : HKCU\Software\YorkNewCin
[-] Key Deleted : HKCU\Software\HighDefAction
[-] Key Deleted : HKCU\Software\ArenaHD
[-] Key Deleted : HKCU\Software\QyGameClient
[-] Key Deleted : HKCU\Software\PPStream
[-] Key Deleted : HKCU\Software\AppDataLow\SProtector
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
[-] Key Deleted : HKCU\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
[-] Key Deleted : HKCU\Software\AppDataLow\Software\QiYi
[-] Key Deleted : HKLM\SOFTWARE\AppDataLow\SOFTWARE\Crossrider
[-] Key Deleted : HKLM\SOFTWARE\AppDataLow\SOFTWARE\_CrossriderRegNamePlaceHolder_
[-] Key Deleted : HKLM\SOFTWARE\adawaretb
[-] Key Deleted : HKLM\SOFTWARE\Conduit
[-] Key Deleted : HKLM\SOFTWARE\ExpressFiles
[-] Key Deleted : HKLM\SOFTWARE\GoforFiles
[-] Key Deleted : HKLM\SOFTWARE\istartsurfSoftware
[-] Key Deleted : HKLM\SOFTWARE\ParetoLogic
[-] Key Deleted : HKLM\SOFTWARE\SimpleFiles
[-] Key Deleted : HKLM\SOFTWARE\SProtector
[-] Key Deleted : HKLM\SOFTWARE\Toolbar Cleaner
[-] Key Deleted : HKLM\SOFTWARE\YorkNewCin
[-] Key Deleted : HKLM\SOFTWARE\HighDefAction
[-] Key Deleted : HKLM\SOFTWARE\ArenaHD
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IQIYI Video
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PPStream
[!] Key Not Deleted : [x64] HKCU\Software\GlobalUpdate
[!] Key Not Deleted : [x64] HKCU\Software\OCS
[!] Key Not Deleted : [x64] HKCU\Software\ParetoLogic
[!] Key Not Deleted : [x64] HKCU\Software\SimpleFiles
[!] Key Not Deleted : [x64] HKCU\Software\WEDLMNGR
[!] Key Not Deleted : [x64] HKCU\Software\Crossbrowse
[!] Key Not Deleted : [x64] HKCU\Software\YorkNewCin
[!] Key Not Deleted : [x64] HKCU\Software\HighDefAction
[!] Key Not Deleted : [x64] HKCU\Software\ArenaHD
[!] Key Not Deleted : [x64] HKCU\Software\QyGameClient
[!] Key Not Deleted : [x64] HKCU\Software\PPStream
[-] Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
[-] Key Deleted : [x64] HKLM\SOFTWARE\YorkNewCin
[-] Key Deleted : [x64] HKLM\SOFTWARE\HighDefAction
[-] Key Deleted : [x64] HKLM\SOFTWARE\ArenaHD
[!] Key Not Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
[!] Key Not Deleted : HKU\S-1-5-21-166581830-2194561497-2853095633-1000\Software\AppDataLow\Software\Crossrider
[!] Key Not Deleted : HKU\S-1-5-21-166581830-2194561497-2853095633-1000\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
[!] Key Not Deleted : HKU\S-1-5-21-166581830-2194561497-2853095633-1000\Software\AppDataLow\Software\QiYi
[!] Key Not Deleted : HKU\S-1-5-18\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GLOBALUPDATE.EXE
[!] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
[!] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
[!] Key Not Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
[!] Key Not Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
[-] Data Restored : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[!] Key Not Deleted : HKU\S-1-5-21-166581830-2194561497-2853095633-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
[!] Key Not Deleted : HKU\S-1-5-21-166581830-2194561497-2853095633-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
[-] Data Restored : HKU\S-1-5-21-166581830-2194561497-2853095633-1000\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]

***** [ Web browsers ] *****

[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678..clientLogIsEnabled", false);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.BrowserCompStateIsOpen_129579220236217502", true);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.CTID", "CT2786678");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.CurrentServerDate", "11-11-2011");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.DSInstall", true);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.DialogsAlignMode", "LTR");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.DialogsGetterLastCheckTime", "Fri Nov 11 2011 20:30:08 GMT+0100");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.DownloadReferralCookieData", "");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.EMailNotifierPollDate", "Fri Nov 11 2011 20:29:47 GMT+0100");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.FeedLastCount5690698542593514850", 33);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.FeedPollDate2429156812186649977", "Fri Nov 11 2011 20:29:48 GMT+0100");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.FeedPollDate2429156813040823546", "Fri Nov 11 2011 20:29:47 GMT+0100");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.FeedPollDate2429156813130095866", "Fri Nov 11 2011 20:29:47 GMT+0100");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.FeedPollDate2429156813224203613", "Fri Nov 11 2011 20:29:47 GMT+0100");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.FeedPollDate2429156813230837251", "Fri Nov 11 2011 20:29:48 GMT+0100");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.FeedPollDate2429156813454291735", "Fri Nov 11 2011 20:29:48 GMT+0100");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.FeedPollDate2429156813729834876", "Fri Nov 11 2011 20:29:47 GMT+0100");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.FeedPollDate2429156813860870021", "Fri Nov 11 2011 20:29:48 GMT+0100");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.FeedPollDate2429156814264681793", "Fri Nov 11 2011 20:29:48 GMT+0100");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.FeedPollDate2429156814863075366", "Fri Nov 11 2011 20:29:48 GMT+0100");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.FeedPollDate2429156815257761081", "Fri Nov 11 2011 20:29:47 GMT+0100");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.FeedTTL2429156813040823546", 15);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.FeedTTL2429156813130095866", 10);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.FeedTTL2429156813454291735", 5);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.FeedTTL2429156814264681793", 5);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.FirstServerDate", "11-11-2011");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.FirstTime", true);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.FirstTimeFF3", true);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.FixPageNotFoundErrors", false);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.GroupingServerCheckInterval", 1440);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.HPInstall", false);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.HasUserGlobalKeys", true);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.Initialize", true);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.InitializeCommonPrefs", true);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.InstallationAndCookieDataSentCount", 1);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.InstallationType", "UnknownIntegration");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.InstalledDate", "Fri Nov 11 2011 20:29:47 GMT+0100");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.IsGrouping", false);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.IsInitSetupIni", true);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.IsMulticommunity", false);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.IsOpenThankYouPage", true);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.IsOpenUninstallPage", false);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.LanguagePackLastCheckTime", "Fri Nov 11 2011 20:31:46 GMT+0100");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.LanguagePackReloadIntervalMM", 1440);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.LastLogin_3.7.0.6", "Fri Nov 11 2011 20:29:57 GMT+0100");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.LatestVersion", "3.8.0.8");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.Locale", "en");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.MCDetectTooltipHeight", "83");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.MCDetectTooltipWidth", "295");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.MyStuffEnabledAtInstallation", true);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.OriginalFirstVersion", "3.7.0.6");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.SearchCaption", " ");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.SearchFromAddressBarIsInit", true);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q=");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.SearchInNewTabEnabled", true);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.SearchInNewTabIntervalMM", 1440);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.SearchInNewTabLastCheckTime", "Fri Nov 11 2011 20:29:57 GMT+0100");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.SendProtectorDataViaLogin", true);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.ServiceMapLastCheckTime", "Fri Nov 11 2011 20:29:36 GMT+0100");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.SettingsLastCheckTime", "Fri Nov 11 2011 20:29:36 GMT+0100");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.SettingsLastUpdate", "1314985690");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2786678&SearchSource=13");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.ThirdPartyComponentsLastCheck", "Fri Nov 11 2011 20:29:36 GMT+0100");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.ToolbarShrinkedFromSetup", false);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2786678");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.UserID", "UN34630677690794776");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.WeatherNetwork", "");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.WeatherPollDate", "Fri Nov 11 2011 20:29:51 GMT+0100");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.WeatherUnit", "C");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.alertChannelId", "1178763");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.backendstorage.pairingkey", "30423039434645334342303545314643384435344541353343393544453146354345413539374441");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.globalFirstTimeInfoLastCheckTime", "Fri Nov 11 2011 20:29:50 GMT+0100");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.homepageProtectorEnableByLogin", true);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.initDone", true);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.isAppTrackingManagerOn", true);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.myStuffEnabled", true);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.myStuffPublihserMinWidth", 400);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.myStuffServiceIntervalMM", 1440);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.revertSettingsEnabled", true);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.searchProtectorDialogDelayInSec", 10);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.searchProtectorEnableByLogin", true);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.testingCtid", "");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.toolbarAppMetaDataLastCheckTime", "Fri Nov 11 2011 20:29:39 GMT+0100");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2786678.toolbarContextMenuLastCheckTime", "Fri Nov 11 2011 20:30:33 GMT+0100");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392..clientLogIsEnabled", true);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.CTID", "CT2790392");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.CurrentServerDate", "5-11-2011");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.DSInstall", true);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.DialogsAlignMode", "LTR");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.DialogsGetterLastCheckTime", "Sat Nov 05 2011 12:57:51 GMT+0100");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.DownloadReferralCookieData", "");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.EMailNotifierPollDate", "Sat Nov 05 2011 12:57:51 GMT+0100");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.FeedLastCount129313977501788460", 138);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.FeedPollDate129313974171006416", "Sat Nov 05 2011 12:57:52 GMT+0100");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.FeedPollDate129313975698350231", "Sat Nov 05 2011 12:57:52 GMT+0100");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.FeedPollDate129313976370850190", "Sat Nov 05 2011 12:57:52 GMT+0100");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.FeedPollDate129313976648818968", "Sat Nov 05 2011 12:57:52 GMT+0100");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.FeedPollDate129313977444757117", "Sat Nov 05 2011 12:57:52 GMT+0100");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.FeedPollDate129313980389131455", "Sat Nov 05 2011 12:57:52 GMT+0100");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.FeedPollDate129313980655381977", "Sat Nov 05 2011 12:57:52 GMT+0100");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.FeedPollDate129313980886163259", "Sat Nov 05 2011 12:57:52 GMT+0100");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.FeedPollDate129313981234756535", "Sat Nov 05 2011 12:57:52 GMT+0100");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.FeedPollDate129313983226631720", "Sat Nov 05 2011 12:57:52 GMT+0100");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.FeedPollDate129313983607725691", "Sat Nov 05 2011 12:57:52 GMT+0100");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.FeedTTL129313974171006416", 10);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.FeedTTL129313977444757117", 15);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.FeedTTL129313980655381977", 5);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.FeedTTL129313981234756535", 5);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.FirstServerDate", "5-11-2011");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.FirstTime", true);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.FirstTimeFF3", true);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.FixPageNotFoundErrors", false);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.GroupingServerCheckInterval", 1440);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.HPInstall", false);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.HasUserGlobalKeys", true);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.Initialize", true);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.InitializeCommonPrefs", true);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.InstallationAndCookieDataSentCount", 1);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.InstallationType", "UnknownIntegration");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.InstalledDate", "Sat Nov 05 2011 12:57:51 GMT+0100");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.IsGrouping", false);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.IsInitSetupIni", true);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.IsMulticommunity", false);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.IsOpenThankYouPage", true);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.IsOpenUninstallPage", false);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.LanguagePackLastCheckTime", "Sat Nov 05 2011 12:57:52 GMT+0100");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.LanguagePackReloadIntervalMM", 1440);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.LastLogin_3.7.0.6", "Sat Nov 05 2011 12:57:53 GMT+0100");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.LatestVersion", "3.7.0.6");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.Locale", "en");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.MCDetectTooltipHeight", "83");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.MCDetectTooltipWidth", "295");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.MyStuffEnabledAtInstallation", true);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.OriginalFirstVersion", "3.7.0.6");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.SearchCaption", " ");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.SearchFromAddressBarIsInit", true);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&q=");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.SearchInNewTabEnabled", true);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.SearchInNewTabIntervalMM", 1440);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.SearchInNewTabLastCheckTime", "Sat Nov 05 2011 12:57:53 GMT+0100");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.SendProtectorDataViaLogin", true);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.ServiceMapLastCheckTime", "Sat Nov 05 2011 12:57:48 GMT+0100");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.SettingsLastCheckTime", "Sat Nov 05 2011 12:57:48 GMT+0100");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.SettingsLastUpdate", "1313478218");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2790392&SearchSource=13");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.ThirdPartyComponentsInterval", 504);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.ThirdPartyComponentsLastCheck", "Sat Nov 05 2011 12:57:48 GMT+0100");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.ThirdPartyComponentsLastUpdate", "1312887586");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.ToolbarShrinkedFromSetup", false);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2790392");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.UserID", "UN40737815923634686");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.WeatherNetwork", "");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.WeatherPollDate", "Sat Nov 05 2011 12:57:53 GMT+0100");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.WeatherUnit", "C");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.alertChannelId", "1182482");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.backendstorage.cbfirsttime", "536174204E6F7620303520323031312031323A35373A353520474D542B30313030");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.globalFirstTimeInfoLastCheckTime", "Sat Nov 05 2011 12:57:52 GMT+0100");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.homepageProtectorEnableByLogin", true);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.initDone", true);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.isAppTrackingManagerOn", true);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.myStuffEnabled", true);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.myStuffPublihserMinWidth", 400);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.myStuffServiceIntervalMM", 1440);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.revertSettingsEnabled", true);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.searchProtectorDialogDelayInSec", 10);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.searchProtectorEnableByLogin", true);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.testingCtid", "");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.toolbarAppMetaDataLastCheckTime", "Sat Nov 05 2011 12:57:51 GMT+0100");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CT2790392.toolbarContextMenuLastCheckTime", "Sat Nov 05 2011 12:57:53 