2014-06-04, 15:45
Hello, first time poster here, I keep getting the same malware (I think this is what it's called.....I'm such a newbie!) on my computer. Some of the stuff I've seen just pop up in my browser. I get these little green circles with a line through it, prompting me to click on it (I don't, I just hover and it tells me it's from SmartShopping.com). I get barowwsoe2Save, BestSaveForYou and CasaleMedia (I copied them down exactly as I saw them). I then ran Spybot and it detected the barowwsoe2Save and got rid of it. Then I went to my browser options and removed the BestSaveForYou extension. All seems well!

Except the problem is, every week it all comes back again. I've kept the kids off the internet for a week to see if perhaps they are the ones that keep installing this stuff, but no. Every Tuesday I see the same things come up. Then I remove them all, all is well for a week, and then the cycle continues. What am I doing wrong? Is it possible that these things are set up to repeat every week? Or is that just crazy? It's just too much of a coincidence.

Would it help to just uninstall Firefox and reinstall it? Would that make all of this go away? I've been using Spybot for years and never once needed to even go on the forums (thankfully :o)), so I'm not sure where to start really. Should I contact Firefox?

Thank you for reading,


http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Security Check

Download Security Check by screen317 from here (http://screen317.spywareinfoforum.org/SecurityCheck.exe) or here (http://screen317.changelog.fr/SecurityCheck.exe).
Save it to your Desktop.

Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
A Notepad document should open automatically called checkup.txt; please post the contents of that document.


http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) aswMBR

Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) and save it to your desktop.

Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

When asked if you want to download Avast's virus definitions please select Yes.
Click Scan
Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.


http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Download Farbar Recovery Scan Tool (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/) and save to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click and select "Run as Administrator" to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply


In your next post please provide the following:

attach MBR.zip

2014-06-04, 20:03
Thank you for responding to my request! I just wanted to ask one thing before I proceed with all your steps below......is it ok to follow your steps AFTER I've already deleted the extension in Firefox and have already run a Spybot scan, which seems to have fixed everything for now? Or should I wait until next Tuesday (the day this seems to occur again) when it will probably all come back again?

2014-06-05, 06:07
Hi gigglepot,

Yes, it is alright to run these scans now. Although you did remove the FF extension, there are other parts of this infection on your computer that are probably not removed by just merely removing the extension causing the issue to reappear.

2014-06-05, 16:16
Here is the checkup.txt file:

2014-06-05, 19:01
I just wanted to add, thank you for taking the time to help me. Your instructions are amazingly written out, easy to follow, and complete!

2014-06-06, 06:13
Hi gigglepot,

I just wanted to add, thank you for taking the time to help me. Your instructions are amazingly written out, easy to follow, and complete!
You're welcome, and thanks for the kind words. We try and take some of the stress out of the whole ordeal by giving percise but easy to understand step by step directions.

All the logs are just what I needed to see. :bigthumb:


http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) P2P - (Peer to Peer)

I see you have/had P2P software uTorrent, FrostWire, Shareaza, Vuze installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections and possibly Identity Theft. It likely contributed to your current situation. This page (http://malwareremoval.com/p2pindex.php) will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall this now.

Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:

If you choose to not remove this programs please refrain from using it until we have finished cleaning your computer.


If you have chosen to not remove any of the P2P items listed above, just skip them in the next step also.

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye2_zpse2245433.png.html) Uninstall via Programs and Features

Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:

FrostWire 5.3.8
SW-Sustainer 1.80
uTorrentBar Toolbar
SW-Sustainer 1.80
uTorrentBar Toolbar
Vuze Remote Toolbar v8.5
Wincore MediaBar


http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) FRST Fix Script

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt

(Oberon Media ) C:\Program Files (x86)\GamesBar\update\SearchEngineProtection.exe
(Discordia, LTD) C:\Program Files (x86)\Shareaza Applications\MediaBar\Datamngr\datamngrUI.exe
HKLM-x32\...\Run: [DATAMNGR] => C:\Program Files (x86)\Shareaza Applications\MediaBar\Datamngr\datamngrUI.exe [1693120 2012-03-14] (Discordia, LTD)
HKU\S-1-5-21-179166284-1700762968-3849658672-1000\...\Run: [SearchEngineProtection] => C:\Program Files (x86)\GamesBar\update\SearchEngineProtection.exe [620480 2013-02-17] (Oberon Media )
HKU\S-1-5-21-179166284-1700762968-3849658672-1000\...\Run: [TBHostSupport] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Owner\AppData\Local\TBHostSupport\TBHostSupport.dll",DLLRunTBHostSupportPlugin <===== ATTENTION
AppInit_DLLs: C:\PROGRA~2\SHAREA~1\MediaBar\Datamngr\x64\datamngr.dll => C:\Program Files (x86)\Shareaza Applications\MediaBar\Datamngr\x64\datamngr.dll [1778584 2012-03-14] (Discordia, LTD)
AppInit_DLLs: C:\PROGRA~2\SHAREA~1\MediaBar\Datamngr\x64\IEBHO.dll => C:\Program Files (x86)\Shareaza Applications\MediaBar\Datamngr\x64\IEBHO.dll [1791384 2012-03-14] (Discordia, LTD)
AppInit_DLLs: C:\PROGRA~2\SW-BOO~1\ASSIST~2.DLL => C:\Program Files (x86)\SW-Booster\Assistant_x64.dll [4210176 2014-05-12] ()
AppInit_DLLs-x32: c:\progra~2\sharea~1\mediabar\datamngr\datamngr.dll => C:\Program Files (x86)\Shareaza Applications\MediaBar\Datamngr\datamngr.dll [1234880 2012-03-14] (Discordia, LTD)
AppInit_DLLs-x32: c:\progra~2\sharea~1\mediabar\datamngr\iebho.dll => C:\Program Files (x86)\Shareaza Applications\MediaBar\Datamngr\IEBHO.dll [1233816 2012-03-14] (Discordia, LTD)
AppInit_DLLs-x32: c:\progra~2\sw-boo~1\assist~1.dll => "c:\progra~2\sw-boo~1\assist~1.dll" File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe (Leader Technologies)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe (Leader Technologies
URLSearchHook: HKLM-x32 - (No Name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
URLSearchHook: HKLM-x32 - (No Name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No File
URLSearchHook: HKCU - (No Name) - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - No File
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=110&systemid=102&apn_dtid=BND102&apn_ptnrs=AG7&o=APN10646&apn_uid=0225276324554132&q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchTerms}&l=dis&o=CPDTDF
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=110&systemid=102&apn_dtid=BND102&apn_ptnrs=AG7&o=APN10646&apn_uid=0225276324554132&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD23} URL = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=3&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchTerms}&l=dis&o=CPDTDF
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=110&systemid=102&apn_dtid=BND102&apn_ptnrs=AG7&o=APN10646&apn_uid=0225276324554132&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD23} URL = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=3&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.eazytosearch.info/?l=1&q={searchTerms}&pid=724&r=2014/05/12&hid=17791081079239329585&lg=EN&cc=CA
BHO-x32: No Name - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - No File
BHO-x32: No Name - {0EEDB912-C5FA-486F-8334-57288578C627} - No File
BHO-x32: No Name - {11111111-1111-1111-1111-110011441193} - No File
BHO-x32: ExsttraSSaevinags - {2C236565-050C-9586-76E0-621F60838C79} - C:\ProgramData\ExsttraSSaevinags\1qC.dll ()
BHO-x32: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
BHO-x32: No Name - {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - No File
BHO-x32: No Name - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No File
BHO-x32: No Name - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
BHO-x32: No Name - {d48c9ead-f59f-4dea-ac97-7065fea79f42} - No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM-x32 - No Name - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
Toolbar: HKLM-x32 - Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - No Name - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No File
Toolbar: HKLM-x32 - No Name - {A531D99C-5A22-449b-83DA-872725C6D0ED} - No File
Toolbar: HKLM-x32 - No Name - {d48c9ead-f59f-4dea-ac97-7065fea79f42} - No File
Toolbar: HKLM-x32 - No Name - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - No Name - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "WebSearch");: user_pref("browser.search.order.1,S", "WebSearch");
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Task: {03E018AA-5DB7-4BDF-AD31-9C3A9C593481} - System32\Tasks\Dealply => C:\Users\Owner\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {115E6B96-E34D-42EA-B6F8-51A5D6B669DC} - System32\Tasks\da59223c => C:\Users\Owner\AppData\Local\Temp\\setup1892356880.exe <==== ATTENTION
Task: {1FE1297E-9315-4026-A9A3-FBB3481601FC} - System32\Tasks\6727a104 => C:\Users\Owner\AppData\Local\Temp\\setup845194372.exe <==== ATTENTION
Task: {289D4207-2D96-47E8-977A-86FEC4093B70} - System32\Tasks\69404464 => C:\Users\Owner\AppData\Local\Temp\\setup4099077816.exe <==== ATTENTION
Task: {5D3BD67D-E18C-4C69-880F-3AA95EE9BB4F} - System32\Tasks\2b9f7ef8 => C:\Users\Owner\AppData\Local\Temp\\setup731873016.exe <==== ATTENTION
Task: {638B6E17-94EB-4093-8C88-E7F472175258} - System32\Tasks\4ed51aa0 => C:\Users\Owner\AppData\Local\Temp\\setup437132832.exe <==== ATTENTION
Task: {64DD2E96-C4B8-4E18-8D36-72544739F6EA} - System32\Tasks\7bd04b60 => C:\Users\Owner\AppData\Local\Temp\\setup1191792352.exe <==== ATTENTION
Task: {7D0B3D9E-25EE-4A0B-B43D-6B5F093D6339} - System32\Tasks\471fc6a8 => C:\Users\Owner\AppData\Local\Temp\\setup307808808.exe <==== ATTENTION
Task: {81D7DFF0-DCCD-4A68-94B8-CF1F486BC97A} - System32\Tasks\ec1d7bd4 => C:\Users\Owner\AppData\Local\Temp\\setup3075893544.exe <==== ATTENTION
Task: {88AE72CE-71D6-4131-AAC3-DD3132F47178} - System32\Tasks\5cc16f94 => C:\Users\Owner\AppData\Local\Temp\\setup1291538448.exe <==== ATTENTION
Task: {A5F3EEBF-A2F2-4CA2-97BF-F62A92C9D09F} - System32\Tasks\7573361c => C:\Users\Owner\AppData\Local\Temp\\setup1085028764.exe <==== ATTENTION
Task: {BDFCE513-72FA-43AA-96EC-68300A8BDBC4} - System32\Tasks\41d9645c => C:\Users\Owner\AppData\Local\Temp\\setup3129333340.exe <==== ATTENTION
Task: {BF354FAF-7D5F-4066-BD2A-14D5157F5640} - System32\Tasks\1f76a5c0 => C:\Users\Owner\AppData\Local\Temp\\setup3937374996.exe <==== ATTENTION
Task: {C080B646-BD9B-40FC-BAE2-BF1F60742271} - System32\Tasks\4704 => Wscript.exe C:\Users\Owner\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {C618024F-EFC9-40F6-B730-576BC19782B2} - System32\Tasks\7f8539c4 => C:\Users\Owner\AppData\Local\Temp\\setup1253975832.exe <==== ATTENTION
Task: {D52AC9CD-3184-486A-9054-FA180CAC9F81} - System32\Tasks\48b0fc00 => C:\Users\Owner\AppData\Local\Temp\\setup4206617504.exe <==== ATTENTION
Task: {D716852E-1BCC-442D-93EE-82FE89FC7519} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: {D79E2D4D-4D56-43A2-A2B5-280DD23AE663} - System32\Tasks\c53ae644 => C:\Users\Owner\AppData\Local\Temp\\setup652597912.exe <==== ATTENTION
Task: C:\Windows\Tasks\Dealply.job => C:\Users\Owner\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.


http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) by Xplode and save to your Desktop.

Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Report button...a log file (AdwCleaner[R0].txt) will open in Notepad for review.
The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
Copy and paste the contents of that log file in your next reply.
A copy of all log files are saved in the C:\AdwCleaner folder which was created when running the tool.


http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Re-run Farbar Recovery Scan Tool it should be on your desktop.

Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

In your next post please provide the following:

new FRST.txt
Any change in performance?

2014-06-06, 20:22
Hello, the only one I'd like to keep is Vuze and also uTorrent which Vuze needs to operate.

I tried to uninstall Shareaza but even though it showed up in my program files, it wouldn't show up in my Programs and Features. So I had to reinstall it and then uninstall it. It seems to be gone now.

I tried to get rid of FrostWire but it too didn't show up in Programs and Features so I had to reinstall it and then uninstall it. Seems to be gone except I have a bunch of files left over on my Start button when I search for Frostwire. Not sure what they are. I tried to attach a Word document to show you but it said "error: invalid file".

SW Sustainer 1.80 was in my Programs and Features but would not delete. I got a RunDLL Error that says: There was a problem starting C:\Progra-2\SW-BOO-1/ASSIST-1.DLL The specific module cannot be found.

I couldn't uninstall the uTorrentBar Toolbar, I got the error message "Could not open INSTALL.LOG file".

I couldn't uninstall the YouTube Ad Blocker.......I double click on it and nothing happens.

I will wait to hear back from you before I continue with your previous instructions.

2014-06-06, 20:34
Hello, I continued on with your instructions. Here is the Fixlog.txt:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-06-2014
Ran by Owner at 2014-06-06 11:32:52 Run:1
Running from C:\Users\Owner\Desktop
Boot Mode: Normal

Content of fixlist:
(Oberon Media ) C:\Program Files (x86)\GamesBar\update\SearchEngineProtection.exe
(Discordia, LTD) C:\Program Files (x86)\Shareaza Applications\MediaBar\Datamngr\datamngrUI.exe
HKLM-x32\...\Run: [DATAMNGR] => C:\Program Files (x86)\Shareaza Applications\MediaBar\Datamngr\datamngrUI.exe [1693120 2012-03-14] (Discordia, LTD)
HKU\S-1-5-21-179166284-1700762968-3849658672-1000\...\Run: [SearchEngineProtection] => C:\Program Files (x86)\GamesBar\update\SearchEngineProtection.exe [620480 2013-02-17] (Oberon Media )
HKU\S-1-5-21-179166284-1700762968-3849658672-1000\...\Run: [TBHostSupport] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Owner\AppData\Local\TBHostSupport\TBHostSupport.dll",DLLRunTBHostSupportPlugin <===== ATTENTION
AppInit_DLLs: C:\PROGRA~2\SHAREA~1\MediaBar\Datamngr\x64\datamngr.dll => C:\Program Files (x86)\Shareaza Applications\MediaBar\Datamngr\x64\datamngr.dll [1778584 2012-03-14] (Discordia, LTD)
AppInit_DLLs: C:\PROGRA~2\SHAREA~1\MediaBar\Datamngr\x64\IEBHO.dll => C:\Program Files (x86)\Shareaza Applications\MediaBar\Datamngr\x64\IEBHO.dll [1791384 2012-03-14] (Discordia, LTD)
AppInit_DLLs: C:\PROGRA~2\SW-BOO~1\ASSIST~2.DLL => C:\Program Files (x86)\SW-Booster\Assistant_x64.dll [4210176 2014-05-12] ()
2014-06-06, 20:42
Ooops, I went to download AdwCleaner and instead of clicking on the blue download button, I clicked the big green one......which isn't AdwCleaner, it was Winzip Malware Protector. I realized my mistake when there was nothing that said AdwCleaner when it was running. I stopped the scan and deleted the program from Control Panel. Hope I didn't mess things up.

2014-06-06, 20:56
Here is the AdwCleaner[R0].txt file. The only thing I see that I'd want to keep is the Vuze and uTorrent programs. But if it's easier for you, I can always just reinstall it if I ever need it again. I see all those bad malware files that I was talking about in my original request!!!! :)

2014-06-06, 21:01
Here is the FRST.txt file:

