PDA

View Full Version : S&D finds Toolbars but cannot delete them-Solved



gin_jammer
2014-07-04, 00:03
I am running S&D 1.6.2 as Administrator on a 64-bit Windows OS. S&D reports "ilivid.Toolbar" and "Delta.Toolbar" as problems, but cannot remove them. I have created a Registry backup with ERUNT and have run DDS. Attached is attach.zip, and following below is the copied text from DDS.txt:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16921
Run by Monica at 16:17:08 on 2014-07-03
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2811.1571 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Malware Fighter *Disabled/Outdated* {A751AC20-3B48-5237-898A-78C4436BB78D}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\PROGRA~2\DAILYB~2\bar\1.bin\2vbarsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Orchid\LiveAccessService.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.CMJ\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Tor\tor.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\loggingserver.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\AppIntegrator64.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\2vSrchMn.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://home.tb.ask.com/index.jhtml?n=77FD35DB&p2=^XM^xdm292^YYA^us&ptb=CE5567D9-5F79-495D-90B3-19819F57C55F&si=23178
uURLSearchHooks: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\7.0\iobitappsToolbarIE.dll
uURLSearchHooks: <No Name>: {f15ff29f-85a1-43cd-9674-e5ba40016c97} - C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\2vSrcAs.dll
dURLSearchHooks: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\7.0\iobitappsToolbarIE.dll
mWinlogon: Userinit = userinit.exe
BHO: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\7.0\iobitappsToolbarIE.dll
BHO: Search Assistant BHO: {0631bff0-6846-48ca-982d-d62d7f376e97} - C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\2vSrcAs.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.7.644\AVG Secure Search_toolbar.dll
BHO: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
BHO: Privacy Safeguard BHO: {A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE} - C:\Program Files\PrivacySafeGuard\PrivacySafeGuard.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll
BHO: Toolbar BHO: {beea7fa9-d1f4-49a2-9b1f-6fb7a2d9bc2a} - C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\2vbar.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
TB: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.7.644\AVG Secure Search_toolbar.dll
TB: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\7.0\iobitappsToolbarIE.dll
TB: DailyBibleGuide: {2a942ab7-2073-49bc-a7e1-77e93835889a} - C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\2vbar.dll
uRun: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [DailyBibleGuide EPM Support] "C:\PROGRA~2\DAILYB~2\bar\1.bin\2vmedint.exe" T8EPMSUP.DLL,S
mRun: [DailyBibleGuide Search Scope Monitor] "C:\PROGRA~2\DAILYB~2\bar\1.bin\2vsrchmn.exe" /m=2 /w /h
StartupFolder: C:\Users\Monica\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\Users\Monica\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxps://h50203.www5.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
TCP: NameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{283477CA-653C-4EB0-945B-F45866FB091A} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{4424A224-6E5F-43C2-970B-A33D6975C692} : DHCPNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{4424A224-6E5F-43C2-970B-A33D6975C692}\4545D2055726C6963633 : DHCPNameServer = 65.32.5.74 65.32.5.75
TCP: Interfaces\{4424A224-6E5F-43C2-970B-A33D6975C692}\47964796373763230457E656E2E65647E236F6 : DHCPNameServer = 200.31.208.101 200.13.249.101
TCP: Interfaces\{4424A224-6E5F-43C2-970B-A33D6975C692}\D456C626F65727E656027484 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{4424A224-6E5F-43C2-970B-A33D6975C692}\D494C4F4D20534F5E4564777F627B6 : DHCPNameServer = 192.168.2.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.7\ViProtocol.dll
AppInit_DLLs= c:\progra~3\bitguard\271769~1.27\{16cdf~1\bitguard.dll
SSODL: WebCheck - <orphaned>
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Privacy Safeguard BHO: {1036AD63-AEAC-460B-9060-C96005D4DC86} - C:\Program Files\PrivacySafeGuard\PrivacySafeGuard-x64.dll
x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [DailyBibleGuide Home Page Guard 64 bit] "C:\PROGRA~2\DAILYB~2\bar\1.bin\AppIntegrator64.exe"
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\q6tbbkv9.default\
FF - prefs.js: browser.search.selectedEngine - Ask Web Search
FF - prefs.js: browser.startup.homepage - hxxp://home.tb.ask.com/index.jhtml?ptb=CE5567D9-5F79-495D-90B3-19819F57C55F&n=780b5b68&p2=^XM^xdm292^YYA^us&si=23178
FF - prefs.js: keyword.URL - hxxp://search.tb.ask.com/search/GGmain.jhtml?st=kwd&ptb=CE5567D9-5F79-495D-90B3-19819F57C55F&n=780b5b68&ind=2014010216&p2=^XM^xdm292^YYA^us&si=23178&searchfor=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\NP2vStub.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\q6tbbkv9.default\extensions\{6ec74131-08b2-4f67-a9bc-5914ef1edb97}\plugins\np-mswmp.dll
FF - plugin: C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\q6tbbkv9.default\extensions\{6ec74131-08b2-4f67-a9bc-5914ef1edb97}\plugins\npFirefoxPlugin.dll
FF - plugin: C:\Users\Monica\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Monica\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Monica\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.claro.autoRvrt - false
FF - user.js: extensions.claro_i.newTab - false
FF - user.js: extensions.claro.id - e24b917800000000000090004e363f66
FF - user.js: extensions.claro.instlDay - 15562
FF - user.js: extensions.claro.vrsn - 1.6.4.1
FF - user.js: extensions.claro.vrsni - 1.6.4.1
FF - user.js: extensions.claro_i.vrsnTs - 1.6.4.116:02:26
FF - user.js: extensions.claro.prtnrId - claro
FF - user.js: extensions.claro.prdct - claro
FF - user.js: extensions.claro.aflt - babsst
FF - user.js: extensions.claro_i.smplGrp - none
FF - user.js: extensions.claro.tlbrId - claro
FF - user.js: extensions.claro.instlRef - sst
FF - user.js: extensions.claro.dfltLng - en
FF - user.js: extensions.claro.excTlbr - false
FF - user.js: extensions.claro.admin - false
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=e24b9178000000000000984be19b1f9c&q=
FF - user.js: extensions.BabylonToolbar.id - e24b9178000000000000984be19b1f9c
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15710
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.7.2
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.7.2
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.7.218:22:40
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - na
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar_i.excTlbr - false
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=17427&tt=0113_1
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - def
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar.rvrt - false
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-4-19 28480]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-1-31 36944]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2012-8-15 17720]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-11-8 307040]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-12-23 47696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-4-11 384800]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-8-6 50464]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2013-3-13 528192]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-11-20 203264]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2013-10-16 5175856]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-5-21 140272]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 DailyBibleGuideService;DailyBibleGuideService;C:\PROGRA~2\DAILYB~2\bar\1.bin\2vbarsvc.exe [2013-12-26 88648]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-12-10 127328]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\avgidsfiltera.sys [2011-12-23 29776]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-11-20 38456]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 AndNetDiag;LGE AndroidNet USB Serial Port;C:\Windows\System32\drivers\lgandnetdiag64.sys [2012-7-3 29184]
S3 ANDNetModem;LGE AndroidNet USB Modem;C:\Windows\System32\drivers\lgandnetmodem64.sys [2012-7-3 36352]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 rcmirror;rcmirror;C:\Windows\System32\drivers\rcmirror.sys [2010-1-18 4608]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-5-23 59392]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S4 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-11-20 98208]
.
=============== Created Last 30 ================
.
2014-07-03 14:29:55 20328 ----a-w- C:\Windows\System32\roboot64.exe
2014-07-03 14:28:32 -------- d-----w- C:\Users\Monica\AppData\Roaming\systweak
2014-07-03 14:28:31 -------- d-----w- C:\Users\Monica\AppData\Local\Programs
2014-07-02 13:22:48 -------- d-----w- C:\Users\Monica\AppData\Roaming\AVG
2014-07-02 13:22:48 -------- d-----w- C:\Users\Monica\AppData\Local\AVG
2014-07-02 13:22:04 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2014-07-02 13:22:03 288192 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2014-07-02 13:22:00 801280 ----a-w- C:\Windows\System32\usp10.dll
2014-07-02 13:21:59 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2014-07-02 13:21:53 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2014-07-02 13:21:52 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2014-07-02 13:21:49 2048 ----a-w- C:\Windows\SysWow64\msxml6r.dll
2014-07-02 13:21:49 2048 ----a-w- C:\Windows\System32\msxml6r.dll
2014-07-02 13:21:49 1389056 ----a-w- C:\Windows\SysWow64\msxml6.dll
2014-07-02 13:21:49 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2014-07-02 13:21:48 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2014-07-02 13:21:48 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2014-07-02 13:20:12 506368 ----a-w- C:\Windows\System32\aepdu.dll
2014-07-02 13:20:09 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-07-02 13:18:59 365568 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll
2014-07-02 13:11:32 -------- d-sh--w- C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-07-02 13:11:08 -------- d-----w- C:\ProgramData\AVG
2014-07-02 12:53:37 -------- d-----w- C:\Users\Monica\AppData\Roaming\TuneUp Software
.
==================== Find3M ====================
.
2014-07-02 12:36:51 50464 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2014-05-24 02:47:54 2239488 ----a-w- C:\Windows\System32\wininet.dll
2014-05-24 02:46:15 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2014-05-24 02:46:07 67072 ----a-w- C:\Windows\System32\iesetup.dll
2014-05-24 02:46:07 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2014-05-24 02:45:26 1508864 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-05-24 01:26:54 1766400 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-05-24 01:25:52 2862080 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-05-24 01:25:49 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-05-24 01:25:49 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2014-05-24 01:25:25 1440768 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-05-24 01:09:41 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-24 01:03:36 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-24 00:13:44 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2014-05-24 00:06:55 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 16:19:18.50 ===============

I added ".zip" to filename...:oops:...you'll probably have to delete it to unzip file...

Juliet
2014-07-04, 14:57
Welcome

There is a lot going on here. I doubt we can get this all removed in one swipe.

You need to go to add/remove programs and remove/uninstall these 2 items.

Daily Bible Guide Toolbar installs MyWebSearch, a potentially unwanted program gets installed without your permission. Causes popup ads interrupts browsing activities.

IObit
(http://blogs.computerworld.com/15026/iobit_accused_of_stealing_from_malwarebytes)

*******
Save these instructions to wordpad/notepad or print them out, while some of the fix will have all windows closed and will help you complete all the necessary steps.

**
Click on this link to download : ADWCleaner (http://www.bleepingcomputer.com/download/adwcleaner/)
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

Do not click on any links in the top Advertisment.


Close all open windows and browsers.



Right click the AdwCleaner icon http://i1059.photobucket.com/albums/t432/cinjo23/RightClickonAdwCleanerIcon.jpg on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.

*****
https://dl.dropbox.com/u/73555776/AdwCleaner.GIF
Click the Scan button and wait for the scan to finish.



After the Scan has finished the window may or may not show what it found and above the progress bar you will see
You will then see the screen below, click on the Scan button (as indicated), accept any prompts that appear and allow it to run, it may take several minutes to complete, when it is done click on the Clean button, accept any prompts that appear and allow the system to reboot. You will then be presented with the report, Copy & Paste it into your next post.

This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why (http://www.im-infected.com/hijacker/isearch-avg-comsearch-hijacker.html) and Here (http://nojesusnopeas.blogspot.com/2012/08/sorry-but-avg-secure-search-is-malware.html). You can always Reinstall (http://www.avg.com/us-en/secure-search) it.


**********************

http://imageshack.us/a/img841/7292/thisisujrt.gif
Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/) to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.


***********************

Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/) (If not sure which version: Start --> Computer (right click) --> properties)
(To use correct version for your system.....Which system am I using? (http://support.microsoft.com/kb/827218))


Run FRST.
Don´t change one of the checkboxes and hit Scan.
Logfiles are created on your desktop.
Poste the FRST.txt
The first time the tool is run it generates another log (Addition.txt - Please also paste that along with the FRST.txt into your reply.



Please post:
C:\AdwCleaner\AdwCleaner.txt
JRT.txt
FRST.txt with the created Addition.txt

You may need to make multiple post to ensure they they don't get cut off.

gin_jammer
2014-07-04, 19:31
Daily Bible Guide and IOBit uninstalled.