GMT+0100");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1178763/1174448/CZ", "\"0\"");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1182482/1178159/CZ", "\"0\"");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2786678", "\"1313448428\"");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2790392", "\"1318881119\"");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "wVmmvqqOMqrv5xct1cJIHg==");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "0uSPYx+Kl2jpu8sJZMeHjw==");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "Dclc8oo4TTv7+mAkSlUSWg==");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "K4Vqu91uAzWURlxJRdXJOg==");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"07879643d3acc1:0\"");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.0.6", "\"6a637346d78ccc1:0\"");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2786678", "\"56fe0d15406c7b69464328b19c048ede\"");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2790392", "\"634553316085800000\"");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2786678&octid=CT2786678", "\"1314985691\"");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2790392&octid=CT2790392", "\"1313478218\"");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"1d81252562c31be757300e4205a85371\"");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Kabu\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\oaa64yyy.default\\conduitCommon\\modules\\3.7.0.6");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.7.0.6");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2790392,CT2786678");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2790392,CT2786678");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2790392,CT2786678");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Fri Nov 11 2011 20:29:47 GMT+0100");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.globalUserId", "7bfb1366-2c99-48fc-9588-e3a735aefb54");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sat Nov 05 2011 12:57:53 GMT+0100");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Fri Nov 11 2011 20:29:47 GMT+0100");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.notifications.locale", "");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 0);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri Nov 11 2011 20:29:37 GMT+0100");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.notifications.userId", "321474c1-7580-4c07-8b06-1d86eb0e4f1b");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.seznam.cz/");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("icqtoolbar.allowSendURL", false);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("icqtoolbar.engineVerified", false);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("icqtoolbar.geolastmodified", 1329137828);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("icqtoolbar.hiddenElements", "itb_options");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("icqtoolbar.history", "windows%207%20log%20as%20administratoracer%20f690gvm%20biosAcer%20F690GVM%20biosmafia%202%20joeova%20dobrodruzstvi%20instalacen%20vidia%20sliwinfast%209800gt[...]
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("icqtoolbar.icqgeo", 42);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("icqtoolbar.installTime", "1325865129");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("icqtoolbar.installsource", "1");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("icqtoolbar.newtab_most_visited_state", "1");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("icqtoolbar.newtab_recently_closed_state", "1");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("icqtoolbar.newtab_state", "1");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("icqtoolbar.numberOfSearches", 0);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("icqtoolbar.previousFFVersion", "9.0.1");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("icqtoolbar.skip_default_search", "no");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("icqtoolbar.suggestions", false);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("icqtoolbar.uniqueID", "132059676613205970061320597999968");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("icqtoolbar.usageStatstTimestamp", 1329652380);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("icqtoolbar.version", "1.4.3");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("icqtoolbar.voucherHideClicks", 0);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("icqtoolbar.voucherMoreLinkClicks", 0);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("icqtoolbar.voucherRedeemClicks", 0);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("icqtoolbar.voucherWasShown", 0);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("icqtoolbar.xmlEnableSuggestions", false);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("icqtoolbar.xmlLanguage", "cs");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\oaa64yyy.default\prefs.js] [Preference] Deleted : user_pref("keyword.URL", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.3&q=");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\wyw69jch.default\prefs.js] [Preference] Deleted : user_pref("CT3176921_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1363270562337,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\wyw69jch.default\prefs.js] [Preference] Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3176921&SearchSource=13&CUI=UN65182304224108470");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\wyw69jch.default\prefs.js] [Preference] Deleted : user_pref("Smartbar.ConduitSearchEngineList", "express-files Customized Web Search");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\wyw69jch.default\prefs.js] [Preference] Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3176921&SearchSource=2&CUI=UN65182304224108470&UM=UM_ID&q=");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\wyw69jch.default\prefs.js] [Preference] Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\wyw69jch.default\prefs.js] [Preference] Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3176921");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\wyw69jch.default\prefs.js] [Preference] Deleted : user_pref("aol_toolbar.default.homepage.check", false);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\wyw69jch.default\prefs.js] [Preference] Deleted : user_pref("aol_toolbar.default.search.check", false);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\wyw69jch.default\prefs.js] [Preference] Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\wyw69jch.default\prefs.js] [Preference] Deleted : user_pref("browser.search.defaultthis.engineName", "express-files Customized Web Search");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\wyw69jch.default\prefs.js] [Preference] Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.simplesearches.info/?pid=946&r=2013/08/24&hid=429746857&lg=EN&cc=CZ&unqvl=31&l=1&q=");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\wyw69jch.default\prefs.js] [Preference] Deleted : user_pref("browser.search.order.1", "WebSearch");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\wyw69jch.default\prefs.js] [Preference] Deleted : user_pref("browser.search.order.1,S", "WebSearch");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\wyw69jch.default\prefs.js] [Preference] Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\wyw69jch.default\prefs.js] [Preference] Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\wyw69jch.default\prefs.js] [Preference] Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\wyw69jch.default\prefs.js] [Preference] Deleted : user_pref("extensions.SSuun.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};(function(){try{if(window.opener&&window.self==window.top&&-1==document.cookie.ind[...]
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\wyw69jch.default\prefs.js] [Preference] Deleted : user_pref("extensions.UNRtJJ.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};new function(){var a=this;a.domain_storage=\"hxxp://xls.searchfun.in\";a.prefix=\[...]
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\wyw69jch.default\prefs.js] [Preference] Deleted : user_pref("keyword.URL", "hxxp://websearch.simplesearches.info/?pid=946&r=2013/08/24&hid=429746857&lg=EN&cc=CZ&unqvl=31&l=1&q=");
[-] [C:\Users\Kabu\AppData\Roaming\Mozilla\Firefox\Profiles\wyw69jch.default\prefs.js] [Preference] Deleted : user_pref("smartBar.searchInNewTabOwner", "CT3176921");