2014-06-06 11:38 - 2014-06-06 11:52 - 00000000 ____D () C:\AdwCleaner
2014-06-06 11:37 - 2014-06-06 11:38 - 01333465 _____ () C:\Users\Owner\Desktop\AdwCleaner.exe
2014-06-06 11:36 - 2014-06-06 11:36 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Nico Mak Computing
2014-06-06 11:35 - 2014-06-06 11:36 - 04892480 _____ (WinZip International LLC ) C:\Users\Owner\Desktop\wzmp_8.exe
2014-06-06 11:32 - 2014-06-06 11:32 - 00000000 ____D () C:\Users\Owner\Desktop\FRST-OlderVersion
2014-06-06 11:25 - 2014-06-06 11:25 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1
2014-06-06 10:59 - 2014-06-06 11:03 - 21782824 _____ (FrostWire LLC) C:\Users\Owner\Desktop\frostwire-5.7.3.windows.exe
2014-06-06 07:32 - 2014-06-06 07:33 - 00000000 ____D () C:\Users\Owner\AppData\Local\{C0493E59-F699-492A-9327-20733DB7DD0F}
2014-06-05 19:31 - 2014-06-05 19:31 - 00000000 ____D () C:\Users\Owner\AppData\Local\{2E19225A-29C1-4F94-B291-B41B1AD5FD56}
2014-06-05 09:50 - 2014-06-05 09:50 - 00053382 _____ () C:\Users\Owner\Desktop\Addition.txt
2014-06-05 09:48 - 2014-06-06 11:59 - 00030689 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-06-05 09:48 - 2014-06-06 11:59 - 00000000 ____D () C:\FRST
2014-06-05 09:47 - 2014-06-06 11:32 - 02072576 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2014-06-05 09:41 - 2014-06-05 09:41 - 00000526 _____ () C:\Users\Owner\Desktop\MBR.zip
2014-06-05 09:38 - 2014-06-05 09:38 - 00001988 _____ () C:\Users\Owner\Desktop\aswMBR.txt
2014-06-05 09:38 - 2014-06-05 09:38 - 00000512 _____ () C:\Users\Owner\Desktop\MBR.dat
2014-06-05 07:31 - 2014-06-05 07:31 - 00000000 ____D () C:\Users\Owner\AppData\Local\{CE4BE556-A269-4B46-B2A0-BF8D5B0DD392}
2014-06-05 07:16 - 2014-06-05 07:17 - 04745728 _____ (AVAST Software) C:\Users\Owner\Desktop\aswMBR.exe
2014-06-05 06:50 - 2014-06-05 06:50 - 00854367 _____ () C:\Users\Owner\Desktop\SecurityCheck.exe
2014-06-04 19:30 - 2014-06-04 19:30 - 00000000 ____D () C:\Users\Owner\AppData\Local\{C40631FE-151A-4518-8AD2-3913078B88E4}
2014-06-04 07:30 - 2014-06-04 07:30 - 00000000 ____D () C:\Users\Owner\AppData\Local\{2B5A88CC-9725-498E-90F5-2D2EB34CA220}
2014-06-04 05:47 - 2014-06-04 05:47 - 00000000 ____D () C:\Program Files (x86)\DowwnnSave
2014-06-03 19:28 - 2014-06-03 19:29 - 00000000 ____D () C:\Users\Owner\AppData\Local\{29CF0931-C75A-4839-9CA4-56BFFE6556D9}
2014-06-03 07:28 - 2014-06-03 07:28 - 00000000 ____D () C:\Users\Owner\AppData\Local\{604AB371-F7BD-4901-A66B-1AF810A85907}
2014-06-02 19:26 - 2014-06-02 19:27 - 00000000 ____D () C:\Users\Owner\AppData\Local\{3EE7FAEA-2474-4165-BD97-42661D3CA557}
2014-06-02 15:34 - 2014-06-05 06:38 - 00000000 ____D () C:\ProgramData\DowwnnSave
2014-06-02 07:25 - 2014-06-02 07:26 - 00000000 ____D () C:\Users\Owner\AppData\Local\{D1607A7F-0113-4467-976A-8A1AC4E9DD3B}
2014-06-01 19:24 - 2014-06-01 19:24 - 00000000 ____D () C:\Users\Owner\AppData\Local\{1C3DF919-F2B8-4E13-A821-A882F978CEC3}
2014-06-01 07:24 - 2014-06-01 07:24 - 00000000 ____D () C:\Users\Owner\AppData\Local\{AED18456-BE67-458D-93CB-46F35D81AA4C}
2014-05-31 19:09 - 2014-05-31 19:09 - 00000000 ____D () C:\Users\Owner\AppData\Local\{9D79D805-C73B-4F34-A6C2-ABABC6E5B642}
2014-05-31 07:09 - 2014-05-31 07:09 - 00000000 ____D () C:\Users\Owner\AppData\Local\{20306CD0-446B-411D-A959-1EA045D81C90}
2014-05-30 18:26 - 2014-05-30 18:26 - 00000000 ____D () C:\Users\Owner\AppData\Local\{68117BCC-A943-46E0-8069-7FDF5D175892}
2014-05-30 06:25 - 2014-05-30 06:26 - 00000000 ____D () C:\Users\Owner\AppData\Local\{466C8583-F82A-4F11-AF2E-5B22AD9F4573}
2014-05-29 18:19 - 2014-05-29 18:19 - 00000000 ____D () C:\Users\Owner\AppData\Local\{2C5CCA4D-18BC-4FFB-A6EF-054B88A99ED0}
2014-05-29 06:19 - 2014-05-29 06:19 - 00000000 ____D () C:\Users\Owner\AppData\Local\{11C136DC-26FF-45D3-900F-9635ADFC664D}
2014-05-28 10:18 - 2014-05-28 10:18 - 00000000 ____D () C:\Users\Owner\AppData\Local\{FF584924-6D5E-4A65-9610-BE980FF899BC}
2014-05-27 22:17 - 2014-05-27 22:17 - 00000000 ____D () C:\Users\Owner\AppData\Local\{49487722-3423-4531-853B-2BEB4B947E88}
2014-05-27 10:17 - 2014-05-27 10:17 - 00000000 ____D () C:\Users\Owner\AppData\Local\{E636AAC6-6DB0-4BCE-983D-18896D512C0F}
2014-05-27 06:30 - 2014-05-27 06:30 - 00000000 ____D () C:\Program Files (x86)\AlllCheapPriceo
2014-05-26 22:15 - 2014-05-26 22:16 - 00000000 ____D () C:\Users\Owner\AppData\Local\{F614D58E-DEE8-4744-AF3D-6C80AD404E2F}
2014-05-26 10:15 - 2014-05-26 10:15 - 00000000 ____D () C:\Users\Owner\AppData\Local\{00528024-D568-4FBE-9A42-7603CFA7B964}
2014-05-25 22:14 - 2014-05-25 22:14 - 00000000 ____D () C:\Users\Owner\AppData\Local\{033192FA-06D2-4C65-B9B9-464B619F57FA}
2014-05-25 20:34 - 2014-05-27 07:09 - 00000000 ____D () C:\ProgramData\AlllCheapPriceo
2014-05-25 20:34 - 2014-05-25 20:34 - 00000000 ____D () C:\Users\Owner\AppData\Local\Packages
2014-05-25 10:13 - 2014-05-25 10:13 - 00000000 ____D () C:\Users\Owner\AppData\Local\{24ECC140-1B93-42FB-B90F-138A987A6510}
2014-05-24 22:12 - 2014-05-24 22:12 - 00000000 ____D () C:\Users\Owner\AppData\Local\{3D3D4CE4-D0E2-4B0F-982E-9BAE798B09F7}
2014-05-24 10:12 - 2014-05-24 10:12 - 00000000 ____D () C:\Users\Owner\AppData\Local\{95180C63-5AB3-4C33-A5A5-B4825658850E}
2014-05-23 22:10 - 2014-05-23 22:11 - 00000000 ____D () C:\Users\Owner\AppData\Local\{2AC94C97-C269-4D12-B7A9-94E3DD1F2E0D}
2014-05-23 10:08 - 2014-05-23 10:09 - 00000000 ____D () C:\Users\Owner\AppData\Local\{CBAF96A7-23B5-47DE-931C-8A167E6F43D5}
2014-05-22 22:08 - 2014-05-22 22:08 - 00000000 ____D () C:\Users\Owner\AppData\Local\{06F2177B-C1F2-43D6-BA0B-19953DCE521C}
2014-05-22 10:08 - 2014-05-22 10:08 - 00000000 ____D () C:\Users\Owner\AppData\Local\{86A85726-B26D-4F8A-A3ED-E0050F478F82}
2014-05-22 06:40 - 2014-05-22 06:47 - 00000000 ____D () C:\ProgramData\NNextCoUp
2014-05-22 06:40 - 2014-05-22 06:40 - 02116320 _____ (their database support use requirements) C:\Windows\SysWOW64\setup.exe
2014-05-22 06:40 - 2014-05-22 06:40 - 00000000 ____D () C:\Program Files (x86)\NNextCoUp
2014-05-21 21:08 - 2014-05-21 21:09 - 00000000 ____D () C:\Users\Owner\AppData\Local\{1317234D-FDC9-4213-87CE-5759602D9B2D}
2014-05-21 09:08 - 2014-05-21 09:08 - 00000000 ____D () C:\Users\Owner\AppData\Local\{49300874-9A7E-4A27-A679-C2ED06036B19}
2014-05-20 21:07 - 2014-05-20 21:07 - 00000000 ____D () C:\Users\Owner\AppData\Local\{06C903EE-65AD-4FF9-AF4F-81D53CD84A60}
2014-05-20 09:06 - 2014-05-20 09:07 - 00000000 ____D () C:\Users\Owner\AppData\Local\{4ABE8DD2-E557-4C65-9B50-0BB27C593F9C}
2014-05-19 21:05 - 2014-05-19 21:05 - 00000000 ____D () C:\Users\Owner\AppData\Local\{A175EE99-9B6C-457A-B971-9E455076AC94}
2014-05-19 09:34 - 2014-05-19 09:34 - 00000000 ____D () C:\ProgramData\ExsttraSSaevinags
2014-05-19 09:04 - 2014-05-19 09:04 - 00000000 ____D () C:\Users\Owner\AppData\Local\{C283611C-4599-460A-B945-0BA443120110}
2014-05-18 21:03 - 2014-05-18 21:03 - 00000000 ____D () C:\Users\Owner\AppData\Local\{75F24BEB-34ED-481F-9505-48A67581FC7E}
2014-05-18 09:03 - 2014-05-18 09:03 - 00000000 ____D () C:\Users\Owner\AppData\Local\{91FA3E2F-DAF3-4677-BFDD-26CE80B99A61}
2014-05-17 21:01 - 2014-05-17 21:02 - 00000000 ____D () C:\Users\Owner\AppData\Local\{E92B2B6A-CBD1-4948-9247-ACD9C9A3E4B2}
2014-05-17 09:01 - 2014-05-17 09:01 - 00000000 ____D () C:\Users\Owner\AppData\Local\{E6848EF9-39D0-4D93-837C-50A431189EE4}
2014-05-16 21:01 - 2014-05-16 21:01 - 00000000 ____D () C:\Users\Owner\AppData\Local\{60338534-BDD6-466B-88CE-EBF7DD9482A4}
2014-05-16 09:00 - 2014-05-16 09:00 - 00000000 ____D () C:\Users\Owner\AppData\Local\{AFD1BB76-ED2B-4FEB-BF74-567D4DAA94A0}
2014-05-15 22:17 - 2014-05-05 18:46 - 17847808 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 22:17 - 2014-05-05 18:21 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 22:17 - 2014-05-05 18:21 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 22:17 - 2014-05-05 17:32 - 12347392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 22:17 - 2014-05-05 17:14 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 22:17 - 2014-05-05 17:14 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 20:58 - 2014-05-15 20:59 - 00000000 ____D () C:\Users\Owner\AppData\Local\{8D511BB9-9E9F-4AFA-9A58-6A7EA8EDA252}
2014-05-15 08:57 - 2014-05-15 08:58 - 00000000 ____D () C:\Users\Owner\AppData\Local\{D56D26A9-5717-4CAD-8EB0-5516A9148322}
2014-05-15 07:15 - 2014-05-09 00:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-15 07:15 - 2014-05-09 00:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-15 07:15 - 2014-03-24 20:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 07:15 - 2014-03-24 20:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-15 07:06 - 2014-04-11 20:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 07:06 - 2014-04-11 20:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 07:06 - 2014-04-11 20:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 07:06 - 2014-04-11 20:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 07:06 - 2014-04-11 20:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 07:06 - 2014-04-11 20:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 07:06 - 2014-04-11 20:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-15 07:06 - 2014-04-11 20:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-15 07:06 - 2014-04-11 20:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-15 07:06 - 2014-03-04 03:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 07:06 - 2014-03-04 03:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 07:06 - 2014-03-04 03:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 07:06 - 2014-03-04 03:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 07:06 - 2014-03-04 03:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 07:06 - 2014-03-04 03:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 07:06 - 2014-03-04 03:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 07:06 - 2014-03-04 03:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 07:06 - 2014-03-04 03:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-15 07:06 - 2014-03-04 03:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 07:06 - 2014-03-04 03:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-15 07:06 - 2014-03-04 03:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-15 07:06 - 2014-03-04 03:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-15 07:06 - 2014-03-04 03:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-15 07:06 - 2014-03-04 03:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 07:06 - 2014-03-04 03:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-15 07:06 - 2014-03-04 03:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-15 07:06 - 2014-03-04 03:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-15 07:06 - 2014-03-04 03:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-15 07:06 - 2014-03-04 03:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-15 07:06 - 2014-03-04 03:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-15 07:06 - 2014-03-04 03:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-15 07:06 - 2014-03-04 03:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-15 07:06 - 2014-03-04 03:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-15 07:06 - 2014-03-04 03:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-15 07:06 - 2014-03-04 03:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-15 07:06 - 2014-03-04 03:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-15 07:06 - 2014-03-04 03:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-15 07:06 - 2014-03-04 03:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-15 07:06 - 2014-03-04 03:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-15 07:06 - 2014-03-04 03:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-15 07:06 - 2014-03-04 03:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-15 07:00 - 2014-05-15 10:44 - 00000000 ____D () C:\Program Files\KMSpico
2014-05-15 07:00 - 2014-05-15 10:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2014-05-15 06:50 - 2014-05-22 06:41 - 00000000 ____D () C:\ProgramData\save neT
2014-05-15 06:50 - 2014-05-15 06:50 - 00000000 ____D () C:\Program Files (x86)\save neT
2014-05-15 06:42 - 2014-05-15 06:42 - 00000000 ____D () C:\ProgramData\saave net
2014-05-15 06:42 - 2014-05-15 06:42 - 00000000 ____D () C:\Program Files (x86)\saave net
2014-05-14 20:56 - 2014-05-14 20:56 - 00000000 ____D () C:\Users\Owner\AppData\Local\{94334CB5-5697-4C66-B936-B5A00A623129}
2014-05-14 08:55 - 2014-05-14 08:55 - 00000000 ____D () C:\Users\Owner\AppData\Local\{463C2A97-F156-4716-ADF2-F3C7CE673233}
2014-05-13 20:55 - 2014-05-13 20:55 - 00000000 ____D () C:\Users\Owner\AppData\Local\{DE1E6D13-0D11-4D72-8331-DF365C6EA668}
2014-05-13 08:54 - 2014-05-13 08:55 - 00000000 ____D () C:\Users\Owner\AppData\Local\{64AD5AC0-DC7C-4E64-9037-0CA6ECA6F1F6}
2014-05-12 20:53 - 2014-05-12 20:53 - 00000000 ____D () C:\Users\Owner\AppData\Local\{F85EA4EA-0331-4F9B-8BA8-406FF4201D81}
2014-05-12 12:16 - 2014-05-12 12:16 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\EZDownloader
2014-05-12 12:15 - 2014-05-15 06:28 - 00000000 ____D () C:\ProgramData\SeaRuCH-uNEowTab
2014-05-12 12:15 - 2014-05-12 12:15 - 00000000 ____D () C:\Program Files (x86)\SeaRuCH-uNEowTab
2014-05-12 12:13 - 2014-05-12 12:13 - 00000000 ____D () C:\ProgramData\saavee onett
2014-05-12 12:13 - 2014-05-12 12:13 - 00000000 ____D () C:\Program Files (x86)\saavee onett
2014-05-12 12:07 - 2014-05-12 12:07 - 00000000 ____D () C:\ProgramData\ItsMyApp
2014-05-12 12:06 - 2014-05-31 14:03 - 00000000 ____D () C:\Program Files (x86)\SW-Booster
2014-05-12 12:04 - 2014-05-22 10:48 - 00000000 ____D () C:\ProgramData\YoutubeAdblocker
2014-05-12 12:04 - 2014-05-14 06:33 - 00000000 ____D () C:\ProgramData\SAve net
2014-05-12 12:04 - 2014-05-12 12:04 - 00000000 ____D () C:\Program Files (x86)\YoutubeAdblocker
2014-05-12 12:04 - 2014-05-12 12:04 - 00000000 ____D () C:\Program Files (x86)\SAve net
2014-05-12 12:03 - 2014-06-04 05:47 - 00000000 ____D () C:\ProgramData\e13406c655b61ee0
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Owner\AppData\Local\Torch
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Owner\AppData\Local\Comodo
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Owner\AppData\Local\Chromatic Browser
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Guest
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Administrator
2014-05-12 12:01 - 2014-05-15 06:53 - 00000000 ____D () C:\ProgramData\InstallMate
2014-05-12 08:52 - 2014-05-12 08:52 - 00000000 ____D () C:\Users\Owner\AppData\Local\{7BB7E929-4BCE-4E18-B276-E67CA6EF034E}
2014-05-11 20:50 - 2014-05-11 20:51 - 00000000 ____D () C:\Users\Owner\AppData\Local\{1604A5B1-FD4F-486F-B347-C02083A8F075}
2014-05-11 08:50 - 2014-05-11 08:50 - 00000000 ____D () C:\Users\Owner\AppData\Local\{17DED07C-3454-47F0-8771-38C3DD9FD37C}
2014-05-10 20:50 - 2014-05-10 20:50 - 00000000 ____D () C:\Users\Owner\AppData\Local\{0A3770AA-82C7-41CD-B738-19C715022F10}
2014-05-10 09:59 - 2014-05-10 09:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-10 08:49 - 2014-05-10 08:49 - 00000000 ____D () C:\Users\Owner\AppData\Local\{341FE5A2-B22E-441E-BAEE-E317F66C0BAD}
2014-05-09 20:49 - 2014-05-09 20:49 - 00000000 ____D () C:\Users\Owner\AppData\Local\{9B39FF85-C47D-4EC3-98D6-A3BD01E4A7A5}
2014-05-09 08:48 - 2014-05-09 08:49 - 00000000 ____D () C:\Users\Owner\AppData\Local\{56141157-A8C2-4264-8AFF-E8232915E7FA}
2014-05-08 20:48 - 2014-05-08 20:48 - 00000000 ____D () C:\Users\Owner\AppData\Local\{646E5B60-DD6C-4C26-94A3-0893CAE2FDE7}
2014-05-08 08:47 - 2014-05-08 08:48 - 00000000 ____D () C:\Users\Owner\AppData\Local\{3C5AA9A2-6511-4087-9D19-6ACF3FC17A90}
2014-05-07 20:46 - 2014-05-07 20:47 - 00000000 ____D () C:\Users\Owner\AppData\Local\{708DB77E-A2CE-4D0F-A821-B520227C313C}
2014-05-07 08:46 - 2014-05-07 08:46 - 00000000 ____D () C:\Users\Owner\AppData\Local\{4FD3D5B2-E242-47AE-86FB-F3A70322FF2F}

Too long again, I'll post Part 2 next.....

2014-06-06, 21:02
Here is Part 2 of the FRST.txt file:

2014-06-06, 21:06
I completed all the steps. I cannot really comment on whether performance has improved because I probably won't see any difference until Tuesday (sounds strange but the malware seems to come back on Tuesdays).

2014-06-07, 04:46
Hi gigglepot,

You're doing fine. :bigthumb:

Since you would like to keep Vuze & uTorrent you will have to locate all entries on your next pass of AdwCleaner and make sure they are not selected for removal.

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Re- run AdwCleaner

It should be on your desktop

Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

Click on the Scan button.
AdwCleaner will begin to scan your computer like it did before.
After the scan has finished...
Click each tab and remove the check mark from the items you wish to keep.
Then click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.
Copy and paste the contents of that log file in your next reply.
A copy of that log file will also be saved in the C:\AdwCleaner folder.


http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) OTL
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) and save it to your desktop.

Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Under Custom Scan paste this in

%systemroot%\*. /rp /s
%USERPROFILE%\..|smtmp;true;true;true /FP
%temp%\smtmp\*.* /s >

Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.


In your next post please provide the following:


2014-06-07, 20:57
Would it be better to get rid of Vuze and uTorrent and then just reinstall later? Or will all that I have already downloaded be gone and not show up in the program properly?

2014-06-08, 05:24
Hi gigglepot,

Would it be better to get rid of Vuze and uTorrent and then just reinstall later?
The choice is yours. Do it they way I outlined in my previous post.


Uninstall Vuze & uTorrent, then re-run AdwCleaner and remove all items found. If you choose to go this route hold off reinstalling until after we have finished.

2014-06-09, 00:47
Ok, I will uninstall them first and then run AdwCleaner. BUT will all that I have already downloaded be gone and not show up in the Vuze program properly? I think I need to know this first before I delete, I think.

2014-06-09, 04:45
Hi gigglepot,

BUT will all that I have already downloaded be gone and not show up in the Vuze program properly?

First I must preface these comments with a warning that you proceed at your own risk with regards to this program. I can offer advice as to how the program may/may not respond. But I can in no way give you a guarantee of what the outcome of this step will be.

I am unsure exactly how Vuze works. It may save your library to a different folder other than the Vuze folder. If that is the case, I would think you'd be fine just saving the folder with all your previously downloaded files. Then if need be you could just import the folder back into Vuze after you reinstalled

But the choice on how to proceed is entirely your decision.

2014-06-10, 22:46
Hello, here is the AdwCleaner.txt file that was just created after I pressed "CLEAN":

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F211F559-1508-45D4-96D7-C7736D57FDFA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440044444493}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{18466FA8-6950-4810-AB97-C5F873A77976}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B289A7A8-C712-4F25-B853-F38A92E7D51E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DCC3EA68-865C-C326-AB56-9406BD99A7DF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02C19EA4-445E-4E4E-A297-B91D42E4B805}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3A035436-E66D-451B-A399-FFA7A7BA45C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4E42-A125-57C0A11DBCDE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{343263AB-D732-4066-A274-4A487A07F108}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3614D305-2DBB-4991-9297-750DD60FFC73}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C42103E4-7D10-4CC9-B2B4-C546BCCF8706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D48C9EAD-F59F-4DEA-AC97-7065FEA79F42}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{38250339-75A4-4A1F-89FB-D5500A2F83D1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A662A68D-779F-4D07-BF21-5F705BA62931}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{340A637A-FD57-4D5E-B638-A1C11DF2D606}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8AA47BBA-C44C-4C27-A0FF-D01EC395B871}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{020D5752-97B7-4FB3-A8C6-EA2F49E697A1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CFC4F59B-A2DA-4E12-B337-52A4F871E10C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{D097398C-07F0-417F-AB38-2DE0608BFFC2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{DCC3EA68-865C-C326-AB56-9406BD99A7DF}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{02935083-33EF-43B3-BF55-00B5BA32B648}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{978BDA89-DD75-4490-BE6A-1143A15E2B02}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055445593}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066446693}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\jZip
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKCU\Software\RegisteredApplicationsEx
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\alotAppbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentBar
Key Deleted : HKCU\Software\AppDataLow\Software\Vuze_Remote
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\conduitEngine
Key Deleted : HKLM\Software\GamesBarSetup
Key Deleted : HKLM\Software\Myfree Codec
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\Software\uTorrentBar
Key Deleted : HKLM\Software\Vuze_Remote
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7DD5E91C-3864-77EC-7635-D14910C2A03E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\alotAppbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar Toolbar
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16545

-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mwu17sic.default\prefs.js ]

Line Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
Line Deleted : user_pref("browser.search.order.1,S", "WebSearch");
Line Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");
Line Deleted : user_pref("extensions.Wymm.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.ne[...]

-\\ Google Chrome v35.0.1916.153

[ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=FWV5&o=14193&locale=en_US&apn_uid=74257dda-9a9f-4b97-998b-2471219e8321&apn_ptnrs=FM&apn_sauid=74B60A81-8307-44C5-9804-8F2015970982&apn_dtid=TES002UPCA&q={searchTerms}
Deleted [Search Provider] : hxxp://dts.search-results.com/sr?src=crb&gct=ds&appid=110&systemid=102&apn_dtid=BND102&apn_ptnrs=AG7&o=APN10646&apn_uid=0225276324554132&q={searchTerms}
Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN26275512576593021&ctid=CT3298581&UM=2
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://www.metacrawler.com/info.metac.psp/search/web?q={searchTerms}
Deleted [Search Provider] : hxxp://websearch.eazytosearch.info/?l=1&q={searchTerms}&pid=724&r=2014/05/12&hid=17791081079239329585&lg=EN&cc=CA
Deleted [Extension] : enekehjgaaanjlpmlbcipoigpncjejlp
Deleted [Extension] : fjoijdanhaiflhibkljeklcghcmmfffh
Deleted [Extension] : iehjklkgijkjfcfmmjmjlmcccholamaf
Deleted [Extension] : ikipapifkbcdpamlpjoomlcfbeopmhjk
Deleted [Extension] : kljcpckmkjfjcncacblmkbeeibblkfph
Deleted [Extension] : lmeaffalpajefneffnmeajimmaidnfic
Deleted [Extension] : lnodkiakfohbcpjjpodlnbmfmeddfeea
Deleted [Extension] : mhkaekfpcppmmioggniknbnbdbcigpkk
Deleted [Extension] : mmnofnnhckfmeelmncbocoabcggefgoh
Deleted [Extension] : nmebbfaopbbaeefhbhgfgdcganoifhje
Deleted [Extension] : olmcifmckodjahofoaagljdikbbfbmpp


AdwCleaner[R0].txt - [25799 octets] - [06/06/2014 11:38:42]
AdwCleaner[R1].txt - [25860 octets] - [06/06/2014 11:52:12]
AdwCleaner[R2].txt - [25921 octets] - [10/06/2014 13:36:30]
AdwCleaner[S0].txt - [25028 octets] - [10/06/2014 13:39:26]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [25089 octets] ##########

2014-06-10, 23:16
Here is the OTL.Txt file:

OTL logfile created on: 6/10/2014 1:51:09 PM - Run 1
OTL by OldTimer - Version Folder = C:\Users\Owner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.75 Gb Total Physical Memory | 1.38 Gb Available Physical Memory | 50.24% Memory free
5.50 Gb Paging File | 3.70 Gb Available in Paging File | 67.26% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 686.49 Gb Total Space | 431.71 Gb Free Space | 62.89% Space Free | Partition Type: NTFS
Drive D: | 12.04 Gb Total Space | 1.47 Gb Free Space | 12.24% Space Free | Partition Type: NTFS

Computer Name: OWNER-HP | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVAST Software\Avast\avastui.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Program Files (x86)\Microsoft\BingBar\\BBSvc.EXE (Microsoft Corporation.)
PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
PRC - C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe (Microsoft Corp.)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\Citrix\ICA Client\redirector.exe (Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\Citrix\Receiver\Receiver.exe (Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe (Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe (Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Users\Owner\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe (Pelmorex Media Inc.)
PRC - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
PRC - C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE ()
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)

========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\04824fdbd5dce32530ba44ae012e4fb9\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\f4354d6580fbb745c0c8acba382a7b84\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4889d9001d1c56af8\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c44490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\868ad9d8acc0bf80a973c0e4e9cae4fa\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f703846404bb66a4ae03ef8133755007\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\4f5069e6497e5e6a381ab6aadf05d6a5\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\660ac5d6da77df8e86fb26f05c6a9816\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\AVAST Software\Avast\libcef.dll ()
MOD - C:\Program Files (x86)\Citrix\SelfServicePlugin\ExtensionSDK.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE ()

========== Services (SafeList) ==========

SRV:[b]64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (Service KMSELDI) -- C:\Program Files\KMSpico\Service_KMS.exe ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (GamesAppIntegrationService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (WildTangent)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\\SeaPort.EXE (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\\BBSvc.EXE (Microsoft Corporation.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (BingDesktopUpdate) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe (Microsoft Corp.)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (pdfcDispatcher) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswsnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswsp.sys (AVAST Software)
DRV:64bit: - (aswStm) -- C:\Windows\SysNative\drivers\aswstm.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswHwid) -- C:\Windows\SysNative\drivers\aswHwid.sys ()
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (SaiNtBus) -- C:\Windows\SysNative\drivers\SaiBus.sys (Saitek)
DRV:64bit: - (SaiMini) -- C:\Windows\SysNative\drivers\SaiMini.sys (Saitek)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (ctxusbm) -- C:\Windows\SysNative\drivers\ctxusbm.sys (Citrix Systems, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (WsAudio_DeviceS(5) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys (Wondershare)
DRV:64bit: - (WsAudio_DeviceS(4) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys (Wondershare)
DRV:64bit: - (WsAudio_DeviceS(3) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys (Wondershare)
DRV:64bit: - (WsAudio_DeviceS(2) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys (Wondershare)
DRV:64bit: - (WsAudio_DeviceS(1) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys (Wondershare)
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (SCDEmu) -- C:\Windows\SysNative\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie64.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (SaiH0464) -- C:\Windows\SysNative\drivers\SaiH0464.sys (Saitek)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/706-111074-26712-0/4?satitle={searchTerms}&mfe=Desktops
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPDTDF&pc=CPDTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://ca.yahoo.com?fr=hp-avast&type=avastbcl
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}: "URL" = http://ca.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
IE - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/706-111074-26712-0/4?satitle={searchTerms}&mfe=Desktops
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPDTDF&pc=CPDTDF&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://ca.yahoo.com?fr=hp-avast&type=avastbcl
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ca.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://ca.yahoo.com?fr=hp-avast&type=avastbcl
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B1 FF 8B 4D 93 E0 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{190EAB21-2083-42D6-83C7-DDE3C907E5C7}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}
IE - HKCU\..\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}: "URL" = http://ca.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
IE - HKCU\..\SearchScopes\{EC1B0DA3-6867-45AE-80BB-F8666CF8B271}: "URL" = http://www.metacrawler.com/search/web?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = dynhost.inetcam.com;register.inetcam.com;*.local;;<local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Yahoo! (Avast)"
FF - prefs.js..browser.search.defaultenginename: "Yahoo!"
FF - prefs.js..browser.search.defaultthis.engineName: "Yahoo! (Avast)"
FF - prefs.js..browser.search.defaulturl: "http://ca.yhs4.search.yahoo.com/yhs/search"
FF - prefs.js..browser.search.order.1: "Yahoo! (Avast)"
FF - prefs.js..browser.search.selectedEngine: "Yahoo!"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://calgary.kijiji.ca/"
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2018.95
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1
FF - prefs.js..keyword.URL: "http://ca.yhs4.search.yahoo.com/yhs/search"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Citrix.com/npican: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\Owner\AppData\Local\Roblox\Versions\version-e4be089b108348a6\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/04/23 10:41:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/08/13 08:32:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2011/07/26 09:49:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2014/06/04 06:26:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mwu17sic.default\extensions
[2014/05/14 06:06:34 | 000,001,874 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mwu17sic.default\searchplugins\duckduckgo.xml
[2013/11/27 14:56:19 | 000,002,070 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mwu17sic.default\searchplugins\metacrawler-search.xml
[2014/05/27 13:58:40 | 000,009,433 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mwu17sic.default\searchplugins\yahoo-avast.xml
[2013/12/30 09:24:41 | 000,000,905 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mwu17sic.default\searchplugins\yahoo_ff.xml
[2014/05/10 09:59:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/05/10 09:59:56 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/04/23 10:41:32 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

========== Chrome ==========

CHR - homepage: https://ca.yahoo.com?fr=hp-avast&type=avastbcl
CHR - plugin: First user (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Error reading preferences file
CHR - Extension: YouTube = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\\
CHR - Extension: RobOSaveer = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmamejgjjfphnlodkkomcaicecpcdhm\6.1\
CHR - Extension: NNextCoUp = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\llenmfobpkcbohomijckfhhehblnlilb\1.0\
CHR - Extension: BuestSaveForYOu = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhlgfbhpfpbbbkdiggmpoddgpmolpkck\2.3\
CHR - Extension: Ghostery = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\198\
CHR - Extension: Google Wallet = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\\
CHR - Extension: Gmail = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\\amd64\BingExt.dll (Microsoft Corporation.)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\\amd64\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:64bit: - HKLM..\Run: [ProfilerU] C:\Program Files\SmartTechnology\Software\ProfilerU.exe (Saitek)
O4:64bit: - HKLM..\Run: [SaiMfd] C:\Program Files\SmartTechnology\Software\SaiMfd.exe (Saitek)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.)
O4 - HKLM..\Run: [CitrixReceiver] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk" File not found
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKCU..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKCU..\Run: [WeatherEye] C:\Users\Owner\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe (Pelmorex Media Inc.)
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe (Leader Technologies)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\RazaWebHook32.dll/3000 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\RazaWebHook32.dll/3000 File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Plants%20vs.%20Zombies/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.photolab.ca/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/Plants%20vs.%20Zombies/Images/armhelper.ocx (ArmHelper Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer =
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{853F1832-EF79-4946-9A19-0123FAFCABB6}: DhcpNameServer =
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - AppInit_DLLs: (c:\progra~2\citrix\icacli~1\rshook.dll) - c:\Program Files (x86)\Citrix\ICA Client\RSHook.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/02/05 15:32:27 | 000,000,000 | ---D | M] - C:\Automatic -- [ NTFS ]
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\DisneySplash.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2014/06/10 13:47:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2014/06/10 06:55:12 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{347D636D-963F-40C2-9D1E-B741DC4EDEEA}
[2014/06/09 18:54:36 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{2BD46A47-0F74-4388-AE42-F9E16E98BC29}
[2014/06/09 06:54:14 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{1CD1442C-F28C-4DC8-B04A-4D177648DDD7}
[2014/06/08 18:52:57 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{1DA4B9D6-91AB-4834-84B2-DD38F9F9AF1A}
[2014/06/07 19:34:57 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{02F2AC04-C76D-413A-A3F8-F6DBBB4C58AA}
[2014/06/07 07:34:35 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{0E96FDDF-1B62-4AB5-91A0-ABE6BBFA9E45}
[2014/06/06 19:34:00 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{B2802AE1-F091-49BE-92DA-6648CF12B2EC}
[2014/06/06 11:39:23 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014/06/06 11:38:40 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/06/06 11:36:57 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Nico Mak Computing
[2014/06/06 11:32:46 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\FRST-OlderVersion
[2014/06/06 11:25:19 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1
[2014/06/06 07:32:57 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{C0493E59-F699-492A-9327-20733DB7DD0F}
[2014/06/05 19:31:41 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{2E19225A-29C1-4F94-B291-B41B1AD5FD56}
[2014/06/05 09:48:33 | 000,000,000 | ---D | C] -- C:\FRST
[2014/06/05 09:47:22 | 002,072,576 | ---- | C] (Farbar) -- C:\Users\Owner\Desktop\FRST64.exe
[2014/06/05 07:31:18 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{CE4BE556-A269-4B46-B2A0-BF8D5B0DD392}
[2014/06/05 07:16:29 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Owner\Desktop\aswMBR.exe
[2014/06/04 19:30:41 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{C40631FE-151A-4518-8AD2-3913078B88E4}
[2014/06/04 07:30:19 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{2B5A88CC-9725-498E-90F5-2D2EB34CA220}
[2014/06/04 05:47:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DowwnnSave
[2014/06/03 19:28:36 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{29CF0931-C75A-4839-9CA4-56BFFE6556D9}
[2014/06/03 07:28:14 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{604AB371-F7BD-4901-A66B-1AF810A85907}
[2014/06/02 19:26:57 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{3EE7FAEA-2474-4165-BD97-42661D3CA557}
[2014/06/02 15:34:03 | 000,000,000 | ---D | C] -- C:\ProgramData\DowwnnSave
[2014/06/02 07:25:53 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{D1607A7F-0113-4467-976A-8A1AC4E9DD3B}
[2014/06/01 19:24:47 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{1C3DF919-F2B8-4E13-A821-A882F978CEC3}
[2014/06/01 07:24:16 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{AED18456-BE67-458D-93CB-46F35D81AA4C}
[2014/05/31 19:09:18 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{9D79D805-C73B-4F34-A6C2-ABABC6E5B642}
[2014/05/31 07:09:05 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{20306CD0-446B-411D-A959-1EA045D81C90}
[2014/05/30 18:26:10 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{68117BCC-A943-46E0-8069-7FDF5D175892}
[2014/05/30 06:25:53 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{466C8583-F82A-4F11-AF2E-5B22AD9F4573}
[2014/05/29 18:19:20 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{2C5CCA4D-18BC-4FFB-A6EF-054B88A99ED0}
[2014/05/29 06:19:12 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{11C136DC-26FF-45D3-900F-9635ADFC664D}
[2014/05/28 10:18:07 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{FF584924-6D5E-4A65-9610-BE980FF899BC}
[2014/05/27 22:17:50 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{49487722-3423-4531-853B-2BEB4B947E88}
[2014/05/27 10:17:04 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{E636AAC6-6DB0-4BCE-983D-18896D512C0F}
[2014/05/26 22:15:52 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{F614D58E-DEE8-4744-AF3D-6C80AD404E2F}
[2014/05/26 10:15:37 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{00528024-D568-4FBE-9A42-7603CFA7B964}
[2014/05/25 22:14:27 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{033192FA-06D2-4C65-B9B9-464B619F57FA}
[2014/05/25 20:34:09 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Packages
[2014/05/25 10:13:28 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{24ECC140-1B93-42FB-B90F-138A987A6510}
[2014/05/24 22:12:30 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{3D3D4CE4-D0E2-4B0F-982E-9BAE798B09F7}
[2014/05/24 10:12:09 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{95180C63-5AB3-4C33-A5A5-B4825658850E}
[2014/05/23 22:10:30 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{2AC94C97-C269-4D12-B7A9-94E3DD1F2E0D}
[2014/05/23 10:08:49 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{CBAF96A7-23B5-47DE-931C-8A167E6F43D5}
[2014/05/22 22:08:06 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{06F2177B-C1F2-43D6-BA0B-19953DCE521C}
[2014/05/22 10:08:02 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{86A85726-B26D-4F8A-A3ED-E0050F478F82}
[2014/05/22 06:40:50 | 000,000,000 | ---D | C] -- C:\ProgramData\NNextCoUp
[2014/05/22 06:40:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NNextCoUp
[2014/05/22 06:40:17 | 002,116,320 | ---- | C] (their database support use requirements) -- C:\Windows\SysWow64\setup.exe
[2014/05/21 21:08:41 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{1317234D-FDC9-4213-87CE-5759602D9B2D}
[2014/05/21 09:08:26 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{49300874-9A7E-4A27-A679-C2ED06036B19}
[2014/05/20 21:07:11 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{06C903EE-65AD-4FF9-AF4F-81D53CD84A60}
[2014/05/20 09:06:22 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{4ABE8DD2-E557-4C65-9B50-0BB27C593F9C}
[2014/05/19 21:05:14 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{A175EE99-9B6C-457A-B971-9E455076AC94}
[2014/05/19 09:04:18 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{C283611C-4599-460A-B945-0BA443120110}
[2014/05/18 21:03:24 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{75F24BEB-34ED-481F-9505-48A67581FC7E}
[2014/05/18 09:03:05 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{91FA3E2F-DAF3-4677-BFDD-26CE80B99A61}
[2014/05/17 21:01:54 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{E92B2B6A-CBD1-4948-9247-ACD9C9A3E4B2}
[2014/05/17 09:01:39 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{E6848EF9-39D0-4D93-837C-50A431189EE4}
[2014/05/16 21:01:05 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{60338534-BDD6-466B-88CE-EBF7DD9482A4}
[2014/05/16 09:00:00 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{AFD1BB76-ED2B-4FEB-BF74-567D4DAA94A0}
[2014/05/15 22:17:31 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/05/15 22:17:27 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/05/15 22:17:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2014/05/15 20:58:52 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{8D511BB9-9E9F-4AFA-9A58-6A7EA8EDA252}
[2014/05/15 08:57:55 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{D56D26A9-5717-4CAD-8EB0-5516A9148322}
[2014/05/15 07:15:15 | 000,477,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/05/15 07:15:14 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/05/15 07:06:43 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2014/05/15 07:06:42 | 003,969,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2014/05/15 07:06:41 | 005,550,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2014/05/15 07:06:41 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2014/05/15 07:06:41 | 000,722,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\objsel.dll
[2014/05/15 07:06:41 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2014/05/15 07:06:40 | 000,538,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\objsel.dll
[2014/05/15 07:06:39 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2014/05/15 07:06:38 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cngprovider.dll
[2014/05/15 07:06:38 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adprovider.dll
[2014/05/15 07:06:38 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dimsroam.dll
[2014/05/15 07:06:38 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dimsroam.dll
[2014/05/15 07:06:37 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2014/05/15 07:06:37 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\capiprovider.dll
[2014/05/15 07:06:37 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpapiprovider.dll
[2014/05/15 07:06:37 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cngprovider.dll
[2014/05/15 07:06:37 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adprovider.dll
[2014/05/15 07:06:37 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\capiprovider.dll
[2014/05/15 07:06:37 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpapiprovider.dll
[2014/05/15 07:06:37 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wincredprovider.dll
[2014/05/15 07:06:37 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wincredprovider.dll
[2014/05/15 07:06:36 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2014/05/15 07:06:36 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2014/05/15 07:00:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
[2014/05/15 07:00:16 | 000,000,000 | ---D | C] -- C:\Program Files\KMSpico
[2014/05/14 20:56:33 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{94334CB5-5697-4C66-B936-B5A00A623129}
[2014/05/14 08:55:36 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{463C2A97-F156-4716-ADF2-F3C7CE673233}
[2014/05/13 20:55:08 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{DE1E6D13-0D11-4D72-8331-DF365C6EA668}
[2014/05/13 08:54:48 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{64AD5AC0-DC7C-4E64-9037-0CA6ECA6F1F6}
[2014/05/12 20:53:34 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{F85EA4EA-0331-4F9B-8BA8-406FF4201D81}
[2014/05/12 12:07:04 | 000,000,000 | ---D | C] -- C:\ProgramData\ItsMyApp
[2014/05/12 12:03:16 | 000,000,000 | ---D | C] -- C:\ProgramData\e13406c655b61ee0
[2014/05/12 12:03:14 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Comodo
[2014/05/12 12:01:51 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2014/05/12 08:52:12 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{7BB7E929-4BCE-4E18-B276-E67CA6EF034E}
[2014/05/11 20:50:50 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{1604A5B1-FD4F-486F-B347-C02083A8F075}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

Here is the first half.........
P.S. I was worried because it took at least 20 minutes to run this scan! But finally it finished so I think it's ok!

2014-06-10, 23:18
Here is part 2 of the OTL.Txt file:

========== Files - Modified Within 30 Days ==========

[2014/06/10 13:47:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2014/06/10 13:46:53 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/10 13:46:53 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/10 13:41:29 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/06/10 13:41:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/10 13:41:12 | 2214,027,264 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/10 13:12:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/06/10 13:03:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/06/07 12:53:05 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForOwner.job
[2014/06/06 11:38:17 | 001,333,465 | ---- | M] () -- C:\Users\Owner\Desktop\AdwCleaner.exe
[2014/06/06 11:32:46 | 002,072,576 | ---- | M] (Farbar) -- C:\Users\Owner\Desktop\FRST64.exe
[2014/06/06 10:41:02 | 000,122,368 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/06/05 09:41:31 | 000,000,526 | ---- | M] () -- C:\Users\Owner\Desktop\MBR.zip
[2014/06/05 09:38:50 | 000,000,512 | ---- | M] () -- C:\Users\Owner\Desktop\MBR.dat
[2014/06/05 07:17:08 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Owner\Desktop\aswMBR.exe
[2014/06/05 06:50:59 | 000,854,367 | ---- | M] () -- C:\Users\Owner\Desktop\SecurityCheck.exe
[2014/05/29 18:25:03 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForOWNER-HP$.job
< End of report >

2014-06-10, 23:19
Here is the Extras.Txt file:

2014-06-10, 23:22
Oh, and I should have told you, I didn't uninstall Vuze or uTorrent, I didn't really know how to back things up so I hope it doesn't mess things up for you.
Thank you.

2014-06-11, 08:37
Hi gigglepot,

I didn't uninstall Vuze or uTorrent, I didn't really know how to back things up so I hope it doesn't mess things up for you.
No it's not a problem, thanks for letting me know.

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye2_zpse2245433.png.html) Run OTL.exe

Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = dynhost.inetcam.com;register.inetcam.com;*.local;;<local>
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe (Leader Technologies)
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\RazaWebHook32.dll/3000 File not found
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\RazaWebHook32.dll/3000 File not found


Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done


http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye2_zpse2245433.png.html) Disable Plug-ins in Google Chrome

Click the Chrome menu http://i1269.photobucket.com/albums/jj590/OCD-WTT/chromebrowsertoolbar.png on the browser toolbar.
Select Tools > Extensions.
Locate the following extensions and click the trash can icon to remove:


Exit Chrome settings menu.


In your next post please provide the following:

OTL fix log
How is the computer running?

2014-06-11, 15:53
Hello, two questions........should I just uninstall Chrome? I never use it. And, do I change any of the settings in OTL like I did last time?

2014-06-11, 17:18
Hi gigglepot,

should I just uninstall Chrome? I never use it. And, do I change any of the settings in OTL like I did last time?

You can uninstall Chrome, if that is what you'd prefer. And no, just run the OTL fix as outlined in the instructions. There is no need to make any changes to the settings.

2014-06-12, 06:20
Here is the OTL.Txt Fix Log:

The computer seems to be working great! No more weird pop-ups in my Firefox, no more weird installed programs on Wednesday mornings!!!
Do you think I am done? If I am, which processes should I repeat in the future? Should I run AdwCleaner often?
I usually just run SpyBot Thursday mornings and have my Avast on all the time.

2014-06-12, 07:32
Hi gigglepot,

The computer seems to be working great! No more weird pop-ups in my Firefox, no more weird installed programs on Wednesday mornings!!!
Do you think I am done?
It's important that you follow through with the remainder of the steps I will outline. Absence of symptoms doesn't necessarily translate into malware free. We are making progress so please stay with me until I give you the "all clean" sign. :bigthumb:


http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Malwarebytes' Anti-Malware

Download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) (save it to your desktop).

Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

Once the program has loaded, select the Update tab to get the latest updates before performing the scan.
Select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.


http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) ESET Online Scanner


It is recommended to disable on-board antivirus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your anti-spyware programs.

** You need to run your browser with Administrator Rights, to do so right click your browsers short cut and select "Run as Administrator".

= = = = = = = = = = = = = = = = = = = =

Go here to run ESET Online Scanner (http://www.eset.eu/online-scanner)

(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)

Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Disable your Antivirus software. You can usually do this with its Notification Tray icon near the clock
Click Start
Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is Checked.
Click Scan.
Wait for the scan to finish.
When the scan completes, click List of found threats
click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
Include the contents of this report in your next reply

Note - when ESET doesn't find any threats, no report will be created.
Push the back button.
Push Finish
Re-enable your Antivirus software.


In your next post please provide the following:

MBAM log
ESET's log.txt

2014-06-12, 07:43
Oh yes, of course! I will do those next steps tomorrow (just didn't want you to think I'd checked out)! :o)

2014-06-12, 07:57

2014-06-12, 18:26
I downloaded and installed MalwareBytes and updated too, but cannot find the button that says Perform Quick Scan. I clicked "Scan" up top and the only options I see are Threat Scan, Custom Scan and Hyper Scan. Threat Scan seems to be pretty comprehensive and covers everything, the Hyper Scan seems a lot quicker. Which should I choose?

2014-06-12, 18:37
Hi gigglepot,
Malwarebytes' has changed the GUI and I need to update my instructions to reflect that, sorry for the confusion. :oops:

Choose the Threat Scan option. :)

2014-06-12, 22:09
I completed the Threat Scan and there is no option to "Remove Selected". My options are: Quarantine, Add Exclusion and Ignore Once.
Which do I choose please?

2014-06-13, 00:11
Hi gigglepot,

Sorry, Quarantine

2014-06-13, 04:56
Sorry to be difficult, just trying to follow the steps.....after I Quarantined the results, I had to reboot. I did and then what do I do? I re-opened Malwarebytes and tried to find the Show Results, but there isn't any. I went to History, to try and get the log and save it somewhere convenient but didn't find a "save log" feature. But I did see where I can check mark the 4 items that showed up and can be selected and deleted. Should I do that? But then how do I get the log to post here and show you?

2014-06-13, 06:55
Hi gigglepot,

Open Malwarebytes' click the History tab
Select Application Logs from the menu to the left
Locate the most recent scan log and double click to open
At the bottom of the GUI locate the Export drop-down menu
Export the file as a .txt file, name the file and save it to your desktop.
Include the MBAM log in your next reply.

2014-06-13, 15:30
Here is the MBAM.txt file:

2014-06-13, 18:32
Hi gigglepot,

How is the computer running, any symptoms or issues?

2014-06-13, 20:21
I ran the ESETScan and am just wondering, how could there be so many threats still? I thought the other scans took care of so many things. And I see YouTubeAdBlocker is on this list......but I thought I got rid of it in a previous scan? So confusing to me, hope I'm doing it all correctly.

Here is the ESETScan.txt file:

2014-06-13, 20:32
Oh, and forgot to answer your question, computer is running perfectly fine, no issues, no weird pop-ups, no unintentional software installed in Programs and Features. That's why I was confused about having so many threats on the ESETScan.

2014-06-14, 05:16
Hi gigglepot,

Don't be alarmed you are doing just fine. Many of the items listed in the ESET scan are in a quarantine folder and pose no threat to your system. We will clean those out at the end when we get ready to wrap things up.


http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye2_zpse2245433.png.html) Run OTL.exe

Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

C:\Program Files (x86)\WinMX Music
C:\Users\Owner\Documents\Vuze Downloads\Sinister {2012} DVDRIP. Jaybob\Jaybob's_Movies_Toolbar_Internet Explorer.exe


Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done


In your next post please provide the following:

OTL fix log
Any remaining issues not addressed?

2014-06-16, 19:34
So far so good, no issues with the computer.

2014-06-16, 22:06
Hi gigglepot,

Congratulations, your log appears to be clean. :bigthumb:
We have a few items to take care of before we get to the All Clean Speech.


http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Clean up with OTL:

Right-click OTL.exe select "Run as Administrator" to start the program.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CLEANUP button
Say Yes to the prompt and then allow the program to reboot your computer.


http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Removing/Uninstalling AdwCleaner:

Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

Click on the Uninstall button.
Click Yes when asked are you sure you want to uninstall.
Both AdwCleaner.exe, its folder and all logs will be removed.


http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) You can now delete any tools and/or logs remaining on your desktop.


http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Uninstall via Programs and Features

Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:

Adobe Reader 10.1.10
Java 10 Update 55


http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Adobe Reader:

Go to http://get.adobe.com/reader/otherversions/

Use the drop down menu's to select your operating system
Select your language > Select The current version of Adobe Reader for your language
Remove the check mark from the box "Free! McAfee Security Scan Plus"
Click the Download button, and follow the onscreen directions to complete the installation.
Please note, depending on your settings, you may have to temporarily disable your antivirus software for the Adobe Reader update.


http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Update Java

Get the current version of Java (Version 7 Update 60) by going to http://java.com/en/download/installed.jsp
Select the Verify Java Version button and follow the onscreen instructions to update if necessary.


http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Delete All But the Most Recent Restore Point

Open Disk Cleanup by clicking the Start button http://i1269.photobucket.com/albums/jj590/OCD-WTT/start.jpg. In the search box, type Disk Cleanup, and then, in the list of results, click Disk Cleanup.
If prompted, select the drive that you want to clean up, and then click OK.
In the Disk Cleanup for (drive letter) dialog box, click Clean up system files. http://i1269.photobucket.com/albums/jj590/OCD-WTT/adminshield.jpg Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
If prompted, select the drive that you want to clean up, and then click OK.
Click the More Options tab, under System Restore and Shadow Copies, click Clean up.
In the Disk Cleanup dialog box, click Delete.
Click Delete Files, and then click OK.


With the above items taken care of let's move on to the All Clean part of the process.

The following procedures are recommendations for helping to keep your system running smoothly. If you are currently satisfied with how your system is running some or all of these may not pertain to you. Implement what you need.

This infection appears to have been cleaned, but I can not give you any absolute guarantees. As a precaution, I would go ahead and change all of your passwords as this is especially important after an infection.

Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.

Here are some tips to reduce the potential for spyware infection in the future:

Make your Internet Explorer more secure - This can be done by following these simple instructions:

From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
Make your Mozilla Firefox more secure - This can be done by adding these add-ons:

NoScript (https://addons.mozilla.org/en-US/firefox/addon/noscript/?src=ss)
AdBlockPlus (https://addons.mozilla.org/en-US/firefox/addon/adblock-plus/)

Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

Free Anti-Virus

Avast Free Antivirus (http://download.cnet.com/Avast-Free-Antivirus/3000-2239_4-10019223.html)
Avira Free Antivirus 2013 (http://download.cnet.com/Avira-Free-Antivirus-2013/3000-2239_4-10322935.html)
PC Tools AntiVirus Free (http://download.cnet.com/PC-Tools-AntiVirus-Free/3000-2239_4-10625067.html)
Ad-Aware Free Antivirus + (http://download.cnet.com/Ad-Aware-Free-Antivirus/3000-8022_4-10045910.html)

Free Firewall
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. A tutorial on firewalls can be found here (http://www.bleepingcomputer.com/forums/tutorial60.html).

Online Armor Free (http://download.cnet.com/Online-Armor-Free/3000-10435_4-10426782.html)
Agnitum Outpost Firewall Free (http://download.cnet.com/Agnitum-Outpost-Firewall-Free/3000-10435_4-10913746.html)
Comodo Firewall (http://download.cnet.com/Comodo-Firewall/3000-10435_4-75181464.html)

Make sure you keep your Windows OS current. Windows XP users can visit Windows update (http://v4.windowsupdate.microsoft.com/en/default.asp) regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems. Without these you are leaving the back door open.

Consider a custom hosts file such as MVPS HOSTS (http://www.mvps.org/winhelp2002/hosts.htm). This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial by WinHelp2002 (http://www.mvps.org/winhelp2002/hosts.htm)
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

WOT (http://www.mywot.com/) (Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites. WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.

Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place? (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)

Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.

2014-06-17, 21:26
Hello, do I need to uninstall AdwCleaner? What if I need to use it again in the future?

2014-06-17, 21:28
Oh, and do I just delete the icons on the desk top for the other tools or should I uninstall them in Programs and Features?

2014-06-17, 21:36
Hi gigglepot,

We generally remove all tools as a rule of thumb, but you can skip the AdwCleaner step if you would like to keep it.

As far as the remainder of the tools are concerned, they generally won't show in the Program & Features menu but if they do remove them that way. Otherwise, just delete them from the desktop.

2014-06-17, 21:49
I went to go see if things can be deleted on the Programs and Features and the only one there was MalwareBytes, BUT......a whole bunch of other things were re-installed with yesterday's date.......Picasa, Photoscape, VLC, so many, nothing new, just programs I've already had, but somehow installed with yesterday's date. Was that something I did with OTL?

2014-06-17, 22:17
I don't have Java 10 Update 55........I have Java 7 Update 55. Get rid of it?

Also, I uninstalled Adobe but not everyhting "Adobe" disappeared.......I still have:
Adobe AIR
Adobe Flash Player 13 Active X
Adobe Flash Player 13 Plugin.

Do I get rid of them too?

2014-06-17, 22:52
If I install a Firewall, will I not be able to use Vuze and uTorrent?

2014-06-17, 22:55
Wow, I guess I already have Windows Firewall running. Goes to show how much I know about my computer. Lol, disregard my last post.

2014-06-17, 23:21
Hi gigglepot,

I went to go see if things can be deleted on the Programs and Features and the only one there was MalwareBytes, BUT......a whole bunch of other things were re-installed with yesterday's date.......Picasa, Photoscape, VLC, so many, nothing new, just programs I've already had, but somehow installed with yesterday's date. Was that something I did with OTL?
I honestly don't know why the dates have changed, maybe the programs we recently updated.

I don't have Java 10 Update 55........I have Java 7 Update 55. Get rid of it?

Also, I uninstalled Adobe but not everyhting "Adobe" disappeared.......I still have:
Adobe AIR
Adobe Flash Player 13 Active X
Adobe Flash Player 13 Plugin.

Do I get rid of them too?
That was my mistake. Java 7 Update 55 is to be removed and will be replaced with Java 7 Update 60.
Do not remove the other Adobe products, they are separate programs and are probably in use by other software you are currently using

If I install a Firewall, will I not be able to use Vuze and uTorrent?
No, a firewall won't stop you from using those programs.

2014-06-17, 23:23
I just read that Windows Firewall isn't good enough.....so back to my original question, will I still be able to use Vuze and uTorrent if I install Online Armor?

2014-06-17, 23:38
I downloaded and installed SuperAnti Spyware (found in the link "how did I get infected in the first place"), ran the scan and found 340 Threats detected under Adware.Tracking Cookies. Should I have done this?

2014-06-17, 23:59
Hi gigglepot,

I just read that Windows Firewall isn't good enough.....so back to my original question, will I still be able to use Vuze and uTorrent if I install Online Armor?
Where did you read that the Windows Firewall is not good enough?
If you install a different FW you may need to "train" the new firewall to allow those programs to access the internet. But that shouldn't prevent you from using either program.

I downloaded and installed SuperAnti Spyware (found in the link "how did I get infected in the first place"), ran the scan and found 340 Threats detected under Adware.Tracking Cookies. Should I have done this?
Yes, that's fine. Each time you visit a website, that sites places what is called a "cookie" on your computer so it can remember you the next time you visit. They are fairly harmless & SuperAntiSpyware will remove these items very well.

2014-06-18, 00:16
This is what is posted on the link "How did I get infected in the first place":

10.) It is critical that you use a firewall to protect your computer from hackers. We don't recommend the firewall that comes built in to Windows. It doesn't block everything that may try to get in, and the entire firewall is written to the registry. As various kinds of malware hack the Registry in order to disable the Windows firewall, it's far preferable to install one of the excellent third party solutions. Three good ones that are freeware are OnlineArmor, Outpost Firewall Free, and Sunbelt Personal Firewall.

That's why I thought I should install another one, but would prefer not to if I don't have to.

2014-06-18, 00:23
This is an error message I got when I tried to click on the link that gave a tutorial for Firewalls.

Javascript Disabled Detected
You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

2014-06-18, 01:45
Hi gigglepot,

This is what is posted on the link "How did I get infected in the first place":

10.) It is critical that you use a firewall to protect your computer from hackers. We don't recommend the firewall that comes built in to Windows. It doesn't block everything that may try to get in, and the entire firewall is written to the registry. As various kinds of malware hack the Registry in order to disable the Windows firewall, it's far preferable to install one of the excellent third party solutions. Three good ones that are freeware are OnlineArmor, Outpost Firewall Free, and Sunbelt Personal Firewall.

That's why I thought I should install another one, but would prefer not to if I don't have to.
That post probably should be updated. That post was made back in 2005. Windows has improved it's Firewall and it's capabilities since then. Rest assured that the windows Firewall is a good product and can be relied upon to protect your computer. Some people just prefer to use a 3rd party firewall.

This is an error message I got when I tried to click on the link that gave a tutorial for Firewalls.

Javascript Disabled Detected
You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

How to enable JavaScript : http://www.enable-javascript.com/

Firewall Tutorial : http://www.bleepingcomputer.com/tutorials/understanding-and-using-firewalls/

2014-06-18, 04:52
Sigh, I could swear it said I needed to enable Java Script. So I did the about:config, it was already "true". So I went back to your most recent post and clicked on the Understanding and using Firewalls, and it worked this time! So I went back to the original post you said to click on ("Free Firewalls.....A tutorial of firewalls can be found here") and it didn't work so I'm guessing that link wasn't good :o) All is good now.

2014-06-18, 04:55
About SuperAnti Spyware.....should I delete those 340 cookies or does the program automatically do that for me after it's done scanning?

2014-06-18, 06:55
Hi gigglepot,

http://i1269.photobucket.com/albums/jj590/OCD-WTT/SASResults_zps1856e29b.gif (http://s1269.photobucket.com/user/OCD-WTT/media/SASResults_zps1856e29b.gif.html)

http://i1269.photobucket.com/albums/jj590/OCD-WTT/SASRemoveThreats_zps90adf3a4.gif (http://s1269.photobucket.com/user/OCD-WTT/media/SASRemoveThreats_zps90adf3a4.gif.html)

2014-06-18, 07:33
Ok, great, thank you! Everything seems to be working and I've completed all the steps. What do I need to do next?
After reading "How did I get infected in the first place", I downloaded and installed WOT, AdBlock Plus and NoScript. Should I have done this? Do I need these ad-ons? I'm not sure how they work, and if I need to do anything with them, especially NoScript.....I get a capital S with a crossed out red circle in it with options to choose when I click on the S. I'm not too comfortable playing around with this one.

2014-06-18, 08:03
Hi gigglepot,

1. - Ok, great, thank you! Everything seems to be working and I've completed all the steps. What do I need to do next?
2. - After reading "How did I get infected in the first place", I downloaded and installed WOT, AdBlock Plus and NoScript. Should I have done this?
Do I need these ad-ons? I'm not sure how they work, and if I need to do anything with them, especially NoScript.....I get a capital S with a crossed out red circle in it with options to choose when I click on the S. I'm not too comfortable playing around with this one.


WOT - rates webpages you visit
AdBlock Plus - Blocks annoying video ads on YouTube, Facebook ads, banners and much more.
Adblock Plus blocks all annoying ads, and supports websites by not blocking unobtrusive ads by default (configurable).
NoScript - It allows JavaScript, Java and other executable content to run only from trusted domains of your choice

All are recommended items, although they may change the way you are used to your computer performing. If you are not comfortable with them, or don't like the limitations they place on your computer you do not have to use them. Just simply uninstall them.

2014-06-18, 15:49
Ok, thank you.
Now that I have all these tools, should I run them every week?
I have kept on my computer:
SpyWare Blaster
SuperAnti Spyware
and of course Spybot
Or are they not necessary to run weekly? What do you recommend?

2014-06-18, 15:55
Oh, and I also keep getting this pop-up from Avast:

We have identified the following browser add-on, which has a bad reputation among avast users.
VideoLAN VLC ActiveX Plugin v1

Then it asks me if I want to Remove Bad Add-on........show details.

I've never seen it before the last 2 days.

2014-06-18, 17:31
Hi gigglepot,

Now that I have all these tools, should I run them every week?
It depends on your habits. But with you using P2P programs, I would recommend weekly.

Then it asks me if I want to Remove Bad Add-on
That add-on has been classified as in a way that Avast thinks it's in your best interest to warn you of its reputation, and advise removal.
But that is your decision to make.

2014-06-18, 18:51
I guess I need to know.......do I need that VideoLAN plug-in?

Also, I don't mind running those 5 tools weekly, or monthly, but do I need to run them all is what I meant. What do you recommend? Do I need them all or are some redundant?

Thank you.

2014-06-19, 06:06
Hi gigglepot,

I guess I need to know.......do I need that VideoLAN plug-in?That is something for you to decide. I don't know what you use that plug-in for.

Also, I don't mind running those 5 tools weekly, or monthly, but do I need to run them all is what I meant. What do you recommend? Do I need them all or are some redundant?
You should have running at all times an Anti-Virus & Firewall program. You can use any combination of on-demand scanners and cleaners as you see fit. All the tools you listed are good and can be used in any combination to help keep your computer free from malware. But they can only do so much. As I stated earlier in the thread you are using P2P sites which expose you to a variety of files that you have no idea where they might have originated. I can recommend any number of tools, but if you insist on exposing yourself via P2P networks there is only so much they can do to keep your computer safe. It's not a matter of will you get reinfected, it's a matter of when. :eek:

If you are set on not exposing yourself to malware I strongly suggest that you reconsider the use of P2P networks. (Vuze, uTorrent, BitTorrent etc)

2014-06-19, 15:39
Ok, thank you. I will seriously watch what I do.
So everything is ok now? I'm all finished?

2014-06-19, 17:21
Ok, thank you. I will seriously watch what I do.
So everything is ok now? I'm all finished?
Yes, you are all done. :bigthumb:

2014-06-19, 19:17
Well, I cannot thank you enough for all your help!!! I can't get over how much time and effort you put into helping me, a complete stranger, at no cost to me. I am extremely grateful and thank you so much. Thank you SpyBot! If in the future this happens again, I hope to get you again OCD :) :) :) :)

2014-06-20, 05:00
Hi gigglepot,

You're very welcome. Glad I was able to help. :bigthumb: Have a great day.

Since this issue appears to be resolved ... this Topic will be closed.