AdwCleaner report follows:

# AdwCleaner v3.214 - Report created 04/07/2014 at 12:17:41
# Updated 29/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Monica - MONICA-HP
# Running from : C:\Users\Monica\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : vToolbarUpdater18.1.7

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\~0
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\IBUpdaterService
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\iMesh Applications
Folder Deleted : C:\Program Files (x86)\Search Toolbar
Folder Deleted : C:\Program Files (x86)\SearchCore for Browsers
Folder Deleted : C:\Program Files (x86)\Windows iLivid Toolbar
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Users\Guest\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Guest\AppData\Local\Babylon
Folder Deleted : C:\Users\Guest\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Guest\AppData\LocalLow\DataMngr
Folder Deleted : C:\Users\Guest\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Guest\AppData\LocalLow\searchquband
Folder Deleted : C:\Users\Guest\AppData\LocalLow\Searchqutoolbar
Folder Deleted : C:\Users\Guest\AppData\LocalLow\TelevisionFanatic
Folder Deleted : C:\Users\Guest\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Monica\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Monica\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Monica\AppData\Local\PackageAware
Folder Deleted : C:\Users\Monica\AppData\Local\TelevisionFanatic
Folder Deleted : C:\Users\Monica\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Monica\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Monica\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Monica\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Monica\AppData\LocalLow\searchquband
Folder Deleted : C:\Users\Monica\AppData\Roaming\file scout
Folder Deleted : C:\Users\Monica\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Monica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Ride Games
Folder Deleted : C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\q6tbbkv9.default\Smartbar
Folder Deleted : C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\q6tbbkv9.default\ValueApps
Folder Deleted : C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\q6tbbkv9.default\CT3299872
Folder Deleted : C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\q6tbbkv9.default\Extensions\ffxtlbr@claro.com
Folder Deleted : C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\q6tbbkv9.default\Extensions\{6ec74131-08b2-4f67-a9bc-5914ef1edb97}
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Deleted : C:\Users\Monica\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\q6tbbkv9.default\searchplugins\ask-web-search.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
File Deleted : C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\q6tbbkv9.default\searchplugins\babylon1.xml
File Deleted : C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\q6tbbkv9.default\searchplugins\bProtect.xml
File Deleted : C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\q6tbbkv9.default\searchplugins\my-web-search.xml
File Deleted : C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\q6tbbkv9.default\searchplugins\Search_Results.xml
File Deleted : C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\q6tbbkv9.default\searchplugins\SearchResults.xml
File Deleted : C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\q6tbbkv9.default\user.js
File Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
File Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
File Deleted : C:\Windows\System32\Tasks\BitGuard

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{B64982B1-D112-42B5-B1E4-D3867C4533F8}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [specialsavings@superfish.com]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\Applications\iMesh_V11_en_Setup.exe
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_V11_en_Setup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_V11_en_Setup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKCU\Software\e4da8bbd3deb49
Key Deleted : HKLM\SOFTWARE\e4da8bbd3deb49
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_smart-defrag_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_smart-defrag_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{04D2B915-19FF-41E9-994D-95DC898BEA43}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5D79F641-C168-40DF-A32F-BACEA7509E75}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9E131A93-EED7-4BEB-B015-A0ADB30B5646}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C98D5B61-B0EA-4D48-9839-1079D352D880}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C1B9042-3D32-49A1-916B-0AA3A9CDDFD6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{9D425283-D487-4337-BAB6-AB8354A81457}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{9D425283-D487-4337-BAB6-AB8354A81457}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B3595550-5007-4AEB-BB04-D00E62E836A8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F0786343-938E-456B-8798-DE7EEC08F820}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
[#] Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\filescout
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\Imesh
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : [x64] HKLM\SOFTWARE\SearchCore for Browsers
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~3\bitguard\271769~1.27\{16cdf~1\bitguard.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~3\bitguard\271769~1.27\{16cdf~1\loader.dll

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16921

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\iy46uy8r.default\prefs.js ]


[ File : C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\q6tbbkv9.default\prefs.js ]

Line Deleted : user_pref("CT3299872.1000082.isPlayDisplay", "true");
Line Deleted : user_pref("CT3299872.1000082.state", "{\"state\":\"stopped\",\"text\":\"1.FM (Cou...\",\"description\":\"1.FM (Country)\",\"url\":\"hxxp://1.fm/wm/energycountry32k.asx\"}");
Line Deleted : user_pref("CT3299872.1000234.TWC_TMP_city", "ORLANDO");
Line Deleted : user_pref("CT3299872.1000234.TWC_TMP_country", "US");
Line Deleted : user_pref("CT3299872.1000234.TWC_country", "UNITED STATES");
Line Deleted : user_pref("CT3299872.1000234.TWC_locId", "USFL0372");
Line Deleted : user_pref("CT3299872.1000234.TWC_location", "Orlando, FL");
Line Deleted : user_pref("CT3299872.1000234.TWC_region", "US");
Line Deleted : user_pref("CT3299872.1000234.TWC_temp_dis", "f");
Line Deleted : user_pref("CT3299872.1000234.TWC_wind_dis", "mph");
Line Deleted : user_pref("CT3299872.1000234.weatherData", "{\"icon\":\"30.png\",\"temperature\":\"84°F\",\"temperatureClear\":\"84°F\",\"highTemperature\":\"84°F\",\"lowTemperature\":\"75°F\",\"feelsLike\":\"93°F\",[...]
Line Deleted : user_pref("CT3299872.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3299872.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3299872.FirstTime", "true");
Line Deleted : user_pref("CT3299872.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3299872.ILK.enc", "MTM3Nzg4MTUwMjIyMzIzNDE3MzIxNjg3MDI4OTU4");
Line Deleted : user_pref("CT3299872.PG_ENABLE", "dHJ1ZQ==");
Line Deleted : user_pref("CT3299872.PG_ENABLE.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3299872.RestartDialogFirstTime", "false");
Line Deleted : user_pref("CT3299872.RestartDialogShouldDisplay", "false");
Line Deleted : user_pref("CT3299872.SF_JUST_INSTALLED.enc", "RkFMU0U=");
Line Deleted : user_pref("CT3299872.SF_STATUS.enc", "RU5BQkxFRA==");
Line Deleted : user_pref("CT3299872.SF_USER_ID.enc", "Y2lkXzE0NzIwMTMxNjUxMjQ2MzIzMzMz");
Line Deleted : user_pref("CT3299872.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?octid=CT3299872&ctid=CT3299872&SearchSource=2&CUI=UN74877533678437857&UM=false&q=");
Line Deleted : user_pref("CT3299872.UserID", "UN74877533678437857");
Line Deleted : user_pref("CT3299872._key_cl_active", "%B9%B8%B6%BF%BB%B7%EB%BF%B3%BE%BC%B7%EA%B3%BA%E7%EC%EA%B3%BF%BE%E9%BB%B3%EC%BE%BC%BF%BF%BF%EB%E7%B7%B8%EA%BE");
Line Deleted : user_pref("CT3299872._key_cl_active.enc", "MzIwOTUxZTktODYxZC00YWZkLTk4YzUtZjg2OTk5ZWExMmQ4");
Line Deleted : user_pref("CT3299872.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3299872.browser.search.defaultthis.engineName", true);
Line Deleted : user_pref("CT3299872.cb_experience_000.enc", "MjQ=");
Line Deleted : user_pref("CT3299872.cb_firstuse0100.enc", "MQ==");
Line Deleted : user_pref("CT3299872.cb_user_id_000.enc", "Q0I2NTU4MTkwMTA3ODJfMTM3NDE4MTQwMTYyMl9GaXJlZm94");
Line Deleted : user_pref("CT3299872.cbfirsttime.enc", "U3VuIEp1bCAxNCAyMDEzIDE2OjUxOjIyIEdNVC0wNDAwIChFYXN0ZXJuIFN0YW5kYXJkIFRpbWUp");
Line Deleted : user_pref("CT3299872.countryCode", "US");
Line Deleted : user_pref("CT3299872.discover-experiments-photopop.enc", "eyJuYW1lIjoicGhvdG9wb3BfbmEiLCJ2ZXJzaW9uIjoxMH0=");
Line Deleted : user_pref("CT3299872.discover-periodic-reports.enc", "eyJwaW5nXzAiOlsxMzc3NjMxMzY3MzIyLDE0NDAwMDAwXX0=");
Line Deleted : user_pref("CT3299872.discover-user-id.enc", "IjU5Y2M0OTQxLTU3Y2UtNDdjOS04MGUxLTIwYWE0ZTg5MGU3YiI=");
Line Deleted : user_pref("CT3299872.enableFix404ByUser", "TRUE");
Line Deleted : user_pref("CT3299872.event_data.enc", "JTVCJTVE");
Line Deleted : user_pref("CT3299872.fired_events.enc", "");
Line Deleted : user_pref("CT3299872.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT3299872.fixPageNotFoundErrorByUser", "TRUE");
Line Deleted : user_pref("CT3299872.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3299872.fixUrls", true);
Line Deleted : user_pref("CT3299872.fullUserID", "UN74877533678437857.TB.20130712192027");
Line Deleted : user_pref("CT3299872.ground-country-code.enc", "IlVTIg==");
Line Deleted : user_pref("CT3299872.iData.enc", "eyJhY3RpdmUiOnRydWUsImludGVydmFsIjowLCJ0aW1lc3RhbXAiOjAsImNvdW50ZXIiOjB9");
Line Deleted : user_pref("CT3299872.installType", "Unknown");
Line Deleted : user_pref("CT3299872.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3299872.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3299872.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3299872.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3299872.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3299872.key_date.enc", "MTM=");
Line Deleted : user_pref("CT3299872.keyword", true);
Line Deleted : user_pref("CT3299872.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?gd=&ctid=CT3299872&octid=CT3299872&ISID=ISID_ID&SearchSource=15&CUI=UN74877533678437857&Lay=1&[...]
Line Deleted : user_pref("CT3299872.lastVersion", "10.33.0.505");
Line Deleted : user_pref("CT3299872.mam_gk_appStateReportTime", "%B7%B9%BE%BB%B6%BD%BF%B9%BE%B7%B6%B7%B6");
Line Deleted : user_pref("CT3299872.mam_gk_appStateReportTime.enc", "MTM4NTA3OTM4MTAxMA==");
Line Deleted : user_pref("CT3299872.mam_gk_appState_ACplus.enc", "b2Zm");
Line Deleted : user_pref("CT3299872.mam_gk_appState_ActualClick.enc", "b24=");
Line Deleted : user_pref("CT3299872.mam_gk_appState_Clarity_Active", "%F5%F4");
Line Deleted : user_pref("CT3299872.mam_gk_appState_Clarity_Active.enc", "b24=");
Line Deleted : user_pref("CT3299872.mam_gk_appState_CouponBuddy.enc", "b24=");
Line Deleted : user_pref("CT3299872.mam_gk_appState_Discover.enc", "b2Zm");
Line Deleted : user_pref("CT3299872.mam_gk_appState_Easytobook.enc", "b24=");
Line Deleted : user_pref("CT3299872.mam_gk_appState_Easytobook_targeted.enc", "b24=");
Line Deleted : user_pref("CT3299872.mam_gk_appState_Find-a-Pro.enc", "b2Zm");
Line Deleted : user_pref("CT3299872.mam_gk_appState_PiclickV2-WebSearch.enc", "b2Zm");
Line Deleted : user_pref("CT3299872.mam_gk_appState_PriceGong.enc", "b2Zm");
Line Deleted : user_pref("CT3299872.mam_gk_appState_WindowShopper.enc", "b24=");
Line Deleted : user_pref("CT3299872.mam_gk_appsConfig.enc", "eyJBcHBzQ29uZmlndXJhdGlvbiI6W3siaWQiOiJDbGFyaXR5X0FjdGl2ZSIsInVybCI6Imh0dHA6Ly9zdG9yYWdlLmNvbmR1aXQuY29tL21hbS8zcmRwYXJ0eWFwcHMvY2xhcml0eVJheS9jcl9hY3Rpdm[...]
Line Deleted : user_pref("CT3299872.mam_gk_appsDefaultEnabled", "%F4%FB%F2%F2");
Line Deleted : user_pref("CT3299872.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Line Deleted : user_pref("CT3299872.mam_gk_calledSetupService.enc", "MQ==");
Line Deleted : user_pref("CT3299872.mam_gk_currentBadgeValue", "%B6");
Line Deleted : user_pref("CT3299872.mam_gk_currentBadgeValue.enc", "MA==");
Line Deleted : user_pref("CT3299872.mam_gk_currentVersion", "%B7%B4%B7%B7%B4%BA%B4%B8");
Line Deleted : user_pref("CT3299872.mam_gk_currentVersion.enc", "MS4xMS40LjI=");
Line Deleted : user_pref("CT3299872.mam_gk_eventsCache", "%u0101%A8%BF%BC%B6%BD%BE%EA%EB%EA%B3%B9%B6%BD%BA%B3%BA%B8%E9%B7%B3%E7%EB%BC%E7%B3%EC%BD%EB%BB%B8%B7%E8%BB%E9%BC%BD%E8%A8%C0%u0101%A8%FA%F5%F6%EF%E9%A8%C0%A8%[...]
Line Deleted : user_pref("CT3299872.mam_gk_eventsCache.enc", "eyI5NjA3OGRlZC0zMDc0LTQyYzEtYWU2YS1mN2U1MjFiNWM2N2IiOnsidG9waWMiOiJzZW5kVXNhZ2UiLCJkYXRhIjp7ImNhdGVnb3J5IjoiV2VsY29tZSIsImFjdGlvbiI6IlZpZXcifSwidW5pcXVlS[...]
Line Deleted : user_pref("CT3299872.mam_gk_existingUsersRecoveryDone.enc", "MQ==");
Line Deleted : user_pref("CT3299872.mam_gk_first_time", "%B7");
Line Deleted : user_pref("CT3299872.mam_gk_first_time.enc", "MQ==");
Line Deleted : user_pref("CT3299872.mam_gk_gadgetOpen.enc", "MA==");
Line Deleted : user_pref("CT3299872.mam_gk_globalKeysMigratedToLocalStorage", "%B7");
Line Deleted : user_pref("CT3299872.mam_gk_globalKeysMigratedToLocalStorage.enc", "MQ==");
Line Deleted : user_pref("CT3299872.mam_gk_lastLoginTime", "%B7%B9%BE%BB%B6%BD%BF%B9%BE%B9%BF%BF%BE");
Line Deleted : user_pref("CT3299872.mam_gk_lastLoginTime.enc", "MTM4NTA3OTM4Mzk5OA==");
Line Deleted : user_pref("CT3299872.mam_gk_localization.enc", "eyJkaWFsb2dPSyI6eyJUZXh0IjoiT0sifSwiZG1ib3gxIjp7IlRleHQiOiJEZWFsXHJcbm9mIHRoZSBkYXkifSwiZG1ib3gyIjp7IlRleHQiOiJGcmVlXHJcblNoaXBtZW50In0sImRtYnVsbGV0MSI6[...]
Line Deleted : user_pref("CT3299872.mam_gk_mamEnabled.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3299872.mam_gk_newApps", "%E1%E3");
Line Deleted : user_pref("CT3299872.mam_gk_newApps.enc", "W10=");
Line Deleted : user_pref("CT3299872.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3299872.mam_gk_settings1.10.2.5.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMTU3XzEiLCJpc1Rlc3QiOnRydWUsIlVzZXJDb3VudHJ5Q29kZSI6IlVTIiwiaXNXZWxjb21lRXhw[...]
Line Deleted : user_pref("CT3299872.mam_gk_settings1.10.4.0.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMTYzXzAiLCJpc1Rlc3QiOnRydWUsIlVzZXJDb3VudHJ5Q29kZSI6IlVTIiwiaXNXZWxjb21lRXhw[...]
Line Deleted : user_pref("CT3299872.mam_gk_settings1.11.4.2", "%u0101%A8%D9%FA%E7%FA%FB%F9%A8%C0%A8%F9%FB%E9%E9%EB%EB%EA%EB%EA%A8%B2%A8%CA%E7%FA%E7%A8%C0%u0101%A8%E9%FB%F8%F8%EB%F4%FA%CA%E7%FA%EB%A8%C0%A8%B8%B6%B7%B[...]
Line Deleted : user_pref("CT3299872.mam_gk_settings1.11.4.2.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImN1cnJlbnREYXRlIjoiMjAxMzExMjIiLCJpbnRlcnZhbCI6MjQwLCJzdGFtcCI6IjEwNDNfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50[...]
Line Deleted : user_pref("CT3299872.mam_gk_settings1.8.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMzVfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiVVMiLCJpc1dlbGNvbWVFeHBlc[...]
Line Deleted : user_pref("CT3299872.mam_gk_settings1.9.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMzVfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiVVMiLCJpc1dlbGNvbWVFeHBlc[...]
Line Deleted : user_pref("CT3299872.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3299872.mam_gk_showWelcomeGadget", "%EC%E7%F2%F9%EB");
Line Deleted : user_pref("CT3299872.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3299872.mam_gk_stamp", "%B7%B6%BA%B9%E5%B6");
Line Deleted : user_pref("CT3299872.mam_gk_stamp.enc", "MTA0M18w");
Line Deleted : user_pref("CT3299872.mam_gk_userId", "%EC%EB%B6%E9%E7%BE%B7%B9%B3%EB%E7%BD%E8%B3%BA%BB%BF%BE%B3%BF%EA%E8%BA%B3%BE%BE%BA%BE%E8%EC%EB%B6%BF%BA%B8%EC");
Line Deleted : user_pref("CT3299872.mam_gk_userId.enc", "ZmUwY2E4MTMtZWE3Yi00NTk4LTlkYjQtODg0OGJmZTA5NDJm");
Line Deleted : user_pref("CT3299872.mam_gk_user_approval_interacted", "%B7");
Line Deleted : user_pref("CT3299872.mam_gk_user_approval_interacted.enc", "MQ==");
Line Deleted : user_pref("CT3299872.mam_gk_welcomeDialogMode", "%B7");
Line Deleted : user_pref("CT3299872.mam_gk_welcomeDialogMode.enc", "MQ==");
Line Deleted : user_pref("CT3299872.migrateAppsAndComponents", true);
Line Deleted : user_pref("CT3299872.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_SEARCH_TERM\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://InstalllConverter.OurToolbar.com/\",\"[...]
Line Deleted : user_pref("CT3299872.originalHomepage", "hxxp://www.pageset.com/slp?psver=3&sid=24f306ae-efab-43bf-b2a8-2c43eb9ebd5c-0-ps_gse&dm=bing.com&cd=241306");
Line Deleted : user_pref("CT3299872.originalSearchAddressUrl", "hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=668083&p=");
Line Deleted : user_pref("CT3299872.originalSearchEngine", "Yahoo");
Line Deleted : user_pref("CT3299872.performedDomainChangesMigration", "true");
Line Deleted : user_pref("CT3299872.personalApps", "{\"dataType\":\"object\",\"data\":\"[\\\"BROWSER_COMPONENT\\\"]\"}");
Line Deleted : user_pref("CT3299872.price-gong.isManagedApp", "true");
Line Deleted : user_pref("CT3299872.revertSettingsEnabled", "false");
Line Deleted : user_pref("CT3299872.sData.enc", "eyJhY3RpdmUiOnRydWUsImludGVydmFsIjowfQ==");
Line Deleted : user_pref("CT3299872.search.searchAppId", "130116395078024690");
Line Deleted : user_pref("CT3299872.search.searchCount", "2");
Line Deleted : user_pref("CT3299872.searchFromAddressBarEnabledByUser", "true");
Line Deleted : user_pref("CT3299872.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT3299872.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT3299872.searchSuggestEnabledByUser", "TRUE");
Line Deleted : user_pref("CT3299872.searchUserMode", "false");
Line Deleted : user_pref("CT3299872.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3299872.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3299872.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT3299872.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3299872\"}");
Line Deleted : user_pref("CT3299872.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://InstalllConverter.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT3299872.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"Installl Converter \"}");
Line Deleted : user_pref("CT3299872.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3299872.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT3299872.serviceLayer_services_Configuration_lastUpdate", "1404488649335");
Line Deleted : user_pref("CT3299872.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1386081814988");
Line Deleted : user_pref("CT3299872.serviceLayer_services_appsMetadata_lastUpdate", "1386561038350");
Line Deleted : user_pref("CT3299872.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1386460750927");
Line Deleted : user_pref("CT3299872.serviceLayer_services_login_10.16.420.1_lastUpdate", "1375299446707");
Line Deleted : user_pref("CT3299872.serviceLayer_services_login_10.19.2.505_lastUpdate", "1378506183745");
Line Deleted : user_pref("CT3299872.serviceLayer_services_login_10.20.0.513_lastUpdate", "1379131952742");
Line Deleted : user_pref("CT3299872.serviceLayer_services_login_10.21.1.507_lastUpdate", "1384224547894");
Line Deleted : user_pref("CT3299872.serviceLayer_services_login_10.22.2.530_lastUpdate", "1384477578650");
Line Deleted : user_pref("CT3299872.serviceLayer_services_login_10.22.3.518_lastUpdate", "1385079473302");
Line Deleted : user_pref("CT3299872.serviceLayer_services_login_10.22.5.510_lastUpdate", "1386961481080");
Line Deleted : user_pref("CT3299872.serviceLayer_services_login_10.29.0.520_lastUpdate", "1399593082792");
Line Deleted : user_pref("CT3299872.serviceLayer_services_login_10.30.1.502_lastUpdate", "1400007688621");
Line Deleted : user_pref("CT3299872.serviceLayer_services_login_10.31.0.526_lastUpdate", "1404305622323");
Line Deleted : user_pref("CT3299872.serviceLayer_services_login_10.33.0.505_lastUpdate", "1404488645578");
Line Deleted : user_pref("CT3299872.serviceLayer_services_menu_769c590835a76d075fe33b9a87a87786_lastUpdate", "1386460730980");
Line Deleted : user_pref("CT3299872.serviceLayer_services_menu_d32f45618f5a02bd965c56155a643855_lastUpdate", "1386460728784");
Line Deleted : user_pref("CT3299872.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1386460750928");
Line Deleted : user_pref("CT3299872.serviceLayer_services_searchAPI_lastUpdate", "1404488647920");
Line Deleted : user_pref("CT3299872.serviceLayer_services_serviceMap_lastUpdate", "1404488646377");
Line Deleted : user_pref("CT3299872.serviceLayer_services_toolbarContextMenu_lastUpdate", "1386561038352");
Line Deleted : user_pref("CT3299872.serviceLayer_services_toolbarSettings_lastUpdate", "1404488645457");
Line Deleted : user_pref("CT3299872.serviceLayer_services_translation_lastUpdate", "1404488645363");
Line Deleted : user_pref("CT3299872.settingsINI", true);
Line Deleted : user_pref("CT3299872.showToolbarPermission", "false");
Line Deleted : user_pref("CT3299872.smartbar.CTID", "CT3299872");
Line Deleted : user_pref("CT3299872.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3299872.smartbar.homepage", true);
Line Deleted : user_pref("CT3299872.smartbar.toolbarName", "Installl Converter ");
Line Deleted : user_pref("CT3299872.toolbarBornServerTime", "14-7-2013");
Line Deleted : user_pref("CT3299872.toolbarCurrentServerTime", "4-7-2014");
Line Deleted : user_pref("CT3299872.toolbarLoginClientTime", "Sat Jul 13 2013 17:14:03 GMT-0400 (Eastern Standard Time)");
Line Deleted : user_pref("CT3299872.url_history0001", "%EE%FA%FA%F6%C0%B5%B5%F9%F6%E7%E9%EB%E9%F5%E7%F9%FA%B4%E9%F8%E7%EF%ED%F9%F2%EF%F9%FA%B4%F5%F8%ED%B5%F9%F6%E7%B5%BA%B8%B6%BB%B6%B6%BA%B6%B6%B6%B4%EE%FA%F3%F2%C0%[...]
Line Deleted : user_pref("CT3299872.url_history0001.enc", "aHR0cDovL3NwYWNlY29hc3QuY3JhaWdzbGlzdC5vcmcvc3BhLzQyMDUwMDQwMDAuaHRtbDo6OmNsaWNraGFuZGxlcjo6OjEzODUwNzg3MzA1NDIsLCxodHRwOi8vc3BhY2Vjb2FzdC5jcmFpZ3NsaXN0Lm9y[...]
Line Deleted : user_pref("CT3299872.userIdGenerationCounter", "1");
Line Deleted : user_pref("CT3299872_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1404488613927,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=668083&p=");
Line Deleted : user_pref("Smartbar.TBHomepagesList", "");
Line Deleted : user_pref("Smartbar.TBSearchEngineList", "");
Line Deleted : user_pref("Smartbar.TBSearchUrlList", "");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3299872");
Line Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\18.1.0.443");
Line Deleted : user_pref("avg.install.userHPSettings", "hxxp://home.tb.ask.com/index.jhtml?ptb=CE5567D9-5F79-495D-90B3-19819F57C55F&n=780b5b68&p2=^XM^xdm292^YYA^us&si=23178");
Line Deleted : user_pref("avg.install.userSPSettings", "Ask Web Search");
Line Deleted : user_pref("avg.userPreferences.URLBarFocus.whiteList", "bing\\.com|google\\.\\w+|yahoo\\.\\w+|gmail\\.\\w+|hotmail\\.\\w+|live\\.\\w+|isearch\\.avg\\.com|mysearch\\.avg\\.com");
Line Deleted : user_pref("browser.newtab.url", "hxxp://www.claro-search.com/?affID=114024&tt=090812_clr_3212_8&babsrc=NT_ss&mntrId=e24b917800000000000090004e363f66");
Line Deleted : user_pref("browser.search.defaultenginename", "Ask Web Search");
Line Deleted : user_pref("browser.search.selectedEngine", "Ask Web Search");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://home.tb.ask.com/index.jhtml?ptb=CE5567D9-5F79-495D-90B3-19819F57C55F&n=780b5b68&p2=^XM^xdm292^YYA^us&si=23178");
Line Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Line Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Line Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Line Deleted : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Line Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Line Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
Line Deleted : user_pref("extensions.BabylonToolbar.id", "e24b9178000000000000984be19b1f9c");
Line Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15710");
Line Deleted : user_pref("extensions.BabylonToolbar.instlRef", "na");
Line Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Line Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Line Deleted : user_pref("extensions.BabylonToolbar.rvrt", "false");
Line Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Line Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=e24b9178000000000000984be19b1f9c&q=");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.8.7.2");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.8.7.2");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=17427&tt=0113_1");
Line Deleted : user_pref("extensions.BabylonToolbar_i.excTlbr", false);
Line Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);
Line Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Line Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "def");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.7.218:22:40");
Line Deleted : user_pref("extensions.claro.admin", false);
Line Deleted : user_pref("extensions.claro.aflt", "babsst");
Line Deleted : user_pref("extensions.claro.autoRvrt", "false");
Line Deleted : user_pref("extensions.claro.dfltLng", "en");
Line Deleted : user_pref("extensions.claro.excTlbr", false);
Line Deleted : user_pref("extensions.claro.id", "e24b917800000000000090004e363f66");
Line Deleted : user_pref("extensions.claro.instlDay", "15562");
Line Deleted : user_pref("extensions.claro.instlRef", "sst");
Line Deleted : user_pref("extensions.claro.prdct", "claro");
Line Deleted : user_pref("extensions.claro.prtnrId", "claro");
Line Deleted : user_pref("extensions.claro.tlbrId", "claro");
Line Deleted : user_pref("extensions.claro.vrsn", "1.6.4.1");
Line Deleted : user_pref("extensions.claro.vrsni", "1.6.4.1");
Line Deleted : user_pref("extensions.claro_i.newTab", false);
Line Deleted : user_pref("extensions.claro_i.smplGrp", "none");
Line Deleted : user_pref("extensions.claro_i.vrsnTs", "1.6.4.116:02:26");
Line Deleted : user_pref("extensions.crossrider.bic", "13912268e3b849136867bf9e01c06acd");
Line Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Line Deleted : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://www.searchqu.com/web?src=ffb&appid=119&systemid=406&sr=0&q=");
Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.BUTTON_STRUCTURE", "[{\"b\":221356240,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":221356241,\"c\":\"mindspark.entersearchterms\",\"p\":\"L.0.0[...]
Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.browser.search.defaultenginename.prev", "Installl Converter Customized Web Search");
Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.browser.search.defaultenginename.savedPrev", "true");
Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.browser.search.defaultenginename.tb", "Ask Web Search");
Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.browser.search.selectedEngine.prev", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.browser.search.selectedEngine.savedPrev", "true");
Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.browser.search.selectedEngine.tb", "Ask Web Search");
Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.browser.startup.homepage.prev", "hxxp://search.conduit.com/?octid=CT3299872&ctid=CT3299872&SearchSource=13&CUI=UN74877533678437857");
Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.browser.startup.homepage.savedPrev", "true");
Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.browser.startup.homepage.tb", "hxxp://home.tb.ask.com/index.jhtml?ptb=CE5567D9-5F79-495D-90B3-19819F57C55F&n=780b5b68&p2=^XM^xdm292^YYA^us&si=23178"[...]
Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.browser.startup.page.savedPrev", 1);
Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.browser.startup.page.tb", 1);
Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.competitorDNS", "{\"comment\":\"refresh every 1 week (7*24*60*60*1000)\",\"refreshPeriod\":604800000,\"list\":[{\"url\":\"hxxp://www.dnsrsearch.com/[...]
Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.firstKnownVersion", "5.75.3.1281");
Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.homepage", "hxxp://home.tb.ask.com/index.jhtml?ptb=CE5567D9-5F79-495D-90B3-19819F57C55F&n=780b5b68&p2=^XM^xdm292^YYA^us&si=23178");
Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.hp.enabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.hp.lastGuardTime", 1281687674);
Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.hp.numGuards", 1);
Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.initialized", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.installKeysSource", "File");
Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.installation.contextKey", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.installation.installDate", "2014010216");
Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.installation.partnerId", "^XM^xdm292^YYA^us");
Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.installation.partnerSubId", "23178");
Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.installation.success", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.installation.toolbarId", "CE5567D9-5F79-495D-90B3-19819F57C55F");
Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.isCompliantUninstallImplementation", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.lastActivePing", "1404488624081");
Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.lastKnownVersion", "6.52.4.5107");
Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.options.defaultSearch", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.options.homePageEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.options.keywordEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.options.tabEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.searchHistory", "youtube rafael nadal y jackovik||gmail sign in||hotmail sign in||oracion san miguel arcangel||.Padre nuestro oracion||Rey de Reyes [...]
Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.toolbarCollapsed", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.weather.location", "32701");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=76A4C6AC-C41E-494A-8B8C-66E0D9167D71&n=77ed26fe&ptnrS=XPxdm044YYus&si=CIfGl-_a1a4CFZNV7AodZ1[...]
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.initialized", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.installDate", "2012030718");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.partnerId", "XPxdm044YYus");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.partnerSubId", "CIfGl-_a1a4CFZNV7AodZ1ICaw");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.success", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.toolbarId", "76A4C6AC-C41E-494A-8B8C-66E0D9167D71");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.lastActivePing", "1344615504258");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.options.defaultSearch", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.options.homePageEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.options.keywordEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.options.tabEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.recentlyClosed", "{\"list\":[{\"url\":\"hxxp://search.yahoo.com/search;_ylt=A0oGdbkgtMpPuRYAL9xXNyoA?p=how%20to%20watch%20facebook%20the%20movie%20o[...]
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.searchHistory", "dubai social life pics||dubai socialmen life pics");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.weather.location", "32114");
Line Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "dailybibleguide@mindspark.com");
Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "dailybibleguide@mindspark.com");
Line Deleted : user_pref("keyword.URL", "hxxp://search.tb.ask.com/search/GGmain.jhtml?st=kwd&ptb=CE5567D9-5F79-495D-90B3-19819F57C55F&n=780b5b68&ind=2014010216&p2=^XM^xdm292^YYA^us&si=23178&searchfor=");
Line Deleted : user_pref("plugin.state.npconduitfirefoxplugin", 2);
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3299872");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?octid=CT3299872&ctid=CT3299872&SearchSource=13&CUI=UN74877533678437857");
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?octid=CT3299872&ctid=CT3299872&SearchSource=2&CUI=UN74877533678437857&UM=false&q=,hxxp://search.conduit.com[...]
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3299872");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3299872");
Line Deleted : user_pref("smartbar.homepageList", "hxxp://search.conduit.com/?octid=CT3299872&ctid=CT3299872&SearchSource=13&CUI=UN74877533678437857");
Line Deleted : user_pref("smartbar.machineId", "AE8EML/HRWZTYBNU0Z6/YPNQK0EMUWXXQXP0F5QYBWNTUDP8GWYF12883BUDFFJQ59UXTZPBJI/CZ6PQMIKBTQ");
Line Deleted : user_pref("smartbar.searchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?octid=CT3299872&ctid=CT3299872&SearchSource=2&CUI=UN74877533678437857&UM=false&q=,hxxp://search.conduit.com/Result[...]
Line Deleted : user_pref("valueApps.CT3299872.SF_JUST_INSTALLED", "46414C5345");
Line Deleted : user_pref("valueApps.CT3299872.SF_JUST_INSTALLED.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3299872.SF_STATUS", "454E41424C4544");
Line Deleted : user_pref("valueApps.CT3299872.SF_STATUS.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3299872.SF_USER_ID", "6369645F323231313230313331303135313133383737393434");
Line Deleted : user_pref("valueApps.CT3299872.SF_USER_ID.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3299872._key_cl_active", "33323039353165392D383631642D346166642D393863352D663836393939656131326438");
Line Deleted : user_pref("valueApps.CT3299872._key_cl_active.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3299872.cb_experience_000", "3237");
Line Deleted : user_pref("valueApps.CT3299872.cb_experience_000.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3299872.cb_firstuse0100", "31");
Line Deleted : user_pref("valueApps.CT3299872.cb_firstuse0100.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3299872.cb_user_id_000", "43423133353835343234353730385F313339393038303836303537355F46697265666F78");
Line Deleted : user_pref("valueApps.CT3299872.cb_user_id_000.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3299872.cbfirsttime", "53756E204A756C20313420323031332031363A35313A323220474D542D3034303020284561737465726E205374616E646172642054696D6529");
Line Deleted : user_pref("valueApps.CT3299872.cbfirsttime.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_appStateReportTime", "31343034343838363532323831");
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_appStateReportTime.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_appState_ACplus", "6F6666");
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_appState_ACplus.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_appState_Clarity_Active", "6F6E");
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_appState_Clarity_Active.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_appState_CouponBuddy", "6F6E");
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_appState_CouponBuddy.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_appState_Discover", "6F6666");
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_appState_Discover.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_appState_Easytobook", "6F6E");
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_appState_Easytobook.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_appState_Easytobook_targeted", "6F6E");
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_appState_Easytobook_targeted.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_appState_Find-a-Pro", "6F6666");
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_appState_Find-a-Pro.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_appState_PiclickV2-WebSearch", "6F6666");
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_appState_PiclickV2-WebSearch.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_appState_PriceGong", "6F6666");
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_appState_PriceGong.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_appState_WindowShopper", "6F6E");
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_appState_WindowShopper.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_appsConfig.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_appsDefaultEnabled", "6E756C6C");
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_appsDefaultEnabled.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_calledSetupService", "31");
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_calledSetupService.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_currentBadgeValue", "31");
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_currentBadgeValue.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_currentVersion", "312E31332E302E3137");
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_currentVersion.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_eventsCache.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_existingUsersRecoveryDone", "31");
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_existingUsersRecoveryDone.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_first_time", "31");
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_first_time.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_gadgetOpen", "30");
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_gadgetOpen.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_globalKeysMigratedToLocalStorage", "31");
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_globalKeysMigratedToLocalStorage.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_lastLoginTime", "31343034343838363532343230");
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_lastLoginTime.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_localization.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_mamEnabled", "74727565");
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_mamEnabled.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_migrated_from_ls", "31");
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_migrated_from_ls.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_newApps", "5B7B226964223A2245617379746F626F6F6B5F7461726765746564222C226E616D65223A224C617374204D696E75746520426F6F6B696E67222C226465736372697074696F6E223A22536D6[...]
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_newApps.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_pgUnloadedOnce", "74727565");
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_pgUnloadedOnce.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_settings1.10.4.0.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_settings1.11.4.2.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_settings1.12.0.5.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_settings1.13.0.17.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_showWelcomeGadget", "66616C7365");
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_showWelcomeGadget.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_stamp", "35345F30");
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_stamp.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_userBornDate", "4E2F41");
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_userBornDate.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_userId", "66653063613831332D656137622D343539382D396462342D383834386266653039343266");
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_userId.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_user_approval_interacted", "31");
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_user_approval_interacted.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_welcomeDialogMode", "31");
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_welcomeDialogMode.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3299872.rematchGround.upstairs", "7B22687474703A2F2F66617374636F6E74656E742E636F6E647569742E636F6D2F646F776E6C6F61645F6F66666572732E68746D6C3F637469643D4354333239393837327E62313[...]
Line Deleted : user_pref("valueApps.CT3299872.rematchGround.upstairs.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3299872.rematchagent-matkot-user-id", "22313339383936333836363334333839323334353622");
Line Deleted : user_pref("valueApps.CT3299872.rematchagent-matkot-user-id.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3299872.rematchagent-periodic-reports", "7B2270696E675F30223A5B313339383936333836363930332C31343430303030305D7D");
Line Deleted : user_pref("valueApps.CT3299872.rematchagent-periodic-reports.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3299872.url_history0001.storedInFile", true);

-\\ Google Chrome v35.0.1916.153

[ File : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof

[ File : C:\Users\Monica\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://isearch.avg.com/search?cid={6DC02F73-AE57-4A57-8234-5CF0F2B24D25}&mid=80050d90450547d6aad94902a77ff66f-a02703f07077a19be9159f751d22ed12fb2a9109&lang=en&ds=AVG&pr=fr&d=2012-08-06 21:15:14&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
Deleted [Search Provider] : hxxp://www.claro-search.com/?q={searchTerms}&affID=114024&tt=090812_clr_3212_8&babsrc=SP_ss&mntrId=e24b917800000000000090004e363f66
Deleted [Search Provider] : hxxp://dts.search-results.com/sr?src=crb&gct=ds&appid=221&systemid=1&apn_dtid=IME001&apn_ptnrs=AGE&o=APN10653&apn_uid=5020704175454444&q={searchTerms}
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Extension] : aidbbndgjnlaclnmhkdimcdjiebjpdel
Deleted [Extension] : bfcpnihmbfoaeoakalclfalkdepgiaje
Deleted [Extension] : cfcbmgbfdbijmjgjihagbomfbjfjmgon
Deleted [Extension] : hgojaaaiddhmiiakpejiklijbalpckih
Deleted [Extension] : mocblcnaofikinigmceddfghppkkjbog
Deleted [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof
Deleted [Extension] : pfndaklgolladniicklehhancnlgocpp

*************************

AdwCleaner[R0].txt - [59393 octets] - [04/07/2014 12:14:10]
AdwCleaner[S0].txt - [59372 octets] - [04/07/2014 12:17:41]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [59433 octets] ##########


Will post Junkware Removal Tool (JRT.txt) separately

Juliet
2014-07-05, 00:24
That definitely took out a ton of stuff, and much of it I didn't see.

Have you done the other scans?

gin_jammer
2014-07-05, 13:01
Stopped for 4th of July doings.

JRT.txt follows:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Monica on Sat 07/05/2014 at 5:33:35.00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2318636694-3368949867-1376833035-1001\Software\sweetim
Successfully deleted: [Registry Key] HKEY_USERS\.DEFAULT\Software\bProtector
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501160}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5ADCE93E-4285-4987-8464-FEA2EF4C0B23}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{89457C92-825C-4565-B00E-B272E770B0D4}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{89457C92-825C-4565-B00E-B272E770B0D4}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE}



~~~ Files

Successfully deleted: [File] "C:\Program Files (x86)\adobe\reader 10.0\reader\plug_ins\babylon\babylonrpi.api"
Successfully deleted: [File] C:\Windows\syswow64\sho6E30.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoC6A0.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoC73.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoCA9A.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoFA3F.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoFC85.tmp



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\Monica\appdata\locallow\dailybibleguide"
Successfully deleted: [Folder] "C:\Program Files (x86)\dailybibleguide"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\privacy safeguard"



~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted: [Folder] C:\Users\Monica\AppData\Roaming\mozilla\firefox\profiles\q6tbbkv9.default\extensions\2vffxtbr@dailybibleguide.com
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@dailybibleguide.com/plugin
Emptied folder: C:\Users\Monica\AppData\Roaming\mozilla\firefox\profiles\q6tbbkv9.default\minidumps [85 files]



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Monica\appdata\local\Google\Chrome\User Data\Default\Extensions\geggofhlfbcmanadhknllmlajiafopoh
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\geggofhlfbcmanadhknllmlajiafopoh



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 07/05/2014 at 5:55:45.72
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Will run FRST and post result separately.

gin_jammer
2014-07-05, 13:17
FRST.txt follows:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-07-2014
Ran by Monica (administrator) on MONICA-HP on 05-07-2014 06:04:59
Running from C:\Users\Monica\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
(CinemaNow, Inc.) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(CMJ Designs Inc.) C:\Program Files (x86)\Orchid\LiveAccessService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.CMJ\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
() C:\Program Files (x86)\Tor\tor.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(IObit) C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2281256 2012-02-06] (Synaptics Incorporated)
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-06-18] (Hewlett-Packard Company)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6245408 2010-05-25] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-06-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AVG_TRAY] => C:\Program Files (x86)\AVG\AVG2012\avgtray.exe [2598520 2012-11-19] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [DailyBibleGuide EPM Support] => "C:\PROGRA~2\DAILYB~2\bar\1.bin\2vmedint.exe" T8EPMSUP.DLL,S
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-06-24] (Hewlett-Packard)
HKU\S-1-5-21-2318636694-3368949867-1376833035-1001\...\Run: [HPAdvisorDock] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\S-1-5-21-2318636694-3368949867-1376833035-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-05-19] (Hewlett-Packard Company)
HKU\S-1-5-21-2318636694-3368949867-1376833035-1001\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-2318636694-3368949867-1376833035-1001\...\Run: [Advanced SystemCare 6] => C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe [491840 2013-01-15] (IObit)
HKU\S-1-5-21-2318636694-3368949867-1376833035-1001\...\MountPoints2: G - G:\LGAutoRun.exe
HKU\S-1-5-21-2318636694-3368949867-1376833035-1001\...\MountPoints2: {78edb978-13cc-11e2-a51a-984be19b1f9c} - H:\ZTE_Handset_USB_Driver.exe
HKU\S-1-5-21-2318636694-3368949867-1376833035-1001\...\MountPoints2: {a1a78e3f-9233-11e2-9d61-984be19b1f9c} - G:\LGAutoRun.exe
Startup: C:\Users\Monica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
Startup: C:\Users\Monica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
BootExecute: autocheck autochk * SmartDefragBootTime.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {89457C92-825C-4565-B00E-B272E770B0D4} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {9E4290B9-D0E4-4842-9DCF-DF38620489BB} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM - {EAC78F53-4829-46F4-858B-497D2E767FB7} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {9E4290B9-D0E4-4842-9DCF-DF38620489BB} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - {EAC78F53-4829-46F4-858B-497D2E767FB7} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - {0662EB16-9EE1-418A-A57C-B3AB0FF6663D} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=668083&p={searchTerms}
SearchScopes: HKCU - {9E4290B9-D0E4-4842-9DCF-DF38620489BB} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKCU - {EAC78F53-4829-46F4-858B-497D2E767FB7} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
BHO: Privacy Safeguard BHO - {1036AD63-AEAC-460B-9060-C96005D4DC86} - C:\Program Files\PrivacySafeGuard\PrivacySafeGuard-x64.dll (PrivaceySafeguard)
BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
DPF: HKLM-x32 {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h50203.www5.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112

FireFox:
========
FF ProfilePath: C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\q6tbbkv9.default
FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", "");
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Monica\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Monica\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\Monica\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\q6tbbkv9.default\searchplugins\installl-converter-customized-web-search.xml
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\q6tbbkv9.default\Extensions\ascsurfingprotection@iobit.com [2013-03-13]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-03-29]
FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG2012\Firefox4
FF Extension: AVG Safe Search - C:\Program Files (x86)\AVG\AVG2012\Firefox4 [2012-08-06]

Chrome:
=======
CHR HomePage:
CHR DefaultSearchKeyword: yahoo.com
CHR DefaultSearchProvider: Yahoo!
CHR DefaultSearchURL: http://search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=668083&p={searchTerms}
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Google Talk Plugin) - C:\Users\Monica\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Monica\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\Monica\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Monica\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-29]
CHR Extension: (Skype Click to Call) - C:\Users\Monica\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-05-01]
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Monica\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd [2013-05-01]
CHR Extension: (Google Wallet) - C:\Users\Monica\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-15]
CHR HKLM\...\Chrome\Extension: [geggofhlfbcmanadhknllmlajiafopoh] - C:\Program Files\PrivacySafeGuard\pschrome_im-c1_1_0.crx [2012-04-06]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-04-09]
CHR HKLM-x32\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASC_GhromePlugin.crx [2013-03-13]

==================== Services (Whitelisted) =================

R2 AdvancedSystemCareService6; C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [528192 2013-02-25] (IObit)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [5175856 2013-10-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-05-19] (Hewlett-Packard Company) [File not signed]
R2 Live_Access; C:\Program Files (x86)\Orchid\LiveAccessService.exe [25824 2012-12-19] (CMJ Designs Inc.)
R2 MSSQL$CMJ; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.CMJ\MSSQL\Binn\sqlservr.exe [42884448 2010-04-03] (Microsoft Corporation)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S4 SQLAgent$CMJ; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.CMJ\MSSQL\Binn\SQLAGENT.EXE [367456 2010-04-03] (Microsoft Corporation)
R2 tor; C:\Program Files (x86)\Tor\tor.exe [3233806 2013-08-30] () [File not signed]
S2 DailyBibleGuideService; C:\PROGRA~2\DAILYB~2\bar\1.bin\2vbarsvc.exe [X]

==================== Drivers (Whitelisted) ====================

S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2012-07-03] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [36352 2012-07-03] (LG Electronics Inc.)
R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [127328 2012-12-10] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [307040 2012-11-08] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [384800 2013-04-11] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-07-02] (AVG Technologies)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [17720 2010-11-26] ()
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-05 06:04 - 2014-07-05 06:06 - 00021560 _____ () C:\Users\Monica\Desktop\FRST.txt
2014-07-05 06:04 - 2014-07-05 06:05 - 00000000 ____D () C:\FRST
2014-07-05 06:03 - 2014-07-05 06:03 - 02084352 _____ (Farbar) C:\Users\Monica\Desktop\FRST64.exe
2014-07-05 05:55 - 2014-07-05 05:56 - 00003349 _____ () C:\Users\Monica\Desktop\JRT.txt
2014-07-05 05:33 - 2014-07-05 05:33 - 00000000 ____D () C:\Windows\ERUNT
2014-07-05 05:31 - 2014-07-05 05:31 - 01016261 _____ (Thisisu) C:\Users\Monica\Desktop\JRT.exe
2014-07-04 12:40 - 2014-07-04 12:40 - 00059570 _____ () C:\Users\Monica\Desktop\AdwCleaner[S0].txt
2014-07-04 12:15 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-04 12:14 - 2014-07-04 12:18 - 00000000 ____D () C:\AdwCleaner
2014-07-04 12:12 - 2014-07-04 12:13 - 00001493 _____ () C:\Users\Monica\Desktop\AdwCleaner - Shortcut.lnk
2014-07-04 12:12 - 2014-07-04 12:12 - 01346519 _____ () C:\Users\Monica\Downloads\AdwCleaner.exe
2014-07-03 16:50 - 2014-07-03 16:29 - 00003092 _____ () C:\Users\Monica\Documents\attach.zip.zip
2014-07-03 16:30 - 2014-07-03 16:29 - 00003092 _____ () C:\Users\Monica\Documents\attach.zip
2014-07-03 16:29 - 2014-07-03 16:29 - 00003092 _____ () C:\Users\Monica\Desktop\attach.zip
2014-07-03 16:19 - 2014-07-03 16:19 - 00026505 _____ () C:\Users\Monica\Desktop\dds.txt
2014-07-03 16:19 - 2014-07-03 16:19 - 00007658 _____ () C:\Users\Monica\Desktop\attach.txt
2014-07-03 16:11 - 2014-07-03 16:11 - 00688992 ____R (Swearware) C:\Users\Monica\Downloads\dds.scr
2014-07-03 15:51 - 2014-07-03 15:51 - 00001162 _____ () C:\Users\Monica\Desktop\Live PC Help.lnk
2014-07-03 15:38 - 2014-07-03 15:41 - 00003230 _____ () C:\Windows\System32\Tasks\Erunt Backup
2014-07-03 15:10 - 2014-07-03 15:45 - 00000000 ____D () C:\Windows\ERDNT
2014-07-03 15:09 - 2014-07-03 15:09 - 00000928 _____ () C:\Users\Monica\Desktop\NTREGOPT.lnk
2014-07-03 15:09 - 2014-07-03 15:09 - 00000928 _____ () C:\Users\Guest\Desktop\NTREGOPT.lnk
2014-07-03 15:09 - 2014-07-03 15:09 - 00000909 _____ () C:\Users\Monica\Desktop\ERUNT.lnk
2014-07-03 15:09 - 2014-07-03 15:09 - 00000909 _____ () C:\Users\Guest\Desktop\ERUNT.lnk
2014-07-03 15:09 - 2014-07-03 15:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-07-03 15:09 - 2014-07-03 15:09 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-07-03 14:58 - 2014-07-03 14:58 - 00791393 _____ (Lars Hederer ) C:\Users\Monica\Downloads\erunt-setup.exe
2014-07-03 10:26 - 2014-07-03 10:26 - 04500592 _____ (Systweak Inc ) C:\Users\Monica\Downloads\rcpa_03070225468304048.exe
2014-07-03 01:55 - 2014-07-03 01:56 - 00985600 _____ () C:\Users\Monica\Downloads\MicrosoftFixit50123(1).msi
2014-07-02 13:12 - 2014-07-02 13:12 - 00000000 _____ () C:\Users\Monica\AppData\Local\{D85759F7-3B77-4D17-8ACC-81FC2125C2C1}
2014-07-02 09:42 - 2014-07-02 09:42 - 00003694 _____ () C:\Windows\System32\Tasks\Adobe online update program
2014-07-02 09:42 - 2014-07-02 09:42 - 00003676 _____ () C:\Windows\System32\Tasks\HP online update program
2014-07-02 09:22 - 2014-07-02 09:22 - 00000000 ____D () C:\Users\Monica\AppData\Roaming\AVG
2014-07-02 09:22 - 2014-07-02 09:22 - 00000000 ____D () C:\Users\Monica\AppData\Local\AVG
2014-07-02 09:22 - 2014-04-24 22:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-07-02 09:22 - 2014-04-04 22:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-07-02 09:22 - 2014-04-04 22:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-07-02 09:21 - 2014-04-24 22:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-07-02 09:21 - 2014-03-26 10:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-07-02 09:21 - 2014-03-26 10:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-07-02 09:21 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-07-02 09:21 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-07-02 09:21 - 2014-03-26 10:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-07-02 09:21 - 2014-03-26 10:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-07-02 09:21 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-07-02 09:21 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-07-02 09:20 - 2014-06-08 05:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-02 09:20 - 2014-06-08 05:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-02 09:19 - 2014-05-23 22:48 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-02 09:19 - 2014-05-23 22:47 - 01366016 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-02 09:19 - 2014-05-23 22:46 - 02650112 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-02 09:19 - 2014-05-23 22:46 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-02 09:19 - 2014-05-23 22:46 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-02 09:19 - 2014-05-23 22:46 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-02 09:19 - 2014-05-23 22:46 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-02 09:19 - 2014-05-23 22:46 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-02 09:19 - 2014-05-23 22:46 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-02 09:19 - 2014-05-23 22:46 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-02 09:19 - 2014-05-23 22:45 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-02 09:19 - 2014-05-23 22:45 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-02 09:19 - 2014-05-23 22:45 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-02 09:19 - 2014-05-23 21:26 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-02 09:19 - 2014-05-23 21:26 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-02 09:19 - 2014-05-23 21:26 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-02 09:19 - 2014-05-23 21:26 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-02 09:19 - 2014-05-23 21:25 - 13731328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-02 09:19 - 2014-05-23 21:25 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-02 09:19 - 2014-05-23 21:25 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-02 09:19 - 2014-05-23 21:25 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-02 09:19 - 2014-05-23 21:25 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-02 09:19 - 2014-05-23 21:25 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-02 09:19 - 2014-05-23 21:25 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-02 09:19 - 2014-05-23 21:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-02 09:19 - 2014-05-23 21:09 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-02 09:19 - 2014-05-23 21:03 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-02 09:18 - 2014-05-23 22:47 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-02 09:18 - 2014-05-23 22:46 - 19290112 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-02 09:18 - 2014-05-23 22:46 - 15368704 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-02 09:18 - 2014-05-23 22:46 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-02 09:18 - 2014-05-23 22:46 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-07-02 09:18 - 2014-05-23 22:46 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-02 09:18 - 2014-05-23 21:26 - 14365696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-02 09:18 - 2014-05-23 21:26 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-02 09:18 - 2014-05-23 21:25 - 02862080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-02 09:18 - 2014-05-23 21:25 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-07-02 09:18 - 2014-05-23 21:25 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-07-02 09:18 - 2014-05-23 21:25 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-02 09:18 - 2014-05-23 20:13 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-07-02 09:18 - 2014-05-23 20:06 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-07-02 09:11 - 2014-07-02 09:41 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-07-02 09:11 - 2014-07-02 09:24 - 00000000 ____D () C:\ProgramData\AVG
2014-07-02 08:59 - 2014-07-02 09:00 - 77105064 _____ (AVG) C:\Users\Monica\Downloads\avg_tuh_stf_all_2014_489_24c28(1).exe
2014-07-02 08:58 - 2014-07-02 08:59 - 77105064 _____ (AVG) C:\Users\Monica\Downloads\avg_tuh_stf_all_2014_489_24c28.exe
2014-07-02 08:53 - 2014-07-02 08:53 - 00000000 ____D () C:\Users\Monica\AppData\Roaming\TuneUp Software

==================== One Month Modified Files and Folders =======

2014-07-05 06:06 - 2014-07-05 06:04 - 00021560 _____ () C:\Users\Monica\Desktop\FRST.txt
2014-07-05 06:05 - 2014-07-05 06:04 - 00000000 ____D () C:\FRST
2014-07-05 06:03 - 2014-07-05 06:03 - 02084352 _____ (Farbar) C:\Users\Monica\Desktop\FRST64.exe
2014-07-05 05:59 - 2012-01-19 04:01 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-05 05:56 - 2014-07-05 05:55 - 00003349 _____ () C:\Users\Monica\Desktop\JRT.txt
2014-07-05 05:33 - 2014-07-05 05:33 - 00000000 ____D () C:\Windows\ERUNT
2014-07-05 05:31 - 2014-07-05 05:31 - 01016261 _____ (Thisisu) C:\Users\Monica\Desktop\JRT.exe
2014-07-05 05:18 - 2010-11-20 04:46 - 01527729 _____ () C:\Windows\WindowsUpdate.log
2014-07-05 05:17 - 2009-07-14 00:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-05 05:17 - 2009-07-14 00:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-05 05:13 - 2011-03-20 10:27 - 00000000 ____D () C:\Windows\system32\Drivers\AVG
2014-07-05 05:09 - 2012-01-19 04:01 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-05 05:08 - 2013-05-02 16:56 - 00028404 _____ () C:\Windows\setupact.log
2014-07-05 05:08 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-04 13:33 - 2013-11-26 04:01 - 00453972 _____ () C:\Windows\IE11_main.log
2014-07-04 12:40 - 2014-07-04 12:40 - 00059570 _____ () C:\Users\Monica\Desktop\AdwCleaner[S0].txt
2014-07-04 12:21 - 2013-05-02 16:56 - 00251384 _____ () C:\Windows\PFRO.log
2014-07-04 12:18 - 2014-07-04 12:14 - 00000000 ____D () C:\AdwCleaner
2014-07-04 12:13 - 2014-07-04 12:12 - 00001493 _____ () C:\Users\Monica\Desktop\AdwCleaner - Shortcut.lnk
2014-07-04 12:12 - 2014-07-04 12:12 - 01346519 _____ () C:\Users\Monica\Downloads\AdwCleaner.exe
2014-07-04 12:01 - 2010-07-11 00:08 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-07-04 11:58 - 2009-07-14 01:13 - 00006832 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-04 11:44 - 2014-03-29 20:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-03 16:29 - 2014-07-03 16:50 - 00003092 _____ () C:\Users\Monica\Documents\attach.zip.zip
2014-07-03 16:29 - 2014-07-03 16:30 - 00003092 _____ () C:\Users\Monica\Documents\attach.zip
2014-07-03 16:29 - 2014-07-03 16:29 - 00003092 _____ () C:\Users\Monica\Desktop\attach.zip
2014-07-03 16:19 - 2014-07-03 16:19 - 00026505 _____ () C:\Users\Monica\Desktop\dds.txt
2014-07-03 16:19 - 2014-07-03 16:19 - 00007658 _____ () C:\Users\Monica\Desktop\attach.txt
2014-07-03 16:11 - 2014-07-03 16:11 - 00688992 ____R (Swearware) C:\Users\Monica\Downloads\dds.scr
2014-07-03 15:51 - 2014-07-03 15:51 - 00001162 _____ () C:\Users\Monica\Desktop\Live PC Help.lnk
2014-07-03 15:45 - 2014-07-03 15:10 - 00000000 ____D () C:\Windows\ERDNT
2014-07-03 15:41 - 2014-07-03 15:38 - 00003230 _____ () C:\Windows\System32\Tasks\Erunt Backup
2014-07-03 15:09 - 2014-07-03 15:09 - 00000928 _____ () C:\Users\Monica\Desktop\NTREGOPT.lnk
2014-07-03 15:09 - 2014-07-03 15:09 - 00000928 _____ () C:\Users\Guest\Desktop\NTREGOPT.lnk
2014-07-03 15:09 - 2014-07-03 15:09 - 00000909 _____ () C:\Users\Monica\Desktop\ERUNT.lnk
2014-07-03 15:09 - 2014-07-03 15:09 - 00000909 _____ () C:\Users\Guest\Desktop\ERUNT.lnk
2014-07-03 15:09 - 2014-07-03 15:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-07-03 15:09 - 2014-07-03 15:09 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-07-03 14:58 - 2014-07-03 14:58 - 00791393 _____ (Lars Hederer ) C:\Users\Monica\Downloads\erunt-setup.exe
2014-07-03 12:00 - 2012-04-03 18:20 - 00000000 ____D () C:\Users\Monica\AppData\Roaming\SoftGrid Client
2014-07-03 11:35 - 2011-03-20 10:26 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-07-03 10:26 - 2014-07-03 10:26 - 04500592 _____ (Systweak Inc ) C:\Users\Monica\Downloads\rcpa_03070225468304048.exe
2014-07-03 01:56 - 2014-07-03 01:55 - 00985600 _____ () C:\Users\Monica\Downloads\MicrosoftFixit50123(1).msi
2014-07-03 01:45 - 2014-05-07 03:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-03 01:43 - 2013-08-15 03:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-03 01:39 - 2011-09-12 19:56 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-02 15:02 - 2013-01-08 06:28 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-02 13:37 - 2014-05-03 13:15 - 00003192 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForMonica
2014-07-02 13:37 - 2014-05-03 13:15 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleForMonica.job
2014-07-02 13:31 - 2011-03-21 10:53 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-07-02 13:30 - 2012-02-06 20:07 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-07-02 13:12 - 2014-07-02 13:12 - 00000000 _____ () C:\Users\Monica\AppData\Local\{D85759F7-3B77-4D17-8ACC-81FC2125C2C1}
2014-07-02 09:42 - 2014-07-02 09:42 - 00003694 _____ () C:\Windows\System32\Tasks\Adobe online update program
2014-07-02 09:42 - 2014-07-02 09:42 - 00003676 _____ () C:\Windows\System32\Tasks\HP online update program
2014-07-02 09:41 - 2014-07-02 09:11 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-07-02 09:41 - 2014-01-28 13:33 - 00000000 ____D () C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
2014-07-02 09:41 - 2011-03-20 10:15 - 00000000 ____D () C:\Users\Monica\AppData\Roaming\hpqLog
2014-07-02 09:24 - 2014-07-02 09:11 - 00000000 ____D () C:\ProgramData\AVG
2014-07-02 09:22 - 2014-07-02 09:22 - 00000000 ____D () C:\Users\Monica\AppData\Roaming\AVG
2014-07-02 09:22 - 2014-07-02 09:22 - 00000000 ____D () C:\Users\Monica\AppData\Local\AVG
2014-07-02 09:02 - 2012-09-30 04:03 - 00096768 ___SH () C:\Users\Monica\Thumbs.db
2014-07-02 09:00 - 2014-07-02 08:59 - 77105064 _____ (AVG) C:\Users\Monica\Downloads\avg_tuh_stf_all_2014_489_24c28(1).exe
2014-07-02 08:59 - 2014-07-02 08:58 - 77105064 _____ (AVG) C:\Users\Monica\Downloads\avg_tuh_stf_all_2014_489_24c28.exe
2014-07-02 08:55 - 2012-01-19 04:01 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-07-02 08:54 - 2012-01-19 04:01 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-07-02 08:53 - 2014-07-02 08:53 - 00000000 ____D () C:\Users\Monica\AppData\Roaming\TuneUp Software
2014-07-02 08:52 - 2013-06-26 13:43 - 00003728 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2014-07-02 08:36 - 2012-08-06 21:15 - 00050464 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2014-06-08 05:13 - 2014-07-02 09:20 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 05:08 - 2014-07-02 09:20 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

Some content of TEMP:
====================
C:\Users\Monica\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Monica\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Monica\AppData\Local\Temp\Quarantine.exe
C:\Users\Monica\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Monica\AppData\Local\Temp\SDShelEx-x64.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-05-29 22:32

==================== End Of Log ============================

gin_jammer
2014-07-05, 13:19
Additions.txt follows:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-07-2014
Ran by Monica at 2014-07-05 06:08:00
Running from C:\Users\Monica\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG Anti-Virus Free Edition 2012 (Enabled - Up to date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AS: AVG Anti-Virus Free Edition 2012 (Enabled - Up to date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.7.700.224 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.7.700.224 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\{9ECF7817-DB11-4FBA-9DF1-296A578D513A}) (Version: 11.5.7.609 - Adobe Systems, Inc)
Advanced SystemCare 6 (HKLM-x32\...\Advanced SystemCare 6_is1) (Version: 6.1 - IObit)
AMD USB Filter Driver (x32 Version: 1.0.15.94 - Advanced Micro Devices, Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{ECD0D4B5-FFA9-6E1B-A08D-58E82EA5EEB9}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
AVG 2012 (HKLM\...\AVG) (Version: 2012.1.2247 - AVG Technologies)
AVG 2012 (Version: 12.0.3955 - AVG Technologies) Hidden
AVG 2012 (Version: 12.1.2247 - AVG Technologies) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2010.0617.855.14122 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0617.855.14122 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2010.0617.855.14122 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2010.0617.855.14122 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0617.855.14122 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0617.855.14122 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0617.855.14122 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0617.855.14122 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
CCC Help English (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
CCC Help French (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
CCC Help German (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0617.855.14122 - ATI) Hidden
ccc-utility64 (Version: 2010.0617.855.14122 - ATI) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CinemaNow Media Manager (HKLM-x32\...\{6C122441-1861-4CD7-B1C5-A163A6984E12}) (Version: 1.9.1.105 - CinemaNow, Inc.)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3003 - CyberLink Corp.)
CyberLink DVD Suite (x32 Version: 7.0.3003 - CyberLink Corp.) Hidden
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1616 - CyberLink Corp.)
CyberLink MediaShow (x32 Version: 5.0.1616 - CyberLink Corp.) Hidden
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.1.4217 - CyberLink Corp.)
CyberLink PowerDVD 9 (x32 Version: 9.0.1.4217 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2511 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.0.2511 - CyberLink Corp.) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
doPDF 7.3 printer (HKLM\...\doPDF 7 printer_is1) (Version: - Softland)
Dora's Carnival Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version: - Lars Hederer)
Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Game Booster 3 (HKLM-x32\...\Game Booster_is1) (Version: 3.4 - IObit)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.10262.3295 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{5E25081D-9CB4-4B17-AD2B-8DF2DC335E85}) (Version: 1.1.1.0 - Hewlett-Packard)
HP Game Console (x32 Version: - WildTangent) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.3 - WildTangent)
HP MediaSmart CinemaNow 2.0 (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.${CAB_VERSION} - HP Photo Creations Powered by RocketLife)
HP Photosmart Plus B210 series Basic Device Software (HKLM\...\{F4330A8B-3610-4483-975E-69789B70A764}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Photosmart Plus B210 series Help (HKLM-x32\...\{7F5FDEA1-D0AC-4D80-9D95-59775FCCFA40}) (Version: 140.0.54.54 - Hewlett Packard)
HP Photosmart Plus B210 series Product Improvement Study (HKLM\...\{7C1C9924-3755-483C-87B1-8371B7454B1A}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Power Manager (HKLM-x32\...\{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}) (Version: 1.0.3 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{EB58480C-0721-483C-B354-9D35A147999F}) (Version: 2.3.6 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{72D90DB3-A16A-4545-B555-868471101833}) (Version: 8.1.4186.3400 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{97174E88-52F9-445A-A28E-704A45332D19}) (Version: 4.0.108.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{B5FC1E1B-E70D-45F1-8E40-A3C30698B323}) (Version: 4.0.9.0 - Hewlett-Packard Company)
Jewel Quest 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2907 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2907 - CyberLink Corp.) Hidden
LG United Mobile Drivers (HKLM-x32\...\{5DB849D6-9392-4FB7-9ABB-87ED433152E5}) (Version: 3.8.1 - LG Electronics)
LightScribe System Software (HKLM-x32\...\{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}) (Version: 1.18.15.1 - LightScribe)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2000 Premium (HKLM-x32\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (HKLM-x32\...\Microsoft SQL Server 2008 R2) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (x32 Version: - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{2180B33F-3225-423E-BBC1-7798CFD3CD1F}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 RsFx Driver (x32 Version: 10.50.1600.1 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 R2 Setup (English) (HKLM-x32\...\{72DE3C67-FB48-450E-8BEA-4EB1B3B5355D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM-x32\...\{D441BD04-E548-4F8E-97A4-1B66135BAAA8}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server Browser (HKLM-x32\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden
Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
OpenOffice.org 3.3 (HKLM-x32\...\{3E171899-0175-47CC-84C4-562ACDD4C021}) (Version: 3.3.9567 - OpenOffice.org)
Orchid (HKLM-x32\...\{933A7B6C-34E3-4E88-9ACB-CC5D70489D97}) (Version: 6.000.279 - DaySmart Software)
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.6904 - CyberLink Corp.) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Privacy SafeGuard version 1.0 (HKLM\...\{B820C985-D9F1-45B5-A7F5-0C5863CBEA04}_is1) (Version: 1.0 - Privacy SafeGuard)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6122 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3023 - CyberLink Corp.) Hidden
Roxio CinemaNow 2.0 (x32 Version: 1.0.278 - Hewlett-Packard) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.11.9874 - Skype Technologies S.A.)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Smart Defrag 2 (HKLM-x32\...\Smart Defrag 2_is1) (Version: 2.5 - IObit)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SQL Server 2008 R2 Common Files (x32 Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Database Engine Services (x32 Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Database Engine Shared (x32 Version: 10.50.1600.1 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (x32 Version: 10.50.1600.1 - Microsoft Corporation) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.6.64 - Synaptics Incorporated)
Virtual Families (x32 Version: 2.2.0.95 - WildTangent) Hidden
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
WeatherBug (HKLM-x32\...\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}) (Version: 7.0.0.3 - AWS Convergence Technologies)
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Windows Live Call (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Mail (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Restore Points =========================

31-05-2014 07:00:18 Windows Update
03-06-2014 07:00:22 Windows Update
04-06-2014 07:00:13 Windows Update
02-07-2014 12:36:05 Windows Update
02-07-2014 13:14:40 Installed AVG PC TuneUp 2014
03-07-2014 05:26:52 Windows Update
03-07-2014 05:59:34 Installed Microsoft Fix it 50123
03-07-2014 06:01:56 Windows Update
03-07-2014 06:08:56 Windows Update
03-07-2014 06:15:49 Windows Update
03-07-2014 15:33:43 Removed AVG PC TuneUp 2014
03-07-2014 15:35:40 Removed AVG PC TuneUp 2014 (en-US)
03-07-2014 16:00:34 Windows Update
04-07-2014 12:43:40 Windows Update
04-07-2014 15:41:55 Removed IObit Apps Toolbar v7.0.
04-07-2014 17:29:17 Windows Update

==================== Hosts content: ==========================

2009-07-13 22:34 - 2014-02-08 19:58 - 00450712 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {0510D8C5-63C1-4BC7-81BD-1969AB1440A9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {1272CC37-D6AB-43CE-9683-732C4A6D5A95} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe
Task: {1ADBEFFB-ADC5-4079-8F48-6A7C7FF1D69D} - System32\Tasks\{406E166A-4E03-4485-99F9-4CD5C7B87BFF} => Firefox.exe http://ui.skype.com/ui/0/5.3.0.120.272/en/abandoninstall?page=tsDownload&amp;installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;disabled
Task: {25FDBE33-C9B4-4F26-894A-865955DC3A52} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN3BQ2V4BY05Y0 => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
Task: {42BCA4EE-6E9A-456A-87C9-60242A40968B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-19] (Google Inc.)
Task: {4FD04969-4513-4E63-8760-2C5A01B5212F} - System32\Tasks\HP online update program => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2010-06-09] (Hewlett-Packard)
Task: {58470E57-29F0-432E-AC55-90231ADD2B88} - System32\Tasks\{948F7E19-46F6-45EC-BB09-8ACD8BC769A4} => Firefox.exe http://ui.skype.com/ui/0/5.3.0.120.272/en/abandoninstall?page=tsMain&amp;installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;disabled
Task: {5BBFE450-EB66-42B7-80F2-2426FF1A4375} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {72AEAA64-E5C1-4C41-A84A-93AA6E6B18C9} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe
Task: {799221F9-3515-4D39-8779-C7441FBA773A} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe [2012-07-04] (IObit)
Task: {A50F99AF-5B5D-4D94-9B8B-9A7DF3EEB014} - System32\Tasks\HPCustParticipation HP Photosmart Plus B210 series => C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {A98A0B52-8DCD-4585-BB0B-2BFDCBD99909} - System32\Tasks\ASC6_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe [2013-01-15] (IObit)
Task: {AE941F56-4050-47D5-9A6B-DE3820C93CEB} - System32\Tasks\HPCeeScheduleForMonica => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {B74BBD67-F7F7-40F8-92EA-DD7502F252EB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {BB4FDCE7-7B26-4FDD-AE59-CA1BA31A3D76} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {C29E71B8-4B4B-4537-8A52-D8359F129C74} - System32\Tasks\Erunt Backup => C:\Program Files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20] ()
Task: {C7A0C837-064F-4EA5-A1FF-9B6D251C38C1} - \BitGuard No Task File <==== ATTENTION
Task: {CFCC50DE-E6D3-4A6A-9EA6-648069FC0E25} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
Task: {D91A4716-2E14-4F76-99A7-16697AEBDBCF} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {E42BF624-D230-47ED-8909-41091E4EA3F5} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {E5FEC68E-8436-4C81-9EB8-719E37D35B93} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-19] (Google Inc.)
Task: {F80A0BF8-F1EB-4846-9E08-F72D665238DA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2014-06-24] (Microsoft)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForMonica.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2013-08-30 04:40 - 2013-08-30 04:40 - 03233806 _____ () C:\Program Files (x86)\Tor\tor.exe
2010-06-10 20:42 - 2010-06-10 20:42 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-11-20 04:45 - 2010-11-20 04:45 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-06-18 19:26 - 2010-06-18 19:26 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll
2010-06-18 19:26 - 2010-06-18 19:26 - 00030264 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll
2010-06-18 19:26 - 2010-06-18 19:26 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
2013-03-13 14:21 - 2013-01-15 18:59 - 00161088 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCExtMenu_64.dll
2012-08-15 23:36 - 2011-08-19 16:33 - 00047960 _____ () C:\Program Files (x86)\IObit\Smart Defrag 2\NtfsData.dll
2010-05-19 14:05 - 2010-05-19 14:05 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2010-05-19 14:05 - 2010-05-19 14:05 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2010-05-19 14:05 - 2010-05-19 14:05 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2013-03-13 14:21 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 6\madExcept_.bpl
2013-03-13 14:21 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 6\madBasic_.bpl
2013-03-13 14:21 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 6\madDisAsm_.bpl
2011-01-17 16:19 - 2011-03-20 12:23 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2010-02-09 21:58 - 2010-02-09 21:58 - 00061440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2010-02-09 21:58 - 2010-02-09 21:58 - 00131072 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
2010-02-09 21:58 - 2010-02-09 21:58 - 00040960 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
2010-02-09 21:58 - 2010-02-09 21:58 - 00005632 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
2010-02-09 21:58 - 2010-02-09 21:58 - 00018944 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
2010-02-09 21:58 - 2010-02-09 21:58 - 00036864 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
2010-02-09 21:58 - 2010-02-09 21:58 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
2010-02-09 21:58 - 2010-02-09 21:58 - 00007680 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\Services: AERTFilters => 2
MSCONFIG\startupreg: DailyBibleGuide Browser Plugin Loader => C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\2vbrmon.exe
MSCONFIG\startupreg: DailyBibleGuide Browser Plugin Loader 64 => C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\2vbrmon64.exe
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Weather => C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2012-03-19 01:13:55.374
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\atiu9p64.dll because the set of per-page image hashes could not be found on the system.

Date: 2012-03-19 01:13:55.136
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\atiu9p64.dll because the set of per-page image hashes could not be found on the system.

Date: 2011-10-11 12:19:05.585
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\atiu9p64.dll because the set of per-page image hashes could not be found on the system.

Date: 2011-10-11 12:19:05.506
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\atiu9p64.dll because the set of per-page image hashes could not be found on the system.

Date: 2011-10-11 12:18:49.051
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\atiu9p64.dll because the set of per-page image hashes could not be found on the system.

Date: 2011-10-11 12:18:48.957
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\atiu9p64.dll because the set of per-page image hashes could not be found on the system.

Date: 2011-09-12 13:56:50.573
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\atiu9p64.dll because the set of per-page image hashes could not be found on the system.

Date: 2011-09-12 13:56:50.502
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\atiu9p64.dll because the set of per-page image hashes could not be found on the system.

Date: 2011-09-12 13:47:01.081
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\atiu9p64.dll because the set of per-page image hashes could not be found on the system.

Date: 2011-09-12 13:47:01.015
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\atiu9p64.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 48%
Total physical RAM: 2810.9 MB
Available physical RAM: 1456.98 MB
Total Pagefile: 5619.98 MB
Available Pagefile: 3546.13 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:280.45 GB) (Free:212.18 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:17.34 GB) (Free:2.5 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (May 01 2014) (CDROM) (Total:0.03 GB) (Free:0 GB) UDF
Drive f: (TOSHIBA) (Removable) (Total:7.44 GB) (Free:7.2 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 82337274)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=280 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=17 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7 GB) - (Type=0C)

==================== End Of Log ============================

Juliet
2014-07-05, 14:52
Did you have problems uninstalling IObit?

In the script I've created below we'll take out the program and remaining tidbits.

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)



start
Advanced SystemCare 6 (HKLM-x32\...\Advanced SystemCare 6_is1) (Version: 6.1 - IObit)
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
(IObit) C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
HKLM-x32\...\Run: [DailyBibleGuide EPM Support] => "C:\PROGRA~2\DAILYB~2\bar\1.bin\2vmedint.exe" T8EPMSUP.DLL,S
HKU\S-1-5-21-2318636694-3368949867-1376833035-1001\...\Run: [Advanced SystemCare 6] => C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe [491840 2013-01-15] (IObit)
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {9E4290B9-D0E4-4842-9DCF-DF38620489BB} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {9E4290B9-D0E4-4842-9DCF-DF38620489BB} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKCU - {9E4290B9-D0E4-4842-9DCF-DF38620489BB} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
BHO: Privacy Safeguard BHO - {1036AD63-AEAC-460B-9060-C96005D4DC86} - C:\Program Files\PrivacySafeGuard\PrivacySafeGuard-x64.dll (PrivaceySafeguard)
BHO-x32: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll (IObit)
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Monica\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd [2013-05-01]
CHR HKLM\...\Chrome\Extension: [geggofhlfbcmanadhknllmlajiafopoh] - C:\Program Files\PrivacySafeGuard\pschrome_im-c1_1_0.crx [2012-04-06]
CHR HKLM-x32\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASC_GhromePlugin.crx [2013-03-13]
R2 AdvancedSystemCareService6; C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [528192 2013-02-25] (IObit)
S2 DailyBibleGuideService; C:\PROGRA~2\DAILYB~2\bar\1.bin\2vbarsvc.exe [X]
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [17720 2010-11-26] ()
C:\Users\Monica\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Monica\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Monica\AppData\Local\Temp\Quarantine.exe
C:\Users\Monica\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Monica\AppData\Local\Temp\SDShelEx-x64.dll
Privacy SafeGuard version 1.0 (HKLM\...\{B820C985-D9F1-45B5-A7F5-0C5863CBEA04}_is1) (Version: 1.0 - Privacy SafeGuard)
Task: {799221F9-3515-4D39-8779-C7441FBA773A} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe [2012-07-04] (IObit)
Task: {A98A0B52-8DCD-4585-BB0B-2BFDCBD99909} - System32\Tasks\ASC6_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe [2013-01-15] (IObit)
Task: {C7A0C837-064F-4EA5-A1FF-9B6D251C38C1} - \BitGuard No Task File <==== ATTENTION
MSCONFIG\startupreg: DailyBibleGuide Browser Plugin Loader => C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\2vbrmon.exe
MSCONFIG\startupreg: DailyBibleGuide Browser Plugin Loader 64 => C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\2vbrmon64.exe
end

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system


*******

What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
Most reliable and thorough.
The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.


Go here (http://go.eset.com/us/online-scanner) to run an online scanner from ESET.

Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activeX control to install
Click Start Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
Wait for the scan to finish
When the scan completes, press the LIST OF THREATS FOUND button
Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
Include the contents of this report in your next reply.
Press the BACK button.
Press Finish


****

Please post
Fixlog.txt
Eset log

gin_jammer
2014-07-05, 21:22
I did not notice a problem when running Uninstall on IOBit

Fixlog.txt follows:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-07-2014
Ran by Monica at 2014-07-05 09:31:35 Run:1
Running from C:\Users\Monica\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
Advanced SystemCare 6 (HKLM-x32\...\Advanced SystemCare 6_is1) (Version: 6.1 - IObit)
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
(IObit) C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
HKLM-x32\...\Run: [DailyBibleGuide EPM Support] => "C:\PROGRA~2\DAILYB~2\bar\1.bin\2vmedint.exe" T8EPMSUP.DLL,S
HKU\S-1-5-21-2318636694-3368949867-1376833035-1001\...\Run: [Advanced SystemCare 6] => C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe [491840 2013-01-15] (IObit)
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {9E4290B9-D0E4-4842-9DCF-DF38620489BB} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {9E4290B9-D0E4-4842-9DCF-DF38620489BB} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKCU - {9E4290B9-D0E4-4842-9DCF-DF38620489BB} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
BHO: Privacy Safeguard BHO - {1036AD63-AEAC-460B-9060-C96005D4DC86} - C:\Program Files\PrivacySafeGuard\PrivacySafeGuard-x64.dll (PrivaceySafeguard)
BHO-x32: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll (IObit)
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Monica\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd [2013-05-01]
CHR HKLM\...\Chrome\Extension: [geggofhlfbcmanadhknllmlajiafopoh] - C:\Program Files\PrivacySafeGuard\pschrome_im-c1_1_0.crx [2012-04-06]
CHR HKLM-x32\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASC_GhromePlugin.crx [2013-03-13]
R2 AdvancedSystemCareService6; C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [528192 2013-02-25] (IObit)
S2 DailyBibleGuideService; C:\PROGRA~2\DAILYB~2\bar\1.bin\2vbarsvc.exe [X]
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [17720 2010-11-26] ()
C:\Users\Monica\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Monica\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Monica\AppData\Local\Temp\Quarantine.exe
C:\Users\Monica\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Monica\AppData\Local\Temp\SDShelEx-x64.dll
Privacy SafeGuard version 1.0 (HKLM\...\{B820C985-D9F1-45B5-A7F5-0C5863CBEA04}_is1) (Version: 1.0 - Privacy SafeGuard)
Task: {799221F9-3515-4D39-8779-C7441FBA773A} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe [2012-07-04] (IObit)
Task: {A98A0B52-8DCD-4585-BB0B-2BFDCBD99909} - System32\Tasks\ASC6_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe [2013-01-15] (IObit)
Task: {C7A0C837-064F-4EA5-A1FF-9B6D251C38C1} - \BitGuard No Task File <==== ATTENTION
MSCONFIG\startupreg: DailyBibleGuide Browser Plugin Loader => C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\2vbrmon.exe
MSCONFIG\startupreg: DailyBibleGuide Browser Plugin Loader 64 => C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\2vbrmon64.exe
end
*****************

[768] C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe => Process closed successfully.
[3520] C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe => Process closed successfully.
[4736] C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe => Process closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\DailyBibleGuide EPM Support => value deleted successfully.
HKU\S-1-5-21-2318636694-3368949867-1376833035-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Advanced SystemCare 6 => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}' => Key deleted successfully.
'HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9E4290B9-D0E4-4842-9DCF-DF38620489BB}' => Key deleted successfully.
'HKCR\CLSID\{9E4290B9-D0E4-4842-9DCF-DF38620489BB}'=> Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9E4290B9-D0E4-4842-9DCF-DF38620489BB}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{9E4290B9-D0E4-4842-9DCF-DF38620489BB}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9E4290B9-D0E4-4842-9DCF-DF38620489BB}' => Key deleted successfully.
'HKCR\CLSID\{9E4290B9-D0E4-4842-9DCF-DF38620489BB}'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1036AD63-AEAC-460B-9060-C96005D4DC86}' => Key deleted successfully.
'HKCR\CLSID\{1036AD63-AEAC-460B-9060-C96005D4DC86}' => Key deleted successfully.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}' => Key deleted successfully.
C:\Users\Monica\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd => Moved successfully.
'HKLM\SOFTWARE\Google\Chrome\Extensions\geggofhlfbcmanadhknllmlajiafopoh' => Key deleted successfully.
C:\Program Files\PrivacySafeGuard\pschrome_im-c1_1_0.crx => Moved successfully.
'HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd' => Key deleted successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASC_GhromePlugin.crx => Moved successfully.
AdvancedSystemCareService6 => Service deleted successfully.
DailyBibleGuideService => Service deleted successfully.
SmartDefragDriver => Service stopped successfully.
SmartDefragDriver => Service deleted successfully.
C:\Users\Monica\AppData\Local\Temp\DseShExt-x64.dll => Moved successfully.
C:\Users\Monica\AppData\Local\Temp\DseShExt-x86.dll => Moved successfully.
C:\Users\Monica\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Monica\AppData\Local\Temp\SDShelEx-win32.dll => Moved successfully.
C:\Users\Monica\AppData\Local\Temp\SDShelEx-x64.dll => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{799221F9-3515-4D39-8779-C7441FBA773A}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{799221F9-3515-4D39-8779-C7441FBA773A}' => Key deleted successfully.
C:\Windows\System32\Tasks\SmartDefrag_Startup => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartDefrag_Startup' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A98A0B52-8DCD-4585-BB0B-2BFDCBD99909}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A98A0B52-8DCD-4585-BB0B-2BFDCBD99909}' => Key deleted successfully.
C:\Windows\System32\Tasks\ASC6_PerformanceMonitor => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC6_PerformanceMonitor' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C7A0C837-064F-4EA5-A1FF-9B6D251C38C1}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C7A0C837-064F-4EA5-A1FF-9B6D251C38C1}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BitGuard' => Key deleted successfully.

==== End of Fixlog ====


ESETSCAN.txt follows:

C:\$Recycle.Bin\S-1-5-21-2318636694-3368949867-1376833035-1001\$R1976BU.nik\zzNikki.decor\adobepho5-setup.exe Win32/InstallMonetizer.AN potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Search Toolbar\SearchToolbar.dll.vir Win32/Toolbar.Zugo potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Search Toolbar\SearchToolbarUpdater.exe.vir Win32/Toolbar.Zugo potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\DnsBHO.dll.vir Win32/Toolbar.SearchSuite.R potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll.vir a variant of Win32/Toolbar.SearchSuite potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\datamngr.dll.vir a variant of Win64/Toolbar.SearchSuite.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\IEBHO.dll.vir a variant of Win64/Toolbar.SearchSuite.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\q6tbbkv9.default\Extensions\{6ec74131-08b2-4f67-a9bc-5914ef1edb97}\ctypes\FirefoxCtype.dll.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\q6tbbkv9.default\Extensions\{6ec74131-08b2-4f67-a9bc-5914ef1edb97}\Plugins\npFirefoxPlugin.dll.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\Program Files (x86)\IObit\Advanced SystemCare 5\asc6_setup_v5tov6-0306.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application
C:\Program Files (x86)\IObit\Advanced SystemCare 6\Toolbar\iobitappsToolbar-stub-1.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application
C:\ProgramData\Spybot - Search & Destroy\Recovery\WinDownloadergen.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\WinDownloadergen.zip Win32/Bagle.gen.zip worm
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KH77HJT4\18[1].7z a variant of Win32/bProtector.B potentially unwanted application
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KKDICAZF\pack[1].7z Win32/bProtector.F potentially unwanted application
C:\Users\Monica\AppData\Local\Mozilla\Firefox\Profiles\q6tbbkv9.default\Cache\5\7D\CEFC5d01 a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\Users\Monica\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\206c5a96-4533b3cc a variant of Java/Exploit.CVE-2012-5076.W trojan
C:\Users\Monica\Desktop\defragsetup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application
C:\Users\Monica\Downloads\flvmplayer.exe MSIL/Solimba.H potentially unwanted application
C:\Users\Monica\Downloads\GraboidVideoSetup-2.2-Complete.exe Win32/Graboid potentially unsafe application
C:\Users\Monica\Downloads\movie_player_1280.exe a variant of Win32/InstallIQ.A potentially unwanted application
C:\Users\Monica\Downloads\Setup_TSV14UVS7.exe Win32/Toolbar.Conduit.AE potentially unwanted application
C:\Users\Monica\Downloads\Setup_TSV25B20E.exe Win32/Toolbar.Conduit.AE potentially unwanted application
C:\Users\Monica\Downloads\Setup_TSV35A2K9.exe Win32/Toolbar.Conduit.AE potentially unwanted application
C:\Users\Monica\Downloads\Setup_TSV35A2NX.exe Win32/Toolbar.Conduit.AE potentially unwanted application

Juliet
2014-07-05, 22:21
For items located in the recovery folder of Spybot, open Spybot and go to the Recovery Folder and you can empty it all out.
****


Please locate the fixlist.txt we created earlier, right click on that and select delete, we'll proceed with a new one.



Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)



start
C:\$Recycle.Bin\S-1-5-21-2318636694-3368949867-1376833035-1001\$R1976BU.nik\zzNikki.decor\adobepho5-setup.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 5\asc6_setup_v5tov6-0306.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 6\Toolbar\iobitappsToolbar-stub-1.exe
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KH77HJT4\18[1].7z
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KKDICAZF\pack[1].7z
C:\Users\Monica\AppData\Local\Mozilla\Firefox\Profiles\q6tbbkv9.default\Cache\5\7D\CEFC5d01
C:\Users\Monica\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\206c5a96-4533b3cc
C:\Users\Monica\Desktop\defragsetup.exe
C:\Users\Monica\Downloads\flvmplayer.exe
C:\Users\Monica\Downloads\GraboidVideoSetup-2.2-Complete.exe
C:\Users\Monica\Downloads\movie_player_1280.exe
C:\Users\Monica\Downloads\Setup_TSV14UVS7.exe
C:\Users\Monica\Downloads\Setup_TSV25B20E.exe
C:\Users\Monica\Downloads\Setup_TSV35A2NX.exe
end

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


Please post this log when finished.

How is your computer now?

gin_jammer
2014-07-06, 02:35
I have a file named "Fixlog.txt" on Desktop. Is that the file you mean? I have no "fixlist.txt." :confused:

Juliet
2014-07-06, 05:36
Fixlog.txt<-- this should be the 1st one we created, you can open it and make sure.

Then download the new one to desktop and run FRST.

gin_jammer
2014-07-06, 12:03
Before running FRST64, I ran a scan with S&D. It found nothing :D:

fixlist.txt follows:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-07-2014
Ran by Monica at 2014-07-06 04:59:36 Run:2
Running from C:\Users\Monica\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
C:\$Recycle.Bin\S-1-5-21-2318636694-3368949867-1376833035-1001\$R1976BU.nik\zzNikki.decor\adobepho5-setup.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 5\asc6_setup_v5tov6-0306.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 6\Toolbar\iobitappsToolbar-stub-1.exe
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KH77HJT4\18[1].7z
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KKDICAZF\pack[1].7z
C:\Users\Monica\AppData\Local\Mozilla\Firefox\Profiles\q6tbbkv9.default\Cache\5\7D\CEFC5d01
C:\Users\Monica\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\206c5a96-4533b3cc
C:\Users\Monica\Desktop\defragsetup.exe
C:\Users\Monica\Downloads\flvmplayer.exe
C:\Users\Monica\Downloads\GraboidVideoSetup-2.2-Complete.exe
C:\Users\Monica\Downloads\movie_player_1280.exe
C:\Users\Monica\Downloads\Setup_TSV14UVS7.exe
C:\Users\Monica\Downloads\Setup_TSV25B20E.exe
C:\Users\Monica\Downloads\Setup_TSV35A2NX.exe
end
*****************

C:\$Recycle.Bin\S-1-5-21-2318636694-3368949867-1376833035-1001\$R1976BU.nik\zzNikki.decor\adobepho5-setup.exe => Moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 5\asc6_setup_v5tov6-0306.exe => Moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 6\Toolbar\iobitappsToolbar-stub-1.exe => Moved successfully.
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KH77HJT4\18[1].7z => Moved successfully.
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KKDICAZF\pack[1].7z => Moved successfully.
C:\Users\Monica\AppData\Local\Mozilla\Firefox\Profiles\q6tbbkv9.default\Cache\5\7D\CEFC5d01 => Moved successfully.
C:\Users\Monica\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\206c5a96-4533b3cc => Moved successfully.
C:\Users\Monica\Desktop\defragsetup.exe => Moved successfully.
C:\Users\Monica\Downloads\flvmplayer.exe => Moved successfully.
C:\Users\Monica\Downloads\GraboidVideoSetup-2.2-Complete.exe => Moved successfully.
C:\Users\Monica\Downloads\movie_player_1280.exe => Moved successfully.
C:\Users\Monica\Downloads\Setup_TSV14UVS7.exe => Moved successfully.
C:\Users\Monica\Downloads\Setup_TSV25B20E.exe => Moved successfully.
C:\Users\Monica\Downloads\Setup_TSV35A2NX.exe => Moved successfully.

==== End of Fixlog ====

gin_jammer
2014-07-06, 13:37
After running FRST64 and posting, I ran S&D again. This time it found a problem, which it was able to remove. Maybe Security is set too low. This is a borrowed laptop that I'm using while mine is in the hospital, so I'm not only somewhat unfamiliar with it but also reluctant to change too much.

Juliet
2014-07-06, 14:43
After running FRST64 and posting, I ran S&D again. This time it found a problem, which it was able to remove. Maybe Security is set too low. This is a borrowed laptop that I'm using while mine is in the hospital, so I'm not only somewhat unfamiliar with it but also reluctant to change too much.

Sometimes it's actually a minor issue but, when people don't know what it is it kinda gets under their skin so to speak.
Can you post any information as to what it was?

Is performance better now?

gin_jammer
2014-07-06, 18:29
I should have written down the booger's name. It was something with "click" in its name that I don't remember seeing before. Anyway, S&D wiped it out with no problem and it hasn't returned. The laptop seems to boot up quicker now. Am I happy? Yes, but I want my own laptop back.

gin_jammer
2014-07-06, 18:31
Are you deeper in the south than Florida?

Juliet
2014-07-06, 20:19
I should have written down the booger's name. It was something with "click" in its name that I don't remember seeing before. Anyway, S&D wiped it out with no problem and it hasn't returned. The laptop seems to boot up quicker now. Am I happy? Yes, but I want my own laptop back.
I couldn't handle not having my Laptop.....I'd pull my hair out I think.
Glad to hear everything is running smoothly again.

We'll concentrate now on removing the tools we used along with their quarantine folders.


gin_jammer

Are you deeper in the south than Florida?


Nope, I proudly live in the state of Tennessee, some call us hillbilly's. :)

**********


Download Delfix from here (http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/9-delfix)
Ensure Remove disinfection tools is ticked
Also tick:
Create registry backup
Purge system restore
http://www.hdrcgb.org.uk/g2g/delfix.jpg

Click Run




Any other tools and files found can simply be deleted or uninstall via Add/Remove Programs in the Control Panel etc.



*******

Your good to go, good job!

Please take the time to read over a few of my preventive tips.

Computer Security
http://malwareremoval.com/forum/viewtopic.php?p=557960#p557960
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Be prepared for CryptoLocker:

Cryptolocker Ransomware: What You Need To Know (http://blog.malwarebytes.org/intelligence/2013/10/cryptolocker-ransomware-what-you-need-to-know/#)

CryptoLocker Ransomware Information Guide and FAQ (http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information)

to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent (http://www.foolishit.com/vb6-projects/cryptoprevent/) install this programme to lock down and prevent crypto ransome ware

https://dl.dropboxusercontent.com/u/73555776/CryptoPrevent.JPG

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Please navigate to Microsoft Windows Updates (http://update.microsoft.com/windowsupdate/v6/default.aspx?ln=en-us) and download all the "Critical Updates" for Windows.


Firefox 3 (http://www.mozilla.com/en-US/firefox/)
The award-winning Web browser is now faster, more secure, and fully customizable to your online life. With Firefox 3, added powerful new features that make your online experience even better. It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.
*NoScript (http://www.noscript.net) - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points.

AdblockPlus

AdblockPlus, Surf the web without annoying ads!
Blocks banners, pop-ups and video ads - even on Facebook and YouTube
Protects your online privacy
Two-click installation, It's free!
click the icon that corresponds to your browser and download.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
WOT (http://www.mywot.com/) Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.

Green should be good to go
Yellow for caution
Red to stop
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~~~~~~~~~~~~~~~~~~~~~~~~~~
How to prevent Malware: Created by Miekiemoes (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html)


WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article (http://www.forbes.com/sites/eliseackerman/2013/01/11/us-department-of-homeland-security-calls-on-computer-users-to-disable-java/
and this article (http://www.nbcnews.com/technology/technolog/us-warns-java-software-security-concerns-escalate-1B7938755

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser (http://www.geekstogo.com/2600/how-to-disable-java-in-your-web-browser/) and How to unplug Java from the browser (http://krebsonsecurity.com/how-to-unplug-java-from-the-browser/ (null))


Avoid P2P

P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter (http://www.fbi.gov/cyberinvest/cyberedletter.htm)
USAToday (http://www.usatoday.com/tech/columnist/kimkomando/2006-04-13-file-sharing-woes_x.htm)
infoworld (http://www.infoworld.com/article/07/09/06/Seattle-man-arrested-for-p-to-p-ID-theft_1.html)

*********************************************
Please read the following safe computing articles..

Secure My Computer: A Layered Approach (http://www.dslreports.com/faq/8463)


Free Antivirus-AntiSpyware-Firewall Software (http://www.geekstogo.com/forum/Free-Antivirus-Antispyware-Software-t38.html)

Keep a backup of your important files (http://www.geekstogo.com/2008/06/19/options-for-home-computer-data-backup-part-1/) - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.



It is possible for other programs on your computer to have security vulnerability that can allow malware to infect you.
Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities.
You can check these by visiting Secunia Software Inspector (http://secunia.com/software_inspector) or you can use the following application for this purpose PatchMyPC (http://www.patchmypc.net/)

gin_jammer
2014-07-06, 20:21
Okay, it seems I spoke too soon. I ran S&D just now while I had lunch and it found "CasaleMedia" (5 entries Browser) and "DoubleClick" (2 entries Browser). S&D was able to fix all 7 Cookies. I'm fairly certain "DoubleClick" was the problem I mentioned a little earlier, so it is evidently going to be a persistent pest. :fear: Any suggestions?

Juliet
2014-07-06, 20:45
Cookies come from your browser, not all are malicious.

You can keep your browser cleaner by following:

How to clear the Firefox cache
https://support.mozilla.org/en-US/kb/how-clear-firefox-cache

Delete your cache and other browser data GoogleChrome
https://support.google.com/chrome/answer/95582?hl=en

How to delete cookie files in Internet Explorer
http://windows.microsoft.com/en-us/internet-explorer/delete-manage-cookies#ie=ie-11


Please Run TFC by OldTimer to clear temporary files:

Download TFC from here http://oldtimer.geekstogo.com/TFC.exe
and save it to your desktop.

Close any open programs and Internet browsers.
Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
Please be patient as clearing out temp files may take a while.
Once it completes you may be prompted to restart your computer, please do so.
Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

gin_jammer
2014-07-06, 22:14
Will do! :thanks: