Can A Malware that Keeps coming back be removed for good?

[gigglepot]

Hello, first time poster here, I keep getting the same malware (I think this is what it's called.....I'm such a newbie!) on my computer. Some of the stuff I've seen just pop up in my browser. I get these little green circles with a line through it, prompting me to click on it (I don't, I just hover and it tells me it's from SmartShopping.com). I get barowwsoe2Save, BestSaveForYou and CasaleMedia (I copied them down exactly as I saw them). I then ran Spybot and it detected the barowwsoe2Save and got rid of it. Then I went to my browser options and removed the BestSaveForYou extension. All seems well!

Except the problem is, every week it all comes back again. I've kept the kids off the internet for a week to see if perhaps they are the ones that keep installing this stuff, but no. Every Tuesday I see the same things come up. Then I remove them all, all is well for a week, and then the cycle continues. What am I doing wrong? Is it possible that these things are set up to repeat every week? Or is that just crazy? It's just too much of a coincidence.

Would it help to just uninstall Firefox and reinstall it? Would that make all of this go away? I've been using Spybot for years and never once needed to even go on the forums (thankfully :o)), so I'm not sure where to start really. Should I contact Firefox?

Thank you for reading,
Gigglepot

--------------------------------------

Admin Edit- Forum FAQ, for all users surfing in here:
"BEFORE You POST"(Please read this Procedure Before Requesting Assistance"
http://forums.spybot.info/showthread.php?t=288

[OCD]

Hi gigglepot,

My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

• I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
• The fixes are specific to your problem and should only be used for the issues on this machine.
• Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
• It's often worth reading through these instructions and printing them for ease of reference.
• If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
• Please reply to this thread. Do not start a new topic.
• Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Please stay with this topic until I let you know that your system appears to be "All Clear"

Important: All tools MUST be run from the Desktop.

=========================

Security Check

Download Security Check by screen317 from here or here.

• Save it to your Desktop.
  
  • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=========================

aswMBR

Download aswMBR.exe and save it to your desktop.

• • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
• When asked if you want to download Avast's virus definitions please select Yes.
• Click Scan
• Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
• You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

=========================

Download Farbar Recovery Scan Tool and save to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click and select "Run as Administrator" to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply

=========================

In your next post please provide the following:

• checkup.txt
• aswMBR.txt
• attach MBR.zip
• FRST.txt
• Addition.txt

[gigglepot]

Hi OCD,
Thank you for responding to my request! I just wanted to ask one thing before I proceed with all your steps below......is it ok to follow your steps AFTER I've already deleted the extension in Firefox and have already run a Spybot scan, which seems to have fixed everything for now? Or should I wait until next Tuesday (the day this seems to occur again) when it will probably all come back again?

[OCD]

Hi gigglepot,

Yes, it is alright to run these scans now. Although you did remove the FF extension, there are other parts of this infection on your computer that are probably not removed by just merely removing the extension causing the issue to reappear.

[gigglepot]

Here is the checkup.txt file:

Results of screen317's Security Check version 0.99.83
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
JavaFX 2.1.1
Java 7 Update 55
Adobe Flash Player 13.0.0.214
Adobe Reader 10.1.10 Adobe Reader out of Date!
Mozilla Firefox (29.0.1)
Google Chrome 34.0.1847.116
Google Chrome 34.0.1847.131
Google Chrome plugins...
````````Process Check: objlist.exe by Laurent````````
Spybot Teatimer.exe is disabled!
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

[gigglepot]

Hello, I'm running the aswMBR scan now.....how do I know when it is complete? The time on the left stopped moving (about 17 minutes in) but the "Scan" button is not highlighted yet so I didn't know when I should hit Save Log. Should it say "scan complete" or something like that?

[OCD]

Hi gigglepot,

I'm running the aswMBR scan now.....how do I know when it is complete? The time on the left stopped moving (about 17 minutes in) but the "Scan" button is not highlighted yet so I didn't know when I should hit Save Log. Should it say "scan complete" or something like that?

Please let the scan run, it may take awhile. If the scan button is grayed out it is still scanning. At the bottom of the interface window it will state "Scan Finished Successfully" when it is done. If it seems to have gotten hung up, click the Save Log button and post the log it provides. If it should be incomplete, we can run a different scanner to get the complete results.

Then just continue with the remainder of the steps.

[gigglepot]

Here is the aswMBR.txt. Just to let you know, the "Scan" button never did come back, it stayed greyed out, but because it said "Scan finished successfully", I hit Save Log and posted the results. Hope I did it right!

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-06-05 07:17:17
-----------------------------
07:17:17.305 OS Version: Windows x64 6.1.7601 Service Pack 1
07:17:17.305 Number of processors: 2 586 0x603
07:17:17.308 ComputerName: OWNER-HP UserName: Owner
07:17:21.219 Initialize success
07:17:24.997 AVAST engine defs: 14060500
07:18:01.716 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005a
07:18:01.732 Disk 0 Vendor: Hitachi_ JP3O Size: 715404MB BusType: 11
07:18:01.825 Disk 0 MBR read successfully
07:18:01.825 Disk 0 MBR scan
07:18:01.841 Disk 0 unknown MBR code
07:18:01.841 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
07:18:01.856 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 702969 MB offset 206848
07:18:01.903 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12333 MB offset 1439887360
07:18:01.950 Disk 0 scanning C:\Windows\system32\drivers
07:18:10.655 Service scanning
07:18:30.749 Modules scanning
07:18:30.749 Disk 0 trace - called modules:
07:18:30.780 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
07:18:30.780 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80031e4060]
07:18:30.795 3 CLASSPNP.SYS[fffff8800194343f] -> nt!IofCallDriver -> [0xfffffa8003186040]
07:18:30.795 5 amd_xata.sys[fffff8800109a8b4] -> nt!IofCallDriver -> \Device\0000005a[0xfffffa8002d13820]
07:18:32.730 AVAST engine scan C:\Windows
07:18:37.004 AVAST engine scan C:\Windows\system32
07:21:20.838 AVAST engine scan C:\Windows\system32\drivers
07:21:33.006 AVAST engine scan C:\Users\Owner
08:32:21.654 AVAST engine scan C:\ProgramData
08:35:32.179 Scan finished successfully
09:38:50.943 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
09:38:50.943 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"

[gigglepot]

Here is the MBR.zip file. Please let me know if I didn't do this correctly.

[gigglepot]

Here is the FRST.txt file.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014
Ran by Owner (administrator) on OWNER-HP on 05-06-2014 09:48:42
Running from C:\Users\Owner\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/down...an-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/down...an-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Saitek) C:\Program Files\SmartTechnology\Software\ProfilerU.exe
(Saitek) C:\Program Files\SmartTechnology\Software\SaiMfd.exe
(Akamai Technologies, Inc.) C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
(Pelmorex Media Inc.) C:\Users\Owner\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe
(Oberon Media ) C:\Program Files (x86)\GamesBar\update\SearchEngineProtection.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe
(PowerISO Computing, Inc.) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Discordia, LTD) C:\Program Files (x86)\Shareaza Applications\MediaBar\Datamngr\datamngrUI.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(AVAST Software) C:\Users\Owner\Desktop\aswMBR.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ProfilerU] => C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2013-04-16] (Saitek)
HKLM\...\Run: [SaiMfd] => C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2013-04-16] (Saitek)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-05-06] (PDF Complete Inc)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [180224 2010-04-12] (PowerISO Computing, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DATAMNGR] => C:\Program Files (x86)\Shareaza Applications\MediaBar\Datamngr\datamngrUI.exe [1693120 2012-03-14] (Discordia, LTD)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-27] (Microsoft Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [380088 2012-07-27] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-14] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3888648 2014-05-23] (AVAST Software)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKU\S-1-5-21-179166284-1700762968-3849658672-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-179166284-1700762968-3849658672-1000\...\Run: [WeatherEye] => C:\Users\Owner\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe [309104 2010-09-21] (Pelmorex Media Inc.)
HKU\S-1-5-21-179166284-1700762968-3849658672-1000\...\Run: [SearchEngineProtection] => C:\Program Files (x86)\GamesBar\update\SearchEngineProtection.exe [620480 2013-02-17] (Oberon Media )
HKU\S-1-5-21-179166284-1700762968-3849658672-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564992 2014-02-14] (Samsung)
HKU\S-1-5-21-179166284-1700762968-3849658672-1000\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-07-17] (Samsung Electronics)
HKU\S-1-5-21-179166284-1700762968-3849658672-1000\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-02-14] (Samsung)
HKU\S-1-5-21-179166284-1700762968-3849658672-1000\...\Run: [TBHostSupport] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Owner\AppData\Local\TBHostSupport\TBHostSupport.dll",DLLRunTBHostSupportPlugin <===== ATTENTION
HKU\S-1-5-21-179166284-1700762968-3849658672-1000\...\MountPoints2: F - F:\DisneySplash.exe
HKU\S-1-5-21-179166284-1700762968-3849658672-1000\...\MountPoints2: {8eb2cc2f-4e99-11e0-8f4f-806e6f6e6963} - E:\Launcher.exe
AppInit_DLLs: C:\PROGRA~2\SHAREA~1\MediaBar\Datamngr\x64\datamngr.dll => C:\Program Files (x86)\Shareaza Applications\MediaBar\Datamngr\x64\datamngr.dll [1778584 2012-03-14] (Discordia, LTD)
AppInit_DLLs: C:\PROGRA~2\SHAREA~1\MediaBar\Datamngr\x64\IEBHO.dll => C:\Program Files (x86)\Shareaza Applications\MediaBar\Datamngr\x64\IEBHO.dll [1791384 2012-03-14] (Discordia, LTD)
AppInit_DLLs: C:\PROGRA~2\SW-BOO~1\ASSIST~2.DLL => C:\Program Files (x86)\SW-Booster\Assistant_x64.dll [4210176 2014-05-12] ()
AppInit_DLLs-x32: c:\progra~2\sharea~1\mediabar\datamngr\datamngr.dll => C:\Program Files (x86)\Shareaza Applications\MediaBar\Datamngr\datamngr.dll [1234880 2012-03-14] (Discordia, LTD)
AppInit_DLLs-x32: c:\progra~2\sharea~1\mediabar\datamngr\iebho.dll => C:\Program Files (x86)\Shareaza Applications\MediaBar\Datamngr\IEBHO.dll [1233816 2012-03-14] (Discordia, LTD)
AppInit_DLLs-x32: ,c:\progra~2\citrix\icacli~1\rshook.dll => C:\Program Files (x86)\Citrix\ICA Client\RSHook.dll [257208 2012-07-27] (Citrix Systems, Inc.)
AppInit_DLLs-x32: c:\progra~2\sw-boo~1\assist~1.dll => "c:\progra~2\sw-boo~1\assist~1.dll" File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe (Leader Technologies)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe (Leader Technologies)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ca.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://ca.yahoo.com?fr=hp-avast&type=avastbcl
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB1FF8B4D93E0CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://ca.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://ca.yahoo.com?fr=hp-avast&type=avastbcl
URLSearchHook: HKLM-x32 - (No Name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
URLSearchHook: HKLM-x32 - (No Name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No File
URLSearchHook: HKCU - (No Name) - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=110&systemid=102&apn_dtid=BND102&apn_ptnrs=AG7&o=APN10646&apn_uid=0225276324554132&q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchTerms}&l=dis&o=CPDTDF
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=110&systemid=102&apn_dtid=BND102&apn_ptnrs=AG7&o=APN10646&apn_uid=0225276324554132&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD23} URL = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=3&sr=0&q={searchTerms}
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/706-111074-26712-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKLM-x32 - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = http://ca.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchTerms}&l=dis&o=CPDTDF
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=110&systemid=102&apn_dtid=BND102&apn_ptnrs=AG7&o=APN10646&apn_uid=0225276324554132&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD23} URL = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=3&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = http://ca.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF
SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.eazytosearch.info/?l=1&q={searchTerms}&pid=724&r=2014/05/12&hid=17791081079239329585&lg=EN&cc=CA
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/706-111074-26712-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKCU - DefaultScope {EC1B0DA3-6867-45AE-80BB-F8666CF8B271} URL = http://www.metacrawler.com/search/web?q={searchTerms}
SearchScopes: HKCU - {190EAB21-2083-42D6-83C7-DDE3C907E5C7} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}
SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = http://ca.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
SearchScopes: HKCU - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL =
SearchScopes: HKCU - {EC1B0DA3-6867-45AE-80BB-F8666CF8B271} URL = http://www.metacrawler.com/search/web?q={searchTerms}
BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - No File
BHO-x32: No Name - {0EEDB912-C5FA-486F-8334-57288578C627} - No File
BHO-x32: No Name - {11111111-1111-1111-1111-110011441193} - No File
BHO-x32: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: ExsttraSSaevinags - {2C236565-050C-9586-76E0-621F60838C79} - C:\ProgramData\ExsttraSSaevinags\1qC.dll ()
BHO-x32: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: No Name - {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - No File
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No File
BHO-x32: No Name - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
BHO-x32: No Name - {d48c9ead-f59f-4dea-ac97-7065fea79f42} - No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - No Name - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
Toolbar: HKLM-x32 - Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - No Name - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No File
Toolbar: HKLM-x32 - No Name - {A531D99C-5A22-449b-83DA-872725C6D0ED} - No File
Toolbar: HKLM-x32 - No Name - {d48c9ead-f59f-4dea-ac97-7065fea79f42} - No File
Toolbar: HKLM-x32 - No Name - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - No File
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - No Name - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
DPF: HKLM-x32 {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Plants%20vs.%20Zombies/Images/stg_drm.ocx
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://www.photolab.ca/upload/active...eX_Control.cab
DPF: HKLM-x32 {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/Plants%20vs.%20Zombies/Images/armhelper.ocx
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mwu17sic.default
FF NewTab: www.kijiji.ca
FF DefaultSearchEngine: Yahoo!
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "WebSearch");: user_pref("browser.search.order.1,S", "WebSearch");
FF SelectedSearchEngine: Yahoo!
FF Homepage: hxxp://calgary.kijiji.ca/
FF Keyword.URL: hxxp://ca.yhs4.search.yahoo.com/yhs/search
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Citrix.com/npican - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @nsroblox.roblox.com/launcher - C:\Users\Owner\AppData\Local\Roblox\Versions\version-e4be089b108348a6\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mwu17sic.default\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mwu17sic.default\searchplugins\metacrawler-search.xml
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mwu17sic.default\searchplugins\metacrawler.xml
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mwu17sic.default\searchplugins\yahoo-avast.xml
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mwu17sic.default\searchplugins\yahoo_ff.xml
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-05-15]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-05-15]

Chrome:
=======
CHR HomePage: https://ca.yahoo.com?fr=hp-avast&type=avastbcl
CHR RestoreOnStartup: "https://ca.yahoo.com?fr=hp-avast&type=avastbcl"
CHR StartupUrls: "https://ca.yahoo.com?fr=hp-avast&type=avastbcl"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Citrix ICA Client) - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR Plugin: (Windows Live? Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Roblox Launcher Plugin) - C:\Users\Owner\AppData\Local\Roblox\Versions\version-1a23fdbca04d4954\\NPRobloxProxy.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-06-29]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-16]
CHR Extension: (save neT) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\enekehjgaaanjlpmlbcipoigpncjejlp [2014-05-12]
CHR Extension: (MixiDJ V45) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\iehjklkgijkjfcfmmjmjlmcccholamaf [2013-08-13]
CHR Extension: (RobOSaveer) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmamejgjjfphnlodkkomcaicecpcdhm [2014-05-19]
CHR Extension: (NNextCoUp) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\llenmfobpkcbohomijckfhhehblnlilb [2014-05-22]
CHR Extension: (DealExpreesSe) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmeaffalpajefneffnmeajimmaidnfic [2014-05-25]
CHR Extension: (BuestSaveForYOu) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhlgfbhpfpbbbkdiggmpoddgpmolpkck [2014-06-02]
CHR Extension: (Ghostery) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-05-12]
CHR Extension: (SeaRuCH-uNEowTab) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmnofnnhckfmeelmncbocoabcggefgoh [2014-05-12]
CHR Extension: (save neT) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmebbfaopbbaeefhbhgfgdcganoifhje [2014-05-15]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-23]
CHR Extension: (save nEiT) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\olmcifmckodjahofoaagljdikbbfbmpp [2014-05-12]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-06-29]
CHR HKCU\...\Chrome\Extension: [iehjklkgijkjfcfmmjmjlmcccholamaf] - C:\Users\Owner\AppData\Local\CRE\iehjklkgijkjfcfmmjmjlmcccholamaf.crx [2013-08-07]
CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx [2013-08-07]
CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\ErrorAssistant_1.2.crx [2013-08-07]
CHR HKLM-x32\...\Chrome\Extension: [iehjklkgijkjfcfmmjmjlmcccholamaf] - C:\Users\Owner\AppData\Local\CRE\iehjklkgijkjfcfmmjmjlmcccholamaf.crx [2013-08-07]
CHR HKLM-x32\...\Chrome\Extension: [pbkdpahkifcigckmhiafindmaflfifgm] - C:\Users\Owner\AppData\Local\Coupon Companion\Chrome\Coupon Companion.crx [2013-08-07]
CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx [2013-08-07]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-23] (AVAST Software)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-27] (Microsoft Corp.)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-03-16] (WildTangent)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-05-06] (PDF Complete Inc)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [974016 2014-03-02] ()
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]

==================== Drivers (Whitelisted) ====================

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-04-23] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-23] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-23] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-23] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-04-23] ()
S3 SaiH0464; C:\Windows\System32\DRIVERS\SaiH0464.sys [178432 2008-03-31] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-30] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)
U3 aswMBR; \??\C:\Users\Owner\AppData\Local\Temp\aswMBR.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-05 09:48 - 2014-06-05 09:49 - 00036551 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-06-05 09:48 - 2014-06-05 09:48 - 00000000 ____D () C:\FRST
2014-06-05 09:47 - 2014-06-05 09:47 - 02068992 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2014-06-05 09:41 - 2014-06-05 09:41 - 00000526 _____ () C:\Users\Owner\Desktop\MBR.zip
2014-06-05 09:38 - 2014-06-05 09:38 - 00001988 _____ () C:\Users\Owner\Desktop\aswMBR.txt
2014-06-05 09:38 - 2014-06-05 09:38 - 00000512 _____ () C:\Users\Owner\Desktop\MBR.dat
2014-06-05 07:31 - 2014-06-05 07:31 - 00000000 ____D () C:\Users\Owner\AppData\Local\{CE4BE556-A269-4B46-B2A0-BF8D5B0DD392}
2014-06-05 07:16 - 2014-06-05 07:17 - 04745728 _____ (AVAST Software) C:\Users\Owner\Desktop\aswMBR.exe
2014-06-05 06:50 - 2014-06-05 06:50 - 00854367 _____ () C:\Users\Owner\Desktop\SecurityCheck.exe
2014-06-04 19:30 - 2014-06-04 19:30 - 00000000 ____D () C:\Users\Owner\AppData\Local\{C40631FE-151A-4518-8AD2-3913078B88E4}
2014-06-04 07:30 - 2014-06-04 07:30 - 00000000 ____D () C:\Users\Owner\AppData\Local\{2B5A88CC-9725-498E-90F5-2D2EB34CA220}
2014-06-04 05:47 - 2014-06-04 05:47 - 00000000 ____D () C:\Program Files (x86)\DowwnnSave
2014-06-03 19:28 - 2014-06-03 19:29 - 00000000 ____D () C:\Users\Owner\AppData\Local\{29CF0931-C75A-4839-9CA4-56BFFE6556D9}
2014-06-03 07:28 - 2014-06-03 07:28 - 00000000 ____D () C:\Users\Owner\AppData\Local\{604AB371-F7BD-4901-A66B-1AF810A85907}
2014-06-02 19:26 - 2014-06-02 19:27 - 00000000 ____D () C:\Users\Owner\AppData\Local\{3EE7FAEA-2474-4165-BD97-42661D3CA557}
2014-06-02 15:34 - 2014-06-05 06:38 - 00000000 ____D () C:\ProgramData\DowwnnSave
2014-06-02 07:25 - 2014-06-02 07:26 - 00000000 ____D () C:\Users\Owner\AppData\Local\{D1607A7F-0113-4467-976A-8A1AC4E9DD3B}
2014-06-01 19:24 - 2014-06-01 19:24 - 00000000 ____D () C:\Users\Owner\AppData\Local\{1C3DF919-F2B8-4E13-A821-A882F978CEC3}
2014-06-01 07:24 - 2014-06-01 07:24 - 00000000 ____D () C:\Users\Owner\AppData\Local\{AED18456-BE67-458D-93CB-46F35D81AA4C}
2014-05-31 19:09 - 2014-05-31 19:09 - 00000000 ____D () C:\Users\Owner\AppData\Local\{9D79D805-C73B-4F34-A6C2-ABABC6E5B642}
2014-05-31 07:09 - 2014-05-31 07:09 - 00000000 ____D () C:\Users\Owner\AppData\Local\{20306CD0-446B-411D-A959-1EA045D81C90}
2014-05-30 18:26 - 2014-05-30 18:26 - 00000000 ____D () C:\Users\Owner\AppData\Local\{68117BCC-A943-46E0-8069-7FDF5D175892}
2014-05-30 06:25 - 2014-05-30 06:26 - 00000000 ____D () C:\Users\Owner\AppData\Local\{466C8583-F82A-4F11-AF2E-5B22AD9F4573}
2014-05-29 18:19 - 2014-05-29 18:19 - 00000000 ____D () C:\Users\Owner\AppData\Local\{2C5CCA4D-18BC-4FFB-A6EF-054B88A99ED0}
2014-05-29 06:19 - 2014-05-29 06:19 - 00000000 ____D () C:\Users\Owner\AppData\Local\{11C136DC-26FF-45D3-900F-9635ADFC664D}
2014-05-28 10:18 - 2014-05-28 10:18 - 00000000 ____D () C:\Users\Owner\AppData\Local\{FF584924-6D5E-4A65-9610-BE980FF899BC}
2014-05-27 22:17 - 2014-05-27 22:17 - 00000000 ____D () C:\Users\Owner\AppData\Local\{49487722-3423-4531-853B-2BEB4B947E88}
2014-05-27 10:17 - 2014-05-27 10:17 - 00000000 ____D () C:\Users\Owner\AppData\Local\{E636AAC6-6DB0-4BCE-983D-18896D512C0F}
2014-05-27 06:30 - 2014-05-27 06:30 - 00000000 ____D () C:\Program Files (x86)\AlllCheapPriceo
2014-05-26 22:15 - 2014-05-26 22:16 - 00000000 ____D () C:\Users\Owner\AppData\Local\{F614D58E-DEE8-4744-AF3D-6C80AD404E2F}
2014-05-26 10:15 - 2014-05-26 10:15 - 00000000 ____D () C:\Users\Owner\AppData\Local\{00528024-D568-4FBE-9A42-7603CFA7B964}
2014-05-25 22:14 - 2014-05-25 22:14 - 00000000 ____D () C:\Users\Owner\AppData\Local\{033192FA-06D2-4C65-B9B9-464B619F57FA}
2014-05-25 20:34 - 2014-05-27 07:09 - 00000000 ____D () C:\ProgramData\AlllCheapPriceo
2014-05-25 20:34 - 2014-05-25 20:34 - 00000000 ____D () C:\Users\Owner\AppData\Local\Packages
2014-05-25 10:13 - 2014-05-25 10:13 - 00000000 ____D () C:\Users\Owner\AppData\Local\{24ECC140-1B93-42FB-B90F-138A987A6510}
2014-05-24 22:12 - 2014-05-24 22:12 - 00000000 ____D () C:\Users\Owner\AppData\Local\{3D3D4CE4-D0E2-4B0F-982E-9BAE798B09F7}
2014-05-24 10:12 - 2014-05-24 10:12 - 00000000 ____D () C:\Users\Owner\AppData\Local\{95180C63-5AB3-4C33-A5A5-B4825658850E}
2014-05-23 22:10 - 2014-05-23 22:11 - 00000000 ____D () C:\Users\Owner\AppData\Local\{2AC94C97-C269-4D12-B7A9-94E3DD1F2E0D}
2014-05-23 10:08 - 2014-05-23 10:09 - 00000000 ____D () C:\Users\Owner\AppData\Local\{CBAF96A7-23B5-47DE-931C-8A167E6F43D5}
2014-05-22 22:08 - 2014-05-22 22:08 - 00000000 ____D () C:\Users\Owner\AppData\Local\{06F2177B-C1F2-43D6-BA0B-19953DCE521C}
2014-05-22 10:08 - 2014-05-22 10:08 - 00000000 ____D () C:\Users\Owner\AppData\Local\{86A85726-B26D-4F8A-A3ED-E0050F478F82}
2014-05-22 06:40 - 2014-05-22 06:47 - 00000000 ____D () C:\ProgramData\NNextCoUp
2014-05-22 06:40 - 2014-05-22 06:40 - 02116320 _____ (their database support use requirements) C:\Windows\SysWOW64\setup.exe
2014-05-22 06:40 - 2014-05-22 06:40 - 00000000 ____D () C:\Program Files (x86)\NNextCoUp
2014-05-21 21:08 - 2014-05-21 21:09 - 00000000 ____D () C:\Users\Owner\AppData\Local\{1317234D-FDC9-4213-87CE-5759602D9B2D}
2014-05-21 09:08 - 2014-05-21 09:08 - 00000000 ____D () C:\Users\Owner\AppData\Local\{49300874-9A7E-4A27-A679-C2ED06036B19}
2014-05-20 21:07 - 2014-05-20 21:07 - 00000000 ____D () C:\Users\Owner\AppData\Local\{06C903EE-65AD-4FF9-AF4F-81D53CD84A60}
2014-05-20 09:06 - 2014-05-20 09:07 - 00000000 ____D () C:\Users\Owner\AppData\Local\{4ABE8DD2-E557-4C65-9B50-0BB27C593F9C}
2014-05-19 21:05 - 2014-05-19 21:05 - 00000000 ____D () C:\Users\Owner\AppData\Local\{A175EE99-9B6C-457A-B971-9E455076AC94}
2014-05-19 09:34 - 2014-05-19 09:34 - 00000000 ____D () C:\ProgramData\ExsttraSSaevinags
2014-05-19 09:04 - 2014-05-19 09:04 - 00000000 ____D () C:\Users\Owner\AppData\Local\{C283611C-4599-460A-B945-0BA443120110}
2014-05-18 21:03 - 2014-05-18 21:03 - 00000000 ____D () C:\Users\Owner\AppData\Local\{75F24BEB-34ED-481F-9505-48A67581FC7E}
2014-05-18 09:03 - 2014-05-18 09:03 - 00000000 ____D () C:\Users\Owner\AppData\Local\{91FA3E2F-DAF3-4677-BFDD-26CE80B99A61}
2014-05-17 21:01 - 2014-05-17 21:02 - 00000000 ____D () C:\Users\Owner\AppData\Local\{E92B2B6A-CBD1-4948-9247-ACD9C9A3E4B2}
2014-05-17 09:01 - 2014-05-17 09:01 - 00000000 ____D () C:\Users\Owner\AppData\Local\{E6848EF9-39D0-4D93-837C-50A431189EE4}
2014-05-16 21:01 - 2014-05-16 21:01 - 00000000 ____D () C:\Users\Owner\AppData\Local\{60338534-BDD6-466B-88CE-EBF7DD9482A4}
2014-05-16 09:00 - 2014-05-16 09:00 - 00000000 ____D () C:\Users\Owner\AppData\Local\{AFD1BB76-ED2B-4FEB-BF74-567D4DAA94A0}
2014-05-15 22:17 - 2014-05-05 18:46 - 17847808 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 22:17 - 2014-05-05 18:21 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 22:17 - 2014-05-05 18:21 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 22:17 - 2014-05-05 17:32 - 12347392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 22:17 - 2014-05-05 17:14 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 22:17 - 2014-05-05 17:14 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 20:58 - 2014-05-15 20:59 - 00000000 ____D () C:\Users\Owner\AppData\Local\{8D511BB9-9E9F-4AFA-9A58-6A7EA8EDA252}
2014-05-15 08:57 - 2014-05-15 08:58 - 00000000 ____D () C:\Users\Owner\AppData\Local\{D56D26A9-5717-4CAD-8EB0-5516A9148322}
2014-05-15 07:15 - 2014-05-09 00:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-15 07:15 - 2014-05-09 00:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-15 07:15 - 2014-03-24 20:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 07:15 - 2014-03-24 20:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-15 07:06 - 2014-04-11 20:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 07:06 - 2014-04-11 20:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 07:06 - 2014-04-11 20:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 07:06 - 2014-04-11 20:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 07:06 - 2014-04-11 20:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 07:06 - 2014-04-11 20:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 07:06 - 2014-04-11 20:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-15 07:06 - 2014-04-11 20:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-15 07:06 - 2014-04-11 20:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-15 07:06 - 2014-03-04 03:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 07:06 - 2014-03-04 03:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 07:06 - 2014-03-04 03:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 07:06 - 2014-03-04 03:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 07:06 - 2014-03-04 03:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 07:06 - 2014-03-04 03:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 07:06 - 2014-03-04 03:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 07:06 - 2014-03-04 03:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 07:06 - 2014-03-04 03:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-15 07:06 - 2014-03-04 03:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 07:06 - 2014-03-04 03:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-15 07:06 - 2014-03-04 03:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-15 07:06 - 2014-03-04 03:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-15 07:06 - 2014-03-04 03:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-15 07:06 - 2014-03-04 03:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 07:06 - 2014-03-04 03:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-15 07:06 - 2014-03-04 03:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-15 07:06 - 2014-03-04 03:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-15 07:06 - 2014-03-04 03:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-15 07:06 - 2014-03-04 03:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-15 07:06 - 2014-03-04 03:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-15 07:06 - 2014-03-04 03:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-15 07:06 - 2014-03-04 03:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-15 07:06 - 2014-03-04 03:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-15 07:06 - 2014-03-04 03:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-15 07:06 - 2014-03-04 03:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-15 07:06 - 2014-03-04 03:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-15 07:06 - 2014-03-04 03:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-15 07:06 - 2014-03-04 03:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-15 07:06 - 2014-03-04 03:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-15 07:06 - 2014-03-04 03:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-15 07:06 - 2014-03-04 03:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-15 07:00 - 2014-05-15 10:44 - 00000000 ____D () C:\Program Files\KMSpico
2014-05-15 07:00 - 2014-05-15 10:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2014-05-15 06:50 - 2014-05-22 06:41 - 00000000 ____D () C:\ProgramData\save neT
2014-05-15 06:50 - 2014-05-15 06:50 - 00000000 ____D () C:\Program Files (x86)\save neT
2014-05-15 06:42 - 2014-05-15 06:42 - 00000000 ____D () C:\ProgramData\saave net
2014-05-15 06:42 - 2014-05-15 06:42 - 00000000 ____D () C:\Program Files (x86)\saave net
2014-05-14 20:56 - 2014-05-14 20:56 - 00000000 ____D () C:\Users\Owner\AppData\Local\{94334CB5-5697-4C66-B936-B5A00A623129}
2014-05-14 08:55 - 2014-05-14 08:55 - 00000000 ____D () C:\Users\Owner\AppData\Local\{463C2A97-F156-4716-ADF2-F3C7CE673233}
2014-05-13 20:55 - 2014-05-13 20:55 - 00000000 ____D () C:\Users\Owner\AppData\Local\{DE1E6D13-0D11-4D72-8331-DF365C6EA668}
2014-05-13 08:54 - 2014-05-13 08:55 - 00000000 ____D () C:\Users\Owner\AppData\Local\{64AD5AC0-DC7C-4E64-9037-0CA6ECA6F1F6}
2014-05-12 20:53 - 2014-05-12 20:53 - 00000000 ____D () C:\Users\Owner\AppData\Local\{F85EA4EA-0331-4F9B-8BA8-406FF4201D81}
2014-05-12 12:16 - 2014-05-12 12:16 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\EZDownloader
2014-05-12 12:15 - 2014-05-15 06:28 - 00000000 ____D () C:\ProgramData\SeaRuCH-uNEowTab
2014-05-12 12:15 - 2014-05-12 12:15 - 00000000 ____D () C:\Program Files (x86)\SeaRuCH-uNEowTab
2014-05-12 12:13 - 2014-05-12 12:13 - 00000000 ____D () C:\ProgramData\saavee onett
2014-05-12 12:13 - 2014-05-12 12:13 - 00000000 ____D () C:\Program Files (x86)\saavee onett
2014-05-12 12:07 - 2014-05-12 12:07 - 00000000 ____D () C:\ProgramData\ItsMyApp
2014-05-12 12:06 - 2014-05-31 14:03 - 00000000 ____D () C:\Program Files (x86)\SW-Booster
2014-05-12 12:04 - 2014-05-22 10:48 - 00000000 ____D () C:\ProgramData\YoutubeAdblocker
2014-05-12 12:04 - 2014-05-14 06:33 - 00000000 ____D () C:\ProgramData\SAve net
2014-05-12 12:04 - 2014-05-12 12:04 - 00000000 ____D () C:\Program Files (x86)\YoutubeAdblocker
2014-05-12 12:04 - 2014-05-12 12:04 - 00000000 ____D () C:\Program Files (x86)\SAve net
2014-05-12 12:03 - 2014-06-04 05:47 - 00000000 ____D () C:\ProgramData\e13406c655b61ee0
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Owner\AppData\Local\Torch
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Owner\AppData\Local\Comodo
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Owner\AppData\Local\Chromatic Browser
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Guest
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Administrator
2014-05-12 12:01 - 2014-05-15 06:53 - 00000000 ____D () C:\ProgramData\InstallMate
2014-05-12 08:52 - 2014-05-12 08:52 - 00000000 ____D () C:\Users\Owner\AppData\Local\{7BB7E929-4BCE-4E18-B276-E67CA6EF034E}
2014-05-11 20:50 - 2014-05-11 20:51 - 00000000 ____D () C:\Users\Owner\AppData\Local\{1604A5B1-FD4F-486F-B347-C02083A8F075}
2014-05-11 08:50 - 2014-05-11 08:50 - 00000000 ____D () C:\Users\Owner\AppData\Local\{17DED07C-3454-47F0-8771-38C3DD9FD37C}
2014-05-10 20:50 - 2014-05-10 20:50 - 00000000 ____D () C:\Users\Owner\AppData\Local\{0A3770AA-82C7-41CD-B738-19C715022F10}
2014-05-10 09:59 - 2014-05-10 09:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-10 08:49 - 2014-05-10 08:49 - 00000000 ____D () C:\Users\Owner\AppData\Local\{341FE5A2-B22E-441E-BAEE-E317F66C0BAD}
2014-05-09 20:49 - 2014-05-09 20:49 - 00000000 ____D () C:\Users\Owner\AppData\Local\{9B39FF85-C47D-4EC3-98D6-A3BD01E4A7A5}
2014-05-09 08:48 - 2014-05-09 08:49 - 00000000 ____D () C:\Users\Owner\AppData\Local\{56141157-A8C2-4264-8AFF-E8232915E7FA}
2014-05-08 20:48 - 2014-05-08 20:48 - 00000000 ____D () C:\Users\Owner\AppData\Local\{646E5B60-DD6C-4C26-94A3-0893CAE2FDE7}
2014-05-08 08:47 - 2014-05-08 08:48 - 00000000 ____D () C:\Users\Owner\AppData\Local\{3C5AA9A2-6511-4087-9D19-6ACF3FC17A90}
2014-05-07 20:46 - 2014-05-07 20:47 - 00000000 ____D () C:\Users\Owner\AppData\Local\{708DB77E-A2CE-4D0F-A821-B520227C313C}
2014-05-07 08:46 - 2014-05-07 08:46 - 00000000 ____D () C:\Users\Owner\AppData\Local\{4FD3D5B2-E242-47AE-86FB-F3A70322FF2F}
2014-05-06 20:45 - 2014-05-06 20:46 - 00000000 ____D () C:\Users\Owner\AppData\Local\{8E225F09-26B0-4303-8202-D33CB0BA87D2}
2014-05-06 08:45 - 2014-05-06 08:45 - 00000000 ____D () C:\Users\Owner\AppData\Local\{AB53B037-1736-48BB-A122-19D973E7DC18}

The rest is coming in a separate post, as it was too long (more than 64000 characters long).