View Full Version : Can A Malware that Keeps coming back be removed for good?
gigglepot
2014-06-04, 15:45
Hello, first time poster here, I keep getting the same malware (I think this is what it's called.....I'm such a newbie!) on my computer. Some of the stuff I've seen just pop up in my browser. I get these little green circles with a line through it, prompting me to click on it (I don't, I just hover and it tells me it's from SmartShopping.com). I get barowwsoe2Save, BestSaveForYou and CasaleMedia (I copied them down exactly as I saw them). I then ran Spybot and it detected the barowwsoe2Save and got rid of it. Then I went to my browser options and removed the BestSaveForYou extension. All seems well!
Except the problem is, every week it all comes back again. I've kept the kids off the internet for a week to see if perhaps they are the ones that keep installing this stuff, but no. Every Tuesday I see the same things come up. Then I remove them all, all is well for a week, and then the cycle continues. What am I doing wrong? Is it possible that these things are set up to repeat every week? Or is that just crazy? It's just too much of a coincidence.
Would it help to just uninstall Firefox and reinstall it? Would that make all of this go away? I've been using Spybot for years and never once needed to even go on the forums (thankfully :o)), so I'm not sure where to start really. Should I contact Firefox?
Thank you for reading,
Gigglepot
--------------------------------------
Admin Edit- Forum FAQ, for all users surfing in here:
"BEFORE You POST"(Please read this Procedure Before Requesting Assistance" :)
http://forums.spybot.info/showthread.php?t=288
Hi gigglepot,
My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for the issues on this machine.
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.
Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.
Please stay with this topic until I let you know that your system appears to be "All Clear"
Important: All tools MUST be run from the Desktop.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Security Check
Download Security Check by screen317 from here (http://screen317.spywareinfoforum.org/SecurityCheck.exe) or here (http://screen317.changelog.fr/SecurityCheck.exe).
Save it to your Desktop.
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
A Notepad document should open automatically called checkup.txt; please post the contents of that document.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) aswMBR
Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) and save it to your desktop.
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
When asked if you want to download Avast's virus definitions please select Yes.
Click Scan
Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Download Farbar Recovery Scan Tool (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/) and save to your desktop.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Right click and select "Run as Administrator" to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply
=========================
In your next post please provide the following:
checkup.txt
aswMBR.txt
attach MBR.zip
FRST.txt
Addition.txt
gigglepot
2014-06-04, 20:03
Hi OCD,
Thank you for responding to my request! I just wanted to ask one thing before I proceed with all your steps below......is it ok to follow your steps AFTER I've already deleted the extension in Firefox and have already run a Spybot scan, which seems to have fixed everything for now? Or should I wait until next Tuesday (the day this seems to occur again) when it will probably all come back again?
Hi gigglepot,
Yes, it is alright to run these scans now. Although you did remove the FF extension, there are other parts of this infection on your computer that are probably not removed by just merely removing the extension causing the issue to reappear.
gigglepot
2014-06-05, 16:16
Here is the checkup.txt file:
Results of screen317's Security Check version 0.99.83
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
JavaFX 2.1.1
Java 7 Update 55
Adobe Flash Player 13.0.0.214
Adobe Reader 10.1.10 Adobe Reader out of Date!
Mozilla Firefox (29.0.1)
Google Chrome 34.0.1847.116
Google Chrome 34.0.1847.131
Google Chrome plugins...
````````Process Check: objlist.exe by Laurent````````
Spybot Teatimer.exe is disabled!
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
gigglepot
2014-06-05, 16:54
Hello, I'm running the aswMBR scan now.....how do I know when it is complete? The time on the left stopped moving (about 17 minutes in) but the "Scan" button is not highlighted yet so I didn't know when I should hit Save Log. Should it say "scan complete" or something like that?
Hi gigglepot,
I'm running the aswMBR scan now.....how do I know when it is complete? The time on the left stopped moving (about 17 minutes in) but the "Scan" button is not highlighted yet so I didn't know when I should hit Save Log. Should it say "scan complete" or something like that?
Please let the scan run, it may take awhile. If the scan button is grayed out it is still scanning. At the bottom of the interface window it will state "Scan Finished Successfully" when it is done. If it seems to have gotten hung up, click the Save Log button and post the log it provides. If it should be incomplete, we can run a different scanner to get the complete results.
Then just continue with the remainder of the steps.
gigglepot
2014-06-05, 18:42
Here is the aswMBR.txt. Just to let you know, the "Scan" button never did come back, it stayed greyed out, but because it said "Scan finished successfully", I hit Save Log and posted the results. Hope I did it right!
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-06-05 07:17:17
-----------------------------
07:17:17.305 OS Version: Windows x64 6.1.7601 Service Pack 1
07:17:17.305 Number of processors: 2 586 0x603
07:17:17.308 ComputerName: OWNER-HP UserName: Owner
07:17:21.219 Initialize success
07:17:24.997 AVAST engine defs: 14060500
07:18:01.716 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005a
07:18:01.732 Disk 0 Vendor: Hitachi_ JP3O Size: 715404MB BusType: 11
07:18:01.825 Disk 0 MBR read successfully
07:18:01.825 Disk 0 MBR scan
07:18:01.841 Disk 0 unknown MBR code
07:18:01.841 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
07:18:01.856 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 702969 MB offset 206848
07:18:01.903 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12333 MB offset 1439887360
07:18:01.950 Disk 0 scanning C:\Windows\system32\drivers
07:18:10.655 Service scanning
07:18:30.749 Modules scanning
07:18:30.749 Disk 0 trace - called modules:
07:18:30.780 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
07:18:30.780 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80031e4060]
07:18:30.795 3 CLASSPNP.SYS[fffff8800194343f] -> nt!IofCallDriver -> [0xfffffa8003186040]
07:18:30.795 5 amd_xata.sys[fffff8800109a8b4] -> nt!IofCallDriver -> \Device\0000005a[0xfffffa8002d13820]
07:18:32.730 AVAST engine scan C:\Windows
07:18:37.004 AVAST engine scan C:\Windows\system32
07:21:20.838 AVAST engine scan C:\Windows\system32\drivers
07:21:33.006 AVAST engine scan C:\Users\Owner
08:32:21.654 AVAST engine scan C:\ProgramData
08:35:32.179 Scan finished successfully
09:38:50.943 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
09:38:50.943 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"
gigglepot
2014-06-05, 18:46
Here is the MBR.zip file. Please let me know if I didn't do this correctly.
gigglepot
2014-06-05, 18:56
Here is the FRST.txt file.
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014
Ran by Owner (administrator) on OWNER-HP on 05-06-2014 09:48:42
Running from C:\Users\Owner\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Saitek) C:\Program Files\SmartTechnology\Software\ProfilerU.exe
(Saitek) C:\Program Files\SmartTechnology\Software\SaiMfd.exe
(Akamai Technologies, Inc.) C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
(Pelmorex Media Inc.) C:\Users\Owner\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe
(Oberon Media ) C:\Program Files (x86)\GamesBar\update\SearchEngineProtection.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe
(PowerISO Computing, Inc.) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Discordia, LTD) C:\Program Files (x86)\Shareaza Applications\MediaBar\Datamngr\datamngrUI.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(AVAST Software) C:\Users\Owner\Desktop\aswMBR.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [ProfilerU] => C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2013-04-16] (Saitek)
HKLM\...\Run: [SaiMfd] => C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2013-04-16] (Saitek)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-05-06] (PDF Complete Inc)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [180224 2010-04-12] (PowerISO Computing, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DATAMNGR] => C:\Program Files (x86)\Shareaza Applications\MediaBar\Datamngr\datamngrUI.exe [1693120 2012-03-14] (Discordia, LTD)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-27] (Microsoft Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [380088 2012-07-27] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-14] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3888648 2014-05-23] (AVAST Software)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKU\S-1-5-21-179166284-1700762968-3849658672-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-179166284-1700762968-3849658672-1000\...\Run: [WeatherEye] => C:\Users\Owner\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe [309104 2010-09-21] (Pelmorex Media Inc.)
HKU\S-1-5-21-179166284-1700762968-3849658672-1000\...\Run: [SearchEngineProtection] => C:\Program Files (x86)\GamesBar\update\SearchEngineProtection.exe [620480 2013-02-17] (Oberon Media )
HKU\S-1-5-21-179166284-1700762968-3849658672-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564992 2014-02-14] (Samsung)
HKU\S-1-5-21-179166284-1700762968-3849658672-1000\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-07-17] (Samsung Electronics)
HKU\S-1-5-21-179166284-1700762968-3849658672-1000\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-02-14] (Samsung)
HKU\S-1-5-21-179166284-1700762968-3849658672-1000\...\Run: [TBHostSupport] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Owner\AppData\Local\TBHostSupport\TBHostSupport.dll",DLLRunTBHostSupportPlugin <===== ATTENTION
HKU\S-1-5-21-179166284-1700762968-3849658672-1000\...\MountPoints2: F - F:\DisneySplash.exe
HKU\S-1-5-21-179166284-1700762968-3849658672-1000\...\MountPoints2: {8eb2cc2f-4e99-11e0-8f4f-806e6f6e6963} - E:\Launcher.exe
AppInit_DLLs: C:\PROGRA~2\SHAREA~1\MediaBar\Datamngr\x64\datamngr.dll => C:\Program Files (x86)\Shareaza Applications\MediaBar\Datamngr\x64\datamngr.dll [1778584 2012-03-14] (Discordia, LTD)
AppInit_DLLs: C:\PROGRA~2\SHAREA~1\MediaBar\Datamngr\x64\IEBHO.dll => C:\Program Files (x86)\Shareaza Applications\MediaBar\Datamngr\x64\IEBHO.dll [1791384 2012-03-14] (Discordia, LTD)
AppInit_DLLs: C:\PROGRA~2\SW-BOO~1\ASSIST~2.DLL => C:\Program Files (x86)\SW-Booster\Assistant_x64.dll [4210176 2014-05-12] ()
AppInit_DLLs-x32: c:\progra~2\sharea~1\mediabar\datamngr\datamngr.dll => C:\Program Files (x86)\Shareaza Applications\MediaBar\Datamngr\datamngr.dll [1234880 2012-03-14] (Discordia, LTD)
AppInit_DLLs-x32: c:\progra~2\sharea~1\mediabar\datamngr\iebho.dll => C:\Program Files (x86)\Shareaza Applications\MediaBar\Datamngr\IEBHO.dll [1233816 2012-03-14] (Discordia, LTD)
AppInit_DLLs-x32: ,c:\progra~2\citrix\icacli~1\rshook.dll => C:\Program Files (x86)\Citrix\ICA Client\RSHook.dll [257208 2012-07-27] (Citrix Systems, Inc.)
AppInit_DLLs-x32: c:\progra~2\sw-boo~1\assist~1.dll => "c:\progra~2\sw-boo~1\assist~1.dll" File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe (Leader Technologies)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe (Leader Technologies)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ca.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://ca.yahoo.com?fr=hp-avast&type=avastbcl
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB1FF8B4D93E0CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://ca.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://ca.yahoo.com?fr=hp-avast&type=avastbcl
URLSearchHook: HKLM-x32 - (No Name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
URLSearchHook: HKLM-x32 - (No Name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No File
URLSearchHook: HKCU - (No Name) - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=110&systemid=102&apn_dtid=BND102&apn_ptnrs=AG7&o=APN10646&apn_uid=0225276324554132&q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchTerms}&l=dis&o=CPDTDF
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=110&systemid=102&apn_dtid=BND102&apn_ptnrs=AG7&o=APN10646&apn_uid=0225276324554132&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD23} URL = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=3&sr=0&q={searchTerms}
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/706-111074-26712-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKLM-x32 - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = http://ca.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchTerms}&l=dis&o=CPDTDF
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=110&systemid=102&apn_dtid=BND102&apn_ptnrs=AG7&o=APN10646&apn_uid=0225276324554132&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD23} URL = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=3&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = http://ca.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF
SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.eazytosearch.info/?l=1&q={searchTerms}&pid=724&r=2014/05/12&hid=17791081079239329585&lg=EN&cc=CA
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/706-111074-26712-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKCU - DefaultScope {EC1B0DA3-6867-45AE-80BB-F8666CF8B271} URL = http://www.metacrawler.com/search/web?q={searchTerms}
SearchScopes: HKCU - {190EAB21-2083-42D6-83C7-DDE3C907E5C7} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}
SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = http://ca.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
SearchScopes: HKCU - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL =
SearchScopes: HKCU - {EC1B0DA3-6867-45AE-80BB-F8666CF8B271} URL = http://www.metacrawler.com/search/web?q={searchTerms}
BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - No File
BHO-x32: No Name - {0EEDB912-C5FA-486F-8334-57288578C627} - No File
BHO-x32: No Name - {11111111-1111-1111-1111-110011441193} - No File
BHO-x32: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: ExsttraSSaevinags - {2C236565-050C-9586-76E0-621F60838C79} - C:\ProgramData\ExsttraSSaevinags\1qC.dll ()
BHO-x32: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: No Name - {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - No File
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No File
BHO-x32: No Name - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
BHO-x32: No Name - {d48c9ead-f59f-4dea-ac97-7065fea79f42} - No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - No Name - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
Toolbar: HKLM-x32 - Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - No Name - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No File
Toolbar: HKLM-x32 - No Name - {A531D99C-5A22-449b-83DA-872725C6D0ED} - No File
Toolbar: HKLM-x32 - No Name - {d48c9ead-f59f-4dea-ac97-7065fea79f42} - No File
Toolbar: HKLM-x32 - No Name - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - No File
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - No Name - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
DPF: HKLM-x32 {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Plants%20vs.%20Zombies/Images/stg_drm.ocx
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://www.photolab.ca/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: HKLM-x32 {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/Plants%20vs.%20Zombies/Images/armhelper.ocx
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mwu17sic.default
FF NewTab: www.kijiji.ca
FF DefaultSearchEngine: Yahoo!
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "WebSearch");: user_pref("browser.search.order.1,S", "WebSearch");
FF SelectedSearchEngine: Yahoo!
FF Homepage: hxxp://calgary.kijiji.ca/
FF Keyword.URL: hxxp://ca.yhs4.search.yahoo.com/yhs/search
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Citrix.com/npican - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @nsroblox.roblox.com/launcher - C:\Users\Owner\AppData\Local\Roblox\Versions\version-e4be089b108348a6\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mwu17sic.default\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mwu17sic.default\searchplugins\metacrawler-search.xml
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mwu17sic.default\searchplugins\metacrawler.xml
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mwu17sic.default\searchplugins\yahoo-avast.xml
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mwu17sic.default\searchplugins\yahoo_ff.xml
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-05-15]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-05-15]
Chrome:
=======
CHR HomePage: https://ca.yahoo.com?fr=hp-avast&type=avastbcl
CHR RestoreOnStartup: "https://ca.yahoo.com?fr=hp-avast&type=avastbcl"
CHR StartupUrls: "https://ca.yahoo.com?fr=hp-avast&type=avastbcl"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Citrix ICA Client) - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR Plugin: (Windows Live? Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Roblox Launcher Plugin) - C:\Users\Owner\AppData\Local\Roblox\Versions\version-1a23fdbca04d4954\\NPRobloxProxy.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-06-29]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-16]
CHR Extension: (save neT) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\enekehjgaaanjlpmlbcipoigpncjejlp [2014-05-12]
CHR Extension: (MixiDJ V45) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\iehjklkgijkjfcfmmjmjlmcccholamaf [2013-08-13]
CHR Extension: (RobOSaveer) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmamejgjjfphnlodkkomcaicecpcdhm [2014-05-19]
CHR Extension: (NNextCoUp) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\llenmfobpkcbohomijckfhhehblnlilb [2014-05-22]
CHR Extension: (DealExpreesSe) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmeaffalpajefneffnmeajimmaidnfic [2014-05-25]
CHR Extension: (BuestSaveForYOu) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhlgfbhpfpbbbkdiggmpoddgpmolpkck [2014-06-02]
CHR Extension: (Ghostery) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-05-12]
CHR Extension: (SeaRuCH-uNEowTab) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmnofnnhckfmeelmncbocoabcggefgoh [2014-05-12]
CHR Extension: (save neT) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmebbfaopbbaeefhbhgfgdcganoifhje [2014-05-15]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-23]
CHR Extension: (save nEiT) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\olmcifmckodjahofoaagljdikbbfbmpp [2014-05-12]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-06-29]
CHR HKCU\...\Chrome\Extension: [iehjklkgijkjfcfmmjmjlmcccholamaf] - C:\Users\Owner\AppData\Local\CRE\iehjklkgijkjfcfmmjmjlmcccholamaf.crx [2013-08-07]
CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx [2013-08-07]
CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\ErrorAssistant_1.2.crx [2013-08-07]
CHR HKLM-x32\...\Chrome\Extension: [iehjklkgijkjfcfmmjmjlmcccholamaf] - C:\Users\Owner\AppData\Local\CRE\iehjklkgijkjfcfmmjmjlmcccholamaf.crx [2013-08-07]
CHR HKLM-x32\...\Chrome\Extension: [pbkdpahkifcigckmhiafindmaflfifgm] - C:\Users\Owner\AppData\Local\Coupon Companion\Chrome\Coupon Companion.crx [2013-08-07]
CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx [2013-08-07]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-23] (AVAST Software)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-27] (Microsoft Corp.)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-03-16] (WildTangent)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-05-06] (PDF Complete Inc)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [974016 2014-03-02] ()
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
==================== Drivers (Whitelisted) ====================
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-04-23] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-23] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-23] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-23] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-04-23] ()
S3 SaiH0464; C:\Windows\System32\DRIVERS\SaiH0464.sys [178432 2008-03-31] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-30] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)
U3 aswMBR; \??\C:\Users\Owner\AppData\Local\Temp\aswMBR.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-05 09:48 - 2014-06-05 09:49 - 00036551 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-06-05 09:48 - 2014-06-05 09:48 - 00000000 ____D () C:\FRST
2014-06-05 09:47 - 2014-06-05 09:47 - 02068992 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2014-06-05 09:41 - 2014-06-05 09:41 - 00000526 _____ () C:\Users\Owner\Desktop\MBR.zip
2014-06-05 09:38 - 2014-06-05 09:38 - 00001988 _____ () C:\Users\Owner\Desktop\aswMBR.txt
2014-06-05 09:38 - 2014-06-05 09:38 - 00000512 _____ () C:\Users\Owner\Desktop\MBR.dat
2014-06-05 07:31 - 2014-06-05 07:31 - 00000000 ____D () C:\Users\Owner\AppData\Local\{CE4BE556-A269-4B46-B2A0-BF8D5B0DD392}
2014-06-05 07:16 - 2014-06-05 07:17 - 04745728 _____ (AVAST Software) C:\Users\Owner\Desktop\aswMBR.exe
2014-06-05 06:50 - 2014-06-05 06:50 - 00854367 _____ () C:\Users\Owner\Desktop\SecurityCheck.exe
2014-06-04 19:30 - 2014-06-04 19:30 - 00000000 ____D () C:\Users\Owner\AppData\Local\{C40631FE-151A-4518-8AD2-3913078B88E4}
2014-06-04 07:30 - 2014-06-04 07:30 - 00000000 ____D () C:\Users\Owner\AppData\Local\{2B5A88CC-9725-498E-90F5-2D2EB34CA220}
2014-06-04 05:47 - 2014-06-04 05:47 - 00000000 ____D () C:\Program Files (x86)\DowwnnSave
2014-06-03 19:28 - 2014-06-03 19:29 - 00000000 ____D () C:\Users\Owner\AppData\Local\{29CF0931-C75A-4839-9CA4-56BFFE6556D9}
2014-06-03 07:28 - 2014-06-03 07:28 - 00000000 ____D () C:\Users\Owner\AppData\Local\{604AB371-F7BD-4901-A66B-1AF810A85907}
2014-06-02 19:26 - 2014-06-02 19:27 - 00000000 ____D () C:\Users\Owner\AppData\Local\{3EE7FAEA-2474-4165-BD97-42661D3CA557}
2014-06-02 15:34 - 2014-06-05 06:38 - 00000000 ____D () C:\ProgramData\DowwnnSave
2014-06-02 07:25 - 2014-06-02 07:26 - 00000000 ____D () C:\Users\Owner\AppData\Local\{D1607A7F-0113-4467-976A-8A1AC4E9DD3B}
2014-06-01 19:24 - 2014-06-01 19:24 - 00000000 ____D () C:\Users\Owner\AppData\Local\{1C3DF919-F2B8-4E13-A821-A882F978CEC3}
2014-06-01 07:24 - 2014-06-01 07:24 - 00000000 ____D () C:\Users\Owner\AppData\Local\{AED18456-BE67-458D-93CB-46F35D81AA4C}
2014-05-31 19:09 - 2014-05-31 19:09 - 00000000 ____D () C:\Users\Owner\AppData\Local\{9D79D805-C73B-4F34-A6C2-ABABC6E5B642}
2014-05-31 07:09 - 2014-05-31 07:09 - 00000000 ____D () C:\Users\Owner\AppData\Local\{20306CD0-446B-411D-A959-1EA045D81C90}
2014-05-30 18:26 - 2014-05-30 18:26 - 00000000 ____D () C:\Users\Owner\AppData\Local\{68117BCC-A943-46E0-8069-7FDF5D175892}
2014-05-30 06:25 - 2014-05-30 06:26 - 00000000 ____D () C:\Users\Owner\AppData\Local\{466C8583-F82A-4F11-AF2E-5B22AD9F4573}
2014-05-29 18:19 - 2014-05-29 18:19 - 00000000 ____D () C:\Users\Owner\AppData\Local\{2C5CCA4D-18BC-4FFB-A6EF-054B88A99ED0}
2014-05-29 06:19 - 2014-05-29 06:19 - 00000000 ____D () C:\Users\Owner\AppData\Local\{11C136DC-26FF-45D3-900F-9635ADFC664D}
2014-05-28 10:18 - 2014-05-28 10:18 - 00000000 ____D () C:\Users\Owner\AppData\Local\{FF584924-6D5E-4A65-9610-BE980FF899BC}
2014-05-27 22:17 - 2014-05-27 22:17 - 00000000 ____D () C:\Users\Owner\AppData\Local\{49487722-3423-4531-853B-2BEB4B947E88}
2014-05-27 10:17 - 2014-05-27 10:17 - 00000000 ____D () C:\Users\Owner\AppData\Local\{E636AAC6-6DB0-4BCE-983D-18896D512C0F}
2014-05-27 06:30 - 2014-05-27 06:30 - 00000000 ____D () C:\Program Files (x86)\AlllCheapPriceo
2014-05-26 22:15 - 2014-05-26 22:16 - 00000000 ____D () C:\Users\Owner\AppData\Local\{F614D58E-DEE8-4744-AF3D-6C80AD404E2F}
2014-05-26 10:15 - 2014-05-26 10:15 - 00000000 ____D () C:\Users\Owner\AppData\Local\{00528024-D568-4FBE-9A42-7603CFA7B964}
2014-05-25 22:14 - 2014-05-25 22:14 - 00000000 ____D () C:\Users\Owner\AppData\Local\{033192FA-06D2-4C65-B9B9-464B619F57FA}
2014-05-25 20:34 - 2014-05-27 07:09 - 00000000 ____D () C:\ProgramData\AlllCheapPriceo
2014-05-25 20:34 - 2014-05-25 20:34 - 00000000 ____D () C:\Users\Owner\AppData\Local\Packages
2014-05-25 10:13 - 2014-05-25 10:13 - 00000000 ____D () C:\Users\Owner\AppData\Local\{24ECC140-1B93-42FB-B90F-138A987A6510}
2014-05-24 22:12 - 2014-05-24 22:12 - 00000000 ____D () C:\Users\Owner\AppData\Local\{3D3D4CE4-D0E2-4B0F-982E-9BAE798B09F7}
2014-05-24 10:12 - 2014-05-24 10:12 - 00000000 ____D () C:\Users\Owner\AppData\Local\{95180C63-5AB3-4C33-A5A5-B4825658850E}
2014-05-23 22:10 - 2014-05-23 22:11 - 00000000 ____D () C:\Users\Owner\AppData\Local\{2AC94C97-C269-4D12-B7A9-94E3DD1F2E0D}
2014-05-23 10:08 - 2014-05-23 10:09 - 00000000 ____D () C:\Users\Owner\AppData\Local\{CBAF96A7-23B5-47DE-931C-8A167E6F43D5}
2014-05-22 22:08 - 2014-05-22 22:08 - 00000000 ____D () C:\Users\Owner\AppData\Local\{06F2177B-C1F2-43D6-BA0B-19953DCE521C}
2014-05-22 10:08 - 2014-05-22 10:08 - 00000000 ____D () C:\Users\Owner\AppData\Local\{86A85726-B26D-4F8A-A3ED-E0050F478F82}
2014-05-22 06:40 - 2014-05-22 06:47 - 00000000 ____D () C:\ProgramData\NNextCoUp
2014-05-22 06:40 - 2014-05-22 06:40 - 02116320 _____ (their database support use requirements) C:\Windows\SysWOW64\setup.exe
2014-05-22 06:40 - 2014-05-22 06:40 - 00000000 ____D () C:\Program Files (x86)\NNextCoUp
2014-05-21 21:08 - 2014-05-21 21:09 - 00000000 ____D () C:\Users\Owner\AppData\Local\{1317234D-FDC9-4213-87CE-5759602D9B2D}
2014-05-21 09:08 - 2014-05-21 09:08 - 00000000 ____D () C:\Users\Owner\AppData\Local\{49300874-9A7E-4A27-A679-C2ED06036B19}
2014-05-20 21:07 - 2014-05-20 21:07 - 00000000 ____D () C:\Users\Owner\AppData\Local\{06C903EE-65AD-4FF9-AF4F-81D53CD84A60}
2014-05-20 09:06 - 2014-05-20 09:07 - 00000000 ____D () C:\Users\Owner\AppData\Local\{4ABE8DD2-E557-4C65-9B50-0BB27C593F9C}
2014-05-19 21:05 - 2014-05-19 21:05 - 00000000 ____D () C:\Users\Owner\AppData\Local\{A175EE99-9B6C-457A-B971-9E455076AC94}
2014-05-19 09:34 - 2014-05-19 09:34 - 00000000 ____D () C:\ProgramData\ExsttraSSaevinags
2014-05-19 09:04 - 2014-05-19 09:04 - 00000000 ____D () C:\Users\Owner\AppData\Local\{C283611C-4599-460A-B945-0BA443120110}
2014-05-18 21:03 - 2014-05-18 21:03 - 00000000 ____D () C:\Users\Owner\AppData\Local\{75F24BEB-34ED-481F-9505-48A67581FC7E}
2014-05-18 09:03 - 2014-05-18 09:03 - 00000000 ____D () C:\Users\Owner\AppData\Local\{91FA3E2F-DAF3-4677-BFDD-26CE80B99A61}
2014-05-17 21:01 - 2014-05-17 21:02 - 00000000 ____D () C:\Users\Owner\AppData\Local\{E92B2B6A-CBD1-4948-9247-ACD9C9A3E4B2}
2014-05-17 09:01 - 2014-05-17 09:01 - 00000000 ____D () C:\Users\Owner\AppData\Local\{E6848EF9-39D0-4D93-837C-50A431189EE4}
2014-05-16 21:01 - 2014-05-16 21:01 - 00000000 ____D () C:\Users\Owner\AppData\Local\{60338534-BDD6-466B-88CE-EBF7DD9482A4}
2014-05-16 09:00 - 2014-05-16 09:00 - 00000000 ____D () C:\Users\Owner\AppData\Local\{AFD1BB76-ED2B-4FEB-BF74-567D4DAA94A0}
2014-05-15 22:17 - 2014-05-05 18:46 - 17847808 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 22:17 - 2014-05-05 18:21 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 22:17 - 2014-05-05 18:21 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 22:17 - 2014-05-05 17:32 - 12347392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 22:17 - 2014-05-05 17:14 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 22:17 - 2014-05-05 17:14 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 20:58 - 2014-05-15 20:59 - 00000000 ____D () C:\Users\Owner\AppData\Local\{8D511BB9-9E9F-4AFA-9A58-6A7EA8EDA252}
2014-05-15 08:57 - 2014-05-15 08:58 - 00000000 ____D () C:\Users\Owner\AppData\Local\{D56D26A9-5717-4CAD-8EB0-5516A9148322}
2014-05-15 07:15 - 2014-05-09 00:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-15 07:15 - 2014-05-09 00:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-15 07:15 - 2014-03-24 20:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 07:15 - 2014-03-24 20:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-15 07:06 - 2014-04-11 20:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 07:06 - 2014-04-11 20:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 07:06 - 2014-04-11 20:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 07:06 - 2014-04-11 20:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 07:06 - 2014-04-11 20:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 07:06 - 2014-04-11 20:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 07:06 - 2014-04-11 20:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-15 07:06 - 2014-04-11 20:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-15 07:06 - 2014-04-11 20:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-15 07:06 - 2014-03-04 03:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 07:06 - 2014-03-04 03:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 07:06 - 2014-03-04 03:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 07:06 - 2014-03-04 03:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 07:06 - 2014-03-04 03:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 07:06 - 2014-03-04 03:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 07:06 - 2014-03-04 03:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 07:06 - 2014-03-04 03:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 07:06 - 2014-03-04 03:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-15 07:06 - 2014-03-04 03:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 07:06 - 2014-03-04 03:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-15 07:06 - 2014-03-04 03:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-15 07:06 - 2014-03-04 03:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-15 07:06 - 2014-03-04 03:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-15 07:06 - 2014-03-04 03:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 07:06 - 2014-03-04 03:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-15 07:06 - 2014-03-04 03:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-15 07:06 - 2014-03-04 03:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-15 07:06 - 2014-03-04 03:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-15 07:06 - 2014-03-04 03:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-15 07:06 - 2014-03-04 03:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-15 07:06 - 2014-03-04 03:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-15 07:06 - 2014-03-04 03:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-15 07:06 - 2014-03-04 03:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-15 07:06 - 2014-03-04 03:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-15 07:06 - 2014-03-04 03:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-15 07:06 - 2014-03-04 03:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-15 07:06 - 2014-03-04 03:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-15 07:06 - 2014-03-04 03:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-15 07:06 - 2014-03-04 03:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-15 07:06 - 2014-03-04 03:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-15 07:06 - 2014-03-04 03:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-15 07:00 - 2014-05-15 10:44 - 00000000 ____D () C:\Program Files\KMSpico
2014-05-15 07:00 - 2014-05-15 10:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2014-05-15 06:50 - 2014-05-22 06:41 - 00000000 ____D () C:\ProgramData\save neT
2014-05-15 06:50 - 2014-05-15 06:50 - 00000000 ____D () C:\Program Files (x86)\save neT
2014-05-15 06:42 - 2014-05-15 06:42 - 00000000 ____D () C:\ProgramData\saave net
2014-05-15 06:42 - 2014-05-15 06:42 - 00000000 ____D () C:\Program Files (x86)\saave net
2014-05-14 20:56 - 2014-05-14 20:56 - 00000000 ____D () C:\Users\Owner\AppData\Local\{94334CB5-5697-4C66-B936-B5A00A623129}
2014-05-14 08:55 - 2014-05-14 08:55 - 00000000 ____D () C:\Users\Owner\AppData\Local\{463C2A97-F156-4716-ADF2-F3C7CE673233}
2014-05-13 20:55 - 2014-05-13 20:55 - 00000000 ____D () C:\Users\Owner\AppData\Local\{DE1E6D13-0D11-4D72-8331-DF365C6EA668}
2014-05-13 08:54 - 2014-05-13 08:55 - 00000000 ____D () C:\Users\Owner\AppData\Local\{64AD5AC0-DC7C-4E64-9037-0CA6ECA6F1F6}
2014-05-12 20:53 - 2014-05-12 20:53 - 00000000 ____D () C:\Users\Owner\AppData\Local\{F85EA4EA-0331-4F9B-8BA8-406FF4201D81}
2014-05-12 12:16 - 2014-05-12 12:16 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\EZDownloader
2014-05-12 12:15 - 2014-05-15 06:28 - 00000000 ____D () C:\ProgramData\SeaRuCH-uNEowTab
2014-05-12 12:15 - 2014-05-12 12:15 - 00000000 ____D () C:\Program Files (x86)\SeaRuCH-uNEowTab
2014-05-12 12:13 - 2014-05-12 12:13 - 00000000 ____D () C:\ProgramData\saavee onett
2014-05-12 12:13 - 2014-05-12 12:13 - 00000000 ____D () C:\Program Files (x86)\saavee onett
2014-05-12 12:07 - 2014-05-12 12:07 - 00000000 ____D () C:\ProgramData\ItsMyApp
2014-05-12 12:06 - 2014-05-31 14:03 - 00000000 ____D () C:\Program Files (x86)\SW-Booster
2014-05-12 12:04 - 2014-05-22 10:48 - 00000000 ____D () C:\ProgramData\YoutubeAdblocker
2014-05-12 12:04 - 2014-05-14 06:33 - 00000000 ____D () C:\ProgramData\SAve net
2014-05-12 12:04 - 2014-05-12 12:04 - 00000000 ____D () C:\Program Files (x86)\YoutubeAdblocker
2014-05-12 12:04 - 2014-05-12 12:04 - 00000000 ____D () C:\Program Files (x86)\SAve net
2014-05-12 12:03 - 2014-06-04 05:47 - 00000000 ____D () C:\ProgramData\e13406c655b61ee0
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Owner\AppData\Local\Torch
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Owner\AppData\Local\Comodo
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Owner\AppData\Local\Chromatic Browser
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Guest
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Administrator
2014-05-12 12:01 - 2014-05-15 06:53 - 00000000 ____D () C:\ProgramData\InstallMate
2014-05-12 08:52 - 2014-05-12 08:52 - 00000000 ____D () C:\Users\Owner\AppData\Local\{7BB7E929-4BCE-4E18-B276-E67CA6EF034E}
2014-05-11 20:50 - 2014-05-11 20:51 - 00000000 ____D () C:\Users\Owner\AppData\Local\{1604A5B1-FD4F-486F-B347-C02083A8F075}
2014-05-11 08:50 - 2014-05-11 08:50 - 00000000 ____D () C:\Users\Owner\AppData\Local\{17DED07C-3454-47F0-8771-38C3DD9FD37C}
2014-05-10 20:50 - 2014-05-10 20:50 - 00000000 ____D () C:\Users\Owner\AppData\Local\{0A3770AA-82C7-41CD-B738-19C715022F10}
2014-05-10 09:59 - 2014-05-10 09:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-10 08:49 - 2014-05-10 08:49 - 00000000 ____D () C:\Users\Owner\AppData\Local\{341FE5A2-B22E-441E-BAEE-E317F66C0BAD}
2014-05-09 20:49 - 2014-05-09 20:49 - 00000000 ____D () C:\Users\Owner\AppData\Local\{9B39FF85-C47D-4EC3-98D6-A3BD01E4A7A5}
2014-05-09 08:48 - 2014-05-09 08:49 - 00000000 ____D () C:\Users\Owner\AppData\Local\{56141157-A8C2-4264-8AFF-E8232915E7FA}
2014-05-08 20:48 - 2014-05-08 20:48 - 00000000 ____D () C:\Users\Owner\AppData\Local\{646E5B60-DD6C-4C26-94A3-0893CAE2FDE7}
2014-05-08 08:47 - 2014-05-08 08:48 - 00000000 ____D () C:\Users\Owner\AppData\Local\{3C5AA9A2-6511-4087-9D19-6ACF3FC17A90}
2014-05-07 20:46 - 2014-05-07 20:47 - 00000000 ____D () C:\Users\Owner\AppData\Local\{708DB77E-A2CE-4D0F-A821-B520227C313C}
2014-05-07 08:46 - 2014-05-07 08:46 - 00000000 ____D () C:\Users\Owner\AppData\Local\{4FD3D5B2-E242-47AE-86FB-F3A70322FF2F}
2014-05-06 20:45 - 2014-05-06 20:46 - 00000000 ____D () C:\Users\Owner\AppData\Local\{8E225F09-26B0-4303-8202-D33CB0BA87D2}
2014-05-06 08:45 - 2014-05-06 08:45 - 00000000 ____D () C:\Users\Owner\AppData\Local\{AB53B037-1736-48BB-A122-19D973E7DC18}
The rest is coming in a separate post, as it was too long (more than 64000 characters long).
gigglepot
2014-06-05, 18:58
Here is part 2 of the FRST.txt file:
==== One Month Modified Files and Folders =======
2014-06-05 09:49 - 2014-06-05 09:48 - 00036551 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-06-05 09:49 - 2011-05-12 13:07 - 00000000 ____D () C:\Users\Owner\AppData\Local\Temp
2014-06-05 09:48 - 2014-06-05 09:48 - 00000000 ____D () C:\FRST
2014-06-05 09:47 - 2014-06-05 09:47 - 02068992 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2014-06-05 09:41 - 2014-06-05 09:41 - 00000526 _____ () C:\Users\Owner\Desktop\MBR.zip
2014-06-05 09:38 - 2014-06-05 09:38 - 00001988 _____ () C:\Users\Owner\Desktop\aswMBR.txt
2014-06-05 09:38 - 2014-06-05 09:38 - 00000512 _____ () C:\Users\Owner\Desktop\MBR.dat
2014-06-05 09:34 - 2013-08-13 08:34 - 00000290 _____ () C:\Windows\Tasks\Dealply.job
2014-06-05 09:12 - 2011-07-25 16:20 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-05 09:03 - 2013-12-12 07:54 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-05 07:59 - 2011-05-12 13:22 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{BF401F47-875B-4406-9B0C-8E70A5A1480F}
2014-06-05 07:50 - 2011-05-22 07:01 - 00000000 ____D () C:\Users\Owner\Documents\Lillian
2014-06-05 07:31 - 2014-06-05 07:31 - 00000000 ____D () C:\Users\Owner\AppData\Local\{CE4BE556-A269-4B46-B2A0-BF8D5B0DD392}
2014-06-05 07:17 - 2014-06-05 07:16 - 04745728 _____ (AVAST Software) C:\Users\Owner\Desktop\aswMBR.exe
2014-06-05 06:50 - 2014-06-05 06:50 - 00854367 _____ () C:\Users\Owner\Desktop\SecurityCheck.exe
2014-06-05 06:48 - 2009-07-13 22:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-05 06:48 - 2009-07-13 22:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-05 06:43 - 2011-03-14 16:03 - 01468371 _____ () C:\Windows\WindowsUpdate.log
2014-06-05 06:39 - 2012-07-11 08:07 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-06-05 06:39 - 2011-05-12 13:16 - 00000000 ____D () C:\Users\Owner\AppData\Local\VirtualStore
2014-06-05 06:39 - 2011-03-14 16:18 - 00000000 ____D () C:\ProgramData\PDFC
2014-06-05 06:38 - 2014-06-02 15:34 - 00000000 ____D () C:\ProgramData\DowwnnSave
2014-06-05 06:38 - 2011-07-25 16:20 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-05 06:38 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-05 06:38 - 2009-07-13 22:51 - 00177740 _____ () C:\Windows\setupact.log
2014-06-04 19:30 - 2014-06-04 19:30 - 00000000 ____D () C:\Users\Owner\AppData\Local\{C40631FE-151A-4518-8AD2-3913078B88E4}
2014-06-04 14:59 - 2013-01-05 14:53 - 00000000 ____D () C:\Users\Owner\AppData\Local\Paint.NET
2014-06-04 07:30 - 2014-06-04 07:30 - 00000000 ____D () C:\Users\Owner\AppData\Local\{2B5A88CC-9725-498E-90F5-2D2EB34CA220}
2014-06-04 05:47 - 2014-06-04 05:47 - 00000000 ____D () C:\Program Files (x86)\DowwnnSave
2014-06-04 05:47 - 2014-05-12 12:03 - 00000000 ____D () C:\ProgramData\e13406c655b61ee0
2014-06-03 19:29 - 2014-06-03 19:28 - 00000000 ____D () C:\Users\Owner\AppData\Local\{29CF0931-C75A-4839-9CA4-56BFFE6556D9}
2014-06-03 15:44 - 2013-10-02 15:10 - 00000000 ____D () C:\Program Files (x86)\WarThunder
2014-06-03 12:53 - 2013-09-06 18:23 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForOwner
2014-06-03 12:53 - 2013-09-06 18:23 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForOwner.job
2014-06-03 07:28 - 2014-06-03 07:28 - 00000000 ____D () C:\Users\Owner\AppData\Local\{604AB371-F7BD-4901-A66B-1AF810A85907}
2014-06-03 06:21 - 2009-07-13 23:08 - 00032654 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-02 19:27 - 2014-06-02 19:26 - 00000000 ____D () C:\Users\Owner\AppData\Local\{3EE7FAEA-2474-4165-BD97-42661D3CA557}
2014-06-02 07:26 - 2014-06-02 07:25 - 00000000 ____D () C:\Users\Owner\AppData\Local\{D1607A7F-0113-4467-976A-8A1AC4E9DD3B}
2014-06-02 06:57 - 2011-05-15 17:36 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\HpUpdate
2014-06-02 06:57 - 2011-05-15 17:36 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\HP Support Assistant
2014-06-01 22:31 - 2011-06-01 11:34 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\SoftGrid Client
2014-06-01 19:24 - 2014-06-01 19:24 - 00000000 ____D () C:\Users\Owner\AppData\Local\{1C3DF919-F2B8-4E13-A821-A882F978CEC3}
2014-06-01 07:24 - 2014-06-01 07:24 - 00000000 ____D () C:\Users\Owner\AppData\Local\{AED18456-BE67-458D-93CB-46F35D81AA4C}
2014-06-01 07:20 - 2011-03-14 18:17 - 00512922 _____ () C:\Windows\PFRO.log
2014-05-31 21:53 - 2009-07-13 21:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-31 19:09 - 2014-05-31 19:09 - 00000000 ____D () C:\Users\Owner\AppData\Local\{9D79D805-C73B-4F34-A6C2-ABABC6E5B642}
2014-05-31 16:25 - 2011-06-04 16:13 - 00000000 ____D () C:\Users\Owner\AppData\Local\CrashDumps
2014-05-31 14:03 - 2014-05-12 12:06 - 00000000 ____D () C:\Program Files (x86)\SW-Booster
2014-05-31 07:09 - 2014-05-31 07:09 - 00000000 ____D () C:\Users\Owner\AppData\Local\{20306CD0-446B-411D-A959-1EA045D81C90}
2014-05-30 18:26 - 2014-05-30 18:26 - 00000000 ____D () C:\Users\Owner\AppData\Local\{68117BCC-A943-46E0-8069-7FDF5D175892}
2014-05-30 06:26 - 2014-05-30 06:25 - 00000000 ____D () C:\Users\Owner\AppData\Local\{466C8583-F82A-4F11-AF2E-5B22AD9F4573}
2014-05-29 18:25 - 2011-06-13 06:25 - 00003218 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForOWNER-HP$
2014-05-29 18:25 - 2011-06-13 06:25 - 00000342 _____ () C:\Windows\Tasks\HPCeeScheduleForOWNER-HP$.job
2014-05-29 18:19 - 2014-05-29 18:19 - 00000000 ____D () C:\Users\Owner\AppData\Local\{2C5CCA4D-18BC-4FFB-A6EF-054B88A99ED0}
2014-05-29 06:19 - 2014-05-29 06:19 - 00000000 ____D () C:\Users\Owner\AppData\Local\{11C136DC-26FF-45D3-900F-9635ADFC664D}
2014-05-28 10:18 - 2014-05-28 10:18 - 00000000 ____D () C:\Users\Owner\AppData\Local\{FF584924-6D5E-4A65-9610-BE980FF899BC}
2014-05-27 22:17 - 2014-05-27 22:17 - 00000000 ____D () C:\Users\Owner\AppData\Local\{49487722-3423-4531-853B-2BEB4B947E88}
2014-05-27 13:58 - 2013-11-14 07:59 - 00001097 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-27 13:47 - 2011-05-17 14:49 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\DVD Flick
2014-05-27 10:17 - 2014-05-27 10:17 - 00000000 ____D () C:\Users\Owner\AppData\Local\{E636AAC6-6DB0-4BCE-983D-18896D512C0F}
2014-05-27 07:09 - 2014-05-25 20:34 - 00000000 ____D () C:\ProgramData\AlllCheapPriceo
2014-05-27 06:30 - 2014-05-27 06:30 - 00000000 ____D () C:\Program Files (x86)\AlllCheapPriceo
2014-05-26 22:16 - 2014-05-26 22:15 - 00000000 ____D () C:\Users\Owner\AppData\Local\{F614D58E-DEE8-4744-AF3D-6C80AD404E2F}
2014-05-26 10:15 - 2014-05-26 10:15 - 00000000 ____D () C:\Users\Owner\AppData\Local\{00528024-D568-4FBE-9A42-7603CFA7B964}
2014-05-25 22:14 - 2014-05-25 22:14 - 00000000 ____D () C:\Users\Owner\AppData\Local\{033192FA-06D2-4C65-B9B9-464B619F57FA}
2014-05-25 20:34 - 2014-05-25 20:34 - 00000000 ____D () C:\Users\Owner\AppData\Local\Packages
2014-05-25 10:13 - 2014-05-25 10:13 - 00000000 ____D () C:\Users\Owner\AppData\Local\{24ECC140-1B93-42FB-B90F-138A987A6510}
2014-05-24 22:12 - 2014-05-24 22:12 - 00000000 ____D () C:\Users\Owner\AppData\Local\{3D3D4CE4-D0E2-4B0F-982E-9BAE798B09F7}
2014-05-24 10:12 - 2014-05-24 10:12 - 00000000 ____D () C:\Users\Owner\AppData\Local\{95180C63-5AB3-4C33-A5A5-B4825658850E}
2014-05-23 22:11 - 2014-05-23 22:10 - 00000000 ____D () C:\Users\Owner\AppData\Local\{2AC94C97-C269-4D12-B7A9-94E3DD1F2E0D}
2014-05-23 10:09 - 2014-05-23 10:08 - 00000000 ____D () C:\Users\Owner\AppData\Local\{CBAF96A7-23B5-47DE-931C-8A167E6F43D5}
2014-05-22 22:08 - 2014-05-22 22:08 - 00000000 ____D () C:\Users\Owner\AppData\Local\{06F2177B-C1F2-43D6-BA0B-19953DCE521C}
2014-05-22 10:48 - 2014-05-12 12:04 - 00000000 ____D () C:\ProgramData\YoutubeAdblocker
2014-05-22 10:08 - 2014-05-22 10:08 - 00000000 ____D () C:\Users\Owner\AppData\Local\{86A85726-B26D-4F8A-A3ED-E0050F478F82}
2014-05-22 06:47 - 2014-05-22 06:40 - 00000000 ____D () C:\ProgramData\NNextCoUp
2014-05-22 06:41 - 2014-05-15 06:50 - 00000000 ____D () C:\ProgramData\save neT
2014-05-22 06:40 - 2014-05-22 06:40 - 02116320 _____ (their database support use requirements) C:\Windows\SysWOW64\setup.exe
2014-05-22 06:40 - 2014-05-22 06:40 - 00000000 ____D () C:\Program Files (x86)\NNextCoUp
2014-05-21 21:09 - 2014-05-21 21:08 - 00000000 ____D () C:\Users\Owner\AppData\Local\{1317234D-FDC9-4213-87CE-5759602D9B2D}
2014-05-21 09:08 - 2014-05-21 09:08 - 00000000 ____D () C:\Users\Owner\AppData\Local\{49300874-9A7E-4A27-A679-C2ED06036B19}
2014-05-20 21:07 - 2014-05-20 21:07 - 00000000 ____D () C:\Users\Owner\AppData\Local\{06C903EE-65AD-4FF9-AF4F-81D53CD84A60}
2014-05-20 09:07 - 2014-05-20 09:06 - 00000000 ____D () C:\Users\Owner\AppData\Local\{4ABE8DD2-E557-4C65-9B50-0BB27C593F9C}
2014-05-19 21:05 - 2014-05-19 21:05 - 00000000 ____D () C:\Users\Owner\AppData\Local\{A175EE99-9B6C-457A-B971-9E455076AC94}
2014-05-19 09:34 - 2014-05-19 09:34 - 00000000 ____D () C:\ProgramData\ExsttraSSaevinags
2014-05-19 09:04 - 2014-05-19 09:04 - 00000000 ____D () C:\Users\Owner\AppData\Local\{C283611C-4599-460A-B945-0BA443120110}
2014-05-18 21:03 - 2014-05-18 21:03 - 00000000 ____D () C:\Users\Owner\AppData\Local\{75F24BEB-34ED-481F-9505-48A67581FC7E}
2014-05-18 09:03 - 2014-05-18 09:03 - 00000000 ____D () C:\Users\Owner\AppData\Local\{91FA3E2F-DAF3-4677-BFDD-26CE80B99A61}
2014-05-17 21:02 - 2014-05-17 21:01 - 00000000 ____D () C:\Users\Owner\AppData\Local\{E92B2B6A-CBD1-4948-9247-ACD9C9A3E4B2}
2014-05-17 09:01 - 2014-05-17 09:01 - 00000000 ____D () C:\Users\Owner\AppData\Local\{E6848EF9-39D0-4D93-837C-50A431189EE4}
2014-05-17 06:21 - 2011-05-17 16:48 - 00000000 ____D () C:\Program Files (x86)\SystemScheduler
2014-05-16 21:01 - 2014-05-16 21:01 - 00000000 ____D () C:\Users\Owner\AppData\Local\{60338534-BDD6-466B-88CE-EBF7DD9482A4}
2014-05-16 17:11 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-05-16 09:00 - 2014-05-16 09:00 - 00000000 ____D () C:\Users\Owner\AppData\Local\{AFD1BB76-ED2B-4FEB-BF74-567D4DAA94A0}
2014-05-16 06:33 - 2011-07-25 16:25 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-16 06:29 - 2011-05-12 13:16 - 00000000 ___RD () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-16 06:29 - 2011-05-12 13:16 - 00000000 ___RD () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-16 06:26 - 2014-05-05 22:17 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 22:19 - 2011-06-01 11:58 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-15 22:16 - 2013-07-11 07:46 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 22:13 - 2011-05-12 14:24 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-15 20:59 - 2014-05-15 20:58 - 00000000 ____D () C:\Users\Owner\AppData\Local\{8D511BB9-9E9F-4AFA-9A58-6A7EA8EDA252}
2014-05-15 10:45 - 2011-05-16 15:53 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Azureus
2014-05-15 10:44 - 2014-05-15 07:00 - 00000000 ____D () C:\Program Files\KMSpico
2014-05-15 10:43 - 2014-05-15 07:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2014-05-15 08:58 - 2014-05-15 08:57 - 00000000 ____D () C:\Users\Owner\AppData\Local\{D56D26A9-5717-4CAD-8EB0-5516A9148322}
2014-05-15 06:53 - 2014-05-12 12:01 - 00000000 ____D () C:\ProgramData\InstallMate
2014-05-15 06:50 - 2014-05-15 06:50 - 00000000 ____D () C:\Program Files (x86)\save neT
2014-05-15 06:42 - 2014-05-15 06:42 - 00000000 ____D () C:\ProgramData\saave net
2014-05-15 06:42 - 2014-05-15 06:42 - 00000000 ____D () C:\Program Files (x86)\saave net
2014-05-15 06:35 - 2013-12-23 07:00 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-15 06:35 - 2011-05-15 23:54 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-05-15 06:35 - 2011-05-15 23:54 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-05-15 06:28 - 2014-05-12 12:15 - 00000000 ____D () C:\ProgramData\SeaRuCH-uNEowTab
2014-05-14 20:56 - 2014-05-14 20:56 - 00000000 ____D () C:\Users\Owner\AppData\Local\{94334CB5-5697-4C66-B936-B5A00A623129}
2014-05-14 08:55 - 2014-05-14 08:55 - 00000000 ____D () C:\Users\Owner\AppData\Local\{463C2A97-F156-4716-ADF2-F3C7CE673233}
2014-05-14 06:33 - 2014-05-12 12:04 - 00000000 ____D () C:\ProgramData\SAve net
2014-05-13 20:55 - 2014-05-13 20:55 - 00000000 ____D () C:\Users\Owner\AppData\Local\{DE1E6D13-0D11-4D72-8331-DF365C6EA668}
2014-05-13 16:05 - 2013-12-12 07:54 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-13 16:05 - 2012-05-14 06:53 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-13 16:05 - 2011-08-06 07:47 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-13 08:55 - 2014-05-13 08:54 - 00000000 ____D () C:\Users\Owner\AppData\Local\{64AD5AC0-DC7C-4E64-9037-0CA6ECA6F1F6}
2014-05-12 20:53 - 2014-05-12 20:53 - 00000000 ____D () C:\Users\Owner\AppData\Local\{F85EA4EA-0331-4F9B-8BA8-406FF4201D81}
2014-05-12 18:46 - 2009-07-13 23:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-05-12 12:16 - 2014-05-12 12:16 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\EZDownloader
2014-05-12 12:15 - 2014-05-12 12:15 - 00000000 ____D () C:\Program Files (x86)\SeaRuCH-uNEowTab
2014-05-12 12:13 - 2014-05-12 12:13 - 00000000 ____D () C:\ProgramData\saavee onett
2014-05-12 12:13 - 2014-05-12 12:13 - 00000000 ____D () C:\Program Files (x86)\saavee onett
2014-05-12 12:07 - 2014-05-12 12:07 - 00000000 ____D () C:\ProgramData\ItsMyApp
2014-05-12 12:04 - 2014-05-12 12:04 - 00000000 ____D () C:\Program Files (x86)\YoutubeAdblocker
2014-05-12 12:04 - 2014-05-12 12:04 - 00000000 ____D () C:\Program Files (x86)\SAve net
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Owner\AppData\Local\Torch
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Owner\AppData\Local\Comodo
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Owner\AppData\Local\Chromatic Browser
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Guest
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Administrator
2014-05-12 12:03 - 2011-05-17 15:05 - 00000000 ____D () C:\Users\Owner\AppData\Local\Google
2014-05-12 08:52 - 2014-05-12 08:52 - 00000000 ____D () C:\Users\Owner\AppData\Local\{7BB7E929-4BCE-4E18-B276-E67CA6EF034E}
2014-05-11 20:51 - 2014-05-11 20:50 - 00000000 ____D () C:\Users\Owner\AppData\Local\{1604A5B1-FD4F-486F-B347-C02083A8F075}
2014-05-11 19:51 - 2011-05-17 15:16 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\vlc
2014-05-11 08:50 - 2014-05-11 08:50 - 00000000 ____D () C:\Users\Owner\AppData\Local\{17DED07C-3454-47F0-8771-38C3DD9FD37C}
2014-05-11 06:59 - 2013-11-14 07:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-10 20:50 - 2014-05-10 20:50 - 00000000 ____D () C:\Users\Owner\AppData\Local\{0A3770AA-82C7-41CD-B738-19C715022F10}
2014-05-10 09:59 - 2014-05-10 09:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-10 08:49 - 2014-05-10 08:49 - 00000000 ____D () C:\Users\Owner\AppData\Local\{341FE5A2-B22E-441E-BAEE-E317F66C0BAD}
2014-05-09 20:49 - 2014-05-09 20:49 - 00000000 ____D () C:\Users\Owner\AppData\Local\{9B39FF85-C47D-4EC3-98D6-A3BD01E4A7A5}
2014-05-09 12:07 - 2011-07-25 16:20 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-09 12:07 - 2011-07-25 16:20 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-09 08:49 - 2014-05-09 08:48 - 00000000 ____D () C:\Users\Owner\AppData\Local\{56141157-A8C2-4264-8AFF-E8232915E7FA}
2014-05-09 00:14 - 2014-05-15 07:15 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 00:11 - 2014-05-15 07:15 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-08 20:48 - 2014-05-08 20:48 - 00000000 ____D () C:\Users\Owner\AppData\Local\{646E5B60-DD6C-4C26-94A3-0893CAE2FDE7}
2014-05-08 08:48 - 2014-05-08 08:47 - 00000000 ____D () C:\Users\Owner\AppData\Local\{3C5AA9A2-6511-4087-9D19-6ACF3FC17A90}
2014-05-07 20:47 - 2014-05-07 20:46 - 00000000 ____D () C:\Users\Owner\AppData\Local\{708DB77E-A2CE-4D0F-A821-B520227C313C}
2014-05-07 08:46 - 2014-05-07 08:46 - 00000000 ____D () C:\Users\Owner\AppData\Local\{4FD3D5B2-E242-47AE-86FB-F3A70322FF2F}
2014-05-06 20:46 - 2014-05-06 20:45 - 00000000 ____D () C:\Users\Owner\AppData\Local\{8E225F09-26B0-4303-8202-D33CB0BA87D2}
2014-05-06 08:45 - 2014-05-06 08:45 - 00000000 ____D () C:\Users\Owner\AppData\Local\{AB53B037-1736-48BB-A122-19D973E7DC18}
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-29 06:54
==================== End Of Log ============================
gigglepot
2014-06-05, 19:00
Here is the Addition.txt file.
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-06-2014
Ran by Owner at 2014-06-05 09:50:13
Running from C:\Users\Owner\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.7.0.1530 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.7.0.1530 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
Aimersoft Video Converter Ultimate(Build 4.1.0.2) (HKLM-x32\...\Aimersoft Video Converter Ultimate_is1) (Version: - Aimersoft Software)
Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc)
ALOT Appbar (HKLM-x32\...\alotAppbar) (Version: - ALOT)
Angry Birds (HKLM-x32\...\{F0000C3B-FD74-4E5F-B574-CA4AB150E86F}) (Version: 2.1.0 - Rovio)
Angry Birds Space (HKLM-x32\...\{C9C763DF-F912-457F-A8BF-88E043BC45FE}) (Version: 1.6.0 - Rovio Entertainment Ltd.)
Angry Birds Star Wars (HKLM-x32\...\{9013721D-0440-4CCF-81FC-D60DC138D412}) (Version: 1.1.0 - Rovio)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{7C7A5A92-046C-A38C-AE0F-8F9CCA0F67A8}) (Version: 3.0.774.0 - ATI Technologies, Inc.)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2018 - Avast Software)
Avidemux 2.5 (HKLM-x32\...\Avidemux 2.5) (Version: 2.5.4.6714 - )
Bad Piggies (HKLM-x32\...\{9524C306-CC16-44A0-82AA-996409D1A059}) (Version: 1.3.0.0 - Rovio Entertainment Ltd.)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.174.0 - Microsoft Corporation)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{504CC891-B140-4E1B-860B-5E4C1DFBA9E3}) (Version: 2.0.5350 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
CanoScan Toolbox Ver4.9 (HKLM-x32\...\{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}) (Version: - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0511.2153.37435 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help English (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help French (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help German (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
ccc-utility64 (Version: 2010.0511.2153.37435 - ATI) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Citrix Authentication Manager (x32 Version: 3.0.0.47031 - Citrix Systems, Inc.) Hidden
Citrix Receiver (HDX Flash Redirection) (x32 Version: 13.3.0.55 - Citrix Systems, Inc.) Hidden
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 13.3.0.55 - Citrix Systems, Inc.)
Citrix Receiver Inside (x32 Version: 3.3.0.17208 - Citrix Systems, Inc.) Hidden
Citrix Receiver Updater (x32 Version: 3.3.0.17207 - Citrix Systems, Inc.) Hidden
Citrix Receiver(Aero) (x32 Version: 13.3.0.55 - Citrix Systems, Inc.) Hidden
Citrix Receiver(DV) (x32 Version: 13.3.0.55 - Citrix Systems, Inc.) Hidden
Citrix Receiver(USB) (x32 Version: 13.3.0.55 - Citrix Systems, Inc.) Hidden
Compaq Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.0.12844.3519 - Hewlett-Packard Company)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conduit Engine (HKLM-x32\...\conduitEngine) (Version: - Conduit Ltd.) <==== ATTENTION
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.2) (Version: 5.0.0.2 - Coupons.com Incorporated)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3210 - CyberLink Corp.)
CyberLink DVD Suite Deluxe (x32 Version: 7.0.3210 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{349F73CA-653A-43A6-AE77-970B07D6EDA0}) (Version: - Microsoft)
Dora Backpack (HKLM-x32\...\{D859D35F-E947-4F2A-8591-C76A4D116178}) (Version: - )
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Drome Racers (HKLM-x32\...\{EC1DCD6C-3AE0-42CE-8EAA-6886CC4400DC}) (Version: - )
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FastStone Image Viewer 4.5 (HKLM-x32\...\FastStone Image Viewer) (Version: 4.5 - FastStone Soft)
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
FrostWire 5.3.8 (HKLM-x32\...\FrostWire 5) (Version: 5.3.8.0 - FrostWire Team)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Hewlett-Packard ACLM.NET v1.1.1.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Auto (Version: 1.0.12494.3472 - Hewlett-Packard Company) Hidden
HP Client Services (Version: 1.0.12656.3472 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.5 - WildTangent)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{53469506-A37E-4314-A9D9-38724EC23A75}) (Version: 8.4.4400.3525 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}) (Version: 6.0.5.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.6.0 - Hewlett-Packard)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
jZip (HKCU\...\jZip) (Version: 2.0.0.131826 - Bandoo Media Inc) <==== ATTENTION
KMSpico v9.2.2 RC (HKLM\...\KMSpico_is1) (Version: 9.2.2 RC - )
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3130 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.3130 - CyberLink Corp.) Hidden
LEGO Star Wars (HKLM-x32\...\InstallShield_{E914A24F-2412-4374-B420-86D21D6D444A}) (Version: 1.00.0000 - Giant)
LEGO Star Wars (x32 Version: 1.00.0000 - Giant) Hidden
LEGO Star Wars II (HKLM-x32\...\InstallShield_{578FA426-47C0-4A3F-98A4-01ACD26B7556}) (Version: 1.00.0000 - LucasArts)
LEGO Star Wars II (x32 Version: 1.00.0000 - LucasArts) Hidden
LEGO® Batman™ (HKLM-x32\...\InstallShield_{398AB469-77FC-4935-820B-D419388C0A6A}) (Version: 1.00.0000 - Warner Bros. Interactive Entertainment)
LEGO® Batman™ (x32 Version: 1.00.0000 - Warner Bros. Interactive Entertainment) Hidden
LEGO® Indiana Jones™ 2 (x32 Version: 1.00.0000 - LucasArts) Hidden
LEGO® Indiana Jones™ 2: The Adventure Continues (HKLM-x32\...\InstallShield_{11192AA7-FBE3-4150-9667-EE7279CCC769}) (Version: 1.00.0000 - LucasArts)
LEGO® Star Wars™ III: The Clone Wars™ (HKLM-x32\...\{6C0A6B81-0D00-453F-B220-E1F7931B3C2A}) (Version: 1.0.0.0 - LucasArts)
LightScribe System Software (HKLM-x32\...\{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}) (Version: 1.18.20.1 - LightScribe)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office XP Professional with FrontPage (HKLM-x32\...\{90280409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MyFreeCodec (HKCU\...\MyFreeCodec) (Version: - )
Mystery P.I. - The London Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden
Online Plug-in (x32 Version: 13.3.0.55 - Citrix Systems, Inc.) Hidden
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.57 - PDF Complete, Inc)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.7717 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.7717 - CyberLink Corp.) Hidden
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PictureMover (HKLM-x32\...\{264FE20A-757B-492a-B0C3-4009E2997D8A}) (Version: 3.5.0.33 - Hewlett-Packard Company)
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4329 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4329 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3129 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.3129 - CyberLink Corp.) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 4.7 - PowerISO Computing, Inc.)
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-13231864975E}) (Version: 5.10.1102.0 - NewspaperDirect Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3219 - CyberLink Corp.) Hidden
ROBLOX Player for Owner (HKCU\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)
ROBLOX Studio 2013 for Owner (HKCU\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version: - ROBLOX Corporation)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.34.0 - SAMSUNG Electronics Co., Ltd.)
Self-service Plug-in (x32 Version: 3.3.0.27839 - Citrix Systems, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
Shareaza (x32 Version: 8.0.0.123534 - Discordia, LTD) Hidden
Smart Technology Programming Software 7.0.27.13 (HKLM\...\{BD90BC1C-115D-47E1-B85C-07AE182C3AB8}) (Version: 7.0.27.13 - Mad Catz)
SoulSeek 157 NS 13e (HKLM-x32\...\Soulseek2) (Version: - )
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
StudioTax 2011 (HKLM\...\{85FD0263-98BB-4B0E-990C-A31094DE8DDE}) (Version: 7.0.4.0 - BHOK IT Consulting)
StudioTax 2012 (HKLM-x32\...\{FD31CD68-1D2F-4F9C-8ACB-9A7806D53D3B}) (Version: 8.0.5.2 - BHOK IT Consulting)
StudioTax 2013 (HKLM-x32\...\{3F525B18-4DA5-447A-97E5-8F00EA9DF4B1}) (Version: 9.1.8.2 - BHOK IT Consulting)
SW-Sustainer 1.80 (HKLM-x32\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{d0e87c27}) (Version: - Certified Publisher) <==== ATTENTION
System Scheduler 4.12 (HKLM-x32\...\Windows Scheduler_is1) (Version: - Splinterware Software Solutions)
Tom Clancy's H.A.W.X (HKLM-x32\...\{6E36A172-06FB-4BC8-B7FC-D30D219E6776}) (Version: 1.02.00000 - Ubisoft)
Toy Story 3 (HKLM-x32\...\{AAFD160A-2333-40D8-AA25-42D1989CA0F2}) (Version: 1.00.0000 - Disney Interactive Studios)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
uTorrentBar Toolbar (HKLM-x32\...\uTorrentBar Toolbar) (Version: 6.2.7.3 - uTorrentBar) <==== ATTENTION
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
VLC media player 1.0.3 (HKLM-x32\...\VLC media player) (Version: 1.0.3 - VideoLAN Team)
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.3.0.0 - Azureus Software, Inc.)
Vuze Remote Toolbar v8.5 (HKLM-x32\...\{EDF914BD-584C-48CE-8254-324201560529}) (Version: 8.5 - Spigot, Inc.) <==== ATTENTION
War Thunder CDK 0.1 (HKLM-x32\...\{ed8deea4-29fe-1932-9612-e2122d8a62d9}}_is1) (Version: - Gaijin Entertainment)
War Thunder Launcher 1.0.1.278 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version: - 2013 Gaijin Entertainment Corporation)
War Thunder Launcher 1.0.1.340 (HKLM-x32\...\{abc8eea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version: - Gaijin Entertainment)
WeatherEye (HKCU\...\WeatherEye) (Version: - )
WildTangent Games App for HP (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.11.2 - WildTangent)
Wincore MediaBar (HKLM-x32\...\Wincore MediaBar) (Version: 3.0.0.122470 - Discordia, LTD) <==== ATTENTION
Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinZip 17.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DD}) (Version: 17.5.10562 - WinZip Computing, S.L. )
World Cup Cricket 20-20 (x32 Version: 2.2.0.95 - WildTangent) Hidden
YoutubeAdblocker (HKLM-x32\...\{4820778D-AB0D-6D18-C316-52A6A0E1D507}) (Version: 4.0.0.1309 - YoutubeAdblocker) <==== ATTENTION
Zinio Reader 4 (HKLM-x32\...\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1) (Version: 4.0.3184 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.0.3184 - Zinio LLC) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
==================== Restore Points =========================
16-05-2014 04:10:19 Windows Update
21-05-2014 12:38:25 Windows Update
28-05-2014 13:43:08 Scheduled Checkpoint
30-05-2014 12:29:34 Windows Update
02-06-2014 12:56:18 HPSF Restore Point
03-06-2014 12:29:33 Windows Update
==================== Hosts content: ==========================
2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {03E018AA-5DB7-4BDF-AD31-9C3A9C593481} - System32\Tasks\Dealply => C:\Users\Owner\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {0FE7318E-4885-42C4-93E3-FB734E63E4E0} - System32\Tasks\HPCeeScheduleForOWNER-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {10DF89EB-9FDF-4E02-B093-67C3BED1B03E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-07-25] (Google Inc.)
Task: {115E6B96-E34D-42EA-B6F8-51A5D6B669DC} - System32\Tasks\da59223c => C:\Users\Owner\AppData\Local\Temp\\setup1892356880.exe <==== ATTENTION
Task: {1BF36836-FA3E-4B25-ACAA-DFFB7ADA9205} - System32\Tasks\HPCeeScheduleForOwner => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {1FE1297E-9315-4026-A9A3-FBB3481601FC} - System32\Tasks\6727a104 => C:\Users\Owner\AppData\Local\Temp\\setup845194372.exe <==== ATTENTION
Task: {289D4207-2D96-47E8-977A-86FEC4093B70} - System32\Tasks\69404464 => C:\Users\Owner\AppData\Local\Temp\\setup4099077816.exe <==== ATTENTION
Task: {46A89E40-5E03-4726-AA5F-D9ABABC78E01} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated)
Task: {54D3FEE4-D62D-4E98-80DF-9F38084D17CC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5D3BD67D-E18C-4C69-880F-3AA95EE9BB4F} - System32\Tasks\2b9f7ef8 => C:\Users\Owner\AppData\Local\Temp\\setup731873016.exe <==== ATTENTION
Task: {638B6E17-94EB-4093-8C88-E7F472175258} - System32\Tasks\4ed51aa0 => C:\Users\Owner\AppData\Local\Temp\\setup437132832.exe <==== ATTENTION
Task: {64DD2E96-C4B8-4E18-8D36-72544739F6EA} - System32\Tasks\7bd04b60 => C:\Users\Owner\AppData\Local\Temp\\setup1191792352.exe <==== ATTENTION
Task: {7D0B3D9E-25EE-4A0B-B43D-6B5F093D6339} - System32\Tasks\471fc6a8 => C:\Users\Owner\AppData\Local\Temp\\setup307808808.exe <==== ATTENTION
Task: {81D7DFF0-DCCD-4A68-94B8-CF1F486BC97A} - System32\Tasks\ec1d7bd4 => C:\Users\Owner\AppData\Local\Temp\\setup3075893544.exe <==== ATTENTION
Task: {88AE72CE-71D6-4131-AAC3-DD3132F47178} - System32\Tasks\5cc16f94 => C:\Users\Owner\AppData\Local\Temp\\setup1291538448.exe <==== ATTENTION
Task: {8A2B4C85-7287-4463-9AE1-B5439A79026F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-06-21] (Hewlett-Packard Company)
Task: {9B0D2FD5-45FC-442C-910B-487BE7A1D2EB} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-23] (AVAST Software)
Task: {9C9157B1-4249-47A0-BCE7-7E76C8CE1510} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-06-21] (Hewlett-Packard Company)
Task: {A2046887-4841-44D4-8FE6-9E6E7CCE795A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-06-14] (Hewlett-Packard)
Task: {A5F3EEBF-A2F2-4CA2-97BF-F62A92C9D09F} - System32\Tasks\7573361c => C:\Users\Owner\AppData\Local\Temp\\setup1085028764.exe <==== ATTENTION
Task: {BDFCE513-72FA-43AA-96EC-68300A8BDBC4} - System32\Tasks\41d9645c => C:\Users\Owner\AppData\Local\Temp\\setup3129333340.exe <==== ATTENTION
Task: {BF354FAF-7D5F-4066-BD2A-14D5157F5640} - System32\Tasks\1f76a5c0 => C:\Users\Owner\AppData\Local\Temp\\setup3937374996.exe <==== ATTENTION
Task: {C080B646-BD9B-40FC-BAE2-BF1F60742271} - System32\Tasks\4704 => Wscript.exe C:\Users\Owner\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {C5B38A47-A3E1-4A75-8ED0-9CA70F10F59B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-07-25] (Google Inc.)
Task: {C618024F-EFC9-40F6-B730-576BC19782B2} - System32\Tasks\7f8539c4 => C:\Users\Owner\AppData\Local\Temp\\setup1253975832.exe <==== ATTENTION
Task: {CC86B01E-CE0A-4E21-A91A-759BB6BA026B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-06-21] (Hewlett-Packard Company)
Task: {D52AC9CD-3184-486A-9054-FA180CAC9F81} - System32\Tasks\48b0fc00 => C:\Users\Owner\AppData\Local\Temp\\setup4206617504.exe <==== ATTENTION
Task: {D716852E-1BCC-442D-93EE-82FE89FC7519} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: {D79E2D4D-4D56-43A2-A2B5-280DD23AE663} - System32\Tasks\c53ae644 => C:\Users\Owner\AppData\Local\Temp\\setup652597912.exe <==== ATTENTION
Task: {FC0A2883-58B4-4B24-8468-2652A26F0B2E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2011-03-22] (Hewlett-Packard Company)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Dealply.job => C:\Users\Owner\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForOWNER-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForOwner.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Loaded Modules (whitelisted) =============
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-06-04 13:47 - 2014-06-04 13:47 - 02775040 _____ () C:\Program Files\AVAST Software\Avast\defs\14060401\algo.dll
2014-06-05 06:39 - 2014-06-05 06:39 - 02775040 _____ () C:\Program Files\AVAST Software\Avast\defs\14060500\algo.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-10-23 06:53 - 2013-10-23 06:53 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-05-10 09:59 - 2014-05-10 09:59 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\Temp:196FC0A6
AlternateDataStreams: C:\ProgramData\Temp:7D6EC5BE
AlternateDataStreams: C:\Users\Owner\Downloads:Shareaza.GUID
AlternateDataStreams: C:\Users\Owner\Documents\Re_ Wii Nunchuks.eml:OECustomProperty
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish PictureMover.lnk => C:\Windows\pss\Snapfish PictureMover.lnk.CommonStartup
MSCONFIG\startupreg: HP Software Update => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpsysdrv => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
MSCONFIG\startupreg: Microsoft Default Manager => "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe
MSCONFIG\startupreg: StartCCC => "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
==================== Faulty Device Manager Devices =============
Name: Programmable Root Enumerator
Description: Programming Support
Class Guid: {678dcf40-e2e6-11d5-8cd5-e960089ea00a}
Manufacturer: Mad Catz
Service: SaiNtBus
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
==================== Event log errors: =========================
Application errors:
==================
Error: (06/04/2014 07:11:23 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.
Error: (06/04/2014 05:44:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Service_KMS.exe, version: 13.0.0.0, time stamp: 0x5312d36b
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x000007fe964c0368
Faulting process id: 0xaf0
Faulting application start time: 0xService_KMS.exe0
Faulting application path: Service_KMS.exe1
Faulting module path: Service_KMS.exe2
Report Id: Service_KMS.exe3
Error: (06/03/2014 07:34:56 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.
Error: (06/03/2014 07:04:31 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.
Error: (06/03/2014 06:23:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Service_KMS.exe, version: 13.0.0.0, time stamp: 0x5312d36b
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x000007fe99380368
Faulting process id: 0x8e0
Faulting application start time: 0xService_KMS.exe0
Faulting application path: Service_KMS.exe1
Faulting module path: Service_KMS.exe2
Report Id: Service_KMS.exe3
Error: (06/02/2014 05:24:28 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.
Error: (06/02/2014 06:26:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Service_KMS.exe, version: 13.0.0.0, time stamp: 0x5312d36b
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x000007fe96490368
Faulting process id: 0x914
Faulting application start time: 0xService_KMS.exe0
Faulting application path: Service_KMS.exe1
Faulting module path: Service_KMS.exe2
Report Id: Service_KMS.exe3
Error: (06/01/2014 10:22:02 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.
Error: (06/01/2014 10:01:19 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.
Error: (06/01/2014 07:22:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Service_KMS.exe, version: 13.0.0.0, time stamp: 0x5312d36b
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x000007fe95eb0368
Faulting process id: 0xacc
Faulting application start time: 0xService_KMS.exe0
Faulting application path: Service_KMS.exe1
Faulting module path: Service_KMS.exe2
Report Id: Service_KMS.exe3
System errors:
=============
Error: (06/05/2014 06:39:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Service KMSELDI service failed to start due to the following error:
%%1053
Error: (06/05/2014 06:39:04 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Service KMSELDI service to connect.
Error: (06/04/2014 05:50:49 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4}
Error: (06/04/2014 05:45:15 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Service KMSELDI service terminated unexpectedly. It has done this 1 time(s).
Error: (06/04/2014 05:44:21 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SBSD Security Center Service service failed to start due to the following error:
%%1053
Error: (06/04/2014 05:44:21 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.
Error: (06/03/2014 06:24:07 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Service KMSELDI service terminated unexpectedly. It has done this 1 time(s).
Error: (06/02/2014 10:29:03 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4}
Error: (06/02/2014 06:27:53 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Service KMSELDI service terminated unexpectedly. It has done this 1 time(s).
Error: (06/01/2014 07:22:40 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Service KMSELDI service terminated unexpectedly. It has done this 1 time(s).
Microsoft Office Sessions:
=========================
Error: (06/04/2014 07:11:23 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: C:\Program Files\WinZip\adxloader.dll.ManifestC:\Program Files\WinZip\adxloader.dll.Manifest2
Error: (06/04/2014 05:44:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Service_KMS.exe13.0.0.05312d36bunknown0.0.0.00000000000000000000007fe964c0368af001cf7fea3ebba19eC:\Program Files\KMSpico\Service_KMS.exeunknowna53387f5-ebdd-11e3-a433-6431503ceaa3
Error: (06/03/2014 07:34:56 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: C:\Program Files\WinZip\adxloader.dll.ManifestC:\Program Files\WinZip\adxloader.dll.Manifest2
Error: (06/03/2014 07:04:31 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: C:\Program Files\WinZip\adxloader.dll.ManifestC:\Program Files\WinZip\adxloader.dll.Manifest2
Error: (06/03/2014 06:23:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Service_KMS.exe13.0.0.05312d36bunknown0.0.0.00000000000000000000007fe993803688e001cf7f266b47e63bC:\Program Files\KMSpico\Service_KMS.exeunknownd944b894-eb19-11e3-b5d3-6431503ceaa3
Error: (06/02/2014 05:24:28 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: C:\Program Files\WinZip\adxloader.dll.ManifestC:\Program Files\WinZip\adxloader.dll.Manifest2
Error: (06/02/2014 06:26:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Service_KMS.exe13.0.0.05312d36bunknown0.0.0.00000000000000000000007fe9649036891401cf7e5dc987a039C:\Program Files\KMSpico\Service_KMS.exeunknown30b45521-ea51-11e3-89bd-6431503ceaa3
Error: (06/01/2014 10:22:02 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: C:\Program Files\WinZip\adxloader.dll.ManifestC:\Program Files\WinZip\adxloader.dll.Manifest2
Error: (06/01/2014 10:01:19 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: C:\Program Files\WinZip\adxloader.dll.ManifestC:\Program Files\WinZip\adxloader.dll.Manifest2
Error: (06/01/2014 07:22:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Service_KMS.exe13.0.0.05312d36bunknown0.0.0.00000000000000000000007fe95eb0368acc01cf7d9c5957a8dbC:\Program Files\KMSpico\Service_KMS.exeunknownbc9289a6-e98f-11e3-8bc6-6431503ceaa3
CodeIntegrity Errors:
===================================
Date: 2014-02-03 19:53:02.683
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-02-03 19:53:02.455
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-02-03 19:52:45.362
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-02-03 19:52:45.136
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-02-03 19:52:09.945
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-02-03 19:52:09.717
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-02-03 19:52:03.429
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-02-03 19:52:03.201
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-02-03 19:50:32.270
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-02-03 19:50:32.038
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Percentage of memory in use: 64%
Total physical RAM: 2815.29 MB
Available physical RAM: 1003.61 MB
Total Pagefile: 5628.75 MB
Available Pagefile: 3184.92 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:686.49 GB) (Free:432.16 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:12.04 GB) (Free:1.47 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 699 GB) (Disk ID: CCC43D8D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=686 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12 GB) - (Type=07 NTFS)
==================== End Of Log ============================
gigglepot
2014-06-05, 19:01
I just wanted to add, thank you for taking the time to help me. Your instructions are amazingly written out, easy to follow, and complete!
:)
Hi gigglepot,
I just wanted to add, thank you for taking the time to help me. Your instructions are amazingly written out, easy to follow, and complete!
You're welcome, and thanks for the kind words. We try and take some of the stress out of the whole ordeal by giving percise but easy to understand step by step directions.
All the logs are just what I needed to see. :bigthumb:
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) P2P - (Peer to Peer)
I see you have/had P2P software uTorrent, FrostWire, Shareaza, Vuze installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections and possibly Identity Theft. It likely contributed to your current situation. This page (http://malwareremoval.com/p2pindex.php) will give you further information.
Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
I would strongly recommend that you uninstall this now.
Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:
uTorrent
FrostWire
Shareaza
Vuze
If you choose to not remove this programs please refrain from using it until we have finished cleaning your computer.
=========================
If you have chosen to not remove any of the P2P items listed above, just skip them in the next step also.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye2_zpse2245433.png.html) Uninstall via Programs and Features
Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:
µTorrent
FrostWire 5.3.8
jZip
Shareaza
SW-Sustainer 1.80
uTorrentBar Toolbar
SW-Sustainer 1.80
uTorrentBar Toolbar
Vuze
Vuze Remote Toolbar v8.5
Wincore MediaBar
YoutubeAdblocker
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) FRST Fix Script
Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt
(Oberon Media ) C:\Program Files (x86)\GamesBar\update\SearchEngineProtection.exe
(Discordia, LTD) C:\Program Files (x86)\Shareaza Applications\MediaBar\Datamngr\datamngrUI.exe
HKLM-x32\...\Run: [DATAMNGR] => C:\Program Files (x86)\Shareaza Applications\MediaBar\Datamngr\datamngrUI.exe [1693120 2012-03-14] (Discordia, LTD)
HKU\S-1-5-21-179166284-1700762968-3849658672-1000\...\Run: [SearchEngineProtection] => C:\Program Files (x86)\GamesBar\update\SearchEngineProtection.exe [620480 2013-02-17] (Oberon Media )
HKU\S-1-5-21-179166284-1700762968-3849658672-1000\...\Run: [TBHostSupport] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Owner\AppData\Local\TBHostSupport\TBHostSupport.dll",DLLRunTBHostSupportPlugin <===== ATTENTION
AppInit_DLLs: C:\PROGRA~2\SHAREA~1\MediaBar\Datamngr\x64\datamngr.dll => C:\Program Files (x86)\Shareaza Applications\MediaBar\Datamngr\x64\datamngr.dll [1778584 2012-03-14] (Discordia, LTD)
AppInit_DLLs: C:\PROGRA~2\SHAREA~1\MediaBar\Datamngr\x64\IEBHO.dll => C:\Program Files (x86)\Shareaza Applications\MediaBar\Datamngr\x64\IEBHO.dll [1791384 2012-03-14] (Discordia, LTD)
AppInit_DLLs: C:\PROGRA~2\SW-BOO~1\ASSIST~2.DLL => C:\Program Files (x86)\SW-Booster\Assistant_x64.dll [4210176 2014-05-12] ()
AppInit_DLLs-x32: c:\progra~2\sharea~1\mediabar\datamngr\datamngr.dll => C:\Program Files (x86)\Shareaza Applications\MediaBar\Datamngr\datamngr.dll [1234880 2012-03-14] (Discordia, LTD)
AppInit_DLLs-x32: c:\progra~2\sharea~1\mediabar\datamngr\iebho.dll => C:\Program Files (x86)\Shareaza Applications\MediaBar\Datamngr\IEBHO.dll [1233816 2012-03-14] (Discordia, LTD)
AppInit_DLLs-x32: c:\progra~2\sw-boo~1\assist~1.dll => "c:\progra~2\sw-boo~1\assist~1.dll" File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe (Leader Technologies)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe (Leader Technologies
URLSearchHook: HKLM-x32 - (No Name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
URLSearchHook: HKLM-x32 - (No Name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No File
URLSearchHook: HKCU - (No Name) - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - No File
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=110&systemid=102&apn_dtid=BND102&apn_ptnrs=AG7&o=APN10646&apn_uid=0225276324554132&q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchTerms}&l=dis&o=CPDTDF
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=110&systemid=102&apn_dtid=BND102&apn_ptnrs=AG7&o=APN10646&apn_uid=0225276324554132&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD23} URL = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=3&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchTerms}&l=dis&o=CPDTDF
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=110&systemid=102&apn_dtid=BND102&apn_ptnrs=AG7&o=APN10646&apn_uid=0225276324554132&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD23} URL = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=3&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.eazytosearch.info/?l=1&q={searchTerms}&pid=724&r=2014/05/12&hid=17791081079239329585&lg=EN&cc=CA
BHO-x32: No Name - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - No File
BHO-x32: No Name - {0EEDB912-C5FA-486F-8334-57288578C627} - No File
BHO-x32: No Name - {11111111-1111-1111-1111-110011441193} - No File
BHO-x32: ExsttraSSaevinags - {2C236565-050C-9586-76E0-621F60838C79} - C:\ProgramData\ExsttraSSaevinags\1qC.dll ()
BHO-x32: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
BHO-x32: No Name - {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - No File
BHO-x32: No Name - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No File
BHO-x32: No Name - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
BHO-x32: No Name - {d48c9ead-f59f-4dea-ac97-7065fea79f42} - No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM-x32 - No Name - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
Toolbar: HKLM-x32 - Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - No Name - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No File
Toolbar: HKLM-x32 - No Name - {A531D99C-5A22-449b-83DA-872725C6D0ED} - No File
Toolbar: HKLM-x32 - No Name - {d48c9ead-f59f-4dea-ac97-7065fea79f42} - No File
Toolbar: HKLM-x32 - No Name - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - No Name - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "WebSearch");: user_pref("browser.search.order.1,S", "WebSearch");
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Task: {03E018AA-5DB7-4BDF-AD31-9C3A9C593481} - System32\Tasks\Dealply => C:\Users\Owner\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {115E6B96-E34D-42EA-B6F8-51A5D6B669DC} - System32\Tasks\da59223c => C:\Users\Owner\AppData\Local\Temp\\setup1892356880.exe <==== ATTENTION
Task: {1FE1297E-9315-4026-A9A3-FBB3481601FC} - System32\Tasks\6727a104 => C:\Users\Owner\AppData\Local\Temp\\setup845194372.exe <==== ATTENTION
Task: {289D4207-2D96-47E8-977A-86FEC4093B70} - System32\Tasks\69404464 => C:\Users\Owner\AppData\Local\Temp\\setup4099077816.exe <==== ATTENTION
Task: {5D3BD67D-E18C-4C69-880F-3AA95EE9BB4F} - System32\Tasks\2b9f7ef8 => C:\Users\Owner\AppData\Local\Temp\\setup731873016.exe <==== ATTENTION
Task: {638B6E17-94EB-4093-8C88-E7F472175258} - System32\Tasks\4ed51aa0 => C:\Users\Owner\AppData\Local\Temp\\setup437132832.exe <==== ATTENTION
Task: {64DD2E96-C4B8-4E18-8D36-72544739F6EA} - System32\Tasks\7bd04b60 => C:\Users\Owner\AppData\Local\Temp\\setup1191792352.exe <==== ATTENTION
Task: {7D0B3D9E-25EE-4A0B-B43D-6B5F093D6339} - System32\Tasks\471fc6a8 => C:\Users\Owner\AppData\Local\Temp\\setup307808808.exe <==== ATTENTION
Task: {81D7DFF0-DCCD-4A68-94B8-CF1F486BC97A} - System32\Tasks\ec1d7bd4 => C:\Users\Owner\AppData\Local\Temp\\setup3075893544.exe <==== ATTENTION
Task: {88AE72CE-71D6-4131-AAC3-DD3132F47178} - System32\Tasks\5cc16f94 => C:\Users\Owner\AppData\Local\Temp\\setup1291538448.exe <==== ATTENTION
Task: {A5F3EEBF-A2F2-4CA2-97BF-F62A92C9D09F} - System32\Tasks\7573361c => C:\Users\Owner\AppData\Local\Temp\\setup1085028764.exe <==== ATTENTION
Task: {BDFCE513-72FA-43AA-96EC-68300A8BDBC4} - System32\Tasks\41d9645c => C:\Users\Owner\AppData\Local\Temp\\setup3129333340.exe <==== ATTENTION
Task: {BF354FAF-7D5F-4066-BD2A-14D5157F5640} - System32\Tasks\1f76a5c0 => C:\Users\Owner\AppData\Local\Temp\\setup3937374996.exe <==== ATTENTION
Task: {C080B646-BD9B-40FC-BAE2-BF1F60742271} - System32\Tasks\4704 => Wscript.exe C:\Users\Owner\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {C618024F-EFC9-40F6-B730-576BC19782B2} - System32\Tasks\7f8539c4 => C:\Users\Owner\AppData\Local\Temp\\setup1253975832.exe <==== ATTENTION
Task: {D52AC9CD-3184-486A-9054-FA180CAC9F81} - System32\Tasks\48b0fc00 => C:\Users\Owner\AppData\Local\Temp\\setup4206617504.exe <==== ATTENTION
Task: {D716852E-1BCC-442D-93EE-82FE89FC7519} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: {D79E2D4D-4D56-43A2-A2B5-280DD23AE663} - System32\Tasks\c53ae644 => C:\Users\Owner\AppData\Local\Temp\\setup652597912.exe <==== ATTENTION
Task: C:\Windows\Tasks\Dealply.job => C:\Users\Owner\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) by Xplode and save to your Desktop.
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Report button...a log file (AdwCleaner[R0].txt) will open in Notepad for review.
The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
Copy and paste the contents of that log file in your next reply.
A copy of all log files are saved in the C:\AdwCleaner folder which was created when running the tool.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Re-run Farbar Recovery Scan Tool it should be on your desktop.
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
=========================
In your next post please provide the following:
Fixlog.txt
AdwCleaner[R0].txt
new FRST.txt
Any change in performance?
gigglepot
2014-06-06, 20:22
Hello, the only one I'd like to keep is Vuze and also uTorrent which Vuze needs to operate.
I tried to uninstall Shareaza but even though it showed up in my program files, it wouldn't show up in my Programs and Features. So I had to reinstall it and then uninstall it. It seems to be gone now.
I tried to get rid of FrostWire but it too didn't show up in Programs and Features so I had to reinstall it and then uninstall it. Seems to be gone except I have a bunch of files left over on my Start button when I search for Frostwire. Not sure what they are. I tried to attach a Word document to show you but it said "error: invalid file".
SW Sustainer 1.80 was in my Programs and Features but would not delete. I got a RunDLL Error that says: There was a problem starting C:\Progra-2\SW-BOO-1/ASSIST-1.DLL The specific module cannot be found.
I couldn't uninstall the uTorrentBar Toolbar, I got the error message "Could not open INSTALL.LOG file".
I couldn't uninstall the YouTube Ad Blocker.......I double click on it and nothing happens.
I will wait to hear back from you before I continue with your previous instructions.
gigglepot
2014-06-06, 20:34
Hello, I continued on with your instructions. Here is the Fixlog.txt:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-06-2014
Ran by Owner at 2014-06-06 11:32:52 Run:1
Running from C:\Users\Owner\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
(Oberon Media ) C:\Program Files (x86)\GamesBar\update\SearchEngineProtection.exe
(Discordia, LTD) C:\Program Files (x86)\Shareaza Applications\MediaBar\Datamngr\datamngrUI.exe
HKLM-x32\...\Run: [DATAMNGR] => C:\Program Files (x86)\Shareaza Applications\MediaBar\Datamngr\datamngrUI.exe [1693120 2012-03-14] (Discordia, LTD)
HKU\S-1-5-21-179166284-1700762968-3849658672-1000\...\Run: [SearchEngineProtection] => C:\Program Files (x86)\GamesBar\update\SearchEngineProtection.exe [620480 2013-02-17] (Oberon Media )
HKU\S-1-5-21-179166284-1700762968-3849658672-1000\...\Run: [TBHostSupport] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Owner\AppData\Local\TBHostSupport\TBHostSupport.dll",DLLRunTBHostSupportPlugin <===== ATTENTION
AppInit_DLLs: C:\PROGRA~2\SHAREA~1\MediaBar\Datamngr\x64\datamngr.dll => C:\Program Files (x86)\Shareaza Applications\MediaBar\Datamngr\x64\datamngr.dll [1778584 2012-03-14] (Discordia, LTD)
AppInit_DLLs: C:\PROGRA~2\SHAREA~1\MediaBar\Datamngr\x64\IEBHO.dll => C:\Program Files (x86)\Shareaza Applications\MediaBar\Datamngr\x64\IEBHO.dll [1791384 2012-03-14] (Discordia, LTD)
AppInit_DLLs: C:\PROGRA~2\SW-BOO~1\ASSIST~2.DLL => C:\Program Files (x86)\SW-Booster\Assistant_x64.dll [4210176 2014-05-12] ()
AppInit_DLLs-x32: c:\progra~2\sharea~1\mediabar\datamngr\datamngr.dll => C:\Program Files (x86)\Shareaza Applications\MediaBar\Datamngr\datamngr.dll [1234880 2012-03-14] (Discordia, LTD)
AppInit_DLLs-x32: c:\progra~2\sharea~1\mediabar\datamngr\iebho.dll => C:\Program Files (x86)\Shareaza Applications\MediaBar\Datamngr\IEBHO.dll [1233816 2012-03-14] (Discordia, LTD)
AppInit_DLLs-x32: c:\progra~2\sw-boo~1\assist~1.dll => "c:\progra~2\sw-boo~1\assist~1.dll" File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe (Leader Technologies)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe (Leader Technologies
URLSearchHook: HKLM-x32 - (No Name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
URLSearchHook: HKLM-x32 - (No Name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No File
URLSearchHook: HKCU - (No Name) - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - No File
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=110&systemid=102&apn_dtid=BND102&apn_ptnrs=AG7&o=APN10646&apn_uid=0225276324554132&q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchTerms}&l=dis&o=CPDTDF
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=110&systemid=102&apn_dtid=BND102&apn_ptnrs=AG7&o=APN10646&apn_uid=0225276324554132&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD23} URL = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=3&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchTerms}&l=dis&o=CPDTDF
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=110&systemid=102&apn_dtid=BND102&apn_ptnrs=AG7&o=APN10646&apn_uid=0225276324554132&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD23} URL = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=3&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.eazytosearch.info/?l=1&q={searchTerms}&pid=724&r=2014/05/12&hid=17791081079239329585&lg=EN&cc=CA
BHO-x32: No Name - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - No File
BHO-x32: No Name - {0EEDB912-C5FA-486F-8334-57288578C627} - No File
BHO-x32: No Name - {11111111-1111-1111-1111-110011441193} - No File
BHO-x32: ExsttraSSaevinags - {2C236565-050C-9586-76E0-621F60838C79} - C:\ProgramData\ExsttraSSaevinags\1qC.dll ()
BHO-x32: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
BHO-x32: No Name - {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - No File
BHO-x32: No Name - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No File
BHO-x32: No Name - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
BHO-x32: No Name - {d48c9ead-f59f-4dea-ac97-7065fea79f42} - No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM-x32 - No Name - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
Toolbar: HKLM-x32 - Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - No Name - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No File
Toolbar: HKLM-x32 - No Name - {A531D99C-5A22-449b-83DA-872725C6D0ED} - No File
Toolbar: HKLM-x32 - No Name - {d48c9ead-f59f-4dea-ac97-7065fea79f42} - No File
Toolbar: HKLM-x32 - No Name - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - No Name - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "WebSearch");: user_pref("browser.search.order.1,S", "WebSearch");
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Task: {03E018AA-5DB7-4BDF-AD31-9C3A9C593481} - System32\Tasks\Dealply => C:\Users\Owner\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {115E6B96-E34D-42EA-B6F8-51A5D6B669DC} - System32\Tasks\da59223c => C:\Users\Owner\AppData\Local\Temp\\setup1892356880.exe <==== ATTENTION
Task: {1FE1297E-9315-4026-A9A3-FBB3481601FC} - System32\Tasks\6727a104 => C:\Users\Owner\AppData\Local\Temp\\setup845194372.exe <==== ATTENTION
Task: {289D4207-2D96-47E8-977A-86FEC4093B70} - System32\Tasks\69404464 => C:\Users\Owner\AppData\Local\Temp\\setup4099077816.exe <==== ATTENTION
Task: {5D3BD67D-E18C-4C69-880F-3AA95EE9BB4F} - System32\Tasks\2b9f7ef8 => C:\Users\Owner\AppData\Local\Temp\\setup731873016.exe <==== ATTENTION
Task: {638B6E17-94EB-4093-8C88-E7F472175258} - System32\Tasks\4ed51aa0 => C:\Users\Owner\AppData\Local\Temp\\setup437132832.exe <==== ATTENTION
Task: {64DD2E96-C4B8-4E18-8D36-72544739F6EA} - System32\Tasks\7bd04b60 => C:\Users\Owner\AppData\Local\Temp\\setup1191792352.exe <==== ATTENTION
Task: {7D0B3D9E-25EE-4A0B-B43D-6B5F093D6339} - System32\Tasks\471fc6a8 => C:\Users\Owner\AppData\Local\Temp\\setup307808808.exe <==== ATTENTION
Task: {81D7DFF0-DCCD-4A68-94B8-CF1F486BC97A} - System32\Tasks\ec1d7bd4 => C:\Users\Owner\AppData\Local\Temp\\setup3075893544.exe <==== ATTENTION
Task: {88AE72CE-71D6-4131-AAC3-DD3132F47178} - System32\Tasks\5cc16f94 => C:\Users\Owner\AppData\Local\Temp\\setup1291538448.exe <==== ATTENTION
Task: {A5F3EEBF-A2F2-4CA2-97BF-F62A92C9D09F} - System32\Tasks\7573361c => C:\Users\Owner\AppData\Local\Temp\\setup1085028764.exe <==== ATTENTION
Task: {BDFCE513-72FA-43AA-96EC-68300A8BDBC4} - System32\Tasks\41d9645c => C:\Users\Owner\AppData\Local\Temp\\setup3129333340.exe <==== ATTENTION
Task: {BF354FAF-7D5F-4066-BD2A-14D5157F5640} - System32\Tasks\1f76a5c0 => C:\Users\Owner\AppData\Local\Temp\\setup3937374996.exe <==== ATTENTION
Task: {C080B646-BD9B-40FC-BAE2-BF1F60742271} - System32\Tasks\4704 => Wscript.exe C:\Users\Owner\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {C618024F-EFC9-40F6-B730-576BC19782B2} - System32\Tasks\7f8539c4 => C:\Users\Owner\AppData\Local\Temp\\setup1253975832.exe <==== ATTENTION
Task: {D52AC9CD-3184-486A-9054-FA180CAC9F81} - System32\Tasks\48b0fc00 => C:\Users\Owner\AppData\Local\Temp\\setup4206617504.exe <==== ATTENTION
Task: {D716852E-1BCC-442D-93EE-82FE89FC7519} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: {D79E2D4D-4D56-43A2-A2B5-280DD23AE663} - System32\Tasks\c53ae644 => C:\Users\Owner\AppData\Local\Temp\\setup652597912.exe <==== ATTENTION
Task: C:\Windows\Tasks\Dealply.job => C:\Users\Owner\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
*****************
[2376] C:\Program Files (x86)\GamesBar\update\SearchEngineProtection.exe => Process closed successfully.
[2196] C:\Program Files (x86)\Shareaza Applications\MediaBar\Datamngr\datamngrUI.exe => Process closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\DATAMNGR => value deleted successfully.
HKU\S-1-5-21-179166284-1700762968-3849658672-1000\Software\Microsoft\Windows\CurrentVersion\Run\\SearchEngineProtection => value deleted successfully.
HKU\S-1-5-21-179166284-1700762968-3849658672-1000\Software\Microsoft\Windows\CurrentVersion\Run\\TBHostSupport => value deleted successfully.
"C:\PROGRA~2\SHAREA~1\MediaBar\Datamngr\x64\datamngr.dll" => Value Data removed successfully.
"C:\PROGRA~2\SHAREA~1\MediaBar\Datamngr\x64\IEBHO.dll" => Value Data removed successfully.
"C:\PROGRA~2\SW-BOO~1\ASSIST~2.DLL" => Value Data removed successfully.
"c:\progra~2\sharea~1\mediabar\datamngr\datamngr.dll" => Value Data removed successfully.
"c:\progra~2\sharea~1\mediabar\datamngr\iebho.dll" => Value Data removed successfully.
"c:\progra~2\sw-boo~1\assist~1.dll" => Value Data removed successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe => Moved successfully.
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe (Leader Technologies not found.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} => value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} => value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{05478A66-EDB6-4A22-A870-A5987F80A7DA} => Value not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}' => Key deleted successfully.
'HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}' => Key deleted successfully.
'HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}' => Key deleted successfully.
'HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD23}' => Key deleted successfully.
'HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD23}'=> Key not found.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}'=> Key not found.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}'=> Key not found.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD23}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD23}'=> Key not found.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}'=> Key not found.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{05478A66-EDB6-4A22-A870-A5987F80A7DA}'=> Key not found.
'HKCR\Wow6432Node\CLSID\{05478A66-EDB6-4A22-A870-A5987F80A7DA}'=> Key not found.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0EEDB912-C5FA-486F-8334-57288578C627}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{0EEDB912-C5FA-486F-8334-57288578C627}'=> Key not found.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011441193}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{11111111-1111-1111-1111-110011441193}'=> Key not found.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C236565-050C-9586-76E0-621F60838C79}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{2C236565-050C-9586-76E0-621F60838C79}' => Key deleted successfully.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}' => Key deleted successfully.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2}'=> Key not found.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}'=> Key not found.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}'=> Key not found.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d48c9ead-f59f-4dea-ac97-7065fea79f42}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{d48c9ead-f59f-4dea-ac97-7065fea79f42}'=> Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
'HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}' => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{05478A66-EDB6-4A22-A870-A5987F80A7DA} => Value not found.
'HKCR\CLSID\{05478A66-EDB6-4A22-A870-A5987F80A7DA}'=> Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully.
'HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}'=> Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} => value deleted successfully.
'HKCR\Wow6432Node\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}'=> Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} => value deleted successfully.
'HKCR\Wow6432Node\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}'=> Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{ba14329e-9550-4989-b3f2-9732e92d17cc} => value deleted successfully.
'HKCR\Wow6432Node\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}'=> Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{A531D99C-5A22-449b-83DA-872725C6D0ED} => value deleted successfully.
'HKCR\Wow6432Node\CLSID\{A531D99C-5A22-449b-83DA-872725C6D0ED}'=> Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{d48c9ead-f59f-4dea-ac97-7065fea79f42} => value deleted successfully.
'HKCR\Wow6432Node\CLSID\{d48c9ead-f59f-4dea-ac97-7065fea79f42}'=> Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{05478A66-EDB6-4A22-A870-A5987F80A7DA} => Value not found.
'HKCR\Wow6432Node\CLSID\{05478A66-EDB6-4A22-A870-A5987F80A7DA}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
'HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} => value deleted successfully.
'HKCR\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}'=> Key not found.
'HKLM\SOFTWARE\Policies\Google' => Key deleted successfully.
'HKCU\SOFTWARE\Policies\Google' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{03E018AA-5DB7-4BDF-AD31-9C3A9C593481}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{03E018AA-5DB7-4BDF-AD31-9C3A9C593481}' => Key deleted successfully.
C:\Windows\System32\Tasks\Dealply => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dealply' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{115E6B96-E34D-42EA-B6F8-51A5D6B669DC}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{115E6B96-E34D-42EA-B6F8-51A5D6B669DC}' => Key deleted successfully.
C:\Windows\System32\Tasks\da59223c => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\da59223c' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1FE1297E-9315-4026-A9A3-FBB3481601FC}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1FE1297E-9315-4026-A9A3-FBB3481601FC}' => Key deleted successfully.
C:\Windows\System32\Tasks\6727a104 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\6727a104' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{289D4207-2D96-47E8-977A-86FEC4093B70}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{289D4207-2D96-47E8-977A-86FEC4093B70}' => Key deleted successfully.
C:\Windows\System32\Tasks\69404464 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\69404464' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5D3BD67D-E18C-4C69-880F-3AA95EE9BB4F}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D3BD67D-E18C-4C69-880F-3AA95EE9BB4F}' => Key deleted successfully.
C:\Windows\System32\Tasks\2b9f7ef8 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\2b9f7ef8' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{638B6E17-94EB-4093-8C88-E7F472175258}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{638B6E17-94EB-4093-8C88-E7F472175258}' => Key deleted successfully.
C:\Windows\System32\Tasks\4ed51aa0 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4ed51aa0' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{64DD2E96-C4B8-4E18-8D36-72544739F6EA}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{64DD2E96-C4B8-4E18-8D36-72544739F6EA}' => Key deleted successfully.
C:\Windows\System32\Tasks\7bd04b60 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\7bd04b60' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7D0B3D9E-25EE-4A0B-B43D-6B5F093D6339}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7D0B3D9E-25EE-4A0B-B43D-6B5F093D6339}' => Key deleted successfully.
C:\Windows\System32\Tasks\471fc6a8 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\471fc6a8' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{81D7DFF0-DCCD-4A68-94B8-CF1F486BC97A}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{81D7DFF0-DCCD-4A68-94B8-CF1F486BC97A}' => Key deleted successfully.
C:\Windows\System32\Tasks\ec1d7bd4 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ec1d7bd4' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{88AE72CE-71D6-4131-AAC3-DD3132F47178}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{88AE72CE-71D6-4131-AAC3-DD3132F47178}' => Key deleted successfully.
C:\Windows\System32\Tasks\5cc16f94 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\5cc16f94' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A5F3EEBF-A2F2-4CA2-97BF-F62A92C9D09F}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A5F3EEBF-A2F2-4CA2-97BF-F62A92C9D09F}' => Key deleted successfully.
C:\Windows\System32\Tasks\7573361c => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\7573361c' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BDFCE513-72FA-43AA-96EC-68300A8BDBC4}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BDFCE513-72FA-43AA-96EC-68300A8BDBC4}' => Key deleted successfully.
C:\Windows\System32\Tasks\41d9645c => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\41d9645c' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BF354FAF-7D5F-4066-BD2A-14D5157F5640}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF354FAF-7D5F-4066-BD2A-14D5157F5640}' => Key deleted successfully.
C:\Windows\System32\Tasks\1f76a5c0 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1f76a5c0' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C080B646-BD9B-40FC-BAE2-BF1F60742271}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C080B646-BD9B-40FC-BAE2-BF1F60742271}' => Key deleted successfully.
C:\Windows\System32\Tasks\4704 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4704' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C618024F-EFC9-40F6-B730-576BC19782B2}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C618024F-EFC9-40F6-B730-576BC19782B2}' => Key deleted successfully.
C:\Windows\System32\Tasks\7f8539c4 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\7f8539c4' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D52AC9CD-3184-486A-9054-FA180CAC9F81}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D52AC9CD-3184-486A-9054-FA180CAC9F81}' => Key deleted successfully.
C:\Windows\System32\Tasks\48b0fc00 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\48b0fc00' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D716852E-1BCC-442D-93EE-82FE89FC7519}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D716852E-1BCC-442D-93EE-82FE89FC7519}' => Key deleted successfully.
C:\Windows\System32\Tasks\0 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D79E2D4D-4D56-43A2-A2B5-280DD23AE663}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D79E2D4D-4D56-43A2-A2B5-280DD23AE663}' => Key deleted successfully.
C:\Windows\System32\Tasks\c53ae644 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\c53ae644' => Key deleted successfully.
C:\Windows\Tasks\Dealply.job => Moved successfully.
==== End of Fixlog ====
gigglepot
2014-06-06, 20:42
Ooops, I went to download AdwCleaner and instead of clicking on the blue download button, I clicked the big green one......which isn't AdwCleaner, it was Winzip Malware Protector. I realized my mistake when there was nothing that said AdwCleaner when it was running. I stopped the scan and deleted the program from Control Panel. Hope I didn't mess things up.
gigglepot
2014-06-06, 20:56
Here is the AdwCleaner[R0].txt file. The only thing I see that I'd want to keep is the Vuze and uTorrent programs. But if it's easier for you, I can always just reinstall it if I ever need it again. I see all those bad malware files that I was talking about in my original request!!!! :)
# AdwCleaner v3.212 - Report created 06/06/2014 at 11:52:12
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Owner - OWNER-HP
# Running from : C:\Users\Owner\Desktop\AdwCleaner.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage
File Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal
File Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fastcontent.conduit.com_0.localstorage
File Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fastcontent.conduit.com_0.localstorage-journal
File Found : C:\Users\Owner\AppData\Local\Google\Chrome\user data\default\local storage\hxxp_pricegong.conduitapps.com_0.localstorage
File Found : C:\Users\Owner\AppData\Local\Google\Chrome\user data\default\local storage\hxxp_pricegong.conduitapps.com_0.localstorage-journal
File Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage
File Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage-journal
File Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Found : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mwu17sic.default\searchplugins\metaCrawler.xml
Folder Found : C:\Program Files (x86)\AlllCheapPriceo
Folder Found : C:\Program Files (x86)\alotappbar
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\ConduitEngine
Folder Found : C:\Program Files (x86)\GamesBar
Folder Found : C:\Program Files (x86)\glindorus
Folder Found : C:\Program Files (x86)\saave net
Folder Found : C:\Program Files (x86)\saavee onett
Folder Found : C:\Program Files (x86)\save neT
Folder Found : C:\Program Files (x86)\SAve net
Folder Found : C:\Program Files (x86)\SeaRuCH-uNEowTab
Folder Found : C:\Program Files (x86)\SW-Booster
Folder Found : C:\Program Files (x86)\uTorrentBar
Folder Found : C:\Program Files (x86)\Vuze
Folder Found : C:\Program Files (x86)\YoutubeAdblocker
Folder Found : C:\ProgramData\AlllCheapPriceo
Folder Found : C:\ProgramData\apn
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\ExsttraSSaevinags
Folder Found : C:\ProgramData\saave net
Folder Found : C:\ProgramData\saavee onett
Folder Found : C:\ProgramData\save neT
Folder Found : C:\ProgramData\SAve net
Folder Found : C:\ProgramData\SeaRuCH-uNEowTab
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\ProgramData\YoutubeAdblocker
Folder Found : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\enekehjgaaanjlpmlbcipoigpncjejlp
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikipapifkbcdpamlpjoomlcfbeopmhjk
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kljcpckmkjfjcncacblmkbeeibblkfph
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnodkiakfohbcpjjpodlnbmfmeddfeea
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmnofnnhckfmeelmncbocoabcggefgoh
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmebbfaopbbaeefhbhgfgdcganoifhje
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\olmcifmckodjahofoaagljdikbbfbmpp
Folder Found : C:\Users\Administrator\AppData\Local\torch
Folder Found : C:\Users\Guest\AppData\Local\Chromatic Browser
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\enekehjgaaanjlpmlbcipoigpncjejlp
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikipapifkbcdpamlpjoomlcfbeopmhjk
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kljcpckmkjfjcncacblmkbeeibblkfph
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnodkiakfohbcpjjpodlnbmfmeddfeea
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmnofnnhckfmeelmncbocoabcggefgoh
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmebbfaopbbaeefhbhgfgdcganoifhje
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\olmcifmckodjahofoaagljdikbbfbmpp
Folder Found : C:\Users\Guest\AppData\Local\torch
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\enekehjgaaanjlpmlbcipoigpncjejlp
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikipapifkbcdpamlpjoomlcfbeopmhjk
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\kljcpckmkjfjcncacblmkbeeibblkfph
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnodkiakfohbcpjjpodlnbmfmeddfeea
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmnofnnhckfmeelmncbocoabcggefgoh
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmebbfaopbbaeefhbhgfgdcganoifhje
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\olmcifmckodjahofoaagljdikbbfbmpp
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\torch
Folder Found : C:\Users\Owner\AppData\Local\apn
Folder Found : C:\Users\Owner\AppData\Local\Chromatic Browser
Folder Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\enekehjgaaanjlpmlbcipoigpncjejlp
Folder Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\iehjklkgijkjfcfmmjmjlmcccholamaf
Folder Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmeaffalpajefneffnmeajimmaidnfic
Folder Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmnofnnhckfmeelmncbocoabcggefgoh
Folder Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmebbfaopbbaeefhbhgfgdcganoifhje
Folder Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\olmcifmckodjahofoaagljdikbbfbmpp
Folder Found : C:\Users\Owner\AppData\Local\jZip
Folder Found : C:\Users\Owner\AppData\Local\NativeMessaging
Folder Found : C:\Users\Owner\AppData\Local\PackageAware
Folder Found : C:\Users\Owner\AppData\Local\Slick Savings
Folder Found : C:\Users\Owner\AppData\Local\SwvUpdater
Folder Found : C:\Users\Owner\AppData\Local\TBHostSupport
Folder Found : C:\Users\Owner\AppData\Local\Temp\jZip
Folder Found : C:\Users\Owner\AppData\Local\torch
Folder Found : C:\Users\Owner\AppData\Local\WhiteListing
Folder Found : C:\Users\Owner\AppData\Local\Zoom_Downloader
Folder Found : C:\Users\Owner\AppData\LocalLow\alotappbar
Folder Found : C:\Users\Owner\AppData\LocalLow\Conduit
Folder Found : C:\Users\Owner\AppData\LocalLow\ConduitEngine
Folder Found : C:\Users\Owner\AppData\LocalLow\mediabarsh
Folder Found : C:\Users\Owner\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Owner\AppData\LocalLow\uTorrentBar
Folder Found : C:\Users\Owner\AppData\LocalLow\Vuze_Remote
Folder Found : C:\Users\Owner\AppData\LocalLow\Vuze_Remote
Folder Found : C:\Users\Owner\AppData\Roaming\DealPly
Folder Found : C:\Users\Owner\AppData\Roaming\EZDownloader
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKCU\Software\AppDataLow\Software\alotAppbar
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\conduitEngine
Key Found : HKCU\Software\AppDataLow\Software\conduitEngine
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\Search Settings
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Software\uTorrentBar
Key Found : HKCU\Software\AppDataLow\Software\Vuze_Remote
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\Google\Chrome\Extensions\iehjklkgijkjfcfmmjmjlmcccholamaf
Key Found : HKCU\Software\installedbrowserextensions
Key Found : HKCU\Software\jZip
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{18466FA8-6950-4810-AB97-C5F873A77976}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B289A7A8-C712-4F25-B853-F38A92E7D51E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Found : HKCU\Software\Myfree Codec
Key Found : HKCU\Software\RegisteredApplicationsEx
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : [x64] HKCU\Software\APN PIP
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\DataMngr
Key Found : [x64] HKCU\Software\installedbrowserextensions
Key Found : [x64] HKCU\Software\jZip
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : [x64] HKCU\Software\Myfree Codec
Key Found : [x64] HKCU\Software\RegisteredApplicationsEx
Key Found : [x64] HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\Software\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Found : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Found : HKLM\SOFTWARE\Classes\AllCheapPruice.AllCheapPruice
Key Found : HKLM\SOFTWARE\Classes\AllCheapPruice.AllCheapPruice.5.2
Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Key Found : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Key Found : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
Key Found : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{020D5752-97B7-4FB3-A8C6-EA2F49E697A1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02C19EA4-445E-4E4E-A297-B91D42E4B805}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18466FA8-6950-4810-AB97-C5F873A77976}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220022442293}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220022442293}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2656B92B-0207-4AFB-BEBF-F5FD231ECD39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{34CB0620-E343-4772-BBA8-D3074BC47516}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3A035436-E66D-451B-A399-FFA7A7BA45C1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{412CD209-DDA4-4275-8C79-55F1C93FBD47}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{59570C1F-B692-48C9-91B4-7809E6945287}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{63A0F7FA-2C95-4D7E-AF25-EFCC303D20A1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6559E502-6EE1-46B8-A83C-F3A45BDA23EE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A2858A72-758F-4486-B6A1-7F1DCC0924FA}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B289A7A8-C712-4F25-B853-F38A92E7D51E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C63CA8A4-AB4E-49E5-A6C0-33FC86D80205}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C6A7847E-8931-4A9A-B4EF-72A91E3CCF4D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CFC4F59B-A2DA-4E12-B337-52A4F871E10C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D097398C-07F0-417F-AB38-2DE0608BFFC2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DCC3EA68-865C-C326-AB56-9406BD99A7DF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DD0F1D24-E250-4E93-966C-65615720AEFB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EC1277BB-1C71-4C0D-BA6D-BFEA16E773A6}
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\DnsBHO.BHO
Key Found : HKLM\SOFTWARE\Classes\DnsBHO.BHO.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{02935083-33EF-43B3-BF55-00B5BA32B648}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055445593}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066446693}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{978BDA89-DD75-4490-BE6A-1143A15E2B02}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Found : HKLM\SOFTWARE\Classes\speedupmypc
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3298581
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{1282B8C1-6644-4A40-95A7-83D78C57AB7F}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{1FA7FC2D-1E2B-4220-A506-55B0CEE22DFD}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{252C2315-CCE0-4446-8DA7-C00292A690BA}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440044444493}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{F211F559-1508-45D4-96D7-C7736D57FDFA}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\conduitEngine
Key Found : HKLM\Software\conduitEngine
Key Found : HKLM\Software\GamesBarSetup
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\iehjklkgijkjfcfmmjmjlmcccholamaf
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4E42-A125-57C0A11DBCDE}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{340A637A-FD57-4D5E-B638-A1C11DF2D606}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{343263AB-D732-4066-A274-4A487A07F108}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3614D305-2DBB-4991-9297-750DD60FFC73}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{38250339-75A4-4A1F-89FB-D5500A2F83D1}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{38250339-75A4-4A1F-89FB-D5500A2F83D1}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8AA47BBA-C44C-4C27-A0FF-D01EC395B871}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A662A68D-779F-4D07-BF21-5F705BA62931}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C42103E4-7D10-4CC9-B2B4-C546BCCF8706}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D48C9EAD-F59F-4DEA-AC97-7065FEA79F42}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\jZip_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\jZip_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_winmx-music_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_winmx-music_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_world-war_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_world-war_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02C19EA4-445E-4E4E-A297-B91D42E4B805}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3A035436-E66D-451B-A399-FFA7A7BA45C1}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DCC3EA68-865C-C326-AB56-9406BD99A7DF}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{d0e87c27}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7DD5E91C-3864-77EC-7635-D14910C2A03E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\alotAppbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar Toolbar
Key Found : HKLM\Software\Myfree Codec
Key Found : HKLM\Software\Uniblue
Key Found : HKLM\Software\Uniblue\DriverScanner
Key Found : HKLM\Software\uTorrentBar
Key Found : HKLM\Software\Vuze_Remote
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{020D5752-97B7-4FB3-A8C6-EA2F49E697A1}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{CFC4F59B-A2DA-4E12-B337-52A4F871E10C}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{D097398C-07F0-417F-AB38-2DE0608BFFC2}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{DCC3EA68-865C-C326-AB56-9406BD99A7DF}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{02935083-33EF-43B3-BF55-00B5BA32B648}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055445593}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066446693}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{978BDA89-DD75-4490-BE6A-1143A15E2B02}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : [x64] HKLM\SOFTWARE\Tarma Installer
***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16545
-\\ Mozilla Firefox v29.0.1 (en-US)
[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mwu17sic.default\prefs.js ]
Line Found : user_pref("browser.search.defaultenginename,S", "WebSearch");
Line Found : user_pref("browser.search.order.1,S", "WebSearch");
Line Found : user_pref("browser.search.selectedEngine,S", "WebSearch");
Line Found : user_pref("extensions.Wymm.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.ne[...]
-\\ Google Chrome v34.0.1847.131
[ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Found [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=FWV5&o=14193&locale=en_US&apn_uid=74257dda-9a9f-4b97-998b-2471219e8321&apn_ptnrs=FM&apn_sauid=74B60A81-8307-44C5-9804-8F2015970982&apn_dtid=TES002UPCA&q={searchTerms}
Found [Search Provider] : hxxp://dts.search-results.com/sr?src=crb&gct=ds&appid=110&systemid=102&apn_dtid=BND102&apn_ptnrs=AG7&o=APN10646&apn_uid=0225276324554132&q={searchTerms}
Found [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN26275512576593021&ctid=CT3298581&UM=2
Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Found [Search Provider] : hxxp://www.metacrawler.com/info.metac.psp/search/web?q={searchTerms}
Found [Search Provider] : hxxp://websearch.eazytosearch.info/?l=1&q={searchTerms}&pid=724&r=2014/05/12&hid=17791081079239329585&lg=EN&cc=CA
Found [Extension] : enekehjgaaanjlpmlbcipoigpncjejlp
Found [Extension] : fjoijdanhaiflhibkljeklcghcmmfffh
Found [Extension] : iehjklkgijkjfcfmmjmjlmcccholamaf
Found [Extension] : ikipapifkbcdpamlpjoomlcfbeopmhjk
Found [Extension] : kljcpckmkjfjcncacblmkbeeibblkfph
Found [Extension] : lmeaffalpajefneffnmeajimmaidnfic
Found [Extension] : lnodkiakfohbcpjjpodlnbmfmeddfeea
Found [Extension] : mhkaekfpcppmmioggniknbnbdbcigpkk
Found [Extension] : mmnofnnhckfmeelmncbocoabcggefgoh
Found [Extension] : nmebbfaopbbaeefhbhgfgdcganoifhje
Found [Extension] : olmcifmckodjahofoaagljdikbbfbmpp
*************************
AdwCleaner[R0].txt - [25799 octets] - [06/06/2014 11:38:42]
AdwCleaner[R1].txt - [25606 octets] - [06/06/2014 11:52:12]
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [25667 octets] ##########
gigglepot
2014-06-06, 21:01
Here is the FRST.txt file:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-06-2014
Ran by Owner (administrator) on OWNER-HP on 06-06-2014 11:59:06
Running from C:\Users\Owner\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Saitek) C:\Program Files\SmartTechnology\Software\ProfilerU.exe
(Saitek) C:\Program Files\SmartTechnology\Software\SaiMfd.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Akamai Technologies, Inc.) C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
(Pelmorex Media Inc.) C:\Users\Owner\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Akamai Technologies, Inc.) C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
(PowerISO Computing, Inc.) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [ProfilerU] => C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2013-04-16] (Saitek)
HKLM\...\Run: [SaiMfd] => C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2013-04-16] (Saitek)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-05-06] (PDF Complete Inc)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [180224 2010-04-12] (PowerISO Computing, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-27] (Microsoft Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [380088 2012-07-27] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-14] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3888648 2014-05-23] (AVAST Software)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKU\S-1-5-21-179166284-1700762968-3849658672-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-179166284-1700762968-3849658672-1000\...\Run: [WeatherEye] => C:\Users\Owner\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe [309104 2010-09-21] (Pelmorex Media Inc.)
HKU\S-1-5-21-179166284-1700762968-3849658672-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564992 2014-02-14] (Samsung)
HKU\S-1-5-21-179166284-1700762968-3849658672-1000\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-07-17] (Samsung Electronics)
HKU\S-1-5-21-179166284-1700762968-3849658672-1000\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-02-14] (Samsung)
HKU\S-1-5-21-179166284-1700762968-3849658672-1000\...\MountPoints2: F - F:\DisneySplash.exe
AppInit_DLLs-x32: ,c:\progra~2\citrix\icacli~1\rshook.dll => C:\Program Files (x86)\Citrix\ICA Client\RSHook.dll [257208 2012-07-27] (Citrix Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe (Leader Technologies)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ca.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://ca.yahoo.com?fr=hp-avast&type=avastbcl
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB1FF8B4D93E0CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://ca.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://ca.yahoo.com?fr=hp-avast&type=avastbcl
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/706-111074-26712-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKLM-x32 - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = http://ca.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = http://ca.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/706-111074-26712-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKCU - DefaultScope {EC1B0DA3-6867-45AE-80BB-F8666CF8B271} URL = http://www.metacrawler.com/search/web?q={searchTerms}
SearchScopes: HKCU - {190EAB21-2083-42D6-83C7-DDE3C907E5C7} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}
SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = http://ca.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
SearchScopes: HKCU - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL =
SearchScopes: HKCU - {EC1B0DA3-6867-45AE-80BB-F8666CF8B271} URL = http://www.metacrawler.com/search/web?q={searchTerms}
BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
DPF: HKLM-x32 {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Plants%20vs.%20Zombies/Images/stg_drm.ocx
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://www.photolab.ca/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: HKLM-x32 {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/Plants%20vs.%20Zombies/Images/armhelper.ocx
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mwu17sic.default
FF NewTab: www.kijiji.ca
FF DefaultSearchEngine: Yahoo!
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "WebSearch");: user_pref("browser.search.order.1,S", "WebSearch");
FF SelectedSearchEngine: Yahoo!
FF Homepage: hxxp://calgary.kijiji.ca/
FF Keyword.URL: hxxp://ca.yhs4.search.yahoo.com/yhs/search
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Citrix.com/npican - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @nsroblox.roblox.com/launcher - C:\Users\Owner\AppData\Local\Roblox\Versions\version-e4be089b108348a6\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mwu17sic.default\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mwu17sic.default\searchplugins\metacrawler-search.xml
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mwu17sic.default\searchplugins\metacrawler.xml
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mwu17sic.default\searchplugins\yahoo-avast.xml
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mwu17sic.default\searchplugins\yahoo_ff.xml
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-05-15]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-05-15]
Chrome:
=======
CHR HomePage: https://ca.yahoo.com?fr=hp-avast&type=avastbcl
CHR RestoreOnStartup: "https://ca.yahoo.com?fr=hp-avast&type=avastbcl"
CHR StartupUrls: "https://ca.yahoo.com?fr=hp-avast&type=avastbcl"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Citrix ICA Client) - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR Plugin: (Windows Live? Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Roblox Launcher Plugin) - C:\Users\Owner\AppData\Local\Roblox\Versions\version-1a23fdbca04d4954\\NPRobloxProxy.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-06-29]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-16]
CHR Extension: (save neT) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\enekehjgaaanjlpmlbcipoigpncjejlp [2014-05-12]
CHR Extension: (MixiDJ V45) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\iehjklkgijkjfcfmmjmjlmcccholamaf [2013-08-13]
CHR Extension: (RobOSaveer) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmamejgjjfphnlodkkomcaicecpcdhm [2014-05-19]
CHR Extension: (NNextCoUp) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\llenmfobpkcbohomijckfhhehblnlilb [2014-05-22]
CHR Extension: (DealExpreesSe) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmeaffalpajefneffnmeajimmaidnfic [2014-05-25]
CHR Extension: (BuestSaveForYOu) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhlgfbhpfpbbbkdiggmpoddgpmolpkck [2014-06-02]
CHR Extension: (Ghostery) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-05-12]
CHR Extension: (SeaRuCH-uNEowTab) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmnofnnhckfmeelmncbocoabcggefgoh [2014-05-12]
CHR Extension: (save neT) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmebbfaopbbaeefhbhgfgdcganoifhje [2014-05-15]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-23]
CHR Extension: (save nEiT) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\olmcifmckodjahofoaagljdikbbfbmpp [2014-05-12]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-06-29]
CHR HKCU\...\Chrome\Extension: [iehjklkgijkjfcfmmjmjlmcccholamaf] - C:\Users\Owner\AppData\Local\CRE\iehjklkgijkjfcfmmjmjlmcccholamaf.crx [2013-08-07]
CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx [2013-08-07]
CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\ErrorAssistant_1.2.crx [2013-08-07]
CHR HKLM-x32\...\Chrome\Extension: [iehjklkgijkjfcfmmjmjlmcccholamaf] - C:\Users\Owner\AppData\Local\CRE\iehjklkgijkjfcfmmjmjlmcccholamaf.crx [2013-08-07]
CHR HKLM-x32\...\Chrome\Extension: [pbkdpahkifcigckmhiafindmaflfifgm] - C:\Users\Owner\AppData\Local\Coupon Companion\Chrome\Coupon Companion.crx [2013-08-07]
CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx [2013-08-07]
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-23] (AVAST Software)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-27] (Microsoft Corp.)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-03-16] (WildTangent)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-05-06] (PDF Complete Inc)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [974016 2014-03-02] ()
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
==================== Drivers (Whitelisted) ====================
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-04-23] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-23] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-23] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-23] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-04-23] ()
S3 SaiH0464; C:\Windows\System32\DRIVERS\SaiH0464.sys [178432 2008-03-31] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-30] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-06 11:39 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-06 11:38 - 2014-06-06 11:52 - 00000000 ____D () C:\AdwCleaner
2014-06-06 11:37 - 2014-06-06 11:38 - 01333465 _____ () C:\Users\Owner\Desktop\AdwCleaner.exe
2014-06-06 11:36 - 2014-06-06 11:36 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Nico Mak Computing
2014-06-06 11:35 - 2014-06-06 11:36 - 04892480 _____ (WinZip International LLC ) C:\Users\Owner\Desktop\wzmp_8.exe
2014-06-06 11:32 - 2014-06-06 11:32 - 00000000 ____D () C:\Users\Owner\Desktop\FRST-OlderVersion
2014-06-06 11:25 - 2014-06-06 11:25 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1
2014-06-06 10:59 - 2014-06-06 11:03 - 21782824 _____ (FrostWire LLC) C:\Users\Owner\Desktop\frostwire-5.7.3.windows.exe
2014-06-06 07:32 - 2014-06-06 07:33 - 00000000 ____D () C:\Users\Owner\AppData\Local\{C0493E59-F699-492A-9327-20733DB7DD0F}
2014-06-05 19:31 - 2014-06-05 19:31 - 00000000 ____D () C:\Users\Owner\AppData\Local\{2E19225A-29C1-4F94-B291-B41B1AD5FD56}
2014-06-05 09:50 - 2014-06-05 09:50 - 00053382 _____ () C:\Users\Owner\Desktop\Addition.txt
2014-06-05 09:48 - 2014-06-06 11:59 - 00030689 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-06-05 09:48 - 2014-06-06 11:59 - 00000000 ____D () C:\FRST
2014-06-05 09:47 - 2014-06-06 11:32 - 02072576 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2014-06-05 09:41 - 2014-06-05 09:41 - 00000526 _____ () C:\Users\Owner\Desktop\MBR.zip
2014-06-05 09:38 - 2014-06-05 09:38 - 00001988 _____ () C:\Users\Owner\Desktop\aswMBR.txt
2014-06-05 09:38 - 2014-06-05 09:38 - 00000512 _____ () C:\Users\Owner\Desktop\MBR.dat
2014-06-05 07:31 - 2014-06-05 07:31 - 00000000 ____D () C:\Users\Owner\AppData\Local\{CE4BE556-A269-4B46-B2A0-BF8D5B0DD392}
2014-06-05 07:16 - 2014-06-05 07:17 - 04745728 _____ (AVAST Software) C:\Users\Owner\Desktop\aswMBR.exe
2014-06-05 06:50 - 2014-06-05 06:50 - 00854367 _____ () C:\Users\Owner\Desktop\SecurityCheck.exe
2014-06-04 19:30 - 2014-06-04 19:30 - 00000000 ____D () C:\Users\Owner\AppData\Local\{C40631FE-151A-4518-8AD2-3913078B88E4}
2014-06-04 07:30 - 2014-06-04 07:30 - 00000000 ____D () C:\Users\Owner\AppData\Local\{2B5A88CC-9725-498E-90F5-2D2EB34CA220}
2014-06-04 05:47 - 2014-06-04 05:47 - 00000000 ____D () C:\Program Files (x86)\DowwnnSave
2014-06-03 19:28 - 2014-06-03 19:29 - 00000000 ____D () C:\Users\Owner\AppData\Local\{29CF0931-C75A-4839-9CA4-56BFFE6556D9}
2014-06-03 07:28 - 2014-06-03 07:28 - 00000000 ____D () C:\Users\Owner\AppData\Local\{604AB371-F7BD-4901-A66B-1AF810A85907}
2014-06-02 19:26 - 2014-06-02 19:27 - 00000000 ____D () C:\Users\Owner\AppData\Local\{3EE7FAEA-2474-4165-BD97-42661D3CA557}
2014-06-02 15:34 - 2014-06-05 06:38 - 00000000 ____D () C:\ProgramData\DowwnnSave
2014-06-02 07:25 - 2014-06-02 07:26 - 00000000 ____D () C:\Users\Owner\AppData\Local\{D1607A7F-0113-4467-976A-8A1AC4E9DD3B}
2014-06-01 19:24 - 2014-06-01 19:24 - 00000000 ____D () C:\Users\Owner\AppData\Local\{1C3DF919-F2B8-4E13-A821-A882F978CEC3}
2014-06-01 07:24 - 2014-06-01 07:24 - 00000000 ____D () C:\Users\Owner\AppData\Local\{AED18456-BE67-458D-93CB-46F35D81AA4C}
2014-05-31 19:09 - 2014-05-31 19:09 - 00000000 ____D () C:\Users\Owner\AppData\Local\{9D79D805-C73B-4F34-A6C2-ABABC6E5B642}
2014-05-31 07:09 - 2014-05-31 07:09 - 00000000 ____D () C:\Users\Owner\AppData\Local\{20306CD0-446B-411D-A959-1EA045D81C90}
2014-05-30 18:26 - 2014-05-30 18:26 - 00000000 ____D () C:\Users\Owner\AppData\Local\{68117BCC-A943-46E0-8069-7FDF5D175892}
2014-05-30 06:25 - 2014-05-30 06:26 - 00000000 ____D () C:\Users\Owner\AppData\Local\{466C8583-F82A-4F11-AF2E-5B22AD9F4573}
2014-05-29 18:19 - 2014-05-29 18:19 - 00000000 ____D () C:\Users\Owner\AppData\Local\{2C5CCA4D-18BC-4FFB-A6EF-054B88A99ED0}
2014-05-29 06:19 - 2014-05-29 06:19 - 00000000 ____D () C:\Users\Owner\AppData\Local\{11C136DC-26FF-45D3-900F-9635ADFC664D}
2014-05-28 10:18 - 2014-05-28 10:18 - 00000000 ____D () C:\Users\Owner\AppData\Local\{FF584924-6D5E-4A65-9610-BE980FF899BC}
2014-05-27 22:17 - 2014-05-27 22:17 - 00000000 ____D () C:\Users\Owner\AppData\Local\{49487722-3423-4531-853B-2BEB4B947E88}
2014-05-27 10:17 - 2014-05-27 10:17 - 00000000 ____D () C:\Users\Owner\AppData\Local\{E636AAC6-6DB0-4BCE-983D-18896D512C0F}
2014-05-27 06:30 - 2014-05-27 06:30 - 00000000 ____D () C:\Program Files (x86)\AlllCheapPriceo
2014-05-26 22:15 - 2014-05-26 22:16 - 00000000 ____D () C:\Users\Owner\AppData\Local\{F614D58E-DEE8-4744-AF3D-6C80AD404E2F}
2014-05-26 10:15 - 2014-05-26 10:15 - 00000000 ____D () C:\Users\Owner\AppData\Local\{00528024-D568-4FBE-9A42-7603CFA7B964}
2014-05-25 22:14 - 2014-05-25 22:14 - 00000000 ____D () C:\Users\Owner\AppData\Local\{033192FA-06D2-4C65-B9B9-464B619F57FA}
2014-05-25 20:34 - 2014-05-27 07:09 - 00000000 ____D () C:\ProgramData\AlllCheapPriceo
2014-05-25 20:34 - 2014-05-25 20:34 - 00000000 ____D () C:\Users\Owner\AppData\Local\Packages
2014-05-25 10:13 - 2014-05-25 10:13 - 00000000 ____D () C:\Users\Owner\AppData\Local\{24ECC140-1B93-42FB-B90F-138A987A6510}
2014-05-24 22:12 - 2014-05-24 22:12 - 00000000 ____D () C:\Users\Owner\AppData\Local\{3D3D4CE4-D0E2-4B0F-982E-9BAE798B09F7}
2014-05-24 10:12 - 2014-05-24 10:12 - 00000000 ____D () C:\Users\Owner\AppData\Local\{95180C63-5AB3-4C33-A5A5-B4825658850E}
2014-05-23 22:10 - 2014-05-23 22:11 - 00000000 ____D () C:\Users\Owner\AppData\Local\{2AC94C97-C269-4D12-B7A9-94E3DD1F2E0D}
2014-05-23 10:08 - 2014-05-23 10:09 - 00000000 ____D () C:\Users\Owner\AppData\Local\{CBAF96A7-23B5-47DE-931C-8A167E6F43D5}
2014-05-22 22:08 - 2014-05-22 22:08 - 00000000 ____D () C:\Users\Owner\AppData\Local\{06F2177B-C1F2-43D6-BA0B-19953DCE521C}
2014-05-22 10:08 - 2014-05-22 10:08 - 00000000 ____D () C:\Users\Owner\AppData\Local\{86A85726-B26D-4F8A-A3ED-E0050F478F82}
2014-05-22 06:40 - 2014-05-22 06:47 - 00000000 ____D () C:\ProgramData\NNextCoUp
2014-05-22 06:40 - 2014-05-22 06:40 - 02116320 _____ (their database support use requirements) C:\Windows\SysWOW64\setup.exe
2014-05-22 06:40 - 2014-05-22 06:40 - 00000000 ____D () C:\Program Files (x86)\NNextCoUp
2014-05-21 21:08 - 2014-05-21 21:09 - 00000000 ____D () C:\Users\Owner\AppData\Local\{1317234D-FDC9-4213-87CE-5759602D9B2D}
2014-05-21 09:08 - 2014-05-21 09:08 - 00000000 ____D () C:\Users\Owner\AppData\Local\{49300874-9A7E-4A27-A679-C2ED06036B19}
2014-05-20 21:07 - 2014-05-20 21:07 - 00000000 ____D () C:\Users\Owner\AppData\Local\{06C903EE-65AD-4FF9-AF4F-81D53CD84A60}
2014-05-20 09:06 - 2014-05-20 09:07 - 00000000 ____D () C:\Users\Owner\AppData\Local\{4ABE8DD2-E557-4C65-9B50-0BB27C593F9C}
2014-05-19 21:05 - 2014-05-19 21:05 - 00000000 ____D () C:\Users\Owner\AppData\Local\{A175EE99-9B6C-457A-B971-9E455076AC94}
2014-05-19 09:34 - 2014-05-19 09:34 - 00000000 ____D () C:\ProgramData\ExsttraSSaevinags
2014-05-19 09:04 - 2014-05-19 09:04 - 00000000 ____D () C:\Users\Owner\AppData\Local\{C283611C-4599-460A-B945-0BA443120110}
2014-05-18 21:03 - 2014-05-18 21:03 - 00000000 ____D () C:\Users\Owner\AppData\Local\{75F24BEB-34ED-481F-9505-48A67581FC7E}
2014-05-18 09:03 - 2014-05-18 09:03 - 00000000 ____D () C:\Users\Owner\AppData\Local\{91FA3E2F-DAF3-4677-BFDD-26CE80B99A61}
2014-05-17 21:01 - 2014-05-17 21:02 - 00000000 ____D () C:\Users\Owner\AppData\Local\{E92B2B6A-CBD1-4948-9247-ACD9C9A3E4B2}
2014-05-17 09:01 - 2014-05-17 09:01 - 00000000 ____D () C:\Users\Owner\AppData\Local\{E6848EF9-39D0-4D93-837C-50A431189EE4}
2014-05-16 21:01 - 2014-05-16 21:01 - 00000000 ____D () C:\Users\Owner\AppData\Local\{60338534-BDD6-466B-88CE-EBF7DD9482A4}
2014-05-16 09:00 - 2014-05-16 09:00 - 00000000 ____D () C:\Users\Owner\AppData\Local\{AFD1BB76-ED2B-4FEB-BF74-567D4DAA94A0}
2014-05-15 22:17 - 2014-05-05 18:46 - 17847808 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 22:17 - 2014-05-05 18:21 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 22:17 - 2014-05-05 18:21 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 22:17 - 2014-05-05 17:32 - 12347392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 22:17 - 2014-05-05 17:14 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 22:17 - 2014-05-05 17:14 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 20:58 - 2014-05-15 20:59 - 00000000 ____D () C:\Users\Owner\AppData\Local\{8D511BB9-9E9F-4AFA-9A58-6A7EA8EDA252}
2014-05-15 08:57 - 2014-05-15 08:58 - 00000000 ____D () C:\Users\Owner\AppData\Local\{D56D26A9-5717-4CAD-8EB0-5516A9148322}
2014-05-15 07:15 - 2014-05-09 00:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-15 07:15 - 2014-05-09 00:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-15 07:15 - 2014-03-24 20:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 07:15 - 2014-03-24 20:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-15 07:06 - 2014-04-11 20:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 07:06 - 2014-04-11 20:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 07:06 - 2014-04-11 20:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 07:06 - 2014-04-11 20:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 07:06 - 2014-04-11 20:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 07:06 - 2014-04-11 20:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 07:06 - 2014-04-11 20:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-15 07:06 - 2014-04-11 20:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-15 07:06 - 2014-04-11 20:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-15 07:06 - 2014-03-04 03:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 07:06 - 2014-03-04 03:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 07:06 - 2014-03-04 03:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 07:06 - 2014-03-04 03:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 07:06 - 2014-03-04 03:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 07:06 - 2014-03-04 03:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 07:06 - 2014-03-04 03:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 07:06 - 2014-03-04 03:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 07:06 - 2014-03-04 03:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-15 07:06 - 2014-03-04 03:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 07:06 - 2014-03-04 03:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-15 07:06 - 2014-03-04 03:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-15 07:06 - 2014-03-04 03:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-15 07:06 - 2014-03-04 03:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-15 07:06 - 2014-03-04 03:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 07:06 - 2014-03-04 03:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-15 07:06 - 2014-03-04 03:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-15 07:06 - 2014-03-04 03:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-15 07:06 - 2014-03-04 03:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-15 07:06 - 2014-03-04 03:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-15 07:06 - 2014-03-04 03:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-15 07:06 - 2014-03-04 03:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-15 07:06 - 2014-03-04 03:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-15 07:06 - 2014-03-04 03:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-15 07:06 - 2014-03-04 03:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-15 07:06 - 2014-03-04 03:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-15 07:06 - 2014-03-04 03:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-15 07:06 - 2014-03-04 03:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-15 07:06 - 2014-03-04 03:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-15 07:06 - 2014-03-04 03:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-15 07:06 - 2014-03-04 03:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-15 07:06 - 2014-03-04 03:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-15 07:00 - 2014-05-15 10:44 - 00000000 ____D () C:\Program Files\KMSpico
2014-05-15 07:00 - 2014-05-15 10:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2014-05-15 06:50 - 2014-05-22 06:41 - 00000000 ____D () C:\ProgramData\save neT
2014-05-15 06:50 - 2014-05-15 06:50 - 00000000 ____D () C:\Program Files (x86)\save neT
2014-05-15 06:42 - 2014-05-15 06:42 - 00000000 ____D () C:\ProgramData\saave net
2014-05-15 06:42 - 2014-05-15 06:42 - 00000000 ____D () C:\Program Files (x86)\saave net
2014-05-14 20:56 - 2014-05-14 20:56 - 00000000 ____D () C:\Users\Owner\AppData\Local\{94334CB5-5697-4C66-B936-B5A00A623129}
2014-05-14 08:55 - 2014-05-14 08:55 - 00000000 ____D () C:\Users\Owner\AppData\Local\{463C2A97-F156-4716-ADF2-F3C7CE673233}
2014-05-13 20:55 - 2014-05-13 20:55 - 00000000 ____D () C:\Users\Owner\AppData\Local\{DE1E6D13-0D11-4D72-8331-DF365C6EA668}
2014-05-13 08:54 - 2014-05-13 08:55 - 00000000 ____D () C:\Users\Owner\AppData\Local\{64AD5AC0-DC7C-4E64-9037-0CA6ECA6F1F6}
2014-05-12 20:53 - 2014-05-12 20:53 - 00000000 ____D () C:\Users\Owner\AppData\Local\{F85EA4EA-0331-4F9B-8BA8-406FF4201D81}
2014-05-12 12:16 - 2014-05-12 12:16 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\EZDownloader
2014-05-12 12:15 - 2014-05-15 06:28 - 00000000 ____D () C:\ProgramData\SeaRuCH-uNEowTab
2014-05-12 12:15 - 2014-05-12 12:15 - 00000000 ____D () C:\Program Files (x86)\SeaRuCH-uNEowTab
2014-05-12 12:13 - 2014-05-12 12:13 - 00000000 ____D () C:\ProgramData\saavee onett
2014-05-12 12:13 - 2014-05-12 12:13 - 00000000 ____D () C:\Program Files (x86)\saavee onett
2014-05-12 12:07 - 2014-05-12 12:07 - 00000000 ____D () C:\ProgramData\ItsMyApp
2014-05-12 12:06 - 2014-05-31 14:03 - 00000000 ____D () C:\Program Files (x86)\SW-Booster
2014-05-12 12:04 - 2014-05-22 10:48 - 00000000 ____D () C:\ProgramData\YoutubeAdblocker
2014-05-12 12:04 - 2014-05-14 06:33 - 00000000 ____D () C:\ProgramData\SAve net
2014-05-12 12:04 - 2014-05-12 12:04 - 00000000 ____D () C:\Program Files (x86)\YoutubeAdblocker
2014-05-12 12:04 - 2014-05-12 12:04 - 00000000 ____D () C:\Program Files (x86)\SAve net
2014-05-12 12:03 - 2014-06-04 05:47 - 00000000 ____D () C:\ProgramData\e13406c655b61ee0
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Owner\AppData\Local\Torch
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Owner\AppData\Local\Comodo
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Owner\AppData\Local\Chromatic Browser
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Guest
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Administrator
2014-05-12 12:01 - 2014-05-15 06:53 - 00000000 ____D () C:\ProgramData\InstallMate
2014-05-12 08:52 - 2014-05-12 08:52 - 00000000 ____D () C:\Users\Owner\AppData\Local\{7BB7E929-4BCE-4E18-B276-E67CA6EF034E}
2014-05-11 20:50 - 2014-05-11 20:51 - 00000000 ____D () C:\Users\Owner\AppData\Local\{1604A5B1-FD4F-486F-B347-C02083A8F075}
2014-05-11 08:50 - 2014-05-11 08:50 - 00000000 ____D () C:\Users\Owner\AppData\Local\{17DED07C-3454-47F0-8771-38C3DD9FD37C}
2014-05-10 20:50 - 2014-05-10 20:50 - 00000000 ____D () C:\Users\Owner\AppData\Local\{0A3770AA-82C7-41CD-B738-19C715022F10}
2014-05-10 09:59 - 2014-05-10 09:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-10 08:49 - 2014-05-10 08:49 - 00000000 ____D () C:\Users\Owner\AppData\Local\{341FE5A2-B22E-441E-BAEE-E317F66C0BAD}
2014-05-09 20:49 - 2014-05-09 20:49 - 00000000 ____D () C:\Users\Owner\AppData\Local\{9B39FF85-C47D-4EC3-98D6-A3BD01E4A7A5}
2014-05-09 08:48 - 2014-05-09 08:49 - 00000000 ____D () C:\Users\Owner\AppData\Local\{56141157-A8C2-4264-8AFF-E8232915E7FA}
2014-05-08 20:48 - 2014-05-08 20:48 - 00000000 ____D () C:\Users\Owner\AppData\Local\{646E5B60-DD6C-4C26-94A3-0893CAE2FDE7}
2014-05-08 08:47 - 2014-05-08 08:48 - 00000000 ____D () C:\Users\Owner\AppData\Local\{3C5AA9A2-6511-4087-9D19-6ACF3FC17A90}
2014-05-07 20:46 - 2014-05-07 20:47 - 00000000 ____D () C:\Users\Owner\AppData\Local\{708DB77E-A2CE-4D0F-A821-B520227C313C}
2014-05-07 08:46 - 2014-05-07 08:46 - 00000000 ____D () C:\Users\Owner\AppData\Local\{4FD3D5B2-E242-47AE-86FB-F3A70322FF2F}
Too long again, I'll post Part 2 next.....
gigglepot
2014-06-06, 21:02
Here is Part 2 of the FRST.txt file:
==================== One Month Modified Files and Folders =======
2014-06-06 11:59 - 2014-06-05 09:48 - 00030689 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-06-06 11:59 - 2014-06-05 09:48 - 00000000 ____D () C:\FRST
2014-06-06 11:59 - 2011-05-12 13:07 - 00000000 ____D () C:\Users\Owner\AppData\Local\Temp
2014-06-06 11:52 - 2014-06-06 11:38 - 00000000 ____D () C:\AdwCleaner
2014-06-06 11:49 - 2011-05-16 15:53 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Azureus
2014-06-06 11:39 - 2014-06-06 11:36 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Nico Mak Computing
2014-06-06 11:38 - 2014-06-06 11:37 - 01333465 _____ () C:\Users\Owner\Desktop\AdwCleaner.exe
2014-06-06 11:36 - 2014-06-06 11:35 - 04892480 _____ (WinZip International LLC ) C:\Users\Owner\Desktop\wzmp_8.exe
2014-06-06 11:32 - 2014-06-06 11:32 - 00000000 ____D () C:\Users\Owner\Desktop\FRST-OlderVersion
2014-06-06 11:32 - 2014-06-05 09:47 - 02072576 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2014-06-06 11:32 - 2009-07-13 21:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-06 11:27 - 2011-03-14 16:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eReaders
2014-06-06 11:25 - 2014-06-06 11:25 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1
2014-06-06 11:21 - 2013-03-19 20:43 - 00000000 ____D () C:\Users\Owner\AppData\Local\jZip
2014-06-06 11:18 - 2011-05-22 07:01 - 00000000 ____D () C:\Users\Owner\Documents\Lillian
2014-06-06 11:17 - 2011-05-16 15:51 - 00000000 ____D () C:\Program Files (x86)\uTorrentBar
2014-06-06 11:12 - 2011-07-25 16:20 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-06 11:03 - 2014-06-06 10:59 - 21782824 _____ (FrostWire LLC) C:\Users\Owner\Desktop\frostwire-5.7.3.windows.exe
2014-06-06 11:03 - 2013-12-12 07:54 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-06 10:56 - 2012-04-12 14:57 - 00000000 ____D () C:\Program Files (x86)\Shareaza Applications
2014-06-06 10:41 - 2012-04-12 15:00 - 00122368 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-06 10:40 - 2014-01-15 13:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shareaza
2014-06-06 10:35 - 2011-05-17 15:16 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\vlc
2014-06-06 08:40 - 2011-05-12 13:22 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{BF401F47-875B-4406-9B0C-8E70A5A1480F}
2014-06-06 07:33 - 2014-06-06 07:32 - 00000000 ____D () C:\Users\Owner\AppData\Local\{C0493E59-F699-492A-9327-20733DB7DD0F}
2014-06-06 07:23 - 2011-03-14 16:18 - 00000000 ____D () C:\ProgramData\PDFC
2014-06-06 06:29 - 2011-03-14 16:03 - 01500069 _____ () C:\Windows\WindowsUpdate.log
2014-06-06 06:28 - 2009-07-13 22:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-06 06:28 - 2009-07-13 22:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-06 06:22 - 2012-07-11 08:07 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-06-06 06:21 - 2011-07-25 16:20 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-06 06:21 - 2011-05-12 13:16 - 00000000 ____D () C:\Users\Owner\AppData\Local\VirtualStore
2014-06-06 06:21 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-06 06:21 - 2009-07-13 22:51 - 00177796 _____ () C:\Windows\setupact.log
2014-06-05 22:24 - 2011-06-01 11:34 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\SoftGrid Client
2014-06-05 19:31 - 2014-06-05 19:31 - 00000000 ____D () C:\Users\Owner\AppData\Local\{2E19225A-29C1-4F94-B291-B41B1AD5FD56}
2014-06-05 09:50 - 2014-06-05 09:50 - 00053382 _____ () C:\Users\Owner\Desktop\Addition.txt
2014-06-05 09:41 - 2014-06-05 09:41 - 00000526 _____ () C:\Users\Owner\Desktop\MBR.zip
2014-06-05 09:38 - 2014-06-05 09:38 - 00001988 _____ () C:\Users\Owner\Desktop\aswMBR.txt
2014-06-05 09:38 - 2014-06-05 09:38 - 00000512 _____ () C:\Users\Owner\Desktop\MBR.dat
2014-06-05 07:31 - 2014-06-05 07:31 - 00000000 ____D () C:\Users\Owner\AppData\Local\{CE4BE556-A269-4B46-B2A0-BF8D5B0DD392}
2014-06-05 07:17 - 2014-06-05 07:16 - 04745728 _____ (AVAST Software) C:\Users\Owner\Desktop\aswMBR.exe
2014-06-05 06:50 - 2014-06-05 06:50 - 00854367 _____ () C:\Users\Owner\Desktop\SecurityCheck.exe
2014-06-05 06:38 - 2014-06-02 15:34 - 00000000 ____D () C:\ProgramData\DowwnnSave
2014-06-04 19:30 - 2014-06-04 19:30 - 00000000 ____D () C:\Users\Owner\AppData\Local\{C40631FE-151A-4518-8AD2-3913078B88E4}
2014-06-04 14:59 - 2013-01-05 14:53 - 00000000 ____D () C:\Users\Owner\AppData\Local\Paint.NET
2014-06-04 07:30 - 2014-06-04 07:30 - 00000000 ____D () C:\Users\Owner\AppData\Local\{2B5A88CC-9725-498E-90F5-2D2EB34CA220}
2014-06-04 05:47 - 2014-06-04 05:47 - 00000000 ____D () C:\Program Files (x86)\DowwnnSave
2014-06-04 05:47 - 2014-05-12 12:03 - 00000000 ____D () C:\ProgramData\e13406c655b61ee0
2014-06-03 19:29 - 2014-06-03 19:28 - 00000000 ____D () C:\Users\Owner\AppData\Local\{29CF0931-C75A-4839-9CA4-56BFFE6556D9}
2014-06-03 15:44 - 2013-10-02 15:10 - 00000000 ____D () C:\Program Files (x86)\WarThunder
2014-06-03 12:53 - 2013-09-06 18:23 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForOwner
2014-06-03 12:53 - 2013-09-06 18:23 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForOwner.job
2014-06-03 07:28 - 2014-06-03 07:28 - 00000000 ____D () C:\Users\Owner\AppData\Local\{604AB371-F7BD-4901-A66B-1AF810A85907}
2014-06-03 06:21 - 2009-07-13 23:08 - 00032654 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-02 19:27 - 2014-06-02 19:26 - 00000000 ____D () C:\Users\Owner\AppData\Local\{3EE7FAEA-2474-4165-BD97-42661D3CA557}
2014-06-02 07:26 - 2014-06-02 07:25 - 00000000 ____D () C:\Users\Owner\AppData\Local\{D1607A7F-0113-4467-976A-8A1AC4E9DD3B}
2014-06-02 06:57 - 2011-05-15 17:36 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\HpUpdate
2014-06-02 06:57 - 2011-05-15 17:36 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\HP Support Assistant
2014-06-01 19:24 - 2014-06-01 19:24 - 00000000 ____D () C:\Users\Owner\AppData\Local\{1C3DF919-F2B8-4E13-A821-A882F978CEC3}
2014-06-01 07:24 - 2014-06-01 07:24 - 00000000 ____D () C:\Users\Owner\AppData\Local\{AED18456-BE67-458D-93CB-46F35D81AA4C}
2014-06-01 07:20 - 2011-03-14 18:17 - 00512922 _____ () C:\Windows\PFRO.log
2014-05-31 19:09 - 2014-05-31 19:09 - 00000000 ____D () C:\Users\Owner\AppData\Local\{9D79D805-C73B-4F34-A6C2-ABABC6E5B642}
2014-05-31 16:25 - 2011-06-04 16:13 - 00000000 ____D () C:\Users\Owner\AppData\Local\CrashDumps
2014-05-31 14:03 - 2014-05-12 12:06 - 00000000 ____D () C:\Program Files (x86)\SW-Booster
2014-05-31 07:09 - 2014-05-31 07:09 - 00000000 ____D () C:\Users\Owner\AppData\Local\{20306CD0-446B-411D-A959-1EA045D81C90}
2014-05-30 18:26 - 2014-05-30 18:26 - 00000000 ____D () C:\Users\Owner\AppData\Local\{68117BCC-A943-46E0-8069-7FDF5D175892}
2014-05-30 06:26 - 2014-05-30 06:25 - 00000000 ____D () C:\Users\Owner\AppData\Local\{466C8583-F82A-4F11-AF2E-5B22AD9F4573}
2014-05-29 18:25 - 2011-06-13 06:25 - 00003218 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForOWNER-HP$
2014-05-29 18:25 - 2011-06-13 06:25 - 00000342 _____ () C:\Windows\Tasks\HPCeeScheduleForOWNER-HP$.job
2014-05-29 18:19 - 2014-05-29 18:19 - 00000000 ____D () C:\Users\Owner\AppData\Local\{2C5CCA4D-18BC-4FFB-A6EF-054B88A99ED0}
2014-05-29 06:19 - 2014-05-29 06:19 - 00000000 ____D () C:\Users\Owner\AppData\Local\{11C136DC-26FF-45D3-900F-9635ADFC664D}
2014-05-28 10:18 - 2014-05-28 10:18 - 00000000 ____D () C:\Users\Owner\AppData\Local\{FF584924-6D5E-4A65-9610-BE980FF899BC}
2014-05-27 22:17 - 2014-05-27 22:17 - 00000000 ____D () C:\Users\Owner\AppData\Local\{49487722-3423-4531-853B-2BEB4B947E88}
2014-05-27 13:58 - 2013-11-14 07:59 - 00001097 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-27 13:47 - 2011-05-17 14:49 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\DVD Flick
2014-05-27 10:17 - 2014-05-27 10:17 - 00000000 ____D () C:\Users\Owner\AppData\Local\{E636AAC6-6DB0-4BCE-983D-18896D512C0F}
2014-05-27 07:09 - 2014-05-25 20:34 - 00000000 ____D () C:\ProgramData\AlllCheapPriceo
2014-05-27 06:30 - 2014-05-27 06:30 - 00000000 ____D () C:\Program Files (x86)\AlllCheapPriceo
2014-05-26 22:16 - 2014-05-26 22:15 - 00000000 ____D () C:\Users\Owner\AppData\Local\{F614D58E-DEE8-4744-AF3D-6C80AD404E2F}
2014-05-26 10:15 - 2014-05-26 10:15 - 00000000 ____D () C:\Users\Owner\AppData\Local\{00528024-D568-4FBE-9A42-7603CFA7B964}
2014-05-25 22:14 - 2014-05-25 22:14 - 00000000 ____D () C:\Users\Owner\AppData\Local\{033192FA-06D2-4C65-B9B9-464B619F57FA}
2014-05-25 20:34 - 2014-05-25 20:34 - 00000000 ____D () C:\Users\Owner\AppData\Local\Packages
2014-05-25 10:13 - 2014-05-25 10:13 - 00000000 ____D () C:\Users\Owner\AppData\Local\{24ECC140-1B93-42FB-B90F-138A987A6510}
2014-05-24 22:12 - 2014-05-24 22:12 - 00000000 ____D () C:\Users\Owner\AppData\Local\{3D3D4CE4-D0E2-4B0F-982E-9BAE798B09F7}
2014-05-24 10:12 - 2014-05-24 10:12 - 00000000 ____D () C:\Users\Owner\AppData\Local\{95180C63-5AB3-4C33-A5A5-B4825658850E}
2014-05-23 22:11 - 2014-05-23 22:10 - 00000000 ____D () C:\Users\Owner\AppData\Local\{2AC94C97-C269-4D12-B7A9-94E3DD1F2E0D}
2014-05-23 10:09 - 2014-05-23 10:08 - 00000000 ____D () C:\Users\Owner\AppData\Local\{CBAF96A7-23B5-47DE-931C-8A167E6F43D5}
2014-05-22 22:08 - 2014-05-22 22:08 - 00000000 ____D () C:\Users\Owner\AppData\Local\{06F2177B-C1F2-43D6-BA0B-19953DCE521C}
2014-05-22 10:48 - 2014-05-12 12:04 - 00000000 ____D () C:\ProgramData\YoutubeAdblocker
2014-05-22 10:08 - 2014-05-22 10:08 - 00000000 ____D () C:\Users\Owner\AppData\Local\{86A85726-B26D-4F8A-A3ED-E0050F478F82}
2014-05-22 06:47 - 2014-05-22 06:40 - 00000000 ____D () C:\ProgramData\NNextCoUp
2014-05-22 06:41 - 2014-05-15 06:50 - 00000000 ____D () C:\ProgramData\save neT
2014-05-22 06:40 - 2014-05-22 06:40 - 02116320 _____ (their database support use requirements) C:\Windows\SysWOW64\setup.exe
2014-05-22 06:40 - 2014-05-22 06:40 - 00000000 ____D () C:\Program Files (x86)\NNextCoUp
2014-05-21 21:09 - 2014-05-21 21:08 - 00000000 ____D () C:\Users\Owner\AppData\Local\{1317234D-FDC9-4213-87CE-5759602D9B2D}
2014-05-21 09:08 - 2014-05-21 09:08 - 00000000 ____D () C:\Users\Owner\AppData\Local\{49300874-9A7E-4A27-A679-C2ED06036B19}
2014-05-20 21:07 - 2014-05-20 21:07 - 00000000 ____D () C:\Users\Owner\AppData\Local\{06C903EE-65AD-4FF9-AF4F-81D53CD84A60}
2014-05-20 09:07 - 2014-05-20 09:06 - 00000000 ____D () C:\Users\Owner\AppData\Local\{4ABE8DD2-E557-4C65-9B50-0BB27C593F9C}
2014-05-19 21:05 - 2014-05-19 21:05 - 00000000 ____D () C:\Users\Owner\AppData\Local\{A175EE99-9B6C-457A-B971-9E455076AC94}
2014-05-19 09:34 - 2014-05-19 09:34 - 00000000 ____D () C:\ProgramData\ExsttraSSaevinags
2014-05-19 09:04 - 2014-05-19 09:04 - 00000000 ____D () C:\Users\Owner\AppData\Local\{C283611C-4599-460A-B945-0BA443120110}
2014-05-18 21:03 - 2014-05-18 21:03 - 00000000 ____D () C:\Users\Owner\AppData\Local\{75F24BEB-34ED-481F-9505-48A67581FC7E}
2014-05-18 09:03 - 2014-05-18 09:03 - 00000000 ____D () C:\Users\Owner\AppData\Local\{91FA3E2F-DAF3-4677-BFDD-26CE80B99A61}
2014-05-17 21:02 - 2014-05-17 21:01 - 00000000 ____D () C:\Users\Owner\AppData\Local\{E92B2B6A-CBD1-4948-9247-ACD9C9A3E4B2}
2014-05-17 09:01 - 2014-05-17 09:01 - 00000000 ____D () C:\Users\Owner\AppData\Local\{E6848EF9-39D0-4D93-837C-50A431189EE4}
2014-05-17 06:21 - 2011-05-17 16:48 - 00000000 ____D () C:\Program Files (x86)\SystemScheduler
2014-05-16 21:01 - 2014-05-16 21:01 - 00000000 ____D () C:\Users\Owner\AppData\Local\{60338534-BDD6-466B-88CE-EBF7DD9482A4}
2014-05-16 17:11 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-05-16 09:00 - 2014-05-16 09:00 - 00000000 ____D () C:\Users\Owner\AppData\Local\{AFD1BB76-ED2B-4FEB-BF74-567D4DAA94A0}
2014-05-16 06:33 - 2011-07-25 16:25 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-16 06:29 - 2011-05-12 13:16 - 00000000 ___RD () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-16 06:29 - 2011-05-12 13:16 - 00000000 ___RD () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-16 06:26 - 2014-05-05 22:17 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 22:19 - 2011-06-01 11:58 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-15 22:16 - 2013-07-11 07:46 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 22:13 - 2011-05-12 14:24 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-15 20:59 - 2014-05-15 20:58 - 00000000 ____D () C:\Users\Owner\AppData\Local\{8D511BB9-9E9F-4AFA-9A58-6A7EA8EDA252}
2014-05-15 10:44 - 2014-05-15 07:00 - 00000000 ____D () C:\Program Files\KMSpico
2014-05-15 10:43 - 2014-05-15 07:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2014-05-15 08:58 - 2014-05-15 08:57 - 00000000 ____D () C:\Users\Owner\AppData\Local\{D56D26A9-5717-4CAD-8EB0-5516A9148322}
2014-05-15 06:53 - 2014-05-12 12:01 - 00000000 ____D () C:\ProgramData\InstallMate
2014-05-15 06:50 - 2014-05-15 06:50 - 00000000 ____D () C:\Program Files (x86)\save neT
2014-05-15 06:42 - 2014-05-15 06:42 - 00000000 ____D () C:\ProgramData\saave net
2014-05-15 06:42 - 2014-05-15 06:42 - 00000000 ____D () C:\Program Files (x86)\saave net
2014-05-15 06:35 - 2013-12-23 07:00 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-15 06:35 - 2011-05-15 23:54 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-05-15 06:35 - 2011-05-15 23:54 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-05-15 06:28 - 2014-05-12 12:15 - 00000000 ____D () C:\ProgramData\SeaRuCH-uNEowTab
2014-05-14 20:56 - 2014-05-14 20:56 - 00000000 ____D () C:\Users\Owner\AppData\Local\{94334CB5-5697-4C66-B936-B5A00A623129}
2014-05-14 08:55 - 2014-05-14 08:55 - 00000000 ____D () C:\Users\Owner\AppData\Local\{463C2A97-F156-4716-ADF2-F3C7CE673233}
2014-05-14 06:33 - 2014-05-12 12:04 - 00000000 ____D () C:\ProgramData\SAve net
2014-05-13 20:55 - 2014-05-13 20:55 - 00000000 ____D () C:\Users\Owner\AppData\Local\{DE1E6D13-0D11-4D72-8331-DF365C6EA668}
2014-05-13 16:05 - 2013-12-12 07:54 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-13 16:05 - 2012-05-14 06:53 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-13 16:05 - 2011-08-06 07:47 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-13 08:55 - 2014-05-13 08:54 - 00000000 ____D () C:\Users\Owner\AppData\Local\{64AD5AC0-DC7C-4E64-9037-0CA6ECA6F1F6}
2014-05-12 20:53 - 2014-05-12 20:53 - 00000000 ____D () C:\Users\Owner\AppData\Local\{F85EA4EA-0331-4F9B-8BA8-406FF4201D81}
2014-05-12 18:46 - 2009-07-13 23:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-05-12 12:16 - 2014-05-12 12:16 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\EZDownloader
2014-05-12 12:15 - 2014-05-12 12:15 - 00000000 ____D () C:\Program Files (x86)\SeaRuCH-uNEowTab
2014-05-12 12:13 - 2014-05-12 12:13 - 00000000 ____D () C:\ProgramData\saavee onett
2014-05-12 12:13 - 2014-05-12 12:13 - 00000000 ____D () C:\Program Files (x86)\saavee onett
2014-05-12 12:07 - 2014-05-12 12:07 - 00000000 ____D () C:\ProgramData\ItsMyApp
2014-05-12 12:04 - 2014-05-12 12:04 - 00000000 ____D () C:\Program Files (x86)\YoutubeAdblocker
2014-05-12 12:04 - 2014-05-12 12:04 - 00000000 ____D () C:\Program Files (x86)\SAve net
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Owner\AppData\Local\Torch
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Owner\AppData\Local\Comodo
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Owner\AppData\Local\Chromatic Browser
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Guest
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Administrator
2014-05-12 12:03 - 2011-05-17 15:05 - 00000000 ____D () C:\Users\Owner\AppData\Local\Google
2014-05-12 08:52 - 2014-05-12 08:52 - 00000000 ____D () C:\Users\Owner\AppData\Local\{7BB7E929-4BCE-4E18-B276-E67CA6EF034E}
2014-05-11 20:51 - 2014-05-11 20:50 - 00000000 ____D () C:\Users\Owner\AppData\Local\{1604A5B1-FD4F-486F-B347-C02083A8F075}
2014-05-11 08:50 - 2014-05-11 08:50 - 00000000 ____D () C:\Users\Owner\AppData\Local\{17DED07C-3454-47F0-8771-38C3DD9FD37C}
2014-05-11 06:59 - 2013-11-14 07:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-10 20:50 - 2014-05-10 20:50 - 00000000 ____D () C:\Users\Owner\AppData\Local\{0A3770AA-82C7-41CD-B738-19C715022F10}
2014-05-10 09:59 - 2014-05-10 09:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-10 08:49 - 2014-05-10 08:49 - 00000000 ____D () C:\Users\Owner\AppData\Local\{341FE5A2-B22E-441E-BAEE-E317F66C0BAD}
2014-05-09 20:49 - 2014-05-09 20:49 - 00000000 ____D () C:\Users\Owner\AppData\Local\{9B39FF85-C47D-4EC3-98D6-A3BD01E4A7A5}
2014-05-09 12:07 - 2011-07-25 16:20 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-09 12:07 - 2011-07-25 16:20 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-09 08:49 - 2014-05-09 08:48 - 00000000 ____D () C:\Users\Owner\AppData\Local\{56141157-A8C2-4264-8AFF-E8232915E7FA}
2014-05-09 00:14 - 2014-05-15 07:15 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 00:11 - 2014-05-15 07:15 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-08 20:48 - 2014-05-08 20:48 - 00000000 ____D () C:\Users\Owner\AppData\Local\{646E5B60-DD6C-4C26-94A3-0893CAE2FDE7}
2014-05-08 08:48 - 2014-05-08 08:47 - 00000000 ____D () C:\Users\Owner\AppData\Local\{3C5AA9A2-6511-4087-9D19-6ACF3FC17A90}
2014-05-07 20:47 - 2014-05-07 20:46 - 00000000 ____D () C:\Users\Owner\AppData\Local\{708DB77E-A2CE-4D0F-A821-B520227C313C}
2014-05-07 08:46 - 2014-05-07 08:46 - 00000000 ____D () C:\Users\Owner\AppData\Local\{4FD3D5B2-E242-47AE-86FB-F3A70322FF2F}
Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\GLB1A2B.EXE
C:\Users\Owner\AppData\Local\Temp\i4jdel0.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-29 06:54
==================== End Of Log ============================
gigglepot
2014-06-06, 21:06
I completed all the steps. I cannot really comment on whether performance has improved because I probably won't see any difference until Tuesday (sounds strange but the malware seems to come back on Tuesdays).
Thanks!
Hi gigglepot,
You're doing fine. :bigthumb:
Since you would like to keep Vuze & uTorrent you will have to locate all entries on your next pass of AdwCleaner and make sure they are not selected for removal.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Re- run AdwCleaner
It should be on your desktop
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Click on the Scan button.
AdwCleaner will begin to scan your computer like it did before.
After the scan has finished...
Click each tab and remove the check mark from the items you wish to keep.
Vuze
uTorrent
Then click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.
Copy and paste the contents of that log file in your next reply.
A copy of that log file will also be saved in the C:\AdwCleaner folder.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) OTL
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) and save it to your desktop.
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Under Custom Scan paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
services.exe
/md5stop
%systemroot%\*. /rp /s
%systemdrive%\$Recycle.Bin|@;true;true;true
%USERPROFILE%\..|smtmp;true;true;true /FP
%temp%\smtmp\*.* /s >
BASESERVICES
DRIVES
CREATERESTOREPOINT
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
=========================
In your next post please provide the following:
AdwCleaner[S0].txt
OTL.txt
Extras.txt
gigglepot
2014-06-07, 20:57
Would it be better to get rid of Vuze and uTorrent and then just reinstall later? Or will all that I have already downloaded be gone and not show up in the program properly?
Hi gigglepot,
Would it be better to get rid of Vuze and uTorrent and then just reinstall later?
The choice is yours. Do it they way I outlined in my previous post.
OR
Uninstall Vuze & uTorrent, then re-run AdwCleaner and remove all items found. If you choose to go this route hold off reinstalling until after we have finished.
gigglepot
2014-06-09, 00:47
Ok, I will uninstall them first and then run AdwCleaner. BUT will all that I have already downloaded be gone and not show up in the Vuze program properly? I think I need to know this first before I delete, I think.
Hi gigglepot,
BUT will all that I have already downloaded be gone and not show up in the Vuze program properly?
First I must preface these comments with a warning that you proceed at your own risk with regards to this program. I can offer advice as to how the program may/may not respond. But I can in no way give you a guarantee of what the outcome of this step will be.
I am unsure exactly how Vuze works. It may save your library to a different folder other than the Vuze folder. If that is the case, I would think you'd be fine just saving the folder with all your previously downloaded files. Then if need be you could just import the folder back into Vuze after you reinstalled
But the choice on how to proceed is entirely your decision.
gigglepot
2014-06-10, 22:46
Hello, here is the AdwCleaner.txt file that was just created after I pressed "CLEAN":
# AdwCleaner v3.212 - Report created 10/06/2014 at 13:39:26
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Owner - OWNER-HP
# Running from : C:\Users\Owner\Desktop\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\AlllCheapPriceo
Folder Deleted : C:\ProgramData\ExsttraSSaevinags
Folder Deleted : C:\ProgramData\saave net
Folder Deleted : C:\ProgramData\saavee onett
Folder Deleted : C:\ProgramData\save neT
Folder Deleted : C:\ProgramData\SAve net
Folder Deleted : C:\ProgramData\SeaRuCH-uNEowTab
Folder Deleted : C:\ProgramData\YoutubeAdblocker
Folder Deleted : C:\Program Files (x86)\alotappbar
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\ConduitEngine
Folder Deleted : C:\Program Files (x86)\GamesBar
Folder Deleted : C:\Program Files (x86)\glindorus
Folder Deleted : C:\Program Files (x86)\SW-Booster
[x] Not Deleted : C:\Program Files (x86)\Vuze
Folder Deleted : C:\Program Files (x86)\AlllCheapPriceo
Folder Deleted : C:\Program Files (x86)\saave net
Folder Deleted : C:\Program Files (x86)\saavee onett
Folder Deleted : C:\Program Files (x86)\save neT
Folder Deleted : C:\Program Files (x86)\SAve net
Folder Deleted : C:\Program Files (x86)\SeaRuCH-uNEowTab
Folder Deleted : C:\Program Files (x86)\YoutubeAdblocker
Folder Deleted : C:\Program Files (x86)\uTorrentBar
Folder Deleted : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\Guest\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Guest\AppData\Local\torch
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\torch
Folder Deleted : C:\Users\Owner\AppData\Local\apn
Folder Deleted : C:\Users\Owner\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Owner\AppData\Local\jZip
Folder Deleted : C:\Users\Owner\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\Owner\AppData\Local\PackageAware
Folder Deleted : C:\Users\Owner\AppData\Local\Slick Savings
Folder Deleted : C:\Users\Owner\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\Owner\AppData\Local\TBHostSupport
Folder Deleted : C:\Users\Owner\AppData\Local\torch
Folder Deleted : C:\Users\Owner\AppData\Local\WhiteListing
Folder Deleted : C:\Users\Owner\AppData\Local\Zoom_Downloader
Folder Deleted : C:\Users\Owner\AppData\Local\Temp\jZip
Folder Deleted : C:\Users\Owner\AppData\LocalLow\alotappbar
Folder Deleted : C:\Users\Owner\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Owner\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Owner\AppData\LocalLow\mediabarsh
Folder Deleted : C:\Users\Owner\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Owner\AppData\LocalLow\Vuze_Remote
Folder Deleted : C:\Users\Owner\AppData\LocalLow\uTorrentBar
Folder Deleted : C:\Users\Owner\AppData\Roaming\DealPly
Folder Deleted : C:\Users\Owner\AppData\Roaming\EZDownloader
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\enekehjgaaanjlpmlbcipoigpncjejlp
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\enekehjgaaanjlpmlbcipoigpncjejlp
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\enekehjgaaanjlpmlbcipoigpncjejlp
Folder Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\enekehjgaaanjlpmlbcipoigpncjejlp
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikipapifkbcdpamlpjoomlcfbeopmhjk
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikipapifkbcdpamlpjoomlcfbeopmhjk
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikipapifkbcdpamlpjoomlcfbeopmhjk
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kljcpckmkjfjcncacblmkbeeibblkfph
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kljcpckmkjfjcncacblmkbeeibblkfph
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\kljcpckmkjfjcncacblmkbeeibblkfph
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnodkiakfohbcpjjpodlnbmfmeddfeea
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnodkiakfohbcpjjpodlnbmfmeddfeea
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnodkiakfohbcpjjpodlnbmfmeddfeea
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmnofnnhckfmeelmncbocoabcggefgoh
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmnofnnhckfmeelmncbocoabcggefgoh
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmnofnnhckfmeelmncbocoabcggefgoh
Folder Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmnofnnhckfmeelmncbocoabcggefgoh
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmebbfaopbbaeefhbhgfgdcganoifhje
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmebbfaopbbaeefhbhgfgdcganoifhje
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmebbfaopbbaeefhbhgfgdcganoifhje
Folder Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmebbfaopbbaeefhbhgfgdcganoifhje
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\olmcifmckodjahofoaagljdikbbfbmpp
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\olmcifmckodjahofoaagljdikbbfbmpp
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\olmcifmckodjahofoaagljdikbbfbmpp
Folder Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\olmcifmckodjahofoaagljdikbbfbmpp
Folder Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmeaffalpajefneffnmeajimmaidnfic
Folder Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\iehjklkgijkjfcfmmjmjlmcccholamaf
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mwu17sic.default\searchplugins\metaCrawler.xml
File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage
File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal
File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fastcontent.conduit.com_0.localstorage
File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fastcontent.conduit.com_0.localstorage-journal
File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\user data\default\local storage\hxxp_pricegong.conduitapps.com_0.localstorage
File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\user data\default\local storage\hxxp_pricegong.conduitapps.com_0.localstorage-journal
File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage
File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage-journal
File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
Key Deleted : HKCU\Software\Google\Chrome\Extensions\iehjklkgijkjfcfmmjmjlmcccholamaf
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\iehjklkgijkjfcfmmjmjlmcccholamaf
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\DnsBHO.BHO
Key Deleted : HKLM\SOFTWARE\Classes\DnsBHO.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\jZip_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\jZip_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AllCheapPruice.AllCheapPruice
Key Deleted : HKLM\SOFTWARE\Classes\AllCheapPruice.AllCheapPruice.5.2
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{d0e87c27}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3298581
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_winmx-music_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_winmx-music_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_world-war_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_world-war_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{020D5752-97B7-4FB3-A8C6-EA2F49E697A1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2656B92B-0207-4AFB-BEBF-F5FD231ECD39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{34CB0620-E343-4772-BBA8-D3074BC47516}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{412CD209-DDA4-4275-8C79-55F1C93FBD47}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{59570C1F-B692-48C9-91B4-7809E6945287}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{63A0F7FA-2C95-4D7E-AF25-EFCC303D20A1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6559E502-6EE1-46B8-A83C-F3A45BDA23EE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A2858A72-758F-4486-B6A1-7F1DCC0924FA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C63CA8A4-AB4E-49E5-A6C0-33FC86D80205}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C6A7847E-8931-4A9A-B4EF-72A91E3CCF4D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC4F59B-A2DA-4E12-B337-52A4F871E10C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D097398C-07F0-417F-AB38-2DE0608BFFC2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD0F1D24-E250-4E93-966C-65615720AEFB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EC1277BB-1C71-4C0D-BA6D-BFEA16E773A6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220022442293}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DCC3EA68-865C-C326-AB56-9406BD99A7DF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18466FA8-6950-4810-AB97-C5F873A77976}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B289A7A8-C712-4F25-B853-F38A92E7D51E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02C19EA4-445E-4E4E-A297-B91D42E4B805}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3A035436-E66D-451B-A399-FFA7A7BA45C1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{02935083-33EF-43B3-BF55-00B5BA32B648}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{978BDA89-DD75-4490-BE6A-1143A15E2B02}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055445593}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066446693}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1282B8C1-6644-4A40-95A7-83D78C57AB7F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1FA7FC2D-1E2B-4220-A506-55B0CEE22DFD}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{252C2315-CCE0-4446-8DA7-C00292A690BA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F211F559-1508-45D4-96D7-C7736D57FDFA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440044444493}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{18466FA8-6950-4810-AB97-C5F873A77976}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B289A7A8-C712-4F25-B853-F38A92E7D51E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DCC3EA68-865C-C326-AB56-9406BD99A7DF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02C19EA4-445E-4E4E-A297-B91D42E4B805}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3A035436-E66D-451B-A399-FFA7A7BA45C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4E42-A125-57C0A11DBCDE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{343263AB-D732-4066-A274-4A487A07F108}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3614D305-2DBB-4991-9297-750DD60FFC73}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C42103E4-7D10-4CC9-B2B4-C546BCCF8706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D48C9EAD-F59F-4DEA-AC97-7065FEA79F42}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{38250339-75A4-4A1F-89FB-D5500A2F83D1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A662A68D-779F-4D07-BF21-5F705BA62931}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{340A637A-FD57-4D5E-B638-A1C11DF2D606}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8AA47BBA-C44C-4C27-A0FF-D01EC395B871}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{020D5752-97B7-4FB3-A8C6-EA2F49E697A1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CFC4F59B-A2DA-4E12-B337-52A4F871E10C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{D097398C-07F0-417F-AB38-2DE0608BFFC2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{DCC3EA68-865C-C326-AB56-9406BD99A7DF}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{02935083-33EF-43B3-BF55-00B5BA32B648}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{978BDA89-DD75-4490-BE6A-1143A15E2B02}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055445593}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066446693}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\jZip
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKCU\Software\RegisteredApplicationsEx
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\alotAppbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentBar
Key Deleted : HKCU\Software\AppDataLow\Software\Vuze_Remote
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\conduitEngine
Key Deleted : HKLM\Software\GamesBarSetup
Key Deleted : HKLM\Software\Myfree Codec
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\Software\uTorrentBar
Key Deleted : HKLM\Software\Vuze_Remote
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7DD5E91C-3864-77EC-7635-D14910C2A03E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\alotAppbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar Toolbar
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16545
-\\ Mozilla Firefox v29.0.1 (en-US)
[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mwu17sic.default\prefs.js ]
Line Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
Line Deleted : user_pref("browser.search.order.1,S", "WebSearch");
Line Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");
Line Deleted : user_pref("extensions.Wymm.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.ne[...]
-\\ Google Chrome v35.0.1916.153
[ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=FWV5&o=14193&locale=en_US&apn_uid=74257dda-9a9f-4b97-998b-2471219e8321&apn_ptnrs=FM&apn_sauid=74B60A81-8307-44C5-9804-8F2015970982&apn_dtid=TES002UPCA&q={searchTerms}
Deleted [Search Provider] : hxxp://dts.search-results.com/sr?src=crb&gct=ds&appid=110&systemid=102&apn_dtid=BND102&apn_ptnrs=AG7&o=APN10646&apn_uid=0225276324554132&q={searchTerms}
Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN26275512576593021&ctid=CT3298581&UM=2
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://www.metacrawler.com/info.metac.psp/search/web?q={searchTerms}
Deleted [Search Provider] : hxxp://websearch.eazytosearch.info/?l=1&q={searchTerms}&pid=724&r=2014/05/12&hid=17791081079239329585&lg=EN&cc=CA
Deleted [Extension] : enekehjgaaanjlpmlbcipoigpncjejlp
Deleted [Extension] : fjoijdanhaiflhibkljeklcghcmmfffh
Deleted [Extension] : iehjklkgijkjfcfmmjmjlmcccholamaf
Deleted [Extension] : ikipapifkbcdpamlpjoomlcfbeopmhjk
Deleted [Extension] : kljcpckmkjfjcncacblmkbeeibblkfph
Deleted [Extension] : lmeaffalpajefneffnmeajimmaidnfic
Deleted [Extension] : lnodkiakfohbcpjjpodlnbmfmeddfeea
Deleted [Extension] : mhkaekfpcppmmioggniknbnbdbcigpkk
Deleted [Extension] : mmnofnnhckfmeelmncbocoabcggefgoh
Deleted [Extension] : nmebbfaopbbaeefhbhgfgdcganoifhje
Deleted [Extension] : olmcifmckodjahofoaagljdikbbfbmpp
*************************
AdwCleaner[R0].txt - [25799 octets] - [06/06/2014 11:38:42]
AdwCleaner[R1].txt - [25860 octets] - [06/06/2014 11:52:12]
AdwCleaner[R2].txt - [25921 octets] - [10/06/2014 13:36:30]
AdwCleaner[S0].txt - [25028 octets] - [10/06/2014 13:39:26]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [25089 octets] ##########
gigglepot
2014-06-10, 23:16
Here is the OTL.Txt file:
OTL logfile created on: 6/10/2014 1:51:09 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
2.75 Gb Total Physical Memory | 1.38 Gb Available Physical Memory | 50.24% Memory free
5.50 Gb Paging File | 3.70 Gb Available in Paging File | 67.26% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 686.49 Gb Total Space | 431.71 Gb Free Space | 62.89% Space Free | Partition Type: NTFS
Drive D: | 12.04 Gb Total Space | 1.47 Gb Free Space | 12.24% Space Free | Partition Type: NTFS
Computer Name: OWNER-HP | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVAST Software\Avast\avastui.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE (Microsoft Corporation.)
PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
PRC - C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe (Microsoft Corp.)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\Citrix\ICA Client\redirector.exe (Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\Citrix\Receiver\Receiver.exe (Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe (Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe (Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Users\Owner\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe (Pelmorex Media Inc.)
PRC - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
PRC - C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE ()
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
========== Modules (No Company Name) ==========
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\04824fdbd5dce32530ba44ae012e4fb9\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\f4354d6580fbb745c0c8acba382a7b84\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4889d9001d1c56af8\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c44490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\868ad9d8acc0bf80a973c0e4e9cae4fa\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f703846404bb66a4ae03ef8133755007\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\4f5069e6497e5e6a381ab6aadf05d6a5\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\660ac5d6da77df8e86fb26f05c6a9816\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\AVAST Software\Avast\libcef.dll ()
MOD - C:\Program Files (x86)\Citrix\SelfServicePlugin\ExtensionSDK.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE ()
========== Services (SafeList) ==========
SRV:[b]64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (Service KMSELDI) -- C:\Program Files\KMSpico\Service_KMS.exe ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (GamesAppIntegrationService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (WildTangent)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE (Microsoft Corporation.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (BingDesktopUpdate) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe (Microsoft Corp.)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (pdfcDispatcher) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswsnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswsp.sys (AVAST Software)
DRV:64bit: - (aswStm) -- C:\Windows\SysNative\drivers\aswstm.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswHwid) -- C:\Windows\SysNative\drivers\aswHwid.sys ()
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (SaiNtBus) -- C:\Windows\SysNative\drivers\SaiBus.sys (Saitek)
DRV:64bit: - (SaiMini) -- C:\Windows\SysNative\drivers\SaiMini.sys (Saitek)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (ctxusbm) -- C:\Windows\SysNative\drivers\ctxusbm.sys (Citrix Systems, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (WsAudio_DeviceS(5) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys (Wondershare)
DRV:64bit: - (WsAudio_DeviceS(4) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys (Wondershare)
DRV:64bit: - (WsAudio_DeviceS(3) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys (Wondershare)
DRV:64bit: - (WsAudio_DeviceS(2) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys (Wondershare)
DRV:64bit: - (WsAudio_DeviceS(1) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys (Wondershare)
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (SCDEmu) -- C:\Windows\SysNative\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie64.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (SaiH0464) -- C:\Windows\SysNative\drivers\SaiH0464.sys (Saitek)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/706-111074-26712-0/4?satitle={searchTerms}&mfe=Desktops
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPDTDF&pc=CPDTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://ca.yahoo.com?fr=hp-avast&type=avastbcl
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}: "URL" = http://ca.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
IE - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/706-111074-26712-0/4?satitle={searchTerms}&mfe=Desktops
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPDTDF&pc=CPDTDF&src=IE-SearchBox
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://ca.yahoo.com?fr=hp-avast&type=avastbcl
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ca.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://ca.yahoo.com?fr=hp-avast&type=avastbcl
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B1 FF 8B 4D 93 E0 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{190EAB21-2083-42D6-83C7-DDE3C907E5C7}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}
IE - HKCU\..\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}: "URL" = http://ca.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
IE - HKCU\..\SearchScopes\{EC1B0DA3-6867-45AE-80BB-F8666CF8B271}: "URL" = http://www.metacrawler.com/search/web?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = dynhost.inetcam.com;register.inetcam.com;*.local;127.0.0.1:9421;<local>
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Yahoo! (Avast)"
FF - prefs.js..browser.search.defaultenginename: "Yahoo!"
FF - prefs.js..browser.search.defaultthis.engineName: "Yahoo! (Avast)"
FF - prefs.js..browser.search.defaulturl: "http://ca.yhs4.search.yahoo.com/yhs/search"
FF - prefs.js..browser.search.order.1: "Yahoo! (Avast)"
FF - prefs.js..browser.search.selectedEngine: "Yahoo!"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://calgary.kijiji.ca/"
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2018.95
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1
FF - prefs.js..keyword.URL: "http://ca.yhs4.search.yahoo.com/yhs/search"
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Citrix.com/npican: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\Owner\AppData\Local\Roblox\Versions\version-e4be089b108348a6\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/04/23 10:41:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2013/08/13 08:32:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2011/07/26 09:49:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2014/06/04 06:26:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mwu17sic.default\extensions
[2014/05/14 06:06:34 | 000,001,874 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mwu17sic.default\searchplugins\duckduckgo.xml
[2013/11/27 14:56:19 | 000,002,070 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mwu17sic.default\searchplugins\metacrawler-search.xml
[2014/05/27 13:58:40 | 000,009,433 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mwu17sic.default\searchplugins\yahoo-avast.xml
[2013/12/30 09:24:41 | 000,000,905 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mwu17sic.default\searchplugins\yahoo_ff.xml
[2014/05/10 09:59:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/05/10 09:59:56 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/04/23 10:41:32 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
========== Chrome ==========
CHR - homepage: https://ca.yahoo.com?fr=hp-avast&type=avastbcl
CHR - plugin: First user (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Error reading preferences file
CHR - Extension: YouTube = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: RobOSaveer = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmamejgjjfphnlodkkomcaicecpcdhm\6.1\
CHR - Extension: NNextCoUp = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\llenmfobpkcbohomijckfhhehblnlilb\1.0\
CHR - Extension: BuestSaveForYOu = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhlgfbhpfpbbbkdiggmpoddgpmolpkck\2.3\
CHR - Extension: Ghostery = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\198\
CHR - Extension: Google Wallet = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:64bit: - HKLM..\Run: [ProfilerU] C:\Program Files\SmartTechnology\Software\ProfilerU.exe (Saitek)
O4:64bit: - HKLM..\Run: [SaiMfd] C:\Program Files\SmartTechnology\Software\SaiMfd.exe (Saitek)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.)
O4 - HKLM..\Run: [CitrixReceiver] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk" File not found
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKCU..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKCU..\Run: [WeatherEye] C:\Users\Owner\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe (Pelmorex Media Inc.)
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe (Leader Technologies)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\RazaWebHook32.dll/3000 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\RazaWebHook32.dll/3000 File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Plants%20vs.%20Zombies/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.photolab.ca/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/Plants%20vs.%20Zombies/Images/armhelper.ocx (ArmHelper Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{853F1832-EF79-4946-9A19-0123FAFCABB6}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - AppInit_DLLs: (c:\progra~2\citrix\icacli~1\rshook.dll) - c:\Program Files (x86)\Citrix\ICA Client\RSHook.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/02/05 15:32:27 | 000,000,000 | ---D | M] - C:\Automatic -- [ NTFS ]
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\DisneySplash.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2014/06/10 13:47:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2014/06/10 06:55:12 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{347D636D-963F-40C2-9D1E-B741DC4EDEEA}
[2014/06/09 18:54:36 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{2BD46A47-0F74-4388-AE42-F9E16E98BC29}
[2014/06/09 06:54:14 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{1CD1442C-F28C-4DC8-B04A-4D177648DDD7}
[2014/06/08 18:52:57 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{1DA4B9D6-91AB-4834-84B2-DD38F9F9AF1A}
[2014/06/07 19:34:57 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{02F2AC04-C76D-413A-A3F8-F6DBBB4C58AA}
[2014/06/07 07:34:35 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{0E96FDDF-1B62-4AB5-91A0-ABE6BBFA9E45}
[2014/06/06 19:34:00 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{B2802AE1-F091-49BE-92DA-6648CF12B2EC}
[2014/06/06 11:39:23 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014/06/06 11:38:40 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/06/06 11:36:57 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Nico Mak Computing
[2014/06/06 11:32:46 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\FRST-OlderVersion
[2014/06/06 11:25:19 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1
[2014/06/06 07:32:57 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{C0493E59-F699-492A-9327-20733DB7DD0F}
[2014/06/05 19:31:41 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{2E19225A-29C1-4F94-B291-B41B1AD5FD56}
[2014/06/05 09:48:33 | 000,000,000 | ---D | C] -- C:\FRST
[2014/06/05 09:47:22 | 002,072,576 | ---- | C] (Farbar) -- C:\Users\Owner\Desktop\FRST64.exe
[2014/06/05 07:31:18 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{CE4BE556-A269-4B46-B2A0-BF8D5B0DD392}
[2014/06/05 07:16:29 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Owner\Desktop\aswMBR.exe
[2014/06/04 19:30:41 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{C40631FE-151A-4518-8AD2-3913078B88E4}
[2014/06/04 07:30:19 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{2B5A88CC-9725-498E-90F5-2D2EB34CA220}
[2014/06/04 05:47:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DowwnnSave
[2014/06/03 19:28:36 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{29CF0931-C75A-4839-9CA4-56BFFE6556D9}
[2014/06/03 07:28:14 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{604AB371-F7BD-4901-A66B-1AF810A85907}
[2014/06/02 19:26:57 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{3EE7FAEA-2474-4165-BD97-42661D3CA557}
[2014/06/02 15:34:03 | 000,000,000 | ---D | C] -- C:\ProgramData\DowwnnSave
[2014/06/02 07:25:53 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{D1607A7F-0113-4467-976A-8A1AC4E9DD3B}
[2014/06/01 19:24:47 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{1C3DF919-F2B8-4E13-A821-A882F978CEC3}
[2014/06/01 07:24:16 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{AED18456-BE67-458D-93CB-46F35D81AA4C}
[2014/05/31 19:09:18 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{9D79D805-C73B-4F34-A6C2-ABABC6E5B642}
[2014/05/31 07:09:05 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{20306CD0-446B-411D-A959-1EA045D81C90}
[2014/05/30 18:26:10 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{68117BCC-A943-46E0-8069-7FDF5D175892}
[2014/05/30 06:25:53 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{466C8583-F82A-4F11-AF2E-5B22AD9F4573}
[2014/05/29 18:19:20 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{2C5CCA4D-18BC-4FFB-A6EF-054B88A99ED0}
[2014/05/29 06:19:12 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{11C136DC-26FF-45D3-900F-9635ADFC664D}
[2014/05/28 10:18:07 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{FF584924-6D5E-4A65-9610-BE980FF899BC}
[2014/05/27 22:17:50 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{49487722-3423-4531-853B-2BEB4B947E88}
[2014/05/27 10:17:04 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{E636AAC6-6DB0-4BCE-983D-18896D512C0F}
[2014/05/26 22:15:52 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{F614D58E-DEE8-4744-AF3D-6C80AD404E2F}
[2014/05/26 10:15:37 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{00528024-D568-4FBE-9A42-7603CFA7B964}
[2014/05/25 22:14:27 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{033192FA-06D2-4C65-B9B9-464B619F57FA}
[2014/05/25 20:34:09 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Packages
[2014/05/25 10:13:28 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{24ECC140-1B93-42FB-B90F-138A987A6510}
[2014/05/24 22:12:30 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{3D3D4CE4-D0E2-4B0F-982E-9BAE798B09F7}
[2014/05/24 10:12:09 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{95180C63-5AB3-4C33-A5A5-B4825658850E}
[2014/05/23 22:10:30 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{2AC94C97-C269-4D12-B7A9-94E3DD1F2E0D}
[2014/05/23 10:08:49 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{CBAF96A7-23B5-47DE-931C-8A167E6F43D5}
[2014/05/22 22:08:06 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{06F2177B-C1F2-43D6-BA0B-19953DCE521C}
[2014/05/22 10:08:02 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{86A85726-B26D-4F8A-A3ED-E0050F478F82}
[2014/05/22 06:40:50 | 000,000,000 | ---D | C] -- C:\ProgramData\NNextCoUp
[2014/05/22 06:40:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NNextCoUp
[2014/05/22 06:40:17 | 002,116,320 | ---- | C] (their database support use requirements) -- C:\Windows\SysWow64\setup.exe
[2014/05/21 21:08:41 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{1317234D-FDC9-4213-87CE-5759602D9B2D}
[2014/05/21 09:08:26 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{49300874-9A7E-4A27-A679-C2ED06036B19}
[2014/05/20 21:07:11 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{06C903EE-65AD-4FF9-AF4F-81D53CD84A60}
[2014/05/20 09:06:22 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{4ABE8DD2-E557-4C65-9B50-0BB27C593F9C}
[2014/05/19 21:05:14 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{A175EE99-9B6C-457A-B971-9E455076AC94}
[2014/05/19 09:04:18 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{C283611C-4599-460A-B945-0BA443120110}
[2014/05/18 21:03:24 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{75F24BEB-34ED-481F-9505-48A67581FC7E}
[2014/05/18 09:03:05 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{91FA3E2F-DAF3-4677-BFDD-26CE80B99A61}
[2014/05/17 21:01:54 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{E92B2B6A-CBD1-4948-9247-ACD9C9A3E4B2}
[2014/05/17 09:01:39 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{E6848EF9-39D0-4D93-837C-50A431189EE4}
[2014/05/16 21:01:05 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{60338534-BDD6-466B-88CE-EBF7DD9482A4}
[2014/05/16 09:00:00 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{AFD1BB76-ED2B-4FEB-BF74-567D4DAA94A0}
[2014/05/15 22:17:31 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/05/15 22:17:27 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/05/15 22:17:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2014/05/15 20:58:52 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{8D511BB9-9E9F-4AFA-9A58-6A7EA8EDA252}
[2014/05/15 08:57:55 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{D56D26A9-5717-4CAD-8EB0-5516A9148322}
[2014/05/15 07:15:15 | 000,477,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/05/15 07:15:14 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/05/15 07:06:43 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2014/05/15 07:06:42 | 003,969,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2014/05/15 07:06:41 | 005,550,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2014/05/15 07:06:41 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2014/05/15 07:06:41 | 000,722,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\objsel.dll
[2014/05/15 07:06:41 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2014/05/15 07:06:40 | 000,538,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\objsel.dll
[2014/05/15 07:06:39 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2014/05/15 07:06:38 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cngprovider.dll
[2014/05/15 07:06:38 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adprovider.dll
[2014/05/15 07:06:38 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dimsroam.dll
[2014/05/15 07:06:38 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dimsroam.dll
[2014/05/15 07:06:37 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2014/05/15 07:06:37 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\capiprovider.dll
[2014/05/15 07:06:37 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpapiprovider.dll
[2014/05/15 07:06:37 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cngprovider.dll
[2014/05/15 07:06:37 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adprovider.dll
[2014/05/15 07:06:37 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\capiprovider.dll
[2014/05/15 07:06:37 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpapiprovider.dll
[2014/05/15 07:06:37 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wincredprovider.dll
[2014/05/15 07:06:37 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wincredprovider.dll
[2014/05/15 07:06:36 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2014/05/15 07:06:36 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2014/05/15 07:00:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
[2014/05/15 07:00:16 | 000,000,000 | ---D | C] -- C:\Program Files\KMSpico
[2014/05/14 20:56:33 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{94334CB5-5697-4C66-B936-B5A00A623129}
[2014/05/14 08:55:36 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{463C2A97-F156-4716-ADF2-F3C7CE673233}
[2014/05/13 20:55:08 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{DE1E6D13-0D11-4D72-8331-DF365C6EA668}
[2014/05/13 08:54:48 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{64AD5AC0-DC7C-4E64-9037-0CA6ECA6F1F6}
[2014/05/12 20:53:34 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{F85EA4EA-0331-4F9B-8BA8-406FF4201D81}
[2014/05/12 12:07:04 | 000,000,000 | ---D | C] -- C:\ProgramData\ItsMyApp
[2014/05/12 12:03:16 | 000,000,000 | ---D | C] -- C:\ProgramData\e13406c655b61ee0
[2014/05/12 12:03:14 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Comodo
[2014/05/12 12:01:51 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2014/05/12 08:52:12 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{7BB7E929-4BCE-4E18-B276-E67CA6EF034E}
[2014/05/11 20:50:50 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{1604A5B1-FD4F-486F-B347-C02083A8F075}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
Here is the first half.........
P.S. I was worried because it took at least 20 minutes to run this scan! But finally it finished so I think it's ok!
gigglepot
2014-06-10, 23:18
Here is part 2 of the OTL.Txt file:
========== Files - Modified Within 30 Days ==========
[2014/06/10 13:47:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2014/06/10 13:46:53 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/10 13:46:53 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/10 13:41:29 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/06/10 13:41:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/10 13:41:12 | 2214,027,264 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/10 13:12:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/06/10 13:03:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/06/07 12:53:05 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForOwner.job
[2014/06/06 11:38:17 | 001,333,465 | ---- | M] () -- C:\Users\Owner\Desktop\AdwCleaner.exe
[2014/06/06 11:32:46 | 002,072,576 | ---- | M] (Farbar) -- C:\Users\Owner\Desktop\FRST64.exe
[2014/06/06 10:41:02 | 000,122,368 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/06/05 09:41:31 | 000,000,526 | ---- | M] () -- C:\Users\Owner\Desktop\MBR.zip
[2014/06/05 09:38:50 | 000,000,512 | ---- | M] () -- C:\Users\Owner\Desktop\MBR.dat
[2014/06/05 07:17:08 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Owner\Desktop\aswMBR.exe
[2014/06/05 06:50:59 | 000,854,367 | ---- | M] () -- C:\Users\Owner\Desktop\SecurityCheck.exe
[2014/05/29 18:25:03 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForOWNER-HP$.job
[2014/05/22 06:40:17 | 002,116,320 | ---- | M] (their database support use requirements) -- C:\Windows\SysWow64\setup.exe
[2014/05/15 06:35:21 | 001,039,096 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsnx.sys
[2014/05/15 06:35:20 | 000,423,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys
[2014/05/15 06:35:20 | 000,085,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys
[2014/05/13 16:05:25 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/05/13 16:05:25 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/06/06 11:37:53 | 001,333,465 | ---- | C] () -- C:\Users\Owner\Desktop\AdwCleaner.exe
[2014/06/05 09:41:31 | 000,000,526 | ---- | C] () -- C:\Users\Owner\Desktop\MBR.zip
[2014/06/05 09:38:50 | 000,000,512 | ---- | C] () -- C:\Users\Owner\Desktop\MBR.dat
[2014/06/05 06:50:58 | 000,854,367 | ---- | C] () -- C:\Users\Owner\Desktop\SecurityCheck.exe
[2014/04/04 11:30:07 | 000,000,355 | ---- | C] () -- C:\Users\Owner\Homegroup - Shortcut (2).lnk
[2013/09/26 14:09:38 | 000,000,355 | ---- | C] () -- C:\Users\Owner\Homegroup - Shortcut.lnk
[2013/06/11 14:15:34 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2013/04/18 10:43:53 | 000,155,136 | ---- | C] () -- C:\Windows\SysWow64\AI_ContextMenu.dll
[2013/02/05 18:52:54 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013/02/05 18:52:50 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2013/02/05 18:52:50 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2013/02/05 18:52:50 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2013/02/05 18:52:50 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2013/01/31 12:27:06 | 000,001,840 | ---- | C] () -- C:\Windows\wininit.ini
[2013/01/07 10:09:41 | 000,002,145 | ---- | C] () -- C:\Users\Owner\AppData\Local\recently-used.xbel
[2012/04/12 15:00:13 | 000,122,368 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/24 14:38:44 | 000,001,854 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\GhostObjGAFix.xml
[2011/05/20 22:49:50 | 000,000,017 | ---- | C] () -- C:\Users\Owner\AppData\Local\resmon.resmoncfg
========== ZeroAccess Check ==========
[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 20:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 20:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2012/09/05 16:28:12 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\.minecraft
[2011/07/26 07:45:47 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Ares Galaxy Professional
[2013/10/23 11:38:39 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AVAST Software
[2011/09/08 11:35:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\avidemux
[2014/06/10 13:37:18 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Azureus
[2014/03/06 07:54:39 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\BHOK
[2014/04/09 11:14:07 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\BHOK IT Consulting
[2011/05/15 19:07:50 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Blio
[2011/05/18 11:08:53 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Canon
[2012/10/16 10:59:17 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ICAClient
[2011/11/10 21:48:14 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Kuma Games
[2012/07/03 07:56:07 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\LucasArts
[2012/04/12 14:58:24 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\MusicNet
[2014/06/06 11:39:58 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Nico Mak Computing
[2013/02/17 20:49:47 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Oberon Media
[2013/10/22 11:08:55 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Oracle
[2012/12/09 21:51:02 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PhotoScape
[2011/05/12 13:17:40 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PictureMover
[2013/08/15 08:11:05 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Rovio
[2013/09/28 06:48:18 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Rovio Entertainment Ltd
[2013/08/22 15:35:41 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Samsung
[2014/01/15 14:00:03 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Shareaza
[2014/06/05 22:24:28 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SoftGrid Client
[2013/08/13 09:28:30 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SpinTop
[2011/06/01 11:35:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TP
[2011/11/12 14:13:24 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Ubisoft
[2013/12/15 09:23:24 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Unity
[2011/05/16 16:02:51 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\uTorrent
[2013/05/20 21:22:41 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\wargaming.net
[2013/06/28 09:18:30 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WildTangent
[2011/09/23 14:40:18 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WinBatch
[2011/05/15 19:13:43 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Windows Live Writer
[2011/07/25 22:21:05 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WinMX Music
[2014/06/06 11:25:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: EXPLORER.EXE >
[2011/03/14 16:41:38 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011/02/26 00:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/25 23:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 19:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/25 23:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2011/03/14 16:42:56 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/25 23:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 00:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 04:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/03/14 16:41:38 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2011/03/14 16:39:54 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2011/03/14 16:42:56 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2011/03/14 16:39:54 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 05:24:46 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2011/03/14 16:42:56 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2011/03/14 16:39:54 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 19:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2011/03/14 16:42:56 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/03/14 16:41:38 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011/02/26 00:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2011/03/14 16:39:54 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2011/03/14 16:41:38 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe
< MD5 for: SERVICES.EXE >
[2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
< MD5 for: SVCHOST.EXE >
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
< MD5 for: USERINIT.EXE >
[2010/11/20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 19:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 19:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 05:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 05:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2010/11/20 05:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 19:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2014/03/04 05:08:14 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=6CE2AE073BD21C542FC2C707CAE944CC -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_ce748d1d04acf24f\winlogon.exe
[2014/03/04 03:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\SysNative\winlogon.exe
[2014/03/04 03:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8bf35eb848572\winlogon.exe
[2011/03/14 16:42:56 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2011/03/14 16:42:56 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< %systemroot%\*. /rp /s >
< %systemdrive%\$Recycle.Bin|@;true;true;true >
< %USERPROFILE%\..|smtmp;true;true;true /FP >
< %temp%\smtmp\*.* /s > >
========== Base Services ==========
SRV:64bit: - [2009/07/13 19:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/02/26 23:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 19:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 05:27:24 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/20 05:25:46 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2014/04/11 20:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 19:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 19:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 16:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/07/08 23:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2013/07/08 22:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 05:27:26 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 05:26:06 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 04:18:32 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/03 00:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 19:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 19:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 19:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/13 19:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/20 05:26:40 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/07/13 19:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 19:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 19:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 19:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 19:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/10/03 11:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 19:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 05:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/11 00:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2014/04/11 20:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 19:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 05:27:26 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 05:27:26 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 05:27:26 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2014/04/11 20:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/13 19:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/20 05:27:28 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 05:27:26 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 04:21:20 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 05:27:26 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 05:27:28 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 04:21:30 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/13 19:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/04/30 23:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 05:25:28 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 05:25:44 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 05:25:44 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 05:27:26 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/20 05:27:30 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/20 05:27:00 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/20 05:27:30 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 05:25:00 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 04:17:24 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/13 19:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 16:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/20 05:26:08 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/13 19:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 05:27:30 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)
========== Drive Information ==========
Physical Drives
---------------
Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: Hitachi HDS721075CLA332 SATA Disk Device
Partitions: 3
Status: OK
Status Info: 0
Partitions
---------------
DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 100.00MB
Starting Offset: 1048576
Hidden sectors: 0
DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 686.00GB
Starting Offset: 105906176
Hidden sectors: 0
DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 12.00GB
Starting Offset: 737222328320
Hidden sectors: 0
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\System32\config\systemprofile\Cookies] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\Windows\System32\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\Windows\System32\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Windows\System32\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Windows\System32\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Windows\System32\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Cookies] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\SysWOW64\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\Windows\SysWOW64\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Windows\SysWOW64\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Windows\SysWOW64\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction
========== Alternate Data Streams ==========
@Alternate Data Stream - 700 bytes -> C:\Users\Owner\Documents\Re_ Wii Nunchuks.eml:OECustomProperty
@Alternate Data Stream - 16 bytes -> C:\Users\Owner\Downloads:Shareaza.GUID
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:7D6EC5BE
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:196FC0A6
< End of report >
gigglepot
2014-06-10, 23:19
Here is the Extras.Txt file:
OTL Extras logfile created on: 6/10/2014 1:51:09 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
2.75 Gb Total Physical Memory | 1.38 Gb Available Physical Memory | 50.24% Memory free
5.50 Gb Paging File | 3.70 Gb Available in Paging File | 67.26% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 686.49 Gb Total Space | 431.71 Gb Free Space | 62.89% Space Free | Partition Type: NTFS
Drive D: | 12.04 Gb Total Space | 1.47 Gb Free Space | 12.24% Space Free | Partition Type: NTFS
Computer Name: OWNER-HP | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{001F2D7F-01D9-4CBF-8B80-217958CDA2AB}" = rport=10243 | protocol=6 | dir=out | app=system |
"{131CE47E-6535-4C2C-878A-755F05CACEEB}" = lport=1688 | protocol=6 | dir=in | name=kms emulator port |
"{20DB34C0-7184-4CD2-81A2-4596F069FBCC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2227DA88-C611-438C-9EF0-8F0111534550}" = lport=139 | protocol=6 | dir=in | app=system |
"{24263477-6EF3-402F-AE43-F9CD8CB45D85}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{3F44AC36-3D84-455A-8944-A4C7FF3D0F99}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{49E51BF4-857F-491A-A8B6-7B7929DB2F00}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6682FAA4-FBE8-4FC9-A6B4-37E13A991C63}" = rport=137 | protocol=17 | dir=out | app=system |
"{6A8B6B7E-FD65-43A2-8CFD-29B584243411}" = lport=445 | protocol=6 | dir=in | app=system |
"{6D263C9E-5417-4202-9200-2D5D80F6E151}" = lport=138 | protocol=17 | dir=in | app=system |
"{6F3C5B5E-88F5-4CC6-9653-F939C639966C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{74A9E83A-7C94-430B-998E-E7D2316CB925}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{75EAB021-30D0-4368-BDB1-CEEE526A3B6D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{80D4D39C-F722-40CD-B8D6-ADB18A198714}" = rport=445 | protocol=6 | dir=out | app=system |
"{86184506-9A83-4CB8-AC53-B38F45179A22}" = lport=137 | protocol=17 | dir=in | app=system |
"{93DFCD24-5D20-4600-9E7C-2D6CF254D5BB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A520C7CF-08D6-45D6-9D1C-DFDD9D04E7AF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A72CE113-54E8-4B41-95C9-AE912835D38D}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B5448F85-ACD1-4C94-ADBC-C111C36F71B3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C1957F57-094F-4D63-8AB8-C3720E36FCAD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C21EA62D-FE32-439B-9858-85E122306327}" = rport=138 | protocol=17 | dir=out | app=system |
"{CD19764B-FE2B-4F89-A633-3C12D91AF21E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CDB87BA6-AEB5-44EA-8473-F9E6764714FA}" = rport=139 | protocol=6 | dir=out | app=system |
"{D3FC0A18-B3BD-4ED7-B9AD-92614935E454}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{E4B343D8-5CC4-4494-8205-70B033464181}" = lport=1688 | protocol=6 | dir=in | name=kms emulator port |
"{E6ACACCE-9823-48C2-9689-28A15E81CEB3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E9940AB4-7BEB-46C8-97FF-5D8AC5F7F0CF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FCF8FCE5-E6D2-4F9F-B47E-1532B3F3FFB9}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0203E568-A224-47A6-89F8-112F71BCB211}" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\akamai\netsession_win.exe |
"{0543AA67-EFEF-48CB-A54A-E55248412302}" = protocol=6 | dir=in | app=c:\program files\kmspico\service_kms.exe |
"{05E88CCD-91BB-459B-91A2-8575DAB3D889}" = protocol=6 | dir=in | app=c:\program files\kmspico\service_kms.exe |
"{0CFDB8D6-3115-4E4A-B1CD-0D35BF60FD7B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0DF2AED0-A93A-424D-8B69-27A49F2FD8A6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{0DF6C6E1-DB18-4DD6-9A0D-F7CEEF42ED75}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{0FAEB502-E14D-4939-A6A8-244D5350F547}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's h.a.w.x\hawx.exe |
"{11C8BEDA-8ABC-4F90-AE1A-511AE0F55291}" = protocol=6 | dir=in | app=c:\program files (x86)\winmx music\winmx music.exe |
"{12AA15F5-BB5F-49CC-A3F0-7F131D82B4E5}" = protocol=17 | dir=in | app=c:\program files\kmspico\kmseldi.exe |
"{13EB4188-C29B-40D3-8F11-46D708CB7236}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{16467055-0A06-4B08-B61F-9DE42788DAD8}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe |
"{174F363F-F7C0-4F07-922F-84A5A6A691D7}" = protocol=17 | dir=in | app=c:\program files (x86)\ares galaxy professional\ares galaxy professional.exe |
"{1A13A48E-5475-45B1-AC30-C2F323181F53}" = protocol=17 | dir=in | app=c:\program files (x86)\warthunder\launcher.exe |
"{1A81BDCE-7BDF-429A-9C42-34E93EFD64B8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1E9B59DF-C948-4266-945C-5AE93937C9EE}" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\akamai\netsession_win.exe |
"{2411B27C-853E-4796-A9BE-6E4DB69EC84C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{256F45D6-0321-4DB4-A62A-C386153AC30F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{28C30891-E2A8-4010-93C6-E507C1A237B9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2DD217DC-2AFA-4D68-B2CF-ADA1F2364264}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2EBA5488-FA5F-4FFE-9810-A60F1B44FD7D}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{32595600-4DD5-464A-A818-DFD17D2C8EAE}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{3496FCD7-3BD1-4CDF-8521-22B09FFDFA17}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{38C9EE8C-B8C9-4D74-99D5-E4EEE31C9101}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe |
"{3BC2ED6C-1E1B-4B88-842C-AF7EDF3BA584}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{3D1CE419-E3EE-4904-AF6A-ED10B7B63C5C}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe |
"{3E0D8850-76DD-411A-95B3-DF7B07087C58}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{48E68C98-9CA3-4CD8-91F3-ACFE04B44B81}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{4A00BE5E-C4BB-406A-9C1C-111E498D2754}" = protocol=6 | dir=in | app=c:\program files (x86)\warthunderdev\launcher.exe |
"{4B6CE653-5B04-4325-BE2D-7978B06D58E3}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{4DA61A28-5CCD-450E-9A61-33DAB86780BE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{55227654-7024-46AC-AFA5-8828B2EDAB4F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5672826E-EA20-47EA-A572-77EF2511987D}" = protocol=17 | dir=in | app=c:\program files (x86)\shareaza applications\shareaza\shareaza.exe |
"{5D3B0F77-681B-4BF6-973F-C855F16B443E}" = protocol=6 | dir=in | app=c:\program files\kmspico\kmseldi.exe |
"{62CBC96A-B1C0-4671-AABF-4A307699A6E6}" = protocol=6 | dir=out | app=system |
"{631A0E21-89D0-4057-A2E6-D6688596BBCB}" = protocol=17 | dir=in | app=c:\program files (x86)\shareaza applications\shareaza\shareaza.exe |
"{64835E52-1E27-4778-BA3D-55E9637E7296}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6707D324-BCC5-4A5D-BF74-4C99F4660DEF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{673ECEFF-6EFD-4A09-998B-9888503B1492}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's h.a.w.x\hawx_dx10.exe |
"{68026B95-B635-4B4E-9883-C1430621E15A}" = protocol=6 | dir=in | app=c:\program files (x86)\shareaza applications\mediabar\datamngr\toolbar\dtuser.exe |
"{6D6AF11E-DF60-410E-826F-1A4666D20C46}" = protocol=17 | dir=in | app=c:\program files (x86)\shareaza applications\mediabar\datamngr\toolbar\dtuser.exe |
"{7122594F-D635-4D46-AA08-2165ED451E67}" = protocol=6 | dir=in | app=c:\program files (x86)\ares galaxy professional\ares galaxy professional.exe |
"{743E506E-3E3F-4827-8076-9AA0040C5414}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{74FD960D-0204-4EC6-9405-C928CDB27F6C}" = protocol=17 | dir=in | app=c:\program files (x86)\warthunderdev\launcher.exe |
"{7707AAD1-CBAA-495E-863E-B85DE7ABBEB5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7B37888D-48A7-42E0-88E6-E84C0F04B490}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{85285D94-6099-483F-A2BB-8E1EFA5B466A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{89F829A4-DFA7-4E1C-8DF1-B6D2801BA15D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{8A2CFDDA-4006-4DF4-9879-D76D7D3FA97A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8D8977CB-FD86-48F0-B70D-630C93B72306}" = protocol=17 | dir=in | app=c:\program files\kmspico\service_kms.exe |
"{977796B3-1E02-45FE-B689-E0B474524668}" = protocol=6 | dir=in | app=c:\program files (x86)\warthunder\launcher.exe |
"{97B68B06-CAB6-44EF-A0D7-407195AAABAA}" = protocol=6 | dir=in | app=c:\program files (x86)\shareaza applications\shareaza\shareaza.exe |
"{A0208C98-7633-4F97-9701-5138D1F50098}" = protocol=17 | dir=in | app=c:\program files\kmspico\service_kms.exe |
"{AA5B50E6-B82A-4520-9C65-9C3C96E12DE0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B9C9DF76-EF62-47DF-8DFB-5A6DE0DE80ED}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{BEEC241A-BA90-4150-B594-576DD5CBB529}" = protocol=6 | dir=in | app=c:\program files (x86)\shareaza applications\shareaza\shareaza.exe |
"{C448FDCC-80E1-4057-ABE0-710B5FA1343D}" = protocol=17 | dir=in | app=c:\program files (x86)\winmx music\winmx music.exe |
"{CAAA27C6-16D4-4F83-868B-390549BC48BE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CAFD9837-95E4-469D-A7E8-06ABA46063DE}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's h.a.w.x\hawx.exe |
"{CB490B19-1D50-4C78-9F93-B52BA31AF5CB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CFE403B5-C691-4DAE-BF52-12F340194F64}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's h.a.w.x\hawx_dx10.exe |
"{D14B0998-0B10-4D80-8CD6-73837DBECBCD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E7146E26-B002-435D-8D24-195587E8ED9F}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{EA747424-772E-4421-960B-DD581C58583B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EA952AF9-EEBF-41EA-80B9-FF58842B7E7E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{EB32CFD9-CF25-42A8-BBDD-35F7C9470FE4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EFA6050A-6800-429F-A237-166D531F5EA3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{FECB3CF6-CA3B-438A-93C9-0B96FB63B188}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"TCP Query User{01EDB30A-24ED-4B0E-800E-7055527A3B20}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{2007745D-6D9E-47E1-87C9-19DBEC9C972B}C:\users\owner\documents\vuze downloads\heroes over europe\heroes over europe\heroes2.exe" = protocol=6 | dir=in | app=c:\users\owner\documents\vuze downloads\heroes over europe\heroes over europe\heroes2.exe |
"TCP Query User{3E9F5E3A-4116-431B-AE88-3005EBCA1836}C:\program files (x86)\ubisoft\tom clancy's h.a.w.x\hawx.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's h.a.w.x\hawx.exe |
"TCP Query User{515F347E-6B10-4FD3-B850-896F296377C4}C:\games\world_of_warplanes\worldofwarplanes.exe" = protocol=6 | dir=in | app=c:\games\world_of_warplanes\worldofwarplanes.exe |
"TCP Query User{5D2F1BFF-EFCA-4E39-8DC1-AC7FC6C8E549}C:\program files (x86)\warthunder\aces.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warthunder\aces.exe |
"TCP Query User{71B9E913-DB94-46FE-8C11-6C5832797F75}C:\program files (x86)\luckywire\luckywire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\luckywire\luckywire.exe |
"TCP Query User{77D4987A-AC25-428B-9ACB-1CBF920AD48E}C:\users\owner\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\akamai\netsession_win.exe |
"TCP Query User{7BD76936-67B7-4D1C-A661-593CBC604C5E}C:\program files\shareaza\shareaza.exe" = protocol=6 | dir=in | app=c:\program files\shareaza\shareaza.exe |
"TCP Query User{8D75B86D-1E4D-4D6B-B334-E3D3763E2B42}C:\program files (x86)\soulseekns\slsk.exe" = protocol=6 | dir=in | app=c:\program files (x86)\soulseekns\slsk.exe |
"TCP Query User{AF5782F4-29C7-4328-82E4-9B169F800C61}C:\users\owner\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe |
"TCP Query User{CC88F561-E8A6-4FD1-82FA-10E7F359F88B}C:\program files (x86)\luckywire\luckywire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\luckywire\luckywire.exe |
"TCP Query User{D5E10871-07D1-48E8-ABF8-801957270CE4}C:\program files (x86)\soulseekns\slsk.exe" = protocol=6 | dir=in | app=c:\program files (x86)\soulseekns\slsk.exe |
"TCP Query User{EA856CC0-C507-4E96-9579-0B129CD6273E}C:\users\owner\documents\vuze downloads\heroes over europe\heroes over europe\heroes2.exe" = protocol=6 | dir=in | app=c:\users\owner\documents\vuze downloads\heroes over europe\heroes over europe\heroes2.exe |
"UDP Query User{2B620B09-DBA9-490C-ACAE-A16901A87CE4}C:\program files (x86)\soulseekns\slsk.exe" = protocol=17 | dir=in | app=c:\program files (x86)\soulseekns\slsk.exe |
"UDP Query User{3511D6F4-DBE3-464F-94E6-A0F3E56238FC}C:\users\owner\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\akamai\netsession_win.exe |
"UDP Query User{3FE532E0-2092-40B0-8EF3-514E06282FE3}C:\program files (x86)\luckywire\luckywire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\luckywire\luckywire.exe |
"UDP Query User{543BF0B9-50DE-4A51-ADAF-42127F5D2E1C}C:\program files (x86)\soulseekns\slsk.exe" = protocol=17 | dir=in | app=c:\program files (x86)\soulseekns\slsk.exe |
"UDP Query User{5B1F5D6D-FADA-4145-A065-780B38405365}C:\program files (x86)\ubisoft\tom clancy's h.a.w.x\hawx.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's h.a.w.x\hawx.exe |
"UDP Query User{60DAFC93-C5F2-47EE-8694-E2A7C74D374F}C:\users\owner\documents\vuze downloads\heroes over europe\heroes over europe\heroes2.exe" = protocol=17 | dir=in | app=c:\users\owner\documents\vuze downloads\heroes over europe\heroes over europe\heroes2.exe |
"UDP Query User{6EF7121F-2748-44DE-9934-09E9807783DF}C:\games\world_of_warplanes\worldofwarplanes.exe" = protocol=17 | dir=in | app=c:\games\world_of_warplanes\worldofwarplanes.exe |
"UDP Query User{85081895-C77F-4E5F-8E89-A1561CB1F813}C:\program files\shareaza\shareaza.exe" = protocol=17 | dir=in | app=c:\program files\shareaza\shareaza.exe |
"UDP Query User{A5ED236A-1D30-45B6-A387-9C7C8EC401DF}C:\program files (x86)\warthunder\aces.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warthunder\aces.exe |
"UDP Query User{D71A3971-F5B8-4772-8D1D-5C8A37FD7FD7}C:\users\owner\documents\vuze downloads\heroes over europe\heroes over europe\heroes2.exe" = protocol=17 | dir=in | app=c:\users\owner\documents\vuze downloads\heroes over europe\heroes over europe\heroes2.exe |
"UDP Query User{DD128279-0910-48E0-9D6F-3530F804A54C}C:\users\owner\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe |
"UDP Query User{DD2FAD5B-3F81-4772-92C8-B3F9CE4DE016}C:\program files (x86)\luckywire\luckywire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\luckywire\luckywire.exe |
"UDP Query User{EFC2BCB0-E996-4868-9EFE-3254FCD32F5C}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{787136D2-F0F8-4625-AA3F-72D7795AC842}" = Apple Mobile Device Support
"{7C7A5A92-046C-A38C-AE0F-8F9CCA0F67A8}" = ATI Catalyst Install Manager
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{85FD0263-98BB-4B0E-990C-A31094DE8DDE}" = StudioTax 2011
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B8BA155B-1E75-405F-9CB4-8A99615D09DC}" = iTunes
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{BD90BC1C-115D-47E1-B85C-07AE182C3AB8}" = Smart Technology Programming Software 7.0.27.13
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240DD}" = WinZip 17.5
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{FD9560A8-CB02-1F28-CB9C-487244A28A8B}" = ccc-utility64
"KMSpico_is1" = KMSpico v9.2.2 RC
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0655C185-FD48-5EBA-484A-CD530291F44D}" = CCC Help Hungarian
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0A561DC3-36F0-4EBA-961D-531F82D053C9}" = Self-service Plug-in
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BF71387-5AFD-F71B-7353-3AEBD3E8F5F3}" = Catalyst Control Center Graphics Full Existing
"{0E1C256F-6B90-E5A5-F62E-5DAE1AEAE294}" = ccc-core-static
"{0EB183F5-17C6-45AA-96EC-888C615AD53C}" = Citrix Receiver (HDX Flash Redirection)
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11192AA7-FBE3-4150-9667-EE7279CCC769}" = LEGO® Indiana Jones™ 2
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B01541D-B1B8-8B7E-E82B-70551A1AF961}" = CCC Help Chinese Standard
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22139F5D-9405-455A-BDEB-658B1A4E4861}" = Catalyst Control Center - Branding
"{234AB115-C6C4-4ACB-A029-8845120E4F37}" = Online Plug-in
"{26070CDA-A7C5-2114-0533-38DE06C65E7F}" = CCC Help Polish
"{264FE20A-757B-492a-B0C3-4009E2997D8A}" = PictureMover
"{26A24AE4-039D-4CA4-87B4-2F83217040FF}" = Java 7 Update 55
"{2726B6FF-D8F9-8F29-2A7D-8192AAE79D3F}" = Catalyst Control Center Localization All
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3088B508-7EE1-EC64-4FFD-C4901378CE7D}" = CCC Help Russian
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3365E735-48A6-4194-9988-CE59AC5AE503}" = Bing Bar
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{36B6CCCF-97C3-4BC3-8890-A2E778C0037E}" = Citrix Receiver Updater
"{37334614-FAB1-4C67-9973-BC6C1DF82DAE}" = Citrix Receiver(USB)
"{3778B802-8E2C-04B0-2C1B-7C2A8F981824}" = CCC Help Finnish
"{398AB469-77FC-4935-820B-D419388C0A6A}" = LEGO® Batman™
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3F525B18-4DA5-447A-97E5-8F00EA9DF4B1}" = StudioTax 2013
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48CA048A-3C5B-391E-7FF0-F36F434CB1B6}" = CCC Help Thai
"{4956225B-6763-4944-9B70-E31403D1DFC9}" = Shareaza
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{504CC891-B140-4E1B-860B-5E4C1DFBA9E3}" = Blio
"{52CD3425-C5E8-C49D-B776-AC85F018C0F6}" = Catalyst Control Center Graphics Previews Vista
"{53469506-A37E-4314-A9D9-38724EC23A75}" = HP Setup
"{578FA426-47C0-4A3F-98A4-01ACD26B7556}" = LEGO Star Wars II
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{597CE475-4F62-89EE-A81E-DB509DA0CBB2}" = CCC Help English
"{5E7A925A-CCE1-4ED5-A0DD-4A821A3F9BC2}" = Catalyst Control Center Core Implementation
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{674DAE26-3C3C-2D20-1BB4-82B380142E78}" = CCC Help Greek
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{698BBAD8-B116-495D-B879-0F07A533E57F}" = Samsung Story Album Viewer
"{6A9EF47E-D49A-2EFC-20A1-A92DE7F826DF}" = CCC Help Czech
"{6C0A6B81-0D00-453F-B220-E1F7931B3C2A}" = LEGO® Star Wars™ III: The Clone Wars™
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E36A172-06FB-4BC8-B7FC-D30D219E6776}" = Tom Clancy's H.A.W.X
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.1.0
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App for HP
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A9C67EF-05A8-499F-56A2-C467A4FE6DEE}" = CCC Help Italian
"{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}" = Bing Desktop
"{7DA0C5CE-9817-CDB2-F061-F72D0CB6EEB3}" = CCC Help German
"{7DB63154-92A4-12AE-364F-DE9C7B459720}" = CCC Help Spanish
"{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}" = HP Support Information
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8D2A81D8-AABF-673B-08BE-EF7A80295F14}" = CCC Help French
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9013721D-0440-4CCF-81FC-D60DC138D412}" = Angry Birds Star Wars
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7C5B1ECD-FE93-4FB2-A51A-06451BA49969}" =
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{912CED74-88D3-4C5B-ACB0-13231864975E}" = PressReader
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9524C306-CC16-44A0-82AA-996409D1A059}" = Bad Piggies
"{981F6BCD-252E-6A64-9C6D-4E3B10B1B126}" = Catalyst Control Center InstallProxy
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A50DE037-B5C0-4C8A-8049-B0C576B313D1}" = Google+ Auto Backup
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7CEA571-43AC-95FE-4F08-22C401FC2824}" = CCC Help Japanese
"{A826CCC4-C0BA-97B4-F1DB-E68CD45D1133}" = CCC Help Danish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}" = Apple Application Support
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AAFD160A-2333-40D8-AA25-42D1989CA0F2}" = Toy Story 3
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{abc8eea4-29fa-3932-9612-e2122d8a62d9}}_is1" = War Thunder Launcher 1.0.1.340
"{ABD43F00-91CA-4BDC-A28E-CB3271A39386}" = Citrix Receiver(DV)
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.10)
"{AC9A3F48-8936-40CD-A0B2-7CFA76906143}" = Catalyst Control Center Graphics Full New
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = Compaq Setup Manager
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B68D391C-32C6-798E-C78F-83C1797B162A}" = CCC Help Swedish
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C9C763DF-F912-457F-A8BF-88E043BC45FE}" = Angry Birds Space
"{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}" = HP Support Assistant
"{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}" = CanoScan Toolbox Ver4.9
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D859D35F-E947-4F2A-8591-C76A4D116178}" = Dora Backpack
"{DC47D46D-8874-D83A-6612-9DA3175861B2}" = CCC Help Korean
"{DD60885C-0CBE-40D8-AA14-11D8EDD7D97C}" = Citrix Receiver Inside
"{DD811185-0A2F-460A-B1DD-D786E6034011}" = Citrix Receiver(Aero)
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update
"{DF09BCD9-3556-77A6-8984-1CA95F8E1078}" = CCC Help Portuguese
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0DE2996-A443-5FEA-30B7-9395E0F3A7CC}" = CCC Help Chinese Traditional
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E8FC7C4A-FE4E-4356-A1B7-4DC57620DD5C}" = Citrix Authentication Manager
"{E914A24F-2412-4374-B420-86D21D6D444A}" = LEGO Star Wars
"{EC1DCD6C-3AE0-42CE-8EAA-6886CC4400DC}" = Drome Racers
"{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1" = War Thunder Launcher 1.0.1.278
"{ed8deea4-29fe-1932-9612-e2122d8a62d9}}_is1" = War Thunder CDK 0.1
"{EDFA892D-594D-C921-35FF-B6E5CFD2487C}" = CCC Help Dutch
"{F0000C3B-FD74-4E5F-B574-CA4AB150E86F}" = Angry Birds
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F56BBEB1-E982-0A07-0004-1CBC8E5B534E}" = CCC Help Turkish
"{F600ED39-BA0C-A127-EAB7-057DF0A327E0}" = CCC Help Norwegian
"{F84B7A2F-2328-A610-89F6-2CC78CF00FFE}" = Catalyst Control Center Graphics Light
"{FD31CD68-1D2F-4F9C-8ACB-9A7806D53D3B}" = StudioTax 2012
"{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}" = LightScribe System Software
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Aimersoft Video Converter Ultimate_is1" = Aimersoft Video Converter Ultimate(Build 4.1.0.2)
"avast" = avast! Free Antivirus
"Avidemux 2.5" = Avidemux 2.5
"CitrixOnlinePluginPackWeb" = Citrix Receiver
"Coupon Printer for Windows5.0.0.2" = Coupon Printer for Windows
"DVD Flick_is1" = DVD Flick 1.3.0.7
"FastStone Image Viewer" = FastStone Image Viewer 4.5
"Google Chrome" = Google Chrome
"InstallShield_{11192AA7-FBE3-4150-9667-EE7279CCC769}" = LEGO® Indiana Jones™ 2: The Adventure Continues
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{398AB469-77FC-4935-820B-D419388C0A6A}" = LEGO® Batman™
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{578FA426-47C0-4A3F-98A4-01ACD26B7556}" = LEGO Star Wars II
"InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}" = Samsung Story Album Viewer
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"InstallShield_{E914A24F-2412-4374-B420-86D21D6D444A}" = LEGO Star Wars
"Mozilla Firefox 29.0.1 (x86 en-US)" = Mozilla Firefox 29.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PDF Complete" = PDF Complete Special Edition
"PhotoScape" = PhotoScape
"Picasa 3" = Picasa 3
"PowerISO" = PowerISO
"Soulseek2" = SoulSeek 157 NS 13e
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.3
"WildTangent hp Master Uninstall" = HP Games
"Windows Scheduler_is1" = System Scheduler 4.12
"WinLiveSuite" = Windows Live Essentials
"WT087328" = Blackhawk Striker 2
"WT087330" = Bounce Symphony
"WT087343" = Dora's World Adventure
"WT087361" = FATE
"WT087362" = Final Drive Nitro
"WT087394" = Penguins!
"WT087395" = Poker Superstars III
"WT087396" = Polar Bowler
"WT087397" = Polar Golfer
"WT087428" = Bejeweled 2 Deluxe
"WT087453" = Chuzzle Deluxe
"WT087501" = Plants vs. Zombies
"WT087533" = Zuma Deluxe
"WT089299" = Mystery P.I. - The London Caper
"WT089300" = World Cup Cricket 20-20
"WT089307" = Virtual Villagers 4 - The Tree of Life
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089359" = Cake Mania
"WT089362" = Agatha Christie - Peril at End House
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}" = ROBLOX Studio 2013 for Owner
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = ROBLOX Player for Owner
"Akamai" = Akamai NetSession Interface
"MyFreeCodec" = MyFreeCodec
"UnityWebPlayer" = Unity Web Player
"WeatherEye" = WeatherEye
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 06/06/2014 8:23:01 AM | Computer Name = Owner-HP | Source = Application Error | ID = 1000
Description = Faulting application name: Service_KMS.exe, version: 13.0.0.0, time
stamp: 0x5312d36b Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0x00000000 Fault offset: 0x000007fe96360368 Faulting process id: 0xacc Faulting
application start time: 0x01cf8181ea38ccc8 Faulting application path: C:\Program
Files\KMSpico\Service_KMS.exe Faulting module path: unknown Report Id: 4cbc8aaf-ed75-11e3-bd39-6431503ceaa3
Error - 06/06/2014 9:03:40 AM | Computer Name = Owner-HP | Source = SideBySide | ID = 16842761
Description = Activation context generation failed for "C:\Program Files\WinZip\adxloader.dll.Manifest".Error
in manifest or policy file "C:\Program Files\WinZip\adxloader.dll.Manifest" on
line 2. The manifest file root element must be assembly.
Error - 07/06/2014 8:25:40 AM | Computer Name = Owner-HP | Source = Application Error | ID = 1000
Description = Faulting application name: Service_KMS.exe, version: 13.0.0.0, time
stamp: 0x5312d36b Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0x00000000 Fault offset: 0x000007fe975a0368 Faulting process id: 0x920 Faulting
application start time: 0x01cf824b6f6d5886 Faulting application path: C:\Program
Files\KMSpico\Service_KMS.exe Faulting module path: unknown Report Id: d5a66e2e-ee3e-11e3-bc90-6431503ceaa3
Error - 07/06/2014 10:25:55 AM | Computer Name = Owner-HP | Source = SideBySide | ID = 16842761
Description = Activation context generation failed for "C:\Program Files\WinZip\adxloader.dll.Manifest".Error
in manifest or policy file "C:\Program Files\WinZip\adxloader.dll.Manifest" on
line 2. The manifest file root element must be assembly.
Error - 08/06/2014 10:02:29 AM | Computer Name = Owner-HP | Source = Application Error | ID = 1000
Description = Faulting application name: Service_KMS.exe, version: 13.0.0.0, time
stamp: 0x5312d36b Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0x00000000 Fault offset: 0x000007fe976d0368 Faulting process id: 0x960 Faulting
application start time: 0x01cf832223dc1ed2 Faulting application path: C:\Program
Files\KMSpico\Service_KMS.exe Faulting module path: unknown Report Id: 86dad3c0-ef15-11e3-b15e-6431503ceaa3
Error - 08/06/2014 10:18:26 AM | Computer Name = Owner-HP | Source = Application Error | ID = 1000
Description = Faulting application name: LEGOCloneWars.exe, version: 1.0.0.0, time
stamp: 0x4d5abe1c Faulting module name: LEGOCloneWars.exe, version: 1.0.0.0, time
stamp: 0x4d5abe1c Exception code: 0xc0000005 Fault offset: 0x00572c2b Faulting process
id: 0x1590 Faulting application start time: 0x01cf8322ec3b2eab Faulting application
path: C:\Program Files (x86)\LucasArts\LEGO Clone Wars\LEGOCloneWars.exe Faulting
module path: C:\Program Files (x86)\LucasArts\LEGO Clone Wars\LEGOCloneWars.exe
Report
Id: c0e96aa1-ef17-11e3-b15e-6431503ceaa3
Error - 08/06/2014 11:43:58 AM | Computer Name = Owner-HP | Source = SideBySide | ID = 16842761
Description = Activation context generation failed for "C:\Program Files\WinZip\adxloader.dll.Manifest".Error
in manifest or policy file "C:\Program Files\WinZip\adxloader.dll.Manifest" on
line 2. The manifest file root element must be assembly.
Error - 09/06/2014 8:27:49 AM | Computer Name = Owner-HP | Source = Application Error | ID = 1000
Description = Faulting application name: Service_KMS.exe, version: 13.0.0.0, time
stamp: 0x5312d36b Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0x00000000 Fault offset: 0x000007fe96310368 Faulting process id: 0x940 Faulting
application start time: 0x01cf83de0bab31b0 Faulting application path: C:\Program
Files\KMSpico\Service_KMS.exe Faulting module path: unknown Report Id: 77d37375-efd1-11e3-afbd-6431503ceaa3
Error - 09/06/2014 9:37:01 AM | Computer Name = Owner-HP | Source = SideBySide | ID = 16842761
Description = Activation context generation failed for "C:\Program Files\WinZip\adxloader.dll.Manifest".Error
in manifest or policy file "C:\Program Files\WinZip\adxloader.dll.Manifest" on
line 2. The manifest file root element must be assembly.
Error - 10/06/2014 9:42:45 AM | Computer Name = Owner-HP | Source = SideBySide | ID = 16842761
Description = Activation context generation failed for "C:\Program Files\WinZip\adxloader.dll.Manifest".Error
in manifest or policy file "C:\Program Files\WinZip\adxloader.dll.Manifest" on
line 2. The manifest file root element must be assembly.
Error - 10/06/2014 3:41:57 PM | Computer Name = Owner-HP | Source = Application Error | ID = 1000
Description = Faulting application name: Service_KMS.exe, version: 13.0.0.0, time
stamp: 0x5312d36b Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0x00000000 Fault offset: 0x000007fe98240368 Faulting process id: 0x96c Faulting
application start time: 0x01cf84e3f96eebbe Faulting application path: C:\Program
Files\KMSpico\Service_KMS.exe Faulting module path: unknown Report Id: 48026c88-f0d7-11e3-9dcb-6431503ceaa3
[ Hewlett-Packard Events ]
Error - 25/04/2014 8:25:32 PM | Computer Name = Owner-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 2815 Ram Utilization: 60 TargetSite: Void UpdateAndDetect()
Error - 02/05/2014 8:50:54 AM | Computer Name = Owner-HP | Source = HPSF.exe | ID = 4000
Description =
Error - 02/05/2014 8:53:09 AM | Computer Name = Owner-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 2815 Ram Utilization: 70 TargetSite: Void UpdateAndDetect()
Error - 02/05/2014 8:15:49 PM | Computer Name = Owner-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088hpsa_service.exe at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 2815 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()
Error - 09/05/2014 8:43:38 PM | Computer Name = Owner-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 2815 Ram Utilization: 60 TargetSite: Void UpdateAndDetect()
Error - 12/05/2014 2:09:03 PM | Computer Name = Owner-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 2815 Ram Utilization: 60 TargetSite: Void UpdateAndDetect()
Error - 16/05/2014 8:16:29 PM | Computer Name = Owner-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 2815 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()
Error - 23/05/2014 8:56:07 PM | Computer Name = Owner-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 2815 Ram Utilization: 70 TargetSite: Void UpdateAndDetect()
Error - 30/05/2014 8:24:21 PM | Computer Name = Owner-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 2815 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()
Error - 02/06/2014 8:57:51 AM | Computer Name = Owner-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 2815 Ram Utilization: 60 TargetSite: Void UpdateAndDetect()
[ Media Center Events ]
Error - 11/04/2012 5:56:47 PM | Computer Name = Owner-HP | Source = MCUpdate | ID = 0
Description = 3:56:47 PM - Failed to retrieve Directory (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)
Error - 11/04/2012 5:57:12 PM | Computer Name = Owner-HP | Source = MCUpdate | ID = 0
Description = 3:57:11 PM - Failed to retrieve ClientUpdate (Error: The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS secure
channel.)
Error - 11/04/2012 5:57:13 PM | Computer Name = Owner-HP | Source = MCUpdate | ID = 0
Description = 3:57:12 PM - Failed to retrieve MCESpotlight (Error: The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS secure
channel.)
Error - 27/11/2012 10:11:28 AM | Computer Name = Owner-HP | Source = MCUpdate | ID = 0
Description = 7:11:28 AM - Failed to retrieve MCESpotlight (Error: The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS secure
channel.)
[ System Events ]
Error - 05/06/2014 8:39:04 AM | Computer Name = Owner-HP | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Service
KMSELDI service to connect.
Error - 05/06/2014 8:39:04 AM | Computer Name = Owner-HP | Source = Service Control Manager | ID = 7000
Description = The Service KMSELDI service failed to start due to the following error:
%%1053
Error - 06/06/2014 8:23:27 AM | Computer Name = Owner-HP | Source = Service Control Manager | ID = 7034
Description = The Service KMSELDI service terminated unexpectedly. It has done
this 1 time(s).
Error - 06/06/2014 1:24:00 PM | Computer Name = Owner-HP | Source = DCOM | ID = 10010
Description =
Error - 07/06/2014 8:26:35 AM | Computer Name = Owner-HP | Source = Service Control Manager | ID = 7034
Description = The Service KMSELDI service terminated unexpectedly. It has done
this 1 time(s).
Error - 08/06/2014 10:03:27 AM | Computer Name = Owner-HP | Source = Service Control Manager | ID = 7034
Description = The Service KMSELDI service terminated unexpectedly. It has done
this 1 time(s).
Error - 09/06/2014 8:28:15 AM | Computer Name = Owner-HP | Source = Service Control Manager | ID = 7034
Description = The Service KMSELDI service terminated unexpectedly. It has done
this 1 time(s).
Error - 10/06/2014 8:37:51 AM | Computer Name = Owner-HP | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Service
KMSELDI service to connect.
Error - 10/06/2014 8:37:51 AM | Computer Name = Owner-HP | Source = Service Control Manager | ID = 7000
Description = The Service KMSELDI service failed to start due to the following error:
%%1053
Error - 10/06/2014 3:42:09 PM | Computer Name = Owner-HP | Source = Service Control Manager | ID = 7034
Description = The Service KMSELDI service terminated unexpectedly. It has done
this 1 time(s).
< End of report >
gigglepot
2014-06-10, 23:22
Oh, and I should have told you, I didn't uninstall Vuze or uTorrent, I didn't really know how to back things up so I hope it doesn't mess things up for you.
Thank you.
Hi gigglepot,
I didn't uninstall Vuze or uTorrent, I didn't really know how to back things up so I hope it doesn't mess things up for you.
No it's not a problem, thanks for letting me know.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye2_zpse2245433.png.html) Run OTL.exe
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = dynhost.inetcam.com;register.inetcam.com;*.local;127.0.0.1:9421;<local>
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe (Leader Technologies)
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\RazaWebHook32.dll/3000 File not found
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\RazaWebHook32.dll/3000 File not found
:Commands
[purity]
[createrestorepoint]
[emptytemp]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye2_zpse2245433.png.html) Disable Plug-ins in Google Chrome
Click the Chrome menu http://i1269.photobucket.com/albums/jj590/OCD-WTT/chromebrowsertoolbar.png on the browser toolbar.
Select Tools > Extensions.
Locate the following extensions and click the trash can icon to remove:
RobOSaveer
NNextCoUp
BuestSaveForYOu
Exit Chrome settings menu.
=========================
In your next post please provide the following:
OTL fix log
How is the computer running?
gigglepot
2014-06-11, 15:53
Hello, two questions........should I just uninstall Chrome? I never use it. And, do I change any of the settings in OTL like I did last time?
Hi gigglepot,
should I just uninstall Chrome? I never use it. And, do I change any of the settings in OTL like I did last time?
You can uninstall Chrome, if that is what you'd prefer. And no, just run the OTL fix as outlined in the instructions. There is no need to make any changes to the settings.
gigglepot
2014-06-12, 06:20
Here is the OTL.Txt Fix Log:
All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe moved successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Add to Google Photos Screensa&ver\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download with &Shareaza\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download with &Shareaza\ not found.
========== COMMANDS ==========
Restore point Set: OTL Restore Point
[EMPTYTEMP]
User: Administrator
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33234 bytes
->Flash cache emptied: 57472 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Guest
User: HomeGroupUser$
User: Owner
->Temp folder emptied: 18807322 bytes
->Temporary Internet Files folder emptied: 696461569 bytes
->Java cache emptied: 561924 bytes
->FireFox cache emptied: 218635090 bytes
->Google Chrome cache emptied: 59668558 bytes
->Flash cache emptied: 126819 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 123174290 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 18402946 bytes
RecycleBin emptied: 9510409203 bytes
Total Files Cleaned = 10,153.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 06112014_210306
Files\Folders moved on Reboot...
C:\Users\Owner\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Owner\AppData\Local\Temp\~DF103808B652C98BAD.TMP not found!
File\Folder C:\Users\Owner\AppData\Local\Temp\~DF2889B25BC6BAB4CF.TMP not found!
File\Folder C:\Users\Owner\AppData\Local\Temp\~DF8288DC497DC55EB9.TMP not found!
File\Folder C:\Users\Owner\AppData\Local\Temp\~DFA36AFBD25E13AE7C.TMP not found!
File\Folder C:\Users\Owner\AppData\Local\Temp\~DFB50625EBA34D69BF.TMP not found!
File\Folder C:\Users\Owner\AppData\Local\Temp\~DFBCA55F174AB2B49A.TMP not found!
File\Folder C:\Users\Owner\AppData\Local\Temp\~DFC53A15E8F170EF13.TMP not found!
File\Folder C:\Users\Owner\AppData\Local\Temp\~DFDC7FAB0709D80CA7.TMP not found!
File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
The computer seems to be working great! No more weird pop-ups in my Firefox, no more weird installed programs on Wednesday mornings!!!
Do you think I am done? If I am, which processes should I repeat in the future? Should I run AdwCleaner often?
I usually just run SpyBot Thursday mornings and have my Avast on all the time.
Hi gigglepot,
The computer seems to be working great! No more weird pop-ups in my Firefox, no more weird installed programs on Wednesday mornings!!!
Do you think I am done?
It's important that you follow through with the remainder of the steps I will outline. Absence of symptoms doesn't necessarily translate into malware free. We are making progress so please stay with me until I give you the "all clean" sign. :bigthumb:
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Malwarebytes' Anti-Malware
Download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) (save it to your desktop).
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Once the program has loaded, select the Update tab to get the latest updates before performing the scan.
Select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) ESET Online Scanner
*Note:
It is recommended to disable on-board antivirus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your anti-spyware programs.
** You need to run your browser with Administrator Rights, to do so right click your browsers short cut and select "Run as Administrator".
= = = = = = = = = = = = = = = = = = = =
Go here to run ESET Online Scanner (http://www.eset.eu/online-scanner)
(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Disable your Antivirus software. You can usually do this with its Notification Tray icon near the clock
Click Start
Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is Checked.
Click Scan.
Wait for the scan to finish.
When the scan completes, click List of found threats
click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
Include the contents of this report in your next reply
Note - when ESET doesn't find any threats, no report will be created.
Push the back button.
Push Finish
Re-enable your Antivirus software.
=========================
In your next post please provide the following:
MBAM log
ESET's log.txt
gigglepot
2014-06-12, 07:43
Oh yes, of course! I will do those next steps tomorrow (just didn't want you to think I'd checked out)! :o)
gigglepot
2014-06-12, 18:26
I downloaded and installed MalwareBytes and updated too, but cannot find the button that says Perform Quick Scan. I clicked "Scan" up top and the only options I see are Threat Scan, Custom Scan and Hyper Scan. Threat Scan seems to be pretty comprehensive and covers everything, the Hyper Scan seems a lot quicker. Which should I choose?
Hi gigglepot,
Malwarebytes' has changed the GUI and I need to update my instructions to reflect that, sorry for the confusion. :oops:
Choose the Threat Scan option. :)
gigglepot
2014-06-12, 22:09
I completed the Threat Scan and there is no option to "Remove Selected". My options are: Quarantine, Add Exclusion and Ignore Once.
Which do I choose please?
Hi gigglepot,
Sorry, Quarantine
gigglepot
2014-06-13, 04:56
Sorry to be difficult, just trying to follow the steps.....after I Quarantined the results, I had to reboot. I did and then what do I do? I re-opened Malwarebytes and tried to find the Show Results, but there isn't any. I went to History, to try and get the log and save it somewhere convenient but didn't find a "save log" feature. But I did see where I can check mark the 4 items that showed up and can be selected and deleted. Should I do that? But then how do I get the log to post here and show you?
Hi gigglepot,
Open Malwarebytes' click the History tab
Select Application Logs from the menu to the left
Locate the most recent scan log and double click to open
At the bottom of the GUI locate the Export drop-down menu
Export the file as a .txt file, name the file and save it to your desktop.
Include the MBAM log in your next reply.
gigglepot
2014-06-13, 15:30
Here is the MBAM.txt file:
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 12/06/2014
Scan Time: 12:19:16 PM
Logfile: MBAM.txt
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.06.12.09
Rootkit Database: v2014.06.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Owner
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 312993
Time Elapsed: 36 min, 29 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 3
PUP.Optional.TopArcadeHits.A, HKU\S-1-5-21-179166284-1700762968-3849658672-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{CF190686-9E72-403C-B99D-682ABDB63C5B}, Quarantined, [7029492e0e6d280e0444a0d4f9095ea2],
PUP.Optional.TopArcadeHits.A, HKU\S-1-5-21-179166284-1700762968-3849658672-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{CF190686-9E72-403C-B99D-682ABDB63C5B}, Quarantined, [7029492e0e6d280e0444a0d4f9095ea2],
PUP.Optional.CouponCompanion.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pbkdpahkifcigckmhiafindmaflfifgm, Quarantined, [c1d83c3b6d0e9d9909bfa00afd05c13f],
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 1
PUP.Optional.MultiPlug.A, C:\Windows\SysWOW64\setup.exe, Quarantined, [8712a1d6cab1a096c8b42f16a25e0ff1],
Physical Sectors: 0
(No malicious items detected)
(end)
Hi gigglepot,
How is the computer running, any symptoms or issues?
gigglepot
2014-06-13, 20:21
I ran the ESETScan and am just wondering, how could there be so many threats still? I thought the other scans took care of so many things. And I see YouTubeAdBlocker is on this list......but I thought I got rid of it in a previous scan? So confusing to me, hope I'm doing it all correctly.
Here is the ESETScan.txt file:
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\CT3298581\plugins\TBVerifier.dll.vir Win32/Toolbar.Conduit.AC potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\ConduitEngine\ConduitEngine.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SW-Booster\Assistant_x64.dll.vir a variant of Win64/SProtector.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\uTorrentBar\tbuTor.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\ExsttraSSaevinags\1qC.dll.vir a variant of Win32/AdWare.MultiPlug.N application
C:\AdwCleaner\Quarantine\C\ProgramData\saave net\wnLAlG5.exe.vir a variant of Win32/AdWare.MultiPlug.Y application
C:\AdwCleaner\Quarantine\C\ProgramData\saavee onett\77CMT.exe.vir a variant of Win32/AdWare.MultiPlug.Y application
C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application
C:\AdwCleaner\Quarantine\C\ProgramData\YoutubeAdblocker\lHBgJ.exe.vir a variant of Win32/AdWare.MultiPlug.Y application
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\iehjklkgijkjfcfmmjmjlmcccholamaf\10.26.0.540_0\APISupport\APISupport.dll.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\iehjklkgijkjfcfmmjmjlmcccholamaf\10.26.0.540_0\nativeMessaging\TBMessagingHost.exe.vir Win32/Toolbar.Conduit.AH potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Local\NativeMessaging\CT3298581\1_0_0_4\TBMessagingHost.exe.vir Win32/Toolbar.Conduit.AH potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Local\SwvUpdater\Updater.exe.vir a variant of Win32/Amonetize.AM potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Local\TBHostSupport\TBHostSupport.dll.vir a variant of Win32/Toolbar.Conduit.AA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\LocalLow\Vuze_Remote\tbVuze.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\Program Files (x86)\WinMX Music\Shared\winmx_music_free.exe Win32/Adware.Webhancer.A application
C:\ProgramData\InstallMate\{2FCEB00C-C231-49DE-AB35-8A13F42D92FA}\Custom.dll Win32/InstalleRex.M potentially unwanted application
C:\ProgramData\InstallMate\{476D7EBB-9585-421F-A0F4-DDA79C8E5C4D}\Custom.dll Win32/InstalleRex.M potentially unwanted application
C:\ProgramData\InstallMate\{6C53E029-E377-4E34-ACDF-AB55B7B0C2DF}\Custom.dll Win32/InstalleRex.M potentially unwanted application
C:\ProgramData\InstallMate\{A287A284-7356-4DAA-AF41-3B7479648072}\Custom.dll Win32/InstalleRex.M potentially unwanted application
C:\ProgramData\InstallMate\{C32FAE51-580F-46C7-A42C-102D18CC8CA7}\Custom.dll Win32/InstalleRex.M potentially unwanted application
C:\ProgramData\Spybot - Search & Destroy\Recovery\myPCBackup.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\Wajam33.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\Wajam65.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\WebCakeBHO16.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\WebCakeBHO7.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\WinDownloadergen.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\InstallMate\{2FCEB00C-C231-49DE-AB35-8A13F42D92FA}\Custom.dll Win32/InstalleRex.M potentially unwanted application
C:\Users\All Users\InstallMate\{476D7EBB-9585-421F-A0F4-DDA79C8E5C4D}\Custom.dll Win32/InstalleRex.M potentially unwanted application
C:\Users\All Users\InstallMate\{6C53E029-E377-4E34-ACDF-AB55B7B0C2DF}\Custom.dll Win32/InstalleRex.M potentially unwanted application
C:\Users\All Users\InstallMate\{A287A284-7356-4DAA-AF41-3B7479648072}\Custom.dll Win32/InstalleRex.M potentially unwanted application
C:\Users\All Users\InstallMate\{C32FAE51-580F-46C7-A42C-102D18CC8CA7}\Custom.dll Win32/InstalleRex.M potentially unwanted application
C:\Users\All Users\Spybot - Search & Destroy\Recovery\myPCBackup.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\Wajam33.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\Wajam65.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\WebCakeBHO16.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\WebCakeBHO7.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\WinDownloadergen.zip Win32/Bagle.gen.zip worm
C:\Users\Owner\Documents\Vuze Downloads\Sinister {2012} DVDRIP. Jaybob\Jaybob's_Movies_Toolbar_Internet Explorer.exe a variant of Win32/Toolbar.Conduit.B potentially unwanted application
gigglepot
2014-06-13, 20:32
Oh, and forgot to answer your question, computer is running perfectly fine, no issues, no weird pop-ups, no unintentional software installed in Programs and Features. That's why I was confused about having so many threats on the ESETScan.
Hi gigglepot,
Don't be alarmed you are doing just fine. Many of the items listed in the ESET scan are in a quarantine folder and pose no threat to your system. We will clean those out at the end when we get ready to wrap things up.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye2_zpse2245433.png.html) Run OTL.exe
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:Files
C:\Program Files (x86)\WinMX Music
C:\Users\Owner\Documents\Vuze Downloads\Sinister {2012} DVDRIP. Jaybob\Jaybob's_Movies_Toolbar_Internet Explorer.exe
:Commands
[purity]
[createrestorepoint]
[emptytemp]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
=========================
In your next post please provide the following:
OTL fix log
Any remaining issues not addressed?
gigglepot
2014-06-16, 19:34
Here is the OTL fix log file:
All processes killed
========== FILES ==========
C:\Program Files (x86)\WinMX Music\Shared folder moved successfully.
C:\Program Files (x86)\WinMX Music folder moved successfully.
C:\Users\Owner\Documents\Vuze Downloads\Sinister {2012} DVDRIP. Jaybob\Jaybob's_Movies_Toolbar_Internet Explorer.exe moved successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point
[EMPTYTEMP]
User: Administrator
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Guest
User: HomeGroupUser$
User: Owner
->Temp folder emptied: 1025507 bytes
->Temporary Internet Files folder emptied: 24981843 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 190359898 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1134 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 116718759 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33255 bytes
RecycleBin emptied: 13584579 bytes
Total Files Cleaned = 331.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 06162014_102209
Files\Folders moved on Reboot...
C:\Users\Owner\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Owner\AppData\Local\Temp\~DF08BA292E8FDDF90A.TMP not found!
File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
So far so good, no issues with the computer.
Hi gigglepot,
Congratulations, your log appears to be clean. :bigthumb:
We have a few items to take care of before we get to the All Clean Speech.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Clean up with OTL:
Right-click OTL.exe select "Run as Administrator" to start the program.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CLEANUP button
Say Yes to the prompt and then allow the program to reboot your computer.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Removing/Uninstalling AdwCleaner:
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Click on the Uninstall button.
Click Yes when asked are you sure you want to uninstall.
Both AdwCleaner.exe, its folder and all logs will be removed.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) You can now delete any tools and/or logs remaining on your desktop.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Uninstall via Programs and Features
Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:
Adobe Reader 10.1.10
Java 10 Update 55
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Adobe Reader:
Go to http://get.adobe.com/reader/otherversions/
Use the drop down menu's to select your operating system
Select your language > Select The current version of Adobe Reader for your language
Remove the check mark from the box "Free! McAfee Security Scan Plus"
Click the Download button, and follow the onscreen directions to complete the installation.
Please note, depending on your settings, you may have to temporarily disable your antivirus software for the Adobe Reader update.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Update Java
Get the current version of Java (Version 7 Update 60) by going to http://java.com/en/download/installed.jsp
Select the Verify Java Version button and follow the onscreen instructions to update if necessary.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Delete All But the Most Recent Restore Point
Open Disk Cleanup by clicking the Start button http://i1269.photobucket.com/albums/jj590/OCD-WTT/start.jpg. In the search box, type Disk Cleanup, and then, in the list of results, click Disk Cleanup.
If prompted, select the drive that you want to clean up, and then click OK.
In the Disk Cleanup for (drive letter) dialog box, click Clean up system files. http://i1269.photobucket.com/albums/jj590/OCD-WTT/adminshield.jpg Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
If prompted, select the drive that you want to clean up, and then click OK.
Click the More Options tab, under System Restore and Shadow Copies, click Clean up.
In the Disk Cleanup dialog box, click Delete.
Click Delete Files, and then click OK.
=========================
With the above items taken care of let's move on to the All Clean part of the process.
The following procedures are recommendations for helping to keep your system running smoothly. If you are currently satisfied with how your system is running some or all of these may not pertain to you. Implement what you need.
This infection appears to have been cleaned, but I can not give you any absolute guarantees. As a precaution, I would go ahead and change all of your passwords as this is especially important after an infection.
Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.
Here are some tips to reduce the potential for spyware infection in the future:
Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
Make your Mozilla Firefox more secure - This can be done by adding these add-ons:
NoScript (https://addons.mozilla.org/en-US/firefox/addon/noscript/?src=ss)
AdBlockPlus (https://addons.mozilla.org/en-US/firefox/addon/adblock-plus/)
Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.
Free Anti-Virus
Avast Free Antivirus (http://download.cnet.com/Avast-Free-Antivirus/3000-2239_4-10019223.html)
Avira Free Antivirus 2013 (http://download.cnet.com/Avira-Free-Antivirus-2013/3000-2239_4-10322935.html)
PC Tools AntiVirus Free (http://download.cnet.com/PC-Tools-AntiVirus-Free/3000-2239_4-10625067.html)
Ad-Aware Free Antivirus + (http://download.cnet.com/Ad-Aware-Free-Antivirus/3000-8022_4-10045910.html)
Free Firewall
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. A tutorial on firewalls can be found here (http://www.bleepingcomputer.com/forums/tutorial60.html).
Online Armor Free (http://download.cnet.com/Online-Armor-Free/3000-10435_4-10426782.html)
Agnitum Outpost Firewall Free (http://download.cnet.com/Agnitum-Outpost-Firewall-Free/3000-10435_4-10913746.html)
Comodo Firewall (http://download.cnet.com/Comodo-Firewall/3000-10435_4-75181464.html)
Make sure you keep your Windows OS current. Windows XP users can visit Windows update (http://v4.windowsupdate.microsoft.com/en/default.asp) regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems. Without these you are leaving the back door open.
Consider a custom hosts file such as MVPS HOSTS (http://www.mvps.org/winhelp2002/hosts.htm). This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial by WinHelp2002 (http://www.mvps.org/winhelp2002/hosts.htm)
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.
WOT (http://www.mywot.com/) (Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites. WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.
Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place? (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.
gigglepot
2014-06-17, 21:26
Hello, do I need to uninstall AdwCleaner? What if I need to use it again in the future?
gigglepot
2014-06-17, 21:28
Oh, and do I just delete the icons on the desk top for the other tools or should I uninstall them in Programs and Features?
Hi gigglepot,
We generally remove all tools as a rule of thumb, but you can skip the AdwCleaner step if you would like to keep it.
As far as the remainder of the tools are concerned, they generally won't show in the Program & Features menu but if they do remove them that way. Otherwise, just delete them from the desktop.
gigglepot
2014-06-17, 21:49
I went to go see if things can be deleted on the Programs and Features and the only one there was MalwareBytes, BUT......a whole bunch of other things were re-installed with yesterday's date.......Picasa, Photoscape, VLC, so many, nothing new, just programs I've already had, but somehow installed with yesterday's date. Was that something I did with OTL?
gigglepot
2014-06-17, 22:17
I don't have Java 10 Update 55........I have Java 7 Update 55. Get rid of it?
Also, I uninstalled Adobe but not everyhting "Adobe" disappeared.......I still have:
Adobe AIR
Adobe Flash Player 13 Active X
Adobe Flash Player 13 Plugin.
Do I get rid of them too?
gigglepot
2014-06-17, 22:52
If I install a Firewall, will I not be able to use Vuze and uTorrent?
gigglepot
2014-06-17, 22:55
Wow, I guess I already have Windows Firewall running. Goes to show how much I know about my computer. Lol, disregard my last post.
Hi gigglepot,
I went to go see if things can be deleted on the Programs and Features and the only one there was MalwareBytes, BUT......a whole bunch of other things were re-installed with yesterday's date.......Picasa, Photoscape, VLC, so many, nothing new, just programs I've already had, but somehow installed with yesterday's date. Was that something I did with OTL?
I honestly don't know why the dates have changed, maybe the programs we recently updated.
I don't have Java 10 Update 55........I have Java 7 Update 55. Get rid of it?
Also, I uninstalled Adobe but not everyhting "Adobe" disappeared.......I still have:
Adobe AIR
Adobe Flash Player 13 Active X
Adobe Flash Player 13 Plugin.
Do I get rid of them too?
That was my mistake. Java 7 Update 55 is to be removed and will be replaced with Java 7 Update 60.
Do not remove the other Adobe products, they are separate programs and are probably in use by other software you are currently using
If I install a Firewall, will I not be able to use Vuze and uTorrent?
No, a firewall won't stop you from using those programs.
gigglepot
2014-06-17, 23:23
I just read that Windows Firewall isn't good enough.....so back to my original question, will I still be able to use Vuze and uTorrent if I install Online Armor?
gigglepot
2014-06-17, 23:38
I downloaded and installed SuperAnti Spyware (found in the link "how did I get infected in the first place"), ran the scan and found 340 Threats detected under Adware.Tracking Cookies. Should I have done this?
Hi gigglepot,
I just read that Windows Firewall isn't good enough.....so back to my original question, will I still be able to use Vuze and uTorrent if I install Online Armor?
Where did you read that the Windows Firewall is not good enough?
If you install a different FW you may need to "train" the new firewall to allow those programs to access the internet. But that shouldn't prevent you from using either program.
I downloaded and installed SuperAnti Spyware (found in the link "how did I get infected in the first place"), ran the scan and found 340 Threats detected under Adware.Tracking Cookies. Should I have done this?
Yes, that's fine. Each time you visit a website, that sites places what is called a "cookie" on your computer so it can remember you the next time you visit. They are fairly harmless & SuperAntiSpyware will remove these items very well.
gigglepot
2014-06-18, 00:16
This is what is posted on the link "How did I get infected in the first place":
10.) It is critical that you use a firewall to protect your computer from hackers. We don't recommend the firewall that comes built in to Windows. It doesn't block everything that may try to get in, and the entire firewall is written to the registry. As various kinds of malware hack the Registry in order to disable the Windows firewall, it's far preferable to install one of the excellent third party solutions. Three good ones that are freeware are OnlineArmor, Outpost Firewall Free, and Sunbelt Personal Firewall.
That's why I thought I should install another one, but would prefer not to if I don't have to.
gigglepot
2014-06-18, 00:23
This is an error message I got when I tried to click on the link that gave a tutorial for Firewalls.
Javascript Disabled Detected
You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.
Hi gigglepot,
This is what is posted on the link "How did I get infected in the first place":
10.) It is critical that you use a firewall to protect your computer from hackers. We don't recommend the firewall that comes built in to Windows. It doesn't block everything that may try to get in, and the entire firewall is written to the registry. As various kinds of malware hack the Registry in order to disable the Windows firewall, it's far preferable to install one of the excellent third party solutions. Three good ones that are freeware are OnlineArmor, Outpost Firewall Free, and Sunbelt Personal Firewall.
That's why I thought I should install another one, but would prefer not to if I don't have to.
That post probably should be updated. That post was made back in 2005. Windows has improved it's Firewall and it's capabilities since then. Rest assured that the windows Firewall is a good product and can be relied upon to protect your computer. Some people just prefer to use a 3rd party firewall.
This is an error message I got when I tried to click on the link that gave a tutorial for Firewalls.
Javascript Disabled Detected
You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.
How to enable JavaScript : http://www.enable-javascript.com/
Firewall Tutorial : http://www.bleepingcomputer.com/tutorials/understanding-and-using-firewalls/
gigglepot
2014-06-18, 04:52
Sigh, I could swear it said I needed to enable Java Script. So I did the about:config, it was already "true". So I went back to your most recent post and clicked on the Understanding and using Firewalls, and it worked this time! So I went back to the original post you said to click on ("Free Firewalls.....A tutorial of firewalls can be found here") and it didn't work so I'm guessing that link wasn't good :o) All is good now.
gigglepot
2014-06-18, 04:55
About SuperAnti Spyware.....should I delete those 340 cookies or does the program automatically do that for me after it's done scanning?
Hi gigglepot,
http://i1269.photobucket.com/albums/jj590/OCD-WTT/SASResults_zps1856e29b.gif (http://s1269.photobucket.com/user/OCD-WTT/media/SASResults_zps1856e29b.gif.html)
http://i1269.photobucket.com/albums/jj590/OCD-WTT/SASRemoveThreats_zps90adf3a4.gif (http://s1269.photobucket.com/user/OCD-WTT/media/SASRemoveThreats_zps90adf3a4.gif.html)
gigglepot
2014-06-18, 07:33
Ok, great, thank you! Everything seems to be working and I've completed all the steps. What do I need to do next?
After reading "How did I get infected in the first place", I downloaded and installed WOT, AdBlock Plus and NoScript. Should I have done this? Do I need these ad-ons? I'm not sure how they work, and if I need to do anything with them, especially NoScript.....I get a capital S with a crossed out red circle in it with options to choose when I click on the S. I'm not too comfortable playing around with this one.
Hi gigglepot,
1. - Ok, great, thank you! Everything seems to be working and I've completed all the steps. What do I need to do next?
2. - After reading "How did I get infected in the first place", I downloaded and installed WOT, AdBlock Plus and NoScript. Should I have done this?
Do I need these ad-ons? I'm not sure how they work, and if I need to do anything with them, especially NoScript.....I get a capital S with a crossed out red circle in it with options to choose when I click on the S. I'm not too comfortable playing around with this one.
Nothing
WOT - rates webpages you visit
AdBlock Plus - Blocks annoying video ads on YouTube, Facebook ads, banners and much more.
Adblock Plus blocks all annoying ads, and supports websites by not blocking unobtrusive ads by default (configurable).
NoScript - It allows JavaScript, Java and other executable content to run only from trusted domains of your choice
All are recommended items, although they may change the way you are used to your computer performing. If you are not comfortable with them, or don't like the limitations they place on your computer you do not have to use them. Just simply uninstall them.
gigglepot
2014-06-18, 15:49
Ok, thank you.
Now that I have all these tools, should I run them every week?
I have kept on my computer:
SpyWare Blaster
MalwareBytes
SuperAnti Spyware
AdwCleaner
and of course Spybot
Or are they not necessary to run weekly? What do you recommend?
gigglepot
2014-06-18, 15:55
Oh, and I also keep getting this pop-up from Avast:
WARNING!
We have identified the following browser add-on, which has a bad reputation among avast users.
VideoLAN VLC ActiveX Plugin v1
Then it asks me if I want to Remove Bad Add-on........show details.
I've never seen it before the last 2 days.
Hi gigglepot,
Now that I have all these tools, should I run them every week?
It depends on your habits. But with you using P2P programs, I would recommend weekly.
Then it asks me if I want to Remove Bad Add-on
That add-on has been classified as in a way that Avast thinks it's in your best interest to warn you of its reputation, and advise removal.
But that is your decision to make.
gigglepot
2014-06-18, 18:51
I guess I need to know.......do I need that VideoLAN plug-in?
Also, I don't mind running those 5 tools weekly, or monthly, but do I need to run them all is what I meant. What do you recommend? Do I need them all or are some redundant?
Thank you.
Hi gigglepot,
I guess I need to know.......do I need that VideoLAN plug-in?That is something for you to decide. I don't know what you use that plug-in for.
Also, I don't mind running those 5 tools weekly, or monthly, but do I need to run them all is what I meant. What do you recommend? Do I need them all or are some redundant?
You should have running at all times an Anti-Virus & Firewall program. You can use any combination of on-demand scanners and cleaners as you see fit. All the tools you listed are good and can be used in any combination to help keep your computer free from malware. But they can only do so much. As I stated earlier in the thread you are using P2P sites which expose you to a variety of files that you have no idea where they might have originated. I can recommend any number of tools, but if you insist on exposing yourself via P2P networks there is only so much they can do to keep your computer safe. It's not a matter of will you get reinfected, it's a matter of when. :eek:
If you are set on not exposing yourself to malware I strongly suggest that you reconsider the use of P2P networks. (Vuze, uTorrent, BitTorrent etc)
gigglepot
2014-06-19, 15:39
Ok, thank you. I will seriously watch what I do.
So everything is ok now? I'm all finished?
Ok, thank you. I will seriously watch what I do.
So everything is ok now? I'm all finished?
Yes, you are all done. :bigthumb:
gigglepot
2014-06-19, 19:17
Well, I cannot thank you enough for all your help!!! I can't get over how much time and effort you put into helping me, a complete stranger, at no cost to me. I am extremely grateful and thank you so much. Thank you SpyBot! If in the future this happens again, I hope to get you again OCD :) :) :) :)
Hi gigglepot,
You're very welcome. Glad I was able to help. :bigthumb: Have a great day.
Since this issue appears to be resolved ... this Topic will be closed.