*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [66495 bytes] ##########

Re: IQIYI i u mě :(

Napsal: 19 zář 2015 21:20
od Rudy
OK. Otevřte poznámkový blok a zkopírujte do něj:
Start
IFEO\AcroRd32.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\backitup.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\bttray.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\cdspeed.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\coverdes.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\drivespeed.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\dtlite.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\excel.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\frontpg.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\infotool.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\msoxmled.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\mspub.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\mstore.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\nero.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\nerohome.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\neromediahome.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\neroscoutoptions.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\nerostartsmart.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\nerovision.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\photosnap.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\photosnapviewer.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\powerpnt.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\recode.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\setupx.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\showtime.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\skype.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\soundtrax.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\tunngle.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\unins000.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\waveedit.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\winword.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
ShellIconOverlayIdentifiers: [Fatlfn] -> {646BAAE7-7538-4866-8EEE-974C0AA910AB} => C:\ProgramData\abcaaacbbbcb.dll [2015-09-19] (wenjiqiwu)
C:\ProgramData\abcaaacbbbcb.dll
ShellIconOverlayIdentifiers-x32: [Fatlfn] -> {646BAAE7-7538-4866-8EEE-974C0AA910AB} => C:\ProgramData\abcaaacbbbcb.dll [2015-09-19] (wenjiqiwu)
FF Plugin: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll [No File]
C:\IQIYI Video
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [No File]
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath
C:\Users\Public\QiYi
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
C:\ProgramData\inf.dat
C:\Users\Kabu\AppData\Local\Temp
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Z logu:
Velikost slozky "C:\Users\Kabu\Desktop" je 12138 MB.
To je příliš mnoho a může to zpomalovat start systému. Vytvořte nový adrfesář v C:\Users\Kabu, do něhož přesuňte všechna data z plochy (kromě zástupců). Na ploch si pak pro snazší přístup dejte zástupce toho adresáře.

Re: IQIYI i u mě :(

Napsal: 19 zář 2015 23:54
od kabu.kabu
Fix jsem udělal ještě teď, plochu nechávám na zítra.

Fix result of Farbar Recovery Scan Tool (x64) Version:15-09-2015
Ran by Kabu (2015-09-20 00:45:58) Run:1
Running from C:\Users\Kabu\Desktop
Loaded Profiles: Kabu (Available Profiles: Kabu)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
IFEO\AcroRd32.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\backitup.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\bttray.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\cdspeed.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\coverdes.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\drivespeed.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\dtlite.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\excel.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\frontpg.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\infotool.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\msoxmled.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\mspub.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\mstore.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\nero.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\nerohome.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\neromediahome.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\neroscoutoptions.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\nerostartsmart.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\nerovision.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\photosnap.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\photosnapviewer.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\powerpnt.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\recode.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\setupx.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\showtime.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\skype.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\soundtrax.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\tunngle.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\unins000.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\waveedit.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\winword.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
ShellIconOverlayIdentifiers: [Fatlfn] -> {646BAAE7-7538-4866-8EEE-974C0AA910AB} => C:\ProgramData\abcaaacbbbcb.dll [2015-09-19] (wenjiqiwu)
C:\ProgramData\abcaaacbbbcb.dll
ShellIconOverlayIdentifiers-x32: [Fatlfn] -> {646BAAE7-7538-4866-8EEE-974C0AA910AB} => C:\ProgramData\abcaaacbbbcb.dll [2015-09-19] (wenjiqiwu)
FF Plugin: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll [No File]
C:\IQIYI Video
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [No File]
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath
C:\Users\Public\QiYi
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
C:\ProgramData\inf.dat
C:\Users\Kabu\AppData\Local\Temp
End
*****************

"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AcroRd32.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\backitup.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bttray.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\cdspeed.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\coverdes.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\drivespeed.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dtlite.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\excel.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\frontpg.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\infotool.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\msoxmled.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mspub.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mstore.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\nero.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\nerohome.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\neromediahome.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\neroscoutoptions.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\nerostartsmart.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\nerovision.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\photosnap.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\photosnapviewer.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\powerpnt.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\recode.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\setupx.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\showtime.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\skype.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\soundtrax.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\tunngle.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\unins000.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\waveedit.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\winword.exe" => key removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Fatlfn" => key removed successfully
"HKCR\CLSID\{646BAAE7-7538-4866-8EEE-974C0AA910AB}" => key removed successfully
C:\ProgramData\abcaaacbbbcb.dll => moved successfully
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Fatlfn" => key removed successfully
"HKCR\Wow6432Node\CLSID\{646BAAE7-7538-4866-8EEE-974C0AA910AB}" => key removed successfully
"HKLM\Software\MozillaPlugins\@iqiyi.com/npWebPlayer" => key removed successfully
"C:\IQIYI Video" => File/Folder not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9" => key removed successfully
idsvc => service removed successfully
wpcsvc => service removed successfully
C:\Users\Public\QiYi => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
C:\ProgramData\inf.dat => moved successfully

"C:\Users\Kabu\AppData\Local\Temp" folder move:

Could not move "C:\Users\Kabu\AppData\Local\Temp" => Scheduled to move on reboot.


Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-09-20 00:48:29)<=

C:\Users\Kabu\AppData\Local\Temp => moved successfully

==== End of Fixlog 00:48:32 ====

Re: IQIYI i u mě :(

Napsal: 20 zář 2015 09:47
od Rudy
Smazáno. Nastala nějaká změna?

Re: IQIYI i u mě :(

Napsal: 20 zář 2015 13:41
od kabu.kabu
Vypadá to vše ok. Už mi nenabíhá nesmyslná stránka, nespouští se mi nesmyslně iexplorer, a po přejetí ccleanrem už i koncovky souborů jsou smyslné a né rozsypaná rýže :) děkuji. Jinak i plochu sem dnes vykydal. Mám udělat ještě něco?

Re: IQIYI i u mě :(

Napsal: 20 zář 2015 15:57
od Rudy
Pokud je všechno v pořádku, je to vše.

Re: IQIYI i u mě :(

Napsal: 20 zář 2015 20:37
od kabu.kabu
Super, tak díky moc za pomoc.

Re: IQIYI i u mě :(

Napsal: 20 zář 2015 20:56
od Rudy
Rádo se stalo! :)
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz