Page 1 of 3 123 LastLast
Results 1 to 10 of 21

Thread: S&D finds Toolbars but cannot delete them-Solved

  1. #1
    Senior Member
    Join Date
    Oct 2005
    Location
    Indialantic, Florida USA
    Posts
    186

    Default S&D finds Toolbars but cannot delete them-Solved

    I am running S&D 1.6.2 as Administrator on a 64-bit Windows OS. S&D reports "ilivid.Toolbar" and "Delta.Toolbar" as problems, but cannot remove them. I have created a Registry backup with ERUNT and have run DDS. Attached is attach.zip, and following below is the copied text from DDS.txt:

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.16921
    Run by Monica at 16:17:08 on 2014-07-03
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2811.1571 [GMT -4:00]
    .
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: IObit Malware Fighter *Disabled/Outdated* {A751AC20-3B48-5237-898A-78C4436BB78D}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
    C:\PROGRA~2\DAILYB~2\bar\1.bin\2vbarsvc.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files (x86)\Orchid\LiveAccessService.exe
    C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
    C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
    C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe
    c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.CMJ\MSSQL\Binn\sqlservr.exe
    C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
    C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Tor\tor.exe
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\loggingserver.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\AppIntegrator64.exe
    C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    C:\Program Files (x86)\AVG Secure Search\vprot.exe
    C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\2vSrchMn.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://home.tb.ask.com/index.jhtml?n=77FD35DB&p2=^XM^xdm292^YYA^us&ptb=CE5567D9-5F79-495D-90B3-19819F57C55F&si=23178
    uURLSearchHooks: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\7.0\iobitappsToolbarIE.dll
    uURLSearchHooks: <No Name>: {f15ff29f-85a1-43cd-9674-e5ba40016c97} - C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\2vSrcAs.dll
    dURLSearchHooks: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\7.0\iobitappsToolbarIE.dll
    mWinlogon: Userinit = userinit.exe
    BHO: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\7.0\iobitappsToolbarIE.dll
    BHO: Search Assistant BHO: {0631bff0-6846-48ca-982d-d62d7f376e97} - C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\2vSrcAs.dll
    BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.7.644\AVG Secure Search_toolbar.dll
    BHO: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
    BHO: Privacy Safeguard BHO: {A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE} - C:\Program Files\PrivacySafeGuard\PrivacySafeGuard.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll
    BHO: Toolbar BHO: {beea7fa9-d1f4-49a2-9b1f-6fb7a2d9bc2a} - C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\2vbar.dll
    BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
    TB: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
    TB: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
    TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.7.644\AVG Secure Search_toolbar.dll
    TB: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\7.0\iobitappsToolbarIE.dll
    TB: DailyBibleGuide: {2a942ab7-2073-49bc-a7e1-77e93835889a} - C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\2vbar.dll
    uRun: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
    uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    uRun: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    mRun: [DailyBibleGuide EPM Support] "C:\PROGRA~2\DAILYB~2\bar\1.bin\2vmedint.exe" T8EPMSUP.DLL,S
    mRun: [DailyBibleGuide Search Scope Monitor] "C:\PROGRA~2\DAILYB~2\bar\1.bin\2vsrchmn.exe" /m=2 /w /h
    StartupFolder: C:\Users\Monica\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
    StartupFolder: C:\Users\Monica\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxps://h50203.www5.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
    TCP: NameServer = 65.32.5.111 65.32.5.112
    TCP: Interfaces\{283477CA-653C-4EB0-945B-F45866FB091A} : DHCPNameServer = 192.168.1.254
    TCP: Interfaces\{4424A224-6E5F-43C2-970B-A33D6975C692} : DHCPNameServer = 65.32.5.111 65.32.5.112
    TCP: Interfaces\{4424A224-6E5F-43C2-970B-A33D6975C692}\4545D2055726C6963633 : DHCPNameServer = 65.32.5.74 65.32.5.75
    TCP: Interfaces\{4424A224-6E5F-43C2-970B-A33D6975C692}\47964796373763230457E656E2E65647E236F6 : DHCPNameServer = 200.31.208.101 200.13.249.101
    TCP: Interfaces\{4424A224-6E5F-43C2-970B-A33D6975C692}\D456C626F65727E656027484 : DHCPNameServer = 192.168.2.1
    TCP: Interfaces\{4424A224-6E5F-43C2-970B-A33D6975C692}\D494C4F4D20534F5E4564777F627B6 : DHCPNameServer = 192.168.2.1
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.7\ViProtocol.dll
    AppInit_DLLs= c:\progra~3\bitguard\271769~1.27\{16cdf~1\bitguard.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: Privacy Safeguard BHO: {1036AD63-AEAC-460B-9060-C96005D4DC86} - C:\Program Files\PrivacySafeGuard\PrivacySafeGuard-x64.dll
    x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
    x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
    x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
    x64-Run: [DailyBibleGuide Home Page Guard 64 bit] "C:\PROGRA~2\DAILYB~2\bar\1.bin\AppIntegrator64.exe"
    x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
    x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
    .
    INFO: x64-HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\q6tbbkv9.default\
    FF - prefs.js: browser.search.selectedEngine - Ask Web Search
    FF - prefs.js: browser.startup.homepage - hxxp://home.tb.ask.com/index.jhtml?ptb=CE5567D9-5F79-495D-90B3-19819F57C55F&n=780b5b68&p2=^XM^xdm292^YYA^us&si=23178
    FF - prefs.js: keyword.URL - hxxp://search.tb.ask.com/search/GGmain.jhtml?st=kwd&ptb=CE5567D9-5F79-495D-90B3-19819F57C55F&n=780b5b68&ind=2014010216&p2=^XM^xdm292^YYA^us&si=23178&searchfor=
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\NP2vStub.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\q6tbbkv9.default\extensions\{6ec74131-08b2-4f67-a9bc-5914ef1edb97}\plugins\np-mswmp.dll
    FF - plugin: C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\q6tbbkv9.default\extensions\{6ec74131-08b2-4f67-a9bc-5914ef1edb97}\plugins\npFirefoxPlugin.dll
    FF - plugin: C:\Users\Monica\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: C:\Users\Monica\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: C:\Users\Monica\AppData\Roaming\Mozilla\plugins\npo1d.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extensions.claro.autoRvrt - false
    FF - user.js: extensions.claro_i.newTab - false
    FF - user.js: extensions.claro.id - e24b917800000000000090004e363f66
    FF - user.js: extensions.claro.instlDay - 15562
    FF - user.js: extensions.claro.vrsn - 1.6.4.1
    FF - user.js: extensions.claro.vrsni - 1.6.4.1
    FF - user.js: extensions.claro_i.vrsnTs - 1.6.4.116:02:26
    FF - user.js: extensions.claro.prtnrId - claro
    FF - user.js: extensions.claro.prdct - claro
    FF - user.js: extensions.claro.aflt - babsst
    FF - user.js: extensions.claro_i.smplGrp - none
    FF - user.js: extensions.claro.tlbrId - claro
    FF - user.js: extensions.claro.instlRef - sst
    FF - user.js: extensions.claro.dfltLng - en
    FF - user.js: extensions.claro.excTlbr - false
    FF - user.js: extensions.claro.admin - false
    FF - user.js: extensions.autoDisableScopes - 14
    FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=e24b9178000000000000984be19b1f9c&q=
    FF - user.js: extensions.BabylonToolbar.id - e24b9178000000000000984be19b1f9c
    FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
    FF - user.js: extensions.BabylonToolbar.instlDay - 15710
    FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.7.2
    FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.7.2
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.7.218:22:40
    FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar.tlbrId - base
    FF - user.js: extensions.BabylonToolbar.instlRef - na
    FF - user.js: extensions.BabylonToolbar.dfltLng - en
    FF - user.js: extensions.BabylonToolbar_i.excTlbr - false
    FF - user.js: extensions.BabylonToolbar.excTlbr - false
    FF - user.js: extensions.BabylonToolbar.admin - false
    FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=17427&tt=0113_1
    FF - user.js: extensions.BabylonToolbar_i.babExt -
    FF - user.js: extensions.BabylonToolbar_i.srcExt - def
    FF - user.js: extensions.BabylonToolbar.autoRvrt - false
    FF - user.js: extensions.BabylonToolbar.rvrt - false
    FF - user.js: extensions.BabylonToolbar_i.newTab - false
    FF - user.js: network.http.pipelining.maxrequests - 8
    FF - user.js: network.http.request.max-start-delay - 0
    FF - user.js: network.http.max-connections - 48
    FF - user.js: network.http.max-connections-per-server - 16
    FF - user.js: network.http.max-persistent-connections-per-proxy - 16
    FF - user.js: network.http.max-persistent-connections-per-server - 8
    FF - user.js: browser.turbo.enabled - true
    FF - user.js: browser.display.show_image_placeholders - true
    FF - user.js: browser.chrome.favicons - false
    FF - user.js: browser.urlbar.autocomplete.enabled - true
    FF - user.js: browser.cache.memory.capacity - 65536
    FF - user.js: content.notify.ontimer - true
    FF - user.js: content.interrupt.parsing - true
    FF - user.js: content.max.tokenizing.time - 2250000
    FF - user.js: content.switch.threshold - 750000
    FF - user.js: plugin.expose_full_path - true
    FF - user.js: ui.submenuDelay - 0
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-4-19 28480]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-1-31 36944]
    R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2012-8-15 17720]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-11-8 307040]
    R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-12-23 47696]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-4-11 384800]
    R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-8-6 50464]
    R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2013-3-13 528192]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-11-20 203264]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2013-10-16 5175856]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
    R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-5-21 140272]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
    R2 DailyBibleGuideService;DailyBibleGuideService;C:\PROGRA~2\DAILYB~2\bar\1.bin\2vbarsvc.exe [2013-12-26 88648]
    R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-12-10 127328]
    R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\avgidsfiltera.sys [2011-12-23 29776]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
    R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
    R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
    R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
    R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-11-20 38456]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
    S3 AndNetDiag;LGE AndroidNet USB Serial Port;C:\Windows\System32\drivers\lgandnetdiag64.sys [2012-7-3 29184]
    S3 ANDNetModem;LGE AndroidNet USB Modem;C:\Windows\System32\drivers\lgandnetmodem64.sys [2012-7-3 36352]
    S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
    S3 rcmirror;rcmirror;C:\Windows\System32\drivers\rcmirror.sys [2010-1-18 4608]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-5-23 59392]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
    S4 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-11-20 98208]
    .
    =============== Created Last 30 ================
    .
    2014-07-03 14:29:55 20328 ----a-w- C:\Windows\System32\roboot64.exe
    2014-07-03 14:28:32 -------- d-----w- C:\Users\Monica\AppData\Roaming\systweak
    2014-07-03 14:28:31 -------- d-----w- C:\Users\Monica\AppData\Local\Programs
    2014-07-02 13:22:48 -------- d-----w- C:\Users\Monica\AppData\Roaming\AVG
    2014-07-02 13:22:48 -------- d-----w- C:\Users\Monica\AppData\Local\AVG
    2014-07-02 13:22:04 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2014-07-02 13:22:03 288192 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
    2014-07-02 13:22:00 801280 ----a-w- C:\Windows\System32\usp10.dll
    2014-07-02 13:21:59 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
    2014-07-02 13:21:53 2002432 ----a-w- C:\Windows\System32\msxml6.dll
    2014-07-02 13:21:52 1882112 ----a-w- C:\Windows\System32\msxml3.dll
    2014-07-02 13:21:49 2048 ----a-w- C:\Windows\SysWow64\msxml6r.dll
    2014-07-02 13:21:49 2048 ----a-w- C:\Windows\System32\msxml6r.dll
    2014-07-02 13:21:49 1389056 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2014-07-02 13:21:49 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2014-07-02 13:21:48 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
    2014-07-02 13:21:48 2048 ----a-w- C:\Windows\System32\msxml3r.dll
    2014-07-02 13:20:12 506368 ----a-w- C:\Windows\System32\aepdu.dll
    2014-07-02 13:20:09 424448 ----a-w- C:\Windows\System32\aeinv.dll
    2014-07-02 13:18:59 365568 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll
    2014-07-02 13:11:32 -------- d-sh--w- C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
    2014-07-02 13:11:08 -------- d-----w- C:\ProgramData\AVG
    2014-07-02 12:53:37 -------- d-----w- C:\Users\Monica\AppData\Roaming\TuneUp Software
    .
    ==================== Find3M ====================
    .
    2014-07-02 12:36:51 50464 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
    2014-05-24 02:47:54 2239488 ----a-w- C:\Windows\System32\wininet.dll
    2014-05-24 02:46:15 3958784 ----a-w- C:\Windows\System32\jscript9.dll
    2014-05-24 02:46:07 67072 ----a-w- C:\Windows\System32\iesetup.dll
    2014-05-24 02:46:07 136704 ----a-w- C:\Windows\System32\iesysprep.dll
    2014-05-24 02:45:26 1508864 ----a-w- C:\Windows\System32\inetcpl.cpl
    2014-05-24 01:26:54 1766400 ----a-w- C:\Windows\SysWow64\wininet.dll
    2014-05-24 01:25:52 2862080 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2014-05-24 01:25:49 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2014-05-24 01:25:49 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
    2014-05-24 01:25:25 1440768 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2014-05-24 01:09:41 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
    2014-05-24 01:03:36 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2014-05-24 00:13:44 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
    2014-05-24 00:06:55 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
    2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
    2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
    2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
    2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
    2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
    2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
    2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    .
    ============= FINISH: 16:19:18.50 ===============

    I added ".zip" to filename......you'll probably have to delete it to unzip file...
    Attached Files Attached Files
    Last edited by tashi; 2014-07-04 at 02:16. Reason: Merged two posts

  2. #2
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Welcome

    There is a lot going on here. I doubt we can get this all removed in one swipe.

    You need to go to add/remove programs and remove/uninstall these 2 items.

    Daily Bible Guide Toolbar installs MyWebSearch, a potentially unwanted program gets installed without your permission. Causes popup ads interrupts browsing activities.

    IObit
    (http://blogs.computerworld.com/15026...m_malwarebytes)

    *******
    Save these instructions to wordpad/notepad or print them out, while some of the fix will have all windows closed and will help you complete all the necessary steps.

    **
    Click on this link to download : ADWCleaner
    Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

    Do not click on any links in the top Advertisment.


    Close all open windows and browsers.


    • Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.

      *****
    • Click the Scan button and wait for the scan to finish.


    • After the Scan has finished the window may or may not show what it found and above the progress bar you will see
      You will then see the screen below, click on the Scan button (as indicated), accept any prompts that appear and allow it to run, it may take several minutes to complete, when it is done click on the Clean button, accept any prompts that appear and allow the system to reboot. You will then be presented with the report, Copy & Paste it into your next post.

      This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
    • NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.


    **********************


    Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.


    ***********************

    Scan with FRST in normal mode

    Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure which version: Start --> Computer (right click) --> properties)
    (To use correct version for your system.....Which system am I using?)

    • Run FRST.
    • Don´t change one of the checkboxes and hit Scan.
    • Logfiles are created on your desktop.
    • Poste the FRST.txt
    • The first time the tool is run it generates another log (Addition.txt - Please also paste that along with the FRST.txt into your reply.



    Please post:
    C:\AdwCleaner\AdwCleaner.txt
    JRT.txt
    FRST.txt with the created Addition.txt

    You may need to make multiple post to ensure they they don't get cut off.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  3. #3
    Senior Member
    Join Date
    Oct 2005
    Location
    Indialantic, Florida USA
    Posts
    186

    Default S&D Finds Toolbars

    Daily Bible Guide and IOBit uninstalled.

    AdwCleaner report follows:

    # AdwCleaner v3.214 - Report created 04/07/2014 at 12:17:41
    # Updated 29/06/2014 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : Monica - MONICA-HP
    # Running from : C:\Users\Monica\Downloads\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****

    Service Deleted : vToolbarUpdater18.1.7

    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\~0
    Folder Deleted : C:\ProgramData\AVG Secure Search
    Folder Deleted : C:\ProgramData\IBUpdaterService
    Folder Deleted : C:\ProgramData\Tarma Installer
    Folder Deleted : C:\Program Files (x86)\AVG Secure Search
    Folder Deleted : C:\Program Files (x86)\Conduit
    Folder Deleted : C:\Program Files (x86)\iMesh Applications
    Folder Deleted : C:\Program Files (x86)\Search Toolbar
    Folder Deleted : C:\Program Files (x86)\SearchCore for Browsers
    Folder Deleted : C:\Program Files (x86)\Windows iLivid Toolbar
    Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
    Folder Deleted : C:\Users\Guest\AppData\Local\AVG Secure Search
    Folder Deleted : C:\Users\Guest\AppData\Local\Babylon
    Folder Deleted : C:\Users\Guest\AppData\LocalLow\AVG Secure Search
    Folder Deleted : C:\Users\Guest\AppData\LocalLow\DataMngr
    Folder Deleted : C:\Users\Guest\AppData\LocalLow\PriceGong
    Folder Deleted : C:\Users\Guest\AppData\LocalLow\searchquband
    Folder Deleted : C:\Users\Guest\AppData\LocalLow\Searchqutoolbar
    Folder Deleted : C:\Users\Guest\AppData\LocalLow\TelevisionFanatic
    Folder Deleted : C:\Users\Guest\AppData\Roaming\Babylon
    Folder Deleted : C:\Users\Monica\AppData\Local\AVG Secure Search
    Folder Deleted : C:\Users\Monica\AppData\Local\Ilivid Player
    Folder Deleted : C:\Users\Monica\AppData\Local\PackageAware
    Folder Deleted : C:\Users\Monica\AppData\Local\TelevisionFanatic
    Folder Deleted : C:\Users\Monica\AppData\LocalLow\AVG Secure Search
    Folder Deleted : C:\Users\Monica\AppData\LocalLow\BabylonToolbar
    Folder Deleted : C:\Users\Monica\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\Monica\AppData\LocalLow\PriceGong
    Folder Deleted : C:\Users\Monica\AppData\LocalLow\searchquband
    Folder Deleted : C:\Users\Monica\AppData\Roaming\file scout
    Folder Deleted : C:\Users\Monica\AppData\Roaming\Systweak
    Folder Deleted : C:\Users\Monica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Ride Games
    Folder Deleted : C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\q6tbbkv9.default\Smartbar
    Folder Deleted : C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\q6tbbkv9.default\ValueApps
    Folder Deleted : C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\q6tbbkv9.default\CT3299872
    Folder Deleted : C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\q6tbbkv9.default\Extensions\ffxtlbr@claro.com
    Folder Deleted : C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\q6tbbkv9.default\Extensions\{6ec74131-08b2-4f67-a9bc-5914ef1edb97}
    Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
    Folder Deleted : C:\Users\Monica\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
    File Deleted : C:\Users\Public\Desktop\eBay.lnk
    File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
    File Deleted : C:\Windows\System32\roboot64.exe
    File Deleted : C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\q6tbbkv9.default\searchplugins\ask-web-search.xml
    File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
    File Deleted : C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\q6tbbkv9.default\searchplugins\babylon1.xml
    File Deleted : C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\q6tbbkv9.default\searchplugins\bProtect.xml
    File Deleted : C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\q6tbbkv9.default\searchplugins\my-web-search.xml
    File Deleted : C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\q6tbbkv9.default\searchplugins\Search_Results.xml
    File Deleted : C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\q6tbbkv9.default\searchplugins\SearchResults.xml
    File Deleted : C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\q6tbbkv9.default\user.js
    File Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
    File Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
    File Deleted : C:\Windows\System32\Tasks\BitGuard

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{B64982B1-D112-42B5-B1E4-D3867C4533F8}]
    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
    Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [specialsavings@superfish.com]
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
    Key Deleted : HKLM\SOFTWARE\Classes\Applications\iMesh_V11_en_Setup.exe
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_V11_en_Setup_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_V11_en_Setup_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    Key Deleted : HKCU\Software\e4da8bbd3deb49
    Key Deleted : HKLM\SOFTWARE\e4da8bbd3deb49
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_smart-defrag_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_smart-defrag_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{04D2B915-19FF-41E9-994D-95DC898BEA43}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D425283-D487-4337-BAB6-AB8354A81457}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5D79F641-C168-40DF-A32F-BACEA7509E75}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D425283-D487-4337-BAB6-AB8354A81457}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9E131A93-EED7-4BEB-B015-A0ADB30B5646}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C98D5B61-B0EA-4D48-9839-1079D352D880}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C1B9042-3D32-49A1-916B-0AA3A9CDDFD6}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{9D425283-D487-4337-BAB6-AB8354A81457}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{9D425283-D487-4337-BAB6-AB8354A81457}]
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B3595550-5007-4AEB-BB04-D00E62E836A8}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F0786343-938E-456B-8798-DE7EEC08F820}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKCU\Software\AVG Secure Search
    Key Deleted : HKCU\Software\Conduit
    [#] Key Deleted : HKCU\Software\DataMngr_Toolbar
    Key Deleted : HKCU\Software\filescout
    Key Deleted : HKCU\Software\IGearSettings
    Key Deleted : HKCU\Software\ilivid
    Key Deleted : HKCU\Software\Imesh
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKCU\Software\systweak
    Key Deleted : HKCU\Software\YahooPartnerToolbar
    Key Deleted : HKCU\Software\Zugo
    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
    Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
    Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar
    Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
    Key Deleted : HKLM\Software\AVG Secure Search
    Key Deleted : HKLM\Software\AVG Security Toolbar
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\Software\systweak
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
    Key Deleted : [x64] HKLM\SOFTWARE\SearchCore for Browsers
    Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
    Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~3\bitguard\271769~1.27\{16cdf~1\bitguard.dll
    Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~3\bitguard\271769~1.27\{16cdf~1\loader.dll

    ***** [ Browsers ] *****

    -\\ Internet Explorer v10.0.9200.16921

    Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

    -\\ Mozilla Firefox v28.0 (en-US)

    [ File : C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\iy46uy8r.default\prefs.js ]


    [ File : C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\q6tbbkv9.default\prefs.js ]

    Line Deleted : user_pref("CT3299872.1000082.isPlayDisplay", "true");
    Line Deleted : user_pref("CT3299872.1000082.state", "{\"state\":\"stopped\",\"text\":\"1.FM (Cou...\",\"description\":\"1.FM (Country)\",\"url\":\"hxxp://1.fm/wm/energycountry32k.asx\"}");
    Line Deleted : user_pref("CT3299872.1000234.TWC_TMP_city", "ORLANDO");
    Line Deleted : user_pref("CT3299872.1000234.TWC_TMP_country", "US");
    Line Deleted : user_pref("CT3299872.1000234.TWC_country", "UNITED STATES");
    Line Deleted : user_pref("CT3299872.1000234.TWC_locId", "USFL0372");
    Line Deleted : user_pref("CT3299872.1000234.TWC_location", "Orlando, FL");
    Line Deleted : user_pref("CT3299872.1000234.TWC_region", "US");
    Line Deleted : user_pref("CT3299872.1000234.TWC_temp_dis", "f");
    Line Deleted : user_pref("CT3299872.1000234.TWC_wind_dis", "mph");
    Line Deleted : user_pref("CT3299872.1000234.weatherData", "{\"icon\":\"30.png\",\"temperature\":\"84°F\",\"temperatureClear\":\"84°F\",\"highTemperature\":\"84°F\",\"lowTemperature\":\"75°F\",\"feelsLike\":\"93°F\",[...]
    Line Deleted : user_pref("CT3299872.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Line Deleted : user_pref("CT3299872.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Line Deleted : user_pref("CT3299872.FirstTime", "true");
    Line Deleted : user_pref("CT3299872.FirstTimeFF3", "true");
    Line Deleted : user_pref("CT3299872.ILK.enc", "MTM3Nzg4MTUwMjIyMzIzNDE3MzIxNjg3MDI4OTU4");
    Line Deleted : user_pref("CT3299872.PG_ENABLE", "dHJ1ZQ==");
    Line Deleted : user_pref("CT3299872.PG_ENABLE.enc", "dHJ1ZQ==");
    Line Deleted : user_pref("CT3299872.RestartDialogFirstTime", "false");
    Line Deleted : user_pref("CT3299872.RestartDialogShouldDisplay", "false");
    Line Deleted : user_pref("CT3299872.SF_JUST_INSTALLED.enc", "RkFMU0U=");
    Line Deleted : user_pref("CT3299872.SF_STATUS.enc", "RU5BQkxFRA==");
    Line Deleted : user_pref("CT3299872.SF_USER_ID.enc", "Y2lkXzE0NzIwMTMxNjUxMjQ2MzIzMzMz");
    Line Deleted : user_pref("CT3299872.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?octid=CT3299872&ctid=CT3299872&SearchSource=2&CUI=UN74877533678437857&UM=false&q=");
    Line Deleted : user_pref("CT3299872.UserID", "UN74877533678437857");
    Line Deleted : user_pref("CT3299872._key_cl_active", "%B9%B8%B6%BF%BB%B7%EB%BF%B3%BE%BC%B7%EA%B3%BA%E7%EC%EA%B3%BF%BE%E9%BB%B3%EC%BE%BC%BF%BF%BF%EB%E7%B7%B8%EA%BE");
    Line Deleted : user_pref("CT3299872._key_cl_active.enc", "MzIwOTUxZTktODYxZC00YWZkLTk4YzUtZjg2OTk5ZWExMmQ4");
    Line Deleted : user_pref("CT3299872.addressBarTakeOverEnabledInHidden", "true");
    Line Deleted : user_pref("CT3299872.browser.search.defaultthis.engineName", true);
    Line Deleted : user_pref("CT3299872.cb_experience_000.enc", "MjQ=");
    Line Deleted : user_pref("CT3299872.cb_firstuse0100.enc", "MQ==");
    Line Deleted : user_pref("CT3299872.cb_user_id_000.enc", "Q0I2NTU4MTkwMTA3ODJfMTM3NDE4MTQwMTYyMl9GaXJlZm94");
    Line Deleted : user_pref("CT3299872.cbfirsttime.enc", "U3VuIEp1bCAxNCAyMDEzIDE2OjUxOjIyIEdNVC0wNDAwIChFYXN0ZXJuIFN0YW5kYXJkIFRpbWUp");
    Line Deleted : user_pref("CT3299872.countryCode", "US");
    Line Deleted : user_pref("CT3299872.discover-experiments-photopop.enc", "eyJuYW1lIjoicGhvdG9wb3BfbmEiLCJ2ZXJzaW9uIjoxMH0=");
    Line Deleted : user_pref("CT3299872.discover-periodic-reports.enc", "eyJwaW5nXzAiOlsxMzc3NjMxMzY3MzIyLDE0NDAwMDAwXX0=");
    Line Deleted : user_pref("CT3299872.discover-user-id.enc", "IjU5Y2M0OTQxLTU3Y2UtNDdjOS04MGUxLTIwYWE0ZTg5MGU3YiI=");
    Line Deleted : user_pref("CT3299872.enableFix404ByUser", "TRUE");
    Line Deleted : user_pref("CT3299872.event_data.enc", "JTVCJTVE");
    Line Deleted : user_pref("CT3299872.fired_events.enc", "");
    Line Deleted : user_pref("CT3299872.firstTimeDialogOpened", "true");
    Line Deleted : user_pref("CT3299872.fixPageNotFoundErrorByUser", "TRUE");
    Line Deleted : user_pref("CT3299872.fixPageNotFoundErrorInHidden", "true");
    Line Deleted : user_pref("CT3299872.fixUrls", true);
    Line Deleted : user_pref("CT3299872.fullUserID", "UN74877533678437857.TB.20130712192027");
    Line Deleted : user_pref("CT3299872.ground-country-code.enc", "IlVTIg==");
    Line Deleted : user_pref("CT3299872.iData.enc", "eyJhY3RpdmUiOnRydWUsImludGVydmFsIjowLCJ0aW1lc3RhbXAiOjAsImNvdW50ZXIiOjB9");
    Line Deleted : user_pref("CT3299872.installType", "Unknown");
    Line Deleted : user_pref("CT3299872.isCheckedStartAsHidden", true);
    Line Deleted : user_pref("CT3299872.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Line Deleted : user_pref("CT3299872.isFirstTimeToolbarLoading", "false");
    Line Deleted : user_pref("CT3299872.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
    Line Deleted : user_pref("CT3299872.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
    Line Deleted : user_pref("CT3299872.key_date.enc", "MTM=");
    Line Deleted : user_pref("CT3299872.keyword", true);
    Line Deleted : user_pref("CT3299872.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?gd=&ctid=CT3299872&octid=CT3299872&ISID=ISID_ID&SearchSource=15&CUI=UN74877533678437857&Lay=1&[...]
    Line Deleted : user_pref("CT3299872.lastVersion", "10.33.0.505");
    Line Deleted : user_pref("CT3299872.mam_gk_appStateReportTime", "%B7%B9%BE%BB%B6%BD%BF%B9%BE%B7%B6%B7%B6");
    Line Deleted : user_pref("CT3299872.mam_gk_appStateReportTime.enc", "MTM4NTA3OTM4MTAxMA==");
    Line Deleted : user_pref("CT3299872.mam_gk_appState_ACplus.enc", "b2Zm");
    Line Deleted : user_pref("CT3299872.mam_gk_appState_ActualClick.enc", "b24=");
    Line Deleted : user_pref("CT3299872.mam_gk_appState_Clarity_Active", "%F5%F4");
    Line Deleted : user_pref("CT3299872.mam_gk_appState_Clarity_Active.enc", "b24=");
    Line Deleted : user_pref("CT3299872.mam_gk_appState_CouponBuddy.enc", "b24=");
    Line Deleted : user_pref("CT3299872.mam_gk_appState_Discover.enc", "b2Zm");
    Line Deleted : user_pref("CT3299872.mam_gk_appState_Easytobook.enc", "b24=");
    Line Deleted : user_pref("CT3299872.mam_gk_appState_Easytobook_targeted.enc", "b24=");
    Line Deleted : user_pref("CT3299872.mam_gk_appState_Find-a-Pro.enc", "b2Zm");
    Line Deleted : user_pref("CT3299872.mam_gk_appState_PiclickV2-WebSearch.enc", "b2Zm");
    Line Deleted : user_pref("CT3299872.mam_gk_appState_PriceGong.enc", "b2Zm");
    Line Deleted : user_pref("CT3299872.mam_gk_appState_WindowShopper.enc", "b24=");
    Line Deleted : user_pref("CT3299872.mam_gk_appsConfig.enc", "eyJBcHBzQ29uZmlndXJhdGlvbiI6W3siaWQiOiJDbGFyaXR5X0FjdGl2ZSIsInVybCI6Imh0dHA6Ly9zdG9yYWdlLmNvbmR1aXQuY29tL21hbS8zcmRwYXJ0eWFwcHMvY2xhcml0eVJheS9jcl9hY3Rpdm[...]
    Line Deleted : user_pref("CT3299872.mam_gk_appsDefaultEnabled", "%F4%FB%F2%F2");
    Line Deleted : user_pref("CT3299872.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
    Line Deleted : user_pref("CT3299872.mam_gk_calledSetupService.enc", "MQ==");
    Line Deleted : user_pref("CT3299872.mam_gk_currentBadgeValue", "%B6");
    Line Deleted : user_pref("CT3299872.mam_gk_currentBadgeValue.enc", "MA==");
    Line Deleted : user_pref("CT3299872.mam_gk_currentVersion", "%B7%B4%B7%B7%B4%BA%B4%B8");
    Line Deleted : user_pref("CT3299872.mam_gk_currentVersion.enc", "MS4xMS40LjI=");
    Line Deleted : user_pref("CT3299872.mam_gk_eventsCache", "%u0101%A8%BF%BC%B6%BD%BE%EA%EB%EA%B3%B9%B6%BD%BA%B3%BA%B8%E9%B7%B3%E7%EB%BC%E7%B3%EC%BD%EB%BB%B8%B7%E8%BB%E9%BC%BD%E8%A8%C0%u0101%A8%FA%F5%F6%EF%E9%A8%C0%A8%[...]
    Line Deleted : user_pref("CT3299872.mam_gk_eventsCache.enc", "eyI5NjA3OGRlZC0zMDc0LTQyYzEtYWU2YS1mN2U1MjFiNWM2N2IiOnsidG9waWMiOiJzZW5kVXNhZ2UiLCJkYXRhIjp7ImNhdGVnb3J5IjoiV2VsY29tZSIsImFjdGlvbiI6IlZpZXcifSwidW5pcXVlS[...]
    Line Deleted : user_pref("CT3299872.mam_gk_existingUsersRecoveryDone.enc", "MQ==");
    Line Deleted : user_pref("CT3299872.mam_gk_first_time", "%B7");
    Line Deleted : user_pref("CT3299872.mam_gk_first_time.enc", "MQ==");
    Line Deleted : user_pref("CT3299872.mam_gk_gadgetOpen.enc", "MA==");
    Line Deleted : user_pref("CT3299872.mam_gk_globalKeysMigratedToLocalStorage", "%B7");
    Line Deleted : user_pref("CT3299872.mam_gk_globalKeysMigratedToLocalStorage.enc", "MQ==");
    Line Deleted : user_pref("CT3299872.mam_gk_lastLoginTime", "%B7%B9%BE%BB%B6%BD%BF%B9%BE%B9%BF%BF%BE");
    Line Deleted : user_pref("CT3299872.mam_gk_lastLoginTime.enc", "MTM4NTA3OTM4Mzk5OA==");
    Line Deleted : user_pref("CT3299872.mam_gk_localization.enc", "eyJkaWFsb2dPSyI6eyJUZXh0IjoiT0sifSwiZG1ib3gxIjp7IlRleHQiOiJEZWFsXHJcbm9mIHRoZSBkYXkifSwiZG1ib3gyIjp7IlRleHQiOiJGcmVlXHJcblNoaXBtZW50In0sImRtYnVsbGV0MSI6[...]
    Line Deleted : user_pref("CT3299872.mam_gk_mamEnabled.enc", "dHJ1ZQ==");
    Line Deleted : user_pref("CT3299872.mam_gk_newApps", "%E1%E3");
    Line Deleted : user_pref("CT3299872.mam_gk_newApps.enc", "W10=");
    Line Deleted : user_pref("CT3299872.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
    Line Deleted : user_pref("CT3299872.mam_gk_settings1.10.2.5.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMTU3XzEiLCJpc1Rlc3QiOnRydWUsIlVzZXJDb3VudHJ5Q29kZSI6IlVTIiwiaXNXZWxjb21lRXhw[...]
    Line Deleted : user_pref("CT3299872.mam_gk_settings1.10.4.0.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMTYzXzAiLCJpc1Rlc3QiOnRydWUsIlVzZXJDb3VudHJ5Q29kZSI6IlVTIiwiaXNXZWxjb21lRXhw[...]
    Line Deleted : user_pref("CT3299872.mam_gk_settings1.11.4.2", "%u0101%A8%D9%FA%E7%FA%FB%F9%A8%C0%A8%F9%FB%E9%E9%EB%EB%EA%EB%EA%A8%B2%A8%CA%E7%FA%E7%A8%C0%u0101%A8%E9%FB%F8%F8%EB%F4%FA%CA%E7%FA%EB%A8%C0%A8%B8%B6%B7%B[...]
    Line Deleted : user_pref("CT3299872.mam_gk_settings1.11.4.2.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImN1cnJlbnREYXRlIjoiMjAxMzExMjIiLCJpbnRlcnZhbCI6MjQwLCJzdGFtcCI6IjEwNDNfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50[...]
    Line Deleted : user_pref("CT3299872.mam_gk_settings1.8.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMzVfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiVVMiLCJpc1dlbGNvbWVFeHBlc[...]
    Line Deleted : user_pref("CT3299872.mam_gk_settings1.9.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMzVfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiVVMiLCJpc1dlbGNvbWVFeHBlc[...]
    Line Deleted : user_pref("CT3299872.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
    Line Deleted : user_pref("CT3299872.mam_gk_showWelcomeGadget", "%EC%E7%F2%F9%EB");
    Line Deleted : user_pref("CT3299872.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
    Line Deleted : user_pref("CT3299872.mam_gk_stamp", "%B7%B6%BA%B9%E5%B6");
    Line Deleted : user_pref("CT3299872.mam_gk_stamp.enc", "MTA0M18w");
    Line Deleted : user_pref("CT3299872.mam_gk_userId", "%EC%EB%B6%E9%E7%BE%B7%B9%B3%EB%E7%BD%E8%B3%BA%BB%BF%BE%B3%BF%EA%E8%BA%B3%BE%BE%BA%BE%E8%EC%EB%B6%BF%BA%B8%EC");
    Line Deleted : user_pref("CT3299872.mam_gk_userId.enc", "ZmUwY2E4MTMtZWE3Yi00NTk4LTlkYjQtODg0OGJmZTA5NDJm");
    Line Deleted : user_pref("CT3299872.mam_gk_user_approval_interacted", "%B7");
    Line Deleted : user_pref("CT3299872.mam_gk_user_approval_interacted.enc", "MQ==");
    Line Deleted : user_pref("CT3299872.mam_gk_welcomeDialogMode", "%B7");
    Line Deleted : user_pref("CT3299872.mam_gk_welcomeDialogMode.enc", "MQ==");
    Line Deleted : user_pref("CT3299872.migrateAppsAndComponents", true);
    Line Deleted : user_pref("CT3299872.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_SEARCH_TERM\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://InstalllConverter.OurToolbar.com/\",\"[...]
    Line Deleted : user_pref("CT3299872.originalHomepage", "hxxp://www.pageset.com/slp?psver=3&sid=24f306ae-efab-43bf-b2a8-2c43eb9ebd5c-0-ps_gse&dm=bing.com&cd=241306");
    Line Deleted : user_pref("CT3299872.originalSearchAddressUrl", "hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=668083&p=");
    Line Deleted : user_pref("CT3299872.originalSearchEngine", "Yahoo");
    Line Deleted : user_pref("CT3299872.performedDomainChangesMigration", "true");
    Line Deleted : user_pref("CT3299872.personalApps", "{\"dataType\":\"object\",\"data\":\"[\\\"BROWSER_COMPONENT\\\"]\"}");
    Line Deleted : user_pref("CT3299872.price-gong.isManagedApp", "true");
    Line Deleted : user_pref("CT3299872.revertSettingsEnabled", "false");
    Line Deleted : user_pref("CT3299872.sData.enc", "eyJhY3RpdmUiOnRydWUsImludGVydmFsIjowfQ==");
    Line Deleted : user_pref("CT3299872.search.searchAppId", "130116395078024690");
    Line Deleted : user_pref("CT3299872.search.searchCount", "2");
    Line Deleted : user_pref("CT3299872.searchFromAddressBarEnabledByUser", "true");
    Line Deleted : user_pref("CT3299872.searchInNewTabEnabledByUser", "true");
    Line Deleted : user_pref("CT3299872.searchInNewTabEnabledInHidden", "true");
    Line Deleted : user_pref("CT3299872.searchSuggestEnabledByUser", "TRUE");
    Line Deleted : user_pref("CT3299872.searchUserMode", "false");
    Line Deleted : user_pref("CT3299872.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Line Deleted : user_pref("CT3299872.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
    Line Deleted : user_pref("CT3299872.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
    Line Deleted : user_pref("CT3299872.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3299872\"}");
    Line Deleted : user_pref("CT3299872.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://InstalllConverter.OurToolbar.com//xpi\"}");
    Line Deleted : user_pref("CT3299872.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"Installl Converter \"}");
    Line Deleted : user_pref("CT3299872.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Line Deleted : user_pref("CT3299872.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
    Line Deleted : user_pref("CT3299872.serviceLayer_services_Configuration_lastUpdate", "1404488649335");
    Line Deleted : user_pref("CT3299872.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1386081814988");
    Line Deleted : user_pref("CT3299872.serviceLayer_services_appsMetadata_lastUpdate", "1386561038350");
    Line Deleted : user_pref("CT3299872.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1386460750927");
    Line Deleted : user_pref("CT3299872.serviceLayer_services_login_10.16.420.1_lastUpdate", "1375299446707");
    Line Deleted : user_pref("CT3299872.serviceLayer_services_login_10.19.2.505_lastUpdate", "1378506183745");
    Line Deleted : user_pref("CT3299872.serviceLayer_services_login_10.20.0.513_lastUpdate", "1379131952742");
    Line Deleted : user_pref("CT3299872.serviceLayer_services_login_10.21.1.507_lastUpdate", "1384224547894");
    Line Deleted : user_pref("CT3299872.serviceLayer_services_login_10.22.2.530_lastUpdate", "1384477578650");
    Line Deleted : user_pref("CT3299872.serviceLayer_services_login_10.22.3.518_lastUpdate", "1385079473302");
    Line Deleted : user_pref("CT3299872.serviceLayer_services_login_10.22.5.510_lastUpdate", "1386961481080");
    Line Deleted : user_pref("CT3299872.serviceLayer_services_login_10.29.0.520_lastUpdate", "1399593082792");
    Line Deleted : user_pref("CT3299872.serviceLayer_services_login_10.30.1.502_lastUpdate", "1400007688621");
    Line Deleted : user_pref("CT3299872.serviceLayer_services_login_10.31.0.526_lastUpdate", "1404305622323");
    Line Deleted : user_pref("CT3299872.serviceLayer_services_login_10.33.0.505_lastUpdate", "1404488645578");
    Line Deleted : user_pref("CT3299872.serviceLayer_services_menu_769c590835a76d075fe33b9a87a87786_lastUpdate", "1386460730980");
    Line Deleted : user_pref("CT3299872.serviceLayer_services_menu_d32f45618f5a02bd965c56155a643855_lastUpdate", "1386460728784");
    Line Deleted : user_pref("CT3299872.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1386460750928");
    Line Deleted : user_pref("CT3299872.serviceLayer_services_searchAPI_lastUpdate", "1404488647920");
    Line Deleted : user_pref("CT3299872.serviceLayer_services_serviceMap_lastUpdate", "1404488646377");
    Line Deleted : user_pref("CT3299872.serviceLayer_services_toolbarContextMenu_lastUpdate", "1386561038352");
    Line Deleted : user_pref("CT3299872.serviceLayer_services_toolbarSettings_lastUpdate", "1404488645457");
    Line Deleted : user_pref("CT3299872.serviceLayer_services_translation_lastUpdate", "1404488645363");
    Line Deleted : user_pref("CT3299872.settingsINI", true);
    Line Deleted : user_pref("CT3299872.showToolbarPermission", "false");
    Line Deleted : user_pref("CT3299872.smartbar.CTID", "CT3299872");
    Line Deleted : user_pref("CT3299872.smartbar.Uninstall", "0");
    Line Deleted : user_pref("CT3299872.smartbar.homepage", true);
    Line Deleted : user_pref("CT3299872.smartbar.toolbarName", "Installl Converter ");
    Line Deleted : user_pref("CT3299872.toolbarBornServerTime", "14-7-2013");
    Line Deleted : user_pref("CT3299872.toolbarCurrentServerTime", "4-7-2014");
    Line Deleted : user_pref("CT3299872.toolbarLoginClientTime", "Sat Jul 13 2013 17:14:03 GMT-0400 (Eastern Standard Time)");
    Line Deleted : user_pref("CT3299872.url_history0001", "%EE%FA%FA%F6%C0%B5%B5%F9%F6%E7%E9%EB%E9%F5%E7%F9%FA%B4%E9%F8%E7%EF%ED%F9%F2%EF%F9%FA%B4%F5%F8%ED%B5%F9%F6%E7%B5%BA%B8%B6%BB%B6%B6%BA%B6%B6%B6%B4%EE%FA%F3%F2%C0%[...]
    Line Deleted : user_pref("CT3299872.url_history0001.enc", "aHR0cDovL3NwYWNlY29hc3QuY3JhaWdzbGlzdC5vcmcvc3BhLzQyMDUwMDQwMDAuaHRtbDo6OmNsaWNraGFuZGxlcjo6OjEzODUwNzg3MzA1NDIsLCxodHRwOi8vc3BhY2Vjb2FzdC5jcmFpZ3NsaXN0Lm9y[...]
    Line Deleted : user_pref("CT3299872.userIdGenerationCounter", "1");
    Line Deleted : user_pref("CT3299872_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1404488613927,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
    Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "");
    Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
    Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");
    Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=668083&p=");
    Line Deleted : user_pref("Smartbar.TBHomepagesList", "");
    Line Deleted : user_pref("Smartbar.TBSearchEngineList", "");
    Line Deleted : user_pref("Smartbar.TBSearchUrlList", "");
    Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3299872");
    Line Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\18.1.0.443");
    Line Deleted : user_pref("avg.install.userHPSettings", "hxxp://home.tb.ask.com/index.jhtml?ptb=CE5567D9-5F79-495D-90B3-19819F57C55F&n=780b5b68&p2=^XM^xdm292^YYA^us&si=23178");
    Line Deleted : user_pref("avg.install.userSPSettings", "Ask Web Search");
    Line Deleted : user_pref("avg.userPreferences.URLBarFocus.whiteList", "bing\\.com|google\\.\\w+|yahoo\\.\\w+|gmail\\.\\w+|hotmail\\.\\w+|live\\.\\w+|isearch\\.avg\\.com|mysearch\\.avg\\.com");
    Line Deleted : user_pref("browser.newtab.url", "hxxp://www.claro-search.com/?affID=114024&tt=090812_clr_3212_8&babsrc=NT_ss&mntrId=e24b917800000000000090004e363f66");
    Line Deleted : user_pref("browser.search.defaultenginename", "Ask Web Search");
    Line Deleted : user_pref("browser.search.selectedEngine", "Ask Web Search");
    Line Deleted : user_pref("browser.startup.homepage", "hxxp://home.tb.ask.com/index.jhtml?ptb=CE5567D9-5F79-495D-90B3-19819F57C55F&n=780b5b68&p2=^XM^xdm292^YYA^us&si=23178");
    Line Deleted : user_pref("extensions.BabylonToolbar.admin", false);
    Line Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
    Line Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
    Line Deleted : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
    Line Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
    Line Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
    Line Deleted : user_pref("extensions.BabylonToolbar.id", "e24b9178000000000000984be19b1f9c");
    Line Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15710");
    Line Deleted : user_pref("extensions.BabylonToolbar.instlRef", "na");
    Line Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
    Line Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
    Line Deleted : user_pref("extensions.BabylonToolbar.rvrt", "false");
    Line Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");
    Line Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=e24b9178000000000000984be19b1f9c&q=");
    Line Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.8.7.2");
    Line Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.8.7.2");
    Line Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
    Line Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=17427&tt=0113_1");
    Line Deleted : user_pref("extensions.BabylonToolbar_i.excTlbr", false);
    Line Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);
    Line Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
    Line Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "def");
    Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.7.218:22:40");
    Line Deleted : user_pref("extensions.claro.admin", false);
    Line Deleted : user_pref("extensions.claro.aflt", "babsst");
    Line Deleted : user_pref("extensions.claro.autoRvrt", "false");
    Line Deleted : user_pref("extensions.claro.dfltLng", "en");
    Line Deleted : user_pref("extensions.claro.excTlbr", false);
    Line Deleted : user_pref("extensions.claro.id", "e24b917800000000000090004e363f66");
    Line Deleted : user_pref("extensions.claro.instlDay", "15562");
    Line Deleted : user_pref("extensions.claro.instlRef", "sst");
    Line Deleted : user_pref("extensions.claro.prdct", "claro");
    Line Deleted : user_pref("extensions.claro.prtnrId", "claro");
    Line Deleted : user_pref("extensions.claro.tlbrId", "claro");
    Line Deleted : user_pref("extensions.claro.vrsn", "1.6.4.1");
    Line Deleted : user_pref("extensions.claro.vrsni", "1.6.4.1");
    Line Deleted : user_pref("extensions.claro_i.newTab", false);
    Line Deleted : user_pref("extensions.claro_i.smplGrp", "none");
    Line Deleted : user_pref("extensions.claro_i.vrsnTs", "1.6.4.116:02:26");
    Line Deleted : user_pref("extensions.crossrider.bic", "13912268e3b849136867bf9e01c06acd");
    Line Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
    Line Deleted : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://www.searchqu.com/web?src=ffb&appid=119&systemid=406&sr=0&q=");
    Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.BUTTON_STRUCTURE", "[{\"b\":221356240,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":221356241,\"c\":\"mindspark.entersearchterms\",\"p\":\"L.0.0[...]
    Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.browser.search.defaultenginename.prev", "Installl Converter Customized Web Search");
    Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.browser.search.defaultenginename.savedPrev", "true");
    Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.browser.search.defaultenginename.tb", "Ask Web Search");
    Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.browser.search.selectedEngine.prev", "");
    Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.browser.search.selectedEngine.savedPrev", "true");
    Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.browser.search.selectedEngine.tb", "Ask Web Search");
    Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.browser.startup.homepage.prev", "hxxp://search.conduit.com/?octid=CT3299872&ctid=CT3299872&SearchSource=13&CUI=UN74877533678437857");
    Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.browser.startup.homepage.savedPrev", "true");
    Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.browser.startup.homepage.tb", "hxxp://home.tb.ask.com/index.jhtml?ptb=CE5567D9-5F79-495D-90B3-19819F57C55F&n=780b5b68&p2=^XM^xdm292^YYA^us&si=23178"[...]
    Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.browser.startup.page.savedPrev", 1);
    Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.browser.startup.page.tb", 1);
    Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.competitorDNS", "{\"comment\":\"refresh every 1 week (7*24*60*60*1000)\",\"refreshPeriod\":604800000,\"list\":[{\"url\":\"hxxp://www.dnsrsearch.com/[...]
    Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.firstKnownVersion", "5.75.3.1281");
    Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.homepage", "hxxp://home.tb.ask.com/index.jhtml?ptb=CE5567D9-5F79-495D-90B3-19819F57C55F&n=780b5b68&p2=^XM^xdm292^YYA^us&si=23178");
    Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.hp.enabled", true);
    Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.hp.lastGuardTime", 1281687674);
    Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.hp.numGuards", 1);
    Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.initialized", true);
    Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.installKeysSource", "File");
    Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.installation.contextKey", "");
    Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.installation.installDate", "2014010216");
    Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.installation.partnerId", "^XM^xdm292^YYA^us");
    Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.installation.partnerSubId", "23178");
    Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.installation.success", true);
    Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.installation.toolbarId", "CE5567D9-5F79-495D-90B3-19819F57C55F");
    Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.isCompliantUninstallImplementation", true);
    Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.lastActivePing", "1404488624081");
    Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.lastKnownVersion", "6.52.4.5107");
    Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.options.defaultSearch", true);
    Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.options.homePageEnabled", true);
    Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.options.keywordEnabled", true);
    Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.options.tabEnabled", true);
    Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.searchHistory", "youtube rafael nadal y jackovik||gmail sign in||hotmail sign in||oracion san miguel arcangel||.Padre nuestro oracion||Rey de Reyes [...]
    Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.toolbarCollapsed", false);
    Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.weather.location", "32701");
    Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=76A4C6AC-C41E-494A-8B8C-66E0D9167D71&n=77ed26fe&ptnrS=XPxdm044YYus&si=CIfGl-_a1a4CFZNV7AodZ1[...]
    Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.initialized", true);
    Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.installDate", "2012030718");
    Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.partnerId", "XPxdm044YYus");
    Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.partnerSubId", "CIfGl-_a1a4CFZNV7AodZ1ICaw");
    Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.success", true);
    Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.toolbarId", "76A4C6AC-C41E-494A-8B8C-66E0D9167D71");
    Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.lastActivePing", "1344615504258");
    Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.options.defaultSearch", true);
    Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.options.homePageEnabled", false);
    Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.options.keywordEnabled", true);
    Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.options.tabEnabled", false);
    Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.recentlyClosed", "{\"list\":[{\"url\":\"hxxp://search.yahoo.com/search;_ylt=A0oGdbkgtMpPuRYAL9xXNyoA?p=how%20to%20watch%20facebook%20the%20movie%20o[...]
    Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.searchHistory", "dubai social life pics||dubai socialmen life pics");
    Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.weather.location", "32114");
    Line Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled", true);
    Line Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "dailybibleguide@mindspark.com");
    Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "dailybibleguide@mindspark.com");
    Line Deleted : user_pref("keyword.URL", "hxxp://search.tb.ask.com/search/GGmain.jhtml?st=kwd&ptb=CE5567D9-5F79-495D-90B3-19819F57C55F&n=780b5b68&ind=2014010216&p2=^XM^xdm292^YYA^us&si=23178&searchfor=");
    Line Deleted : user_pref("plugin.state.npconduitfirefoxplugin", 2);
    Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3299872");
    Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?octid=CT3299872&ctid=CT3299872&SearchSource=13&CUI=UN74877533678437857");
    Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?octid=CT3299872&ctid=CT3299872&SearchSource=2&CUI=UN74877533678437857&UM=false&q=,hxxp://search.conduit.com[...]
    Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3299872");
    Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3299872");
    Line Deleted : user_pref("smartbar.homepageList", "hxxp://search.conduit.com/?octid=CT3299872&ctid=CT3299872&SearchSource=13&CUI=UN74877533678437857");
    Line Deleted : user_pref("smartbar.machineId", "AE8EML/HRWZTYBNU0Z6/YPNQK0EMUWXXQXP0F5QYBWNTUDP8GWYF12883BUDFFJQ59UXTZPBJI/CZ6PQMIKBTQ");
    Line Deleted : user_pref("smartbar.searchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?octid=CT3299872&ctid=CT3299872&SearchSource=2&CUI=UN74877533678437857&UM=false&q=,hxxp://search.conduit.com/Result[...]
    Line Deleted : user_pref("valueApps.CT3299872.SF_JUST_INSTALLED", "46414C5345");
    Line Deleted : user_pref("valueApps.CT3299872.SF_JUST_INSTALLED.storedInFile", false);
    Line Deleted : user_pref("valueApps.CT3299872.SF_STATUS", "454E41424C4544");
    Line Deleted : user_pref("valueApps.CT3299872.SF_STATUS.storedInFile", false);
    Line Deleted : user_pref("valueApps.CT3299872.SF_USER_ID", "6369645F323231313230313331303135313133383737393434");
    Line Deleted : user_pref("valueApps.CT3299872.SF_USER_ID.storedInFile", false);
    Line Deleted : user_pref("valueApps.CT3299872._key_cl_active", "33323039353165392D383631642D346166642D393863352D663836393939656131326438");
    Line Deleted : user_pref("valueApps.CT3299872._key_cl_active.storedInFile", false);
    Line Deleted : user_pref("valueApps.CT3299872.cb_experience_000", "3237");
    Line Deleted : user_pref("valueApps.CT3299872.cb_experience_000.storedInFile", false);
    Line Deleted : user_pref("valueApps.CT3299872.cb_firstuse0100", "31");
    Line Deleted : user_pref("valueApps.CT3299872.cb_firstuse0100.storedInFile", false);
    Line Deleted : user_pref("valueApps.CT3299872.cb_user_id_000", "43423133353835343234353730385F313339393038303836303537355F46697265666F78");
    Line Deleted : user_pref("valueApps.CT3299872.cb_user_id_000.storedInFile", false);
    Line Deleted : user_pref("valueApps.CT3299872.cbfirsttime", "53756E204A756C20313420323031332031363A35313A323220474D542D3034303020284561737465726E205374616E646172642054696D6529");
    Line Deleted : user_pref("valueApps.CT3299872.cbfirsttime.storedInFile", false);
    Line Deleted : user_pref("valueApps.CT3299872.mam_gk_appStateReportTime", "31343034343838363532323831");
    Line Deleted : user_pref("valueApps.CT3299872.mam_gk_appStateReportTime.storedInFile", false);
    Line Deleted : user_pref("valueApps.CT3299872.mam_gk_appState_ACplus", "6F6666");
    Line Deleted : user_pref("valueApps.CT3299872.mam_gk_appState_ACplus.storedInFile", false);
    Line Deleted : user_pref("valueApps.CT3299872.mam_gk_appState_Clarity_Active", "6F6E");
    Line Deleted : user_pref("valueApps.CT3299872.mam_gk_appState_Clarity_Active.storedInFile", false);
    Line Deleted : user_pref("valueApps.CT3299872.mam_gk_appState_CouponBuddy", "6F6E");
    Line Deleted : user_pref("valueApps.CT3299872.mam_gk_appState_CouponBuddy.storedInFile", false);
    Line Deleted : user_pref("valueApps.CT3299872.mam_gk_appState_Discover", "6F6666");
    Line Deleted : user_pref("valueApps.CT3299872.mam_gk_appState_Discover.storedInFile", false);
    Line Deleted : user_pref("valueApps.CT3299872.mam_gk_appState_Easytobook", "6F6E");
    Line Deleted : user_pref("valueApps.CT3299872.mam_gk_appState_Easytobook.storedInFile", false);
    Line Deleted : user_pref("valueApps.CT3299872.mam_gk_appState_Easytobook_targeted", "6F6E");
    Line Deleted : user_pref("valueApps.CT3299872.mam_gk_appState_Easytobook_targeted.storedInFile", false);
    Line Deleted : user_pref("valueApps.CT3299872.mam_gk_appState_Find-a-Pro", "6F6666");
    Line Deleted : user_pref("valueApps.CT3299872.mam_gk_appState_Find-a-Pro.storedInFile", false);
    Line Deleted : user_pref("valueApps.CT3299872.mam_gk_appState_PiclickV2-WebSearch", "6F6666");
    Line Deleted : user_pref("valueApps.CT3299872.mam_gk_appState_PiclickV2-WebSearch.storedInFile", false);
    Line Deleted : user_pref("valueApps.CT3299872.mam_gk_appState_PriceGong", "6F6666");
    Line Deleted : user_pref("valueApps.CT3299872.mam_gk_appState_PriceGong.storedInFile", false);
    Line Deleted : user_pref("valueApps.CT3299872.mam_gk_appState_WindowShopper", "6F6E");
    Line Deleted : user_pref("valueApps.CT3299872.mam_gk_appState_WindowShopper.storedInFile", false);
    Line Deleted : user_pref("valueApps.CT3299872.mam_gk_appsConfig.storedInFile", true);
    Line Deleted : user_pref("valueApps.CT3299872.mam_gk_appsDefaultEnabled", "6E756C6C");
    Line Deleted : user_pref("valueApps.CT3299872.mam_gk_appsDefaultEnabled.storedInFile", false);
    Line Deleted : user_pref("valueApps.CT3299872.mam_gk_calledSetupService", "31");
    Line Deleted : user_pref("valueApps.CT3299872.mam_gk_calledSetupService.storedInFile", false);
    Line Deleted : user_pref("valueApps.CT3299872.mam_gk_currentBadgeValue", "31");
    Line Deleted : user_pref("valueApps.CT3299872.mam_gk_currentBadgeValue.storedInFile", false);
    Line Deleted : user_pref("valueApps.CT3299872.mam_gk_currentVersion", "312E31332E302E3137");
    Line Deleted : user_pref("valueApps.CT3299872.mam_gk_currentVersion.storedInFile", false);
    Line Deleted : user_pref("valueApps.CT3299872.mam_gk_eventsCache.storedInFile", true);
    Line Deleted : user_pref("valueApps.CT3299872.mam_gk_existingUsersRecoveryDone", "31");
    Line Deleted : user_pref("valueApps.CT3299872.mam_gk_existingUsersRecoveryDone.storedInFile", false);
    Line Deleted : user_pref("valueApps.CT3299872.mam_gk_first_time", "31");
    Line Deleted : user_pref("valueApps.CT3299872.mam_gk_first_time.storedInFile", false);
    Line Deleted : user_pref("valueApps.CT3299872.mam_gk_gadgetOpen", "30");
    Line Deleted : user_pref("valueApps.CT3299872.mam_gk_gadgetOpen.storedInFile", false);
    Line Deleted : user_pref("valueApps.CT3299872.mam_gk_globalKeysMigratedToLocalStorage", "31");
    Line Deleted : user_pref("valueApps.CT3299872.mam_gk_globalKeysMigratedToLocalStorage.storedInFile", false);
    Line Deleted : user_pref("valueApps.CT3299872.mam_gk_lastLoginTime", "31343034343838363532343230");
    Line Deleted : user_pref("valueApps.CT3299872.mam_gk_lastLoginTime.storedInFile", false);
    Line Deleted : user_pref("valueApps.CT3299872.mam_gk_localization.storedInFile", true);
    Line Deleted : user_pref("valueApps.CT3299872.mam_gk_mamEnabled", "74727565");
    Line Deleted : user_pref("valueApps.CT3299872.mam_gk_mamEnabled.storedInFile", false);
    Line Deleted : user_pref("valueApps.CT3299872.mam_gk_migrated_from_ls", "31");
    Line Deleted : user_pref("valueApps.CT3299872.mam_gk_migrated_from_ls.storedInFile", false);
    Line Deleted : user_pref("valueApps.CT3299872.mam_gk_newApps", "5B7B226964223A2245617379746F626F6F6B5F7461726765746564222C226E616D65223A224C617374204D696E75746520426F6F6B696E67222C226465736372697074696F6E223A22536D6[...]
    Line Deleted : user_pref("valueApps.CT3299872.mam_gk_newApps.storedInFile", false);
    Line Deleted : user_pref("valueApps.CT3299872.mam_gk_pgUnloadedOnce", "74727565");
    Line Deleted : user_pref("valueApps.CT3299872.mam_gk_pgUnloadedOnce.storedInFile", false);
    Line Deleted : user_pref("valueApps.CT3299872.mam_gk_settings1.10.4.0.storedInFile", true);
    Line Deleted : user_pref("valueApps.CT3299872.mam_gk_settings1.11.4.2.storedInFile", true);
    Line Deleted : user_pref("valueApps.CT3299872.mam_gk_settings1.12.0.5.storedInFile", true);
    Line Deleted : user_pref("valueApps.CT3299872.mam_gk_settings1.13.0.17.storedInFile", true);
    Line Deleted : user_pref("valueApps.CT3299872.mam_gk_showWelcomeGadget", "66616C7365");
    Line Deleted : user_pref("valueApps.CT3299872.mam_gk_showWelcomeGadget.storedInFile", false);
    Line Deleted : user_pref("valueApps.CT3299872.mam_gk_stamp", "35345F30");
    Line Deleted : user_pref("valueApps.CT3299872.mam_gk_stamp.storedInFile", false);
    Line Deleted : user_pref("valueApps.CT3299872.mam_gk_userBornDate", "4E2F41");
    Line Deleted : user_pref("valueApps.CT3299872.mam_gk_userBornDate.storedInFile", false);
    Line Deleted : user_pref("valueApps.CT3299872.mam_gk_userId", "66653063613831332D656137622D343539382D396462342D383834386266653039343266");
    Line Deleted : user_pref("valueApps.CT3299872.mam_gk_userId.storedInFile", false);
    Line Deleted : user_pref("valueApps.CT3299872.mam_gk_user_approval_interacted", "31");
    Line Deleted : user_pref("valueApps.CT3299872.mam_gk_user_approval_interacted.storedInFile", false);
    Line Deleted : user_pref("valueApps.CT3299872.mam_gk_welcomeDialogMode", "31");
    Line Deleted : user_pref("valueApps.CT3299872.mam_gk_welcomeDialogMode.storedInFile", false);
    Line Deleted : user_pref("valueApps.CT3299872.rematchGround.upstairs", "7B22687474703A2F2F66617374636F6E74656E742E636F6E647569742E636F6D2F646F776E6C6F61645F6F66666572732E68746D6C3F637469643D4354333239393837327E62313[...]
    Line Deleted : user_pref("valueApps.CT3299872.rematchGround.upstairs.storedInFile", false);
    Line Deleted : user_pref("valueApps.CT3299872.rematchagent-matkot-user-id", "22313339383936333836363334333839323334353622");
    Line Deleted : user_pref("valueApps.CT3299872.rematchagent-matkot-user-id.storedInFile", false);
    Line Deleted : user_pref("valueApps.CT3299872.rematchagent-periodic-reports", "7B2270696E675F30223A5B313339383936333836363930332C31343430303030305D7D");
    Line Deleted : user_pref("valueApps.CT3299872.rematchagent-periodic-reports.storedInFile", false);
    Line Deleted : user_pref("valueApps.CT3299872.url_history0001.storedInFile", true);

    -\\ Google Chrome v35.0.1916.153

    [ File : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
    Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    Deleted [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof

    [ File : C:\Users\Monica\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    Deleted [Search Provider] : hxxp://isearch.avg.com/search?cid={6DC02F73-AE57-4A57-8234-5CF0F2B24D25}&mid=80050d90450547d6aad94902a77ff66f-a02703f07077a19be9159f751d22ed12fb2a9109&lang=en&ds=AVG&pr=fr&d=2012-08-06 21:15:14&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
    Deleted [Search Provider] : hxxp://www.claro-search.com/?q={searchTerms}&affID=114024&tt=090812_clr_3212_8&babsrc=SP_ss&mntrId=e24b917800000000000090004e363f66
    Deleted [Search Provider] : hxxp://dts.search-results.com/sr?src=crb&gct=ds&appid=221&systemid=1&apn_dtid=IME001&apn_ptnrs=AGE&o=APN10653&apn_uid=5020704175454444&q={searchTerms}
    Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
    Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    Deleted [Extension] : aidbbndgjnlaclnmhkdimcdjiebjpdel
    Deleted [Extension] : bfcpnihmbfoaeoakalclfalkdepgiaje
    Deleted [Extension] : cfcbmgbfdbijmjgjihagbomfbjfjmgon
    Deleted [Extension] : hgojaaaiddhmiiakpejiklijbalpckih
    Deleted [Extension] : mocblcnaofikinigmceddfghppkkjbog
    Deleted [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof
    Deleted [Extension] : pfndaklgolladniicklehhancnlgocpp

    *************************

    AdwCleaner[R0].txt - [59393 octets] - [04/07/2014 12:14:10]
    AdwCleaner[S0].txt - [59372 octets] - [04/07/2014 12:17:41]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [59433 octets] ##########


    Will post Junkware Removal Tool (JRT.txt) separately

  4. #4
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    That definitely took out a ton of stuff, and much of it I didn't see.

    Have you done the other scans?
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  5. #5
    Senior Member
    Join Date
    Oct 2005
    Location
    Indialantic, Florida USA
    Posts
    186

    Default S&D Finds Toolbars

    Stopped for 4th of July doings.

    JRT.txt follows:

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.4 (04.06.2014:1)
    OS: Windows 7 Home Premium x64
    Ran by Monica on Sat 07/05/2014 at 5:33:35.00
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2318636694-3368949867-1376833035-1001\Software\sweetim
    Successfully deleted: [Registry Key] HKEY_USERS\.DEFAULT\Software\bProtector
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501160}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5ADCE93E-4285-4987-8464-FEA2EF4C0B23}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{89457C92-825C-4565-B00E-B272E770B0D4}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{89457C92-825C-4565-B00E-B272E770B0D4}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE}



    ~~~ Files

    Successfully deleted: [File] "C:\Program Files (x86)\adobe\reader 10.0\reader\plug_ins\babylon\babylonrpi.api"
    Successfully deleted: [File] C:\Windows\syswow64\sho6E30.tmp
    Successfully deleted: [File] C:\Windows\syswow64\shoC6A0.tmp
    Successfully deleted: [File] C:\Windows\syswow64\shoC73.tmp
    Successfully deleted: [File] C:\Windows\syswow64\shoCA9A.tmp
    Successfully deleted: [File] C:\Windows\syswow64\shoFA3F.tmp
    Successfully deleted: [File] C:\Windows\syswow64\shoFC85.tmp



    ~~~ Folders

    Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
    Successfully deleted: [Folder] "C:\Users\Monica\appdata\locallow\dailybibleguide"
    Successfully deleted: [Folder] "C:\Program Files (x86)\dailybibleguide"
    Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\privacy safeguard"



    ~~~ FireFox

    Successfully deleted: [File] C:\user.js
    Successfully deleted: [Folder] C:\Users\Monica\AppData\Roaming\mozilla\firefox\profiles\q6tbbkv9.default\extensions\2vffxtbr@dailybibleguide.com
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@dailybibleguide.com/plugin
    Emptied folder: C:\Users\Monica\AppData\Roaming\mozilla\firefox\profiles\q6tbbkv9.default\minidumps [85 files]



    ~~~ Chrome

    Successfully deleted: [Folder] C:\Users\Monica\appdata\local\Google\Chrome\User Data\Default\Extensions\geggofhlfbcmanadhknllmlajiafopoh
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\geggofhlfbcmanadhknllmlajiafopoh



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sat 07/05/2014 at 5:55:45.72
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Will run FRST and post result separately.

  6. #6
    Senior Member
    Join Date
    Oct 2005
    Location
    Indialantic, Florida USA
    Posts
    186

    Default S&D Finds Toolbars

    FRST.txt follows:

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-07-2014
    Ran by Monica (administrator) on MONICA-HP on 05-07-2014 06:04:59
    Running from C:\Users\Monica\Desktop
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 10
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/down...an-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/down...an-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    (CinemaNow, Inc.) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    (CMJ Designs Inc.) C:\Program Files (x86)\Orchid\LiveAccessService.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.CMJ\MSSQL\Binn\sqlservr.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    () C:\Program Files (x86)\Tor\tor.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    (IObit) C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
    (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe


    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2281256 2012-02-06] (Synaptics Incorporated)
    HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-06-18] (Hewlett-Packard Company)
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6245408 2010-05-25] (Realtek Semiconductor)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-06-17] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [AVG_TRAY] => C:\Program Files (x86)\AVG\AVG2012\avgtray.exe [2598520 2012-11-19] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [DailyBibleGuide EPM Support] => "C:\PROGRA~2\DAILYB~2\bar\1.bin\2vmedint.exe" T8EPMSUP.DLL,S
    HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-06-24] (Hewlett-Packard)
    HKU\S-1-5-21-2318636694-3368949867-1376833035-1001\...\Run: [HPAdvisorDock] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-09] ()
    HKU\S-1-5-21-2318636694-3368949867-1376833035-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-05-19] (Hewlett-Packard Company)
    HKU\S-1-5-21-2318636694-3368949867-1376833035-1001\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
    HKU\S-1-5-21-2318636694-3368949867-1376833035-1001\...\Run: [Advanced SystemCare 6] => C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe [491840 2013-01-15] (IObit)
    HKU\S-1-5-21-2318636694-3368949867-1376833035-1001\...\MountPoints2: G - G:\LGAutoRun.exe
    HKU\S-1-5-21-2318636694-3368949867-1376833035-1001\...\MountPoints2: {78edb978-13cc-11e2-a51a-984be19b1f9c} - H:\ZTE_Handset_USB_Driver.exe
    HKU\S-1-5-21-2318636694-3368949867-1376833035-1001\...\MountPoints2: {a1a78e3f-9233-11e2-9d61-984be19b1f9c} - G:\LGAutoRun.exe
    Startup: C:\Users\Monica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
    Startup: C:\Users\Monica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
    ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
    BootExecute: autocheck autochk * SmartDefragBootTime.exe

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
    SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL =
    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM - {89457C92-825C-4565-B00E-B272E770B0D4} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    SearchScopes: HKLM - {9E4290B9-D0E4-4842-9DCF-DF38620489BB} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    SearchScopes: HKLM - {EAC78F53-4829-46F4-858B-497D2E767FB7} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    SearchScopes: HKLM-x32 - DefaultScope value is missing.
    SearchScopes: HKLM-x32 - {9E4290B9-D0E4-4842-9DCF-DF38620489BB} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    SearchScopes: HKLM-x32 - {EAC78F53-4829-46F4-858B-497D2E767FB7} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    SearchScopes: HKCU - {0662EB16-9EE1-418A-A57C-B3AB0FF6663D} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=668083&p={searchTerms}
    SearchScopes: HKCU - {9E4290B9-D0E4-4842-9DCF-DF38620489BB} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    SearchScopes: HKCU - {EAC78F53-4829-46F4-858B-497D2E767FB7} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    BHO: Privacy Safeguard BHO - {1036AD63-AEAC-460B-9060-C96005D4DC86} - C:\Program Files\PrivacySafeGuard\PrivacySafeGuard-x64.dll (PrivaceySafeguard)
    BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
    BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
    BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    BHO-x32: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll (IObit)
    BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
    DPF: HKLM-x32 {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h50203.www5.hp.com/CSMWeb/Cu...ataManager.CAB
    Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - No File
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
    Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
    Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
    Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
    Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112

    FireFox:
    ========
    FF ProfilePath: C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\q6tbbkv9.default
    FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", "");
    FF NetworkProxy: "type", 0
    FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
    FF Plugin: @microsoft.com/GENUINE - disabled No File
    FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\Monica\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin ProgramFiles/Appdata: C:\Users\Monica\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF Plugin ProgramFiles/Appdata: C:\Users\Monica\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
    FF SearchPlugin: C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\q6tbbkv9.default\searchplugins\installl-converter-customized-web-search.xml
    FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\q6tbbkv9.default\Extensions\ascsurfingprotection@iobit.com [2013-03-13]
    FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-03-29]
    FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG2012\Firefox4
    FF Extension: AVG Safe Search - C:\Program Files (x86)\AVG\AVG2012\Firefox4 [2012-08-06]

    Chrome:
    =======
    CHR HomePage:
    CHR DefaultSearchKeyword: yahoo.com
    CHR DefaultSearchProvider: Yahoo!
    CHR DefaultSearchURL: http://search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=668083&p={searchTerms}
    CHR DefaultNewTabURL:
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()
    CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
    CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
    CHR Plugin: (Google Talk Plugin) - C:\Users\Monica\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Monica\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\Monica\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll No File
    CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
    CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Monica\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-29]
    CHR Extension: (Skype Click to Call) - C:\Users\Monica\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-05-01]
    CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Monica\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd [2013-05-01]
    CHR Extension: (Google Wallet) - C:\Users\Monica\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-15]
    CHR HKLM\...\Chrome\Extension: [geggofhlfbcmanadhknllmlajiafopoh] - C:\Program Files\PrivacySafeGuard\pschrome_im-c1_1_0.crx [2012-04-06]
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-04-09]
    CHR HKLM-x32\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASC_GhromePlugin.crx [2013-03-13]

    ==================== Services (Whitelisted) =================

    R2 AdvancedSystemCareService6; C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [528192 2013-02-25] (IObit)
    R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [5175856 2013-10-16] (AVG Technologies CZ, s.r.o.)
    R2 avgwd; C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
    R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
    R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-05-19] (Hewlett-Packard Company) [File not signed]
    R2 Live_Access; C:\Program Files (x86)\Orchid\LiveAccessService.exe [25824 2012-12-19] (CMJ Designs Inc.)
    R2 MSSQL$CMJ; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.CMJ\MSSQL\Binn\sqlservr.exe [42884448 2010-04-03] (Microsoft Corporation)
    R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
    S4 SQLAgent$CMJ; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.CMJ\MSSQL\Binn\SQLAGENT.EXE [367456 2010-04-03] (Microsoft Corporation)
    R2 tor; C:\Program Files (x86)\Tor\tor.exe [3233806 2013-08-30] () [File not signed]
    S2 DailyBibleGuideService; C:\PROGRA~2\DAILYB~2\bar\1.bin\2vbarsvc.exe [X]

    ==================== Drivers (Whitelisted) ====================

    S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2012-07-03] (LG Electronics Inc.)
    S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [36352 2012-07-03] (LG Electronics Inc.)
    R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [127328 2012-12-10] (AVG Technologies CZ, s.r.o. )
    R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
    R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
    R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [307040 2012-11-08] (AVG Technologies CZ, s.r.o.)
    R1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
    R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
    R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [384800 2013-04-11] (AVG Technologies CZ, s.r.o.)
    R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-07-02] (AVG Technologies)
    R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [17720 2010-11-26] ()
    S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2014-07-05 06:04 - 2014-07-05 06:06 - 00021560 _____ () C:\Users\Monica\Desktop\FRST.txt
    2014-07-05 06:04 - 2014-07-05 06:05 - 00000000 ____D () C:\FRST
    2014-07-05 06:03 - 2014-07-05 06:03 - 02084352 _____ (Farbar) C:\Users\Monica\Desktop\FRST64.exe
    2014-07-05 05:55 - 2014-07-05 05:56 - 00003349 _____ () C:\Users\Monica\Desktop\JRT.txt
    2014-07-05 05:33 - 2014-07-05 05:33 - 00000000 ____D () C:\Windows\ERUNT
    2014-07-05 05:31 - 2014-07-05 05:31 - 01016261 _____ (Thisisu) C:\Users\Monica\Desktop\JRT.exe
    2014-07-04 12:40 - 2014-07-04 12:40 - 00059570 _____ () C:\Users\Monica\Desktop\AdwCleaner[S0].txt
    2014-07-04 12:15 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
    2014-07-04 12:14 - 2014-07-04 12:18 - 00000000 ____D () C:\AdwCleaner
    2014-07-04 12:12 - 2014-07-04 12:13 - 00001493 _____ () C:\Users\Monica\Desktop\AdwCleaner - Shortcut.lnk
    2014-07-04 12:12 - 2014-07-04 12:12 - 01346519 _____ () C:\Users\Monica\Downloads\AdwCleaner.exe
    2014-07-03 16:50 - 2014-07-03 16:29 - 00003092 _____ () C:\Users\Monica\Documents\attach.zip.zip
    2014-07-03 16:30 - 2014-07-03 16:29 - 00003092 _____ () C:\Users\Monica\Documents\attach.zip
    2014-07-03 16:29 - 2014-07-03 16:29 - 00003092 _____ () C:\Users\Monica\Desktop\attach.zip
    2014-07-03 16:19 - 2014-07-03 16:19 - 00026505 _____ () C:\Users\Monica\Desktop\dds.txt
    2014-07-03 16:19 - 2014-07-03 16:19 - 00007658 _____ () C:\Users\Monica\Desktop\attach.txt
    2014-07-03 16:11 - 2014-07-03 16:11 - 00688992 ____R (Swearware) C:\Users\Monica\Downloads\dds.scr
    2014-07-03 15:51 - 2014-07-03 15:51 - 00001162 _____ () C:\Users\Monica\Desktop\Live PC Help.lnk
    2014-07-03 15:38 - 2014-07-03 15:41 - 00003230 _____ () C:\Windows\System32\Tasks\Erunt Backup
    2014-07-03 15:10 - 2014-07-03 15:45 - 00000000 ____D () C:\Windows\ERDNT
    2014-07-03 15:09 - 2014-07-03 15:09 - 00000928 _____ () C:\Users\Monica\Desktop\NTREGOPT.lnk
    2014-07-03 15:09 - 2014-07-03 15:09 - 00000928 _____ () C:\Users\Guest\Desktop\NTREGOPT.lnk
    2014-07-03 15:09 - 2014-07-03 15:09 - 00000909 _____ () C:\Users\Monica\Desktop\ERUNT.lnk
    2014-07-03 15:09 - 2014-07-03 15:09 - 00000909 _____ () C:\Users\Guest\Desktop\ERUNT.lnk
    2014-07-03 15:09 - 2014-07-03 15:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
    2014-07-03 15:09 - 2014-07-03 15:09 - 00000000 ____D () C:\Program Files (x86)\ERUNT
    2014-07-03 14:58 - 2014-07-03 14:58 - 00791393 _____ (Lars Hederer ) C:\Users\Monica\Downloads\erunt-setup.exe
    2014-07-03 10:26 - 2014-07-03 10:26 - 04500592 _____ (Systweak Inc ) C:\Users\Monica\Downloads\rcpa_03070225468304048.exe
    2014-07-03 01:55 - 2014-07-03 01:56 - 00985600 _____ () C:\Users\Monica\Downloads\MicrosoftFixit50123(1).msi
    2014-07-02 13:12 - 2014-07-02 13:12 - 00000000 _____ () C:\Users\Monica\AppData\Local\{D85759F7-3B77-4D17-8ACC-81FC2125C2C1}
    2014-07-02 09:42 - 2014-07-02 09:42 - 00003694 _____ () C:\Windows\System32\Tasks\Adobe online update program
    2014-07-02 09:42 - 2014-07-02 09:42 - 00003676 _____ () C:\Windows\System32\Tasks\HP online update program
    2014-07-02 09:22 - 2014-07-02 09:22 - 00000000 ____D () C:\Users\Monica\AppData\Roaming\AVG
    2014-07-02 09:22 - 2014-07-02 09:22 - 00000000 ____D () C:\Users\Monica\AppData\Local\AVG
    2014-07-02 09:22 - 2014-04-24 22:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
    2014-07-02 09:22 - 2014-04-04 22:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
    2014-07-02 09:22 - 2014-04-04 22:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
    2014-07-02 09:21 - 2014-04-24 22:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
    2014-07-02 09:21 - 2014-03-26 10:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
    2014-07-02 09:21 - 2014-03-26 10:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2014-07-02 09:21 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
    2014-07-02 09:21 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
    2014-07-02 09:21 - 2014-03-26 10:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2014-07-02 09:21 - 2014-03-26 10:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2014-07-02 09:21 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
    2014-07-02 09:21 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
    2014-07-02 09:20 - 2014-06-08 05:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-07-02 09:20 - 2014-06-08 05:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-07-02 09:19 - 2014-05-23 22:48 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-07-02 09:19 - 2014-05-23 22:47 - 01366016 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-07-02 09:19 - 2014-05-23 22:46 - 02650112 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-07-02 09:19 - 2014-05-23 22:46 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2014-07-02 09:19 - 2014-05-23 22:46 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-07-02 09:19 - 2014-05-23 22:46 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-07-02 09:19 - 2014-05-23 22:46 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-07-02 09:19 - 2014-05-23 22:46 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-07-02 09:19 - 2014-05-23 22:46 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-07-02 09:19 - 2014-05-23 22:46 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-07-02 09:19 - 2014-05-23 22:45 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-07-02 09:19 - 2014-05-23 22:45 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-07-02 09:19 - 2014-05-23 22:45 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-07-02 09:19 - 2014-05-23 21:26 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-07-02 09:19 - 2014-05-23 21:26 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-07-02 09:19 - 2014-05-23 21:26 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-07-02 09:19 - 2014-05-23 21:26 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2014-07-02 09:19 - 2014-05-23 21:25 - 13731328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-07-02 09:19 - 2014-05-23 21:25 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-07-02 09:19 - 2014-05-23 21:25 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-07-02 09:19 - 2014-05-23 21:25 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2014-07-02 09:19 - 2014-05-23 21:25 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2014-07-02 09:19 - 2014-05-23 21:25 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2014-07-02 09:19 - 2014-05-23 21:25 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2014-07-02 09:19 - 2014-05-23 21:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-07-02 09:19 - 2014-05-23 21:09 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-07-02 09:19 - 2014-05-23 21:03 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-07-02 09:18 - 2014-05-23 22:47 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-07-02 09:18 - 2014-05-23 22:46 - 19290112 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-07-02 09:18 - 2014-05-23 22:46 - 15368704 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-07-02 09:18 - 2014-05-23 22:46 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-07-02 09:18 - 2014-05-23 22:46 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
    2014-07-02 09:18 - 2014-05-23 22:46 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-07-02 09:18 - 2014-05-23 21:26 - 14365696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-07-02 09:18 - 2014-05-23 21:26 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2014-07-02 09:18 - 2014-05-23 21:25 - 02862080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-07-02 09:18 - 2014-05-23 21:25 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2014-07-02 09:18 - 2014-05-23 21:25 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
    2014-07-02 09:18 - 2014-05-23 21:25 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2014-07-02 09:18 - 2014-05-23 20:13 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
    2014-07-02 09:18 - 2014-05-23 20:06 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
    2014-07-02 09:11 - 2014-07-02 09:41 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
    2014-07-02 09:11 - 2014-07-02 09:24 - 00000000 ____D () C:\ProgramData\AVG
    2014-07-02 08:59 - 2014-07-02 09:00 - 77105064 _____ (AVG) C:\Users\Monica\Downloads\avg_tuh_stf_all_2014_489_24c28(1).exe
    2014-07-02 08:58 - 2014-07-02 08:59 - 77105064 _____ (AVG) C:\Users\Monica\Downloads\avg_tuh_stf_all_2014_489_24c28.exe
    2014-07-02 08:53 - 2014-07-02 08:53 - 00000000 ____D () C:\Users\Monica\AppData\Roaming\TuneUp Software

    ==================== One Month Modified Files and Folders =======

    2014-07-05 06:06 - 2014-07-05 06:04 - 00021560 _____ () C:\Users\Monica\Desktop\FRST.txt
    2014-07-05 06:05 - 2014-07-05 06:04 - 00000000 ____D () C:\FRST
    2014-07-05 06:03 - 2014-07-05 06:03 - 02084352 _____ (Farbar) C:\Users\Monica\Desktop\FRST64.exe
    2014-07-05 05:59 - 2012-01-19 04:01 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-07-05 05:56 - 2014-07-05 05:55 - 00003349 _____ () C:\Users\Monica\Desktop\JRT.txt
    2014-07-05 05:33 - 2014-07-05 05:33 - 00000000 ____D () C:\Windows\ERUNT
    2014-07-05 05:31 - 2014-07-05 05:31 - 01016261 _____ (Thisisu) C:\Users\Monica\Desktop\JRT.exe
    2014-07-05 05:18 - 2010-11-20 04:46 - 01527729 _____ () C:\Windows\WindowsUpdate.log
    2014-07-05 05:17 - 2009-07-14 00:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-07-05 05:17 - 2009-07-14 00:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-07-05 05:13 - 2011-03-20 10:27 - 00000000 ____D () C:\Windows\system32\Drivers\AVG
    2014-07-05 05:09 - 2012-01-19 04:01 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-07-05 05:08 - 2013-05-02 16:56 - 00028404 _____ () C:\Windows\setupact.log
    2014-07-05 05:08 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-07-04 13:33 - 2013-11-26 04:01 - 00453972 _____ () C:\Windows\IE11_main.log
    2014-07-04 12:40 - 2014-07-04 12:40 - 00059570 _____ () C:\Users\Monica\Desktop\AdwCleaner[S0].txt
    2014-07-04 12:21 - 2013-05-02 16:56 - 00251384 _____ () C:\Windows\PFRO.log
    2014-07-04 12:18 - 2014-07-04 12:14 - 00000000 ____D () C:\AdwCleaner
    2014-07-04 12:13 - 2014-07-04 12:12 - 00001493 _____ () C:\Users\Monica\Desktop\AdwCleaner - Shortcut.lnk
    2014-07-04 12:12 - 2014-07-04 12:12 - 01346519 _____ () C:\Users\Monica\Downloads\AdwCleaner.exe
    2014-07-04 12:01 - 2010-07-11 00:08 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
    2014-07-04 11:58 - 2009-07-14 01:13 - 00006832 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-07-04 11:44 - 2014-03-29 20:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-07-03 16:29 - 2014-07-03 16:50 - 00003092 _____ () C:\Users\Monica\Documents\attach.zip.zip
    2014-07-03 16:29 - 2014-07-03 16:30 - 00003092 _____ () C:\Users\Monica\Documents\attach.zip
    2014-07-03 16:29 - 2014-07-03 16:29 - 00003092 _____ () C:\Users\Monica\Desktop\attach.zip
    2014-07-03 16:19 - 2014-07-03 16:19 - 00026505 _____ () C:\Users\Monica\Desktop\dds.txt
    2014-07-03 16:19 - 2014-07-03 16:19 - 00007658 _____ () C:\Users\Monica\Desktop\attach.txt
    2014-07-03 16:11 - 2014-07-03 16:11 - 00688992 ____R (Swearware) C:\Users\Monica\Downloads\dds.scr
    2014-07-03 15:51 - 2014-07-03 15:51 - 00001162 _____ () C:\Users\Monica\Desktop\Live PC Help.lnk
    2014-07-03 15:45 - 2014-07-03 15:10 - 00000000 ____D () C:\Windows\ERDNT
    2014-07-03 15:41 - 2014-07-03 15:38 - 00003230 _____ () C:\Windows\System32\Tasks\Erunt Backup
    2014-07-03 15:09 - 2014-07-03 15:09 - 00000928 _____ () C:\Users\Monica\Desktop\NTREGOPT.lnk
    2014-07-03 15:09 - 2014-07-03 15:09 - 00000928 _____ () C:\Users\Guest\Desktop\NTREGOPT.lnk
    2014-07-03 15:09 - 2014-07-03 15:09 - 00000909 _____ () C:\Users\Monica\Desktop\ERUNT.lnk
    2014-07-03 15:09 - 2014-07-03 15:09 - 00000909 _____ () C:\Users\Guest\Desktop\ERUNT.lnk
    2014-07-03 15:09 - 2014-07-03 15:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
    2014-07-03 15:09 - 2014-07-03 15:09 - 00000000 ____D () C:\Program Files (x86)\ERUNT
    2014-07-03 14:58 - 2014-07-03 14:58 - 00791393 _____ (Lars Hederer ) C:\Users\Monica\Downloads\erunt-setup.exe
    2014-07-03 12:00 - 2012-04-03 18:20 - 00000000 ____D () C:\Users\Monica\AppData\Roaming\SoftGrid Client
    2014-07-03 11:35 - 2011-03-20 10:26 - 00000000 ____D () C:\Program Files (x86)\AVG
    2014-07-03 10:26 - 2014-07-03 10:26 - 04500592 _____ (Systweak Inc ) C:\Users\Monica\Downloads\rcpa_03070225468304048.exe
    2014-07-03 01:56 - 2014-07-03 01:55 - 00985600 _____ () C:\Users\Monica\Downloads\MicrosoftFixit50123(1).msi
    2014-07-03 01:45 - 2014-05-07 03:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2014-07-03 01:43 - 2013-08-15 03:02 - 00000000 ____D () C:\Windows\system32\MRT
    2014-07-03 01:39 - 2011-09-12 19:56 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-07-02 15:02 - 2013-01-08 06:28 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2014-07-02 13:37 - 2014-05-03 13:15 - 00003192 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForMonica
    2014-07-02 13:37 - 2014-05-03 13:15 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleForMonica.job
    2014-07-02 13:31 - 2011-03-21 10:53 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
    2014-07-02 13:30 - 2012-02-06 20:07 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
    2014-07-02 13:12 - 2014-07-02 13:12 - 00000000 _____ () C:\Users\Monica\AppData\Local\{D85759F7-3B77-4D17-8ACC-81FC2125C2C1}
    2014-07-02 09:42 - 2014-07-02 09:42 - 00003694 _____ () C:\Windows\System32\Tasks\Adobe online update program
    2014-07-02 09:42 - 2014-07-02 09:42 - 00003676 _____ () C:\Windows\System32\Tasks\HP online update program
    2014-07-02 09:41 - 2014-07-02 09:11 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
    2014-07-02 09:41 - 2014-01-28 13:33 - 00000000 ____D () C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
    2014-07-02 09:41 - 2011-03-20 10:15 - 00000000 ____D () C:\Users\Monica\AppData\Roaming\hpqLog
    2014-07-02 09:24 - 2014-07-02 09:11 - 00000000 ____D () C:\ProgramData\AVG
    2014-07-02 09:22 - 2014-07-02 09:22 - 00000000 ____D () C:\Users\Monica\AppData\Roaming\AVG
    2014-07-02 09:22 - 2014-07-02 09:22 - 00000000 ____D () C:\Users\Monica\AppData\Local\AVG
    2014-07-02 09:02 - 2012-09-30 04:03 - 00096768 ___SH () C:\Users\Monica\Thumbs.db
    2014-07-02 09:00 - 2014-07-02 08:59 - 77105064 _____ (AVG) C:\Users\Monica\Downloads\avg_tuh_stf_all_2014_489_24c28(1).exe
    2014-07-02 08:59 - 2014-07-02 08:58 - 77105064 _____ (AVG) C:\Users\Monica\Downloads\avg_tuh_stf_all_2014_489_24c28.exe
    2014-07-02 08:55 - 2012-01-19 04:01 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2014-07-02 08:54 - 2012-01-19 04:01 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2014-07-02 08:53 - 2014-07-02 08:53 - 00000000 ____D () C:\Users\Monica\AppData\Roaming\TuneUp Software
    2014-07-02 08:52 - 2013-06-26 13:43 - 00003728 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
    2014-07-02 08:36 - 2012-08-06 21:15 - 00050464 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
    2014-06-08 05:13 - 2014-07-02 09:20 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-06-08 05:08 - 2014-07-02 09:20 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

    Some content of TEMP:
    ====================
    C:\Users\Monica\AppData\Local\Temp\DseShExt-x64.dll
    C:\Users\Monica\AppData\Local\Temp\DseShExt-x86.dll
    C:\Users\Monica\AppData\Local\Temp\Quarantine.exe
    C:\Users\Monica\AppData\Local\Temp\SDShelEx-win32.dll
    C:\Users\Monica\AppData\Local\Temp\SDShelEx-x64.dll


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-05-29 22:32

    ==================== End Of Log ============================

  7. #7
    Senior Member
    Join Date
    Oct 2005
    Location
    Indialantic, Florida USA
    Posts
    186

    Default S&D Finds Toolbars

    Additions.txt follows:

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-07-2014
    Ran by Monica at 2014-07-05 06:08:00
    Running from C:\Users\Monica\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    AV: AVG Anti-Virus Free Edition 2012 (Enabled - Up to date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    AS: AVG Anti-Virus Free Edition 2012 (Enabled - Up to date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
    Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
    Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
    Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.7.700.224 - Adobe Systems Incorporated)
    Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.7.700.224 - Adobe Systems Incorporated)
    Adobe Reader X (10.1.9) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
    Adobe Shockwave Player 11.5 (HKLM-x32\...\{9ECF7817-DB11-4FBA-9DF1-296A578D513A}) (Version: 11.5.7.609 - Adobe Systems, Inc)
    Advanced SystemCare 6 (HKLM-x32\...\Advanced SystemCare 6_is1) (Version: 6.1 - IObit)
    AMD USB Filter Driver (x32 Version: 1.0.15.94 - Advanced Micro Devices, Inc.) Hidden
    ATI Catalyst Install Manager (HKLM\...\{ECD0D4B5-FFA9-6E1B-A08D-58E82EA5EEB9}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
    AVG 2012 (HKLM\...\AVG) (Version: 2012.1.2247 - AVG Technologies)
    AVG 2012 (Version: 12.0.3955 - AVG Technologies) Hidden
    AVG 2012 (Version: 12.1.2247 - AVG Technologies) Hidden
    Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
    Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
    Catalyst Control Center Core Implementation (x32 Version: 2010.0617.855.14122 - ATI) Hidden
    Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0617.855.14122 - ATI) Hidden
    Catalyst Control Center Graphics Full New (x32 Version: 2010.0617.855.14122 - ATI) Hidden
    Catalyst Control Center Graphics Light (x32 Version: 2010.0617.855.14122 - ATI) Hidden
    Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0617.855.14122 - ATI) Hidden
    Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0617.855.14122 - ATI) Hidden
    Catalyst Control Center InstallProxy (x32 Version: 2010.0617.855.14122 - ATI Technologies, Inc.) Hidden
    Catalyst Control Center Localization All (x32 Version: 2010.0617.855.14122 - ATI) Hidden
    CCC Help Chinese Standard (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
    CCC Help Chinese Traditional (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
    CCC Help Czech (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
    CCC Help Danish (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
    CCC Help Dutch (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
    CCC Help English (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
    CCC Help Finnish (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
    CCC Help French (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
    CCC Help German (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
    CCC Help Greek (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
    CCC Help Hungarian (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
    CCC Help Italian (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
    CCC Help Japanese (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
    CCC Help Korean (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
    CCC Help Norwegian (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
    CCC Help Polish (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
    CCC Help Portuguese (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
    CCC Help Russian (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
    CCC Help Spanish (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
    CCC Help Swedish (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
    CCC Help Thai (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
    CCC Help Turkish (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
    ccc-core-static (x32 Version: 2010.0617.855.14122 - ATI) Hidden
    ccc-utility64 (Version: 2010.0617.855.14122 - ATI) Hidden
    Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    CinemaNow Media Manager (HKLM-x32\...\{6C122441-1861-4CD7-B1C5-A163A6984E12}) (Version: 1.9.1.105 - CinemaNow, Inc.)
    CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3003 - CyberLink Corp.)
    CyberLink DVD Suite (x32 Version: 7.0.3003 - CyberLink Corp.) Hidden
    CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1616 - CyberLink Corp.)
    CyberLink MediaShow (x32 Version: 5.0.1616 - CyberLink Corp.) Hidden
    CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.1.4217 - CyberLink Corp.)
    CyberLink PowerDVD 9 (x32 Version: 9.0.1.4217 - CyberLink Corp.) Hidden
    CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2511 - CyberLink Corp.)
    CyberLink YouCam (x32 Version: 3.0.2511 - CyberLink Corp.) Hidden
    Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
    doPDF 7.3 printer (HKLM\...\doPDF 7 printer_is1) (Version: - Softland)
    Dora's Carnival Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
    ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version: - Lars Hederer)
    Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
    ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
    FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Game Booster 3 (HKLM-x32\...\Game Booster_is1) (Version: 3.4 - IObit)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
    Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
    Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
    HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.10262.3295 - Hewlett-Packard)
    HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
    HP Documentation (HKLM-x32\...\{5E25081D-9CB4-4B17-AD2B-8DF2DC335E85}) (Version: 1.1.1.0 - Hewlett-Packard)
    HP Game Console (x32 Version: - WildTangent) Hidden
    HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.3 - WildTangent)
    HP MediaSmart CinemaNow 2.0 (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
    HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.${CAB_VERSION} - HP Photo Creations Powered by RocketLife)
    HP Photosmart Plus B210 series Basic Device Software (HKLM\...\{F4330A8B-3610-4483-975E-69789B70A764}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
    HP Photosmart Plus B210 series Help (HKLM-x32\...\{7F5FDEA1-D0AC-4D80-9D95-59775FCCFA40}) (Version: 140.0.54.54 - Hewlett Packard)
    HP Photosmart Plus B210 series Product Improvement Study (HKLM\...\{7C1C9924-3755-483C-87B1-8371B7454B1A}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
    HP Power Manager (HKLM-x32\...\{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}) (Version: 1.0.3 - Hewlett-Packard Company)
    HP Quick Launch (HKLM-x32\...\{EB58480C-0721-483C-B354-9D35A147999F}) (Version: 2.3.6 - Hewlett-Packard Company)
    HP Setup (HKLM-x32\...\{72D90DB3-A16A-4545-B555-868471101833}) (Version: 8.1.4186.3400 - Hewlett-Packard)
    HP Software Framework (HKLM-x32\...\{97174E88-52F9-445A-A28E-704A45332D19}) (Version: 4.0.108.1 - Hewlett-Packard Company)
    HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
    HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
    HP Wireless Assistant (HKLM\...\{B5FC1E1B-E70D-45F1-8E40-A3C30698B323}) (Version: 4.0.9.0 - Hewlett-Packard Company)
    Jewel Quest 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
    LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2907 - CyberLink Corp.)
    LabelPrint (x32 Version: 2.5.2907 - CyberLink Corp.) Hidden
    LG United Mobile Drivers (HKLM-x32\...\{5DB849D6-9392-4FB7-9ABB-87ED433152E5}) (Version: 3.8.1 - LG Electronics)
    LightScribe System Software (HKLM-x32\...\{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}) (Version: 1.18.15.1 - LightScribe)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
    Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
    Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
    Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
    Microsoft Office 2000 Premium (HKLM-x32\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
    Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
    Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 (HKLM-x32\...\Microsoft SQL Server 2008 R2) (Version: - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 (x32 Version: - Microsoft Corporation) Hidden
    Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{2180B33F-3225-423E-BBC1-7798CFD3CD1F}) (Version: 10.50.1600.1 - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 RsFx Driver (x32 Version: 10.50.1600.1 - Microsoft Corporation) Hidden
    Microsoft SQL Server 2008 R2 Setup (English) (HKLM-x32\...\{72DE3C67-FB48-450E-8BEA-4EB1B3B5355D}) (Version: 10.50.1600.1 - Microsoft Corporation)
    Microsoft SQL Server 2008 Setup Support Files (HKLM-x32\...\{D441BD04-E548-4F8E-97A4-1B66135BAAA8}) (Version: 10.1.2731.0 - Microsoft Corporation)
    Microsoft SQL Server Browser (HKLM-x32\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.50.1600.1 - Microsoft Corporation)
    Microsoft SQL Server VSS Writer (HKLM\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.50.1600.1 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden
    Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
    MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    OpenOffice.org 3.3 (HKLM-x32\...\{3E171899-0175-47CC-84C4-562ACDD4C021}) (Version: 3.3.9567 - OpenOffice.org)
    Orchid (HKLM-x32\...\{933A7B6C-34E3-4E88-9ACB-CC5D70489D97}) (Version: 6.000.279 - DaySmart Software)
    Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)
    Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
    PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
    PhotoNow! (x32 Version: 1.1.6904 - CyberLink Corp.) Hidden
    Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Privacy SafeGuard version 1.0 (HKLM\...\{B820C985-D9F1-45B5-A7F5-0C5863CBEA04}_is1) (Version: 1.0 - Privacy SafeGuard)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6122 - Realtek Semiconductor Corp.)
    Recovery Manager (x32 Version: 5.5.3023 - CyberLink Corp.) Hidden
    Roxio CinemaNow 2.0 (x32 Version: 1.0.278 - Hewlett-Packard) Hidden
    Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.11.9874 - Skype Technologies S.A.)
    Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
    Smart Defrag 2 (HKLM-x32\...\Smart Defrag 2_is1) (Version: 2.5 - IObit)
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
    SQL Server 2008 R2 Common Files (x32 Version: 10.50.1600.1 - Microsoft Corporation) Hidden
    SQL Server 2008 R2 Database Engine Services (x32 Version: 10.50.1600.1 - Microsoft Corporation) Hidden
    SQL Server 2008 R2 Database Engine Shared (x32 Version: 10.50.1600.1 - Microsoft Corporation) Hidden
    Sql Server Customer Experience Improvement Program (x32 Version: 10.50.1600.1 - Microsoft Corporation) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.6.64 - Synaptics Incorporated)
    Virtual Families (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
    WeatherBug (HKLM-x32\...\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}) (Version: 7.0.0.3 - AWS Convergence Technologies)
    Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Windows Live Call (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
    Windows Live Communications Platform (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
    Windows Live Essentials (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
    Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
    Windows Live Mail (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
    Windows Live Messenger (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
    Windows Live Movie Maker (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
    Windows Live Photo Gallery (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
    Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
    Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
    Windows Live Writer (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
    Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

    ==================== Restore Points =========================

    31-05-2014 07:00:18 Windows Update
    03-06-2014 07:00:22 Windows Update
    04-06-2014 07:00:13 Windows Update
    02-07-2014 12:36:05 Windows Update
    02-07-2014 13:14:40 Installed AVG PC TuneUp 2014
    03-07-2014 05:26:52 Windows Update
    03-07-2014 05:59:34 Installed Microsoft Fix it 50123
    03-07-2014 06:01:56 Windows Update
    03-07-2014 06:08:56 Windows Update
    03-07-2014 06:15:49 Windows Update
    03-07-2014 15:33:43 Removed AVG PC TuneUp 2014
    03-07-2014 15:35:40 Removed AVG PC TuneUp 2014 (en-US)
    03-07-2014 16:00:34 Windows Update
    04-07-2014 12:43:40 Windows Update
    04-07-2014 15:41:55 Removed IObit Apps Toolbar v7.0.
    04-07-2014 17:29:17 Windows Update

    ==================== Hosts content: ==========================

    2009-07-13 22:34 - 2014-02-08 19:58 - 00450712 ____R C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 123fporn.info
    127.0.0.1 www.123fporn.info
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 www.123haustiereundmehr.com
    127.0.0.1 123moviedownload.com

    There are 1000 more lines.


    ==================== Scheduled Tasks (whitelisted) =============

    Task: {0510D8C5-63C1-4BC7-81BD-1969AB1440A9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {1272CC37-D6AB-43CE-9683-732C4A6D5A95} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe
    Task: {1ADBEFFB-ADC5-4079-8F48-6A7C7FF1D69D} - System32\Tasks\{406E166A-4E03-4485-99F9-4CD5C7B87BFF} => Firefox.exe http://ui.skype.com/ui/0/5.3.0.120.2...fered;disabled
    Task: {25FDBE33-C9B4-4F26-894A-865955DC3A52} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN3BQ2V4BY05Y0 => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
    Task: {42BCA4EE-6E9A-456A-87C9-60242A40968B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-19] (Google Inc.)
    Task: {4FD04969-4513-4E63-8760-2C5A01B5212F} - System32\Tasks\HP online update program => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2010-06-09] (Hewlett-Packard)
    Task: {58470E57-29F0-432E-AC55-90231ADD2B88} - System32\Tasks\{948F7E19-46F6-45EC-BB09-8ACD8BC769A4} => Firefox.exe http://ui.skype.com/ui/0/5.3.0.120.2...fered;disabled
    Task: {5BBFE450-EB66-42B7-80F2-2426FF1A4375} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
    Task: {72AEAA64-E5C1-4C41-A84A-93AA6E6B18C9} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe
    Task: {799221F9-3515-4D39-8779-C7441FBA773A} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe [2012-07-04] (IObit)
    Task: {A50F99AF-5B5D-4D94-9B8B-9A7DF3EEB014} - System32\Tasks\HPCustParticipation HP Photosmart Plus B210 series => C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
    Task: {A98A0B52-8DCD-4585-BB0B-2BFDCBD99909} - System32\Tasks\ASC6_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe [2013-01-15] (IObit)
    Task: {AE941F56-4050-47D5-9A6B-DE3820C93CEB} - System32\Tasks\HPCeeScheduleForMonica => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
    Task: {B74BBD67-F7F7-40F8-92EA-DD7502F252EB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
    Task: {BB4FDCE7-7B26-4FDD-AE59-CA1BA31A3D76} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {C29E71B8-4B4B-4537-8A52-D8359F129C74} - System32\Tasks\Erunt Backup => C:\Program Files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20] ()
    Task: {C7A0C837-064F-4EA5-A1FF-9B6D251C38C1} - \BitGuard No Task File <==== ATTENTION
    Task: {CFCC50DE-E6D3-4A6A-9EA6-648069FC0E25} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
    Task: {D91A4716-2E14-4F76-99A7-16697AEBDBCF} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
    Task: {E42BF624-D230-47ED-8909-41091E4EA3F5} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
    Task: {E5FEC68E-8436-4C81-9EB8-719E37D35B93} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-19] (Google Inc.)
    Task: {F80A0BF8-F1EB-4846-9E08-F72D665238DA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2014-06-24] (Microsoft)
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\HPCeeScheduleForMonica.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

    ==================== Loaded Modules (whitelisted) =============

    2013-08-30 04:40 - 2013-08-30 04:40 - 03233806 _____ () C:\Program Files (x86)\Tor\tor.exe
    2010-06-10 20:42 - 2010-06-10 20:42 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
    2010-11-20 04:45 - 2010-11-20 04:45 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
    2010-06-18 19:26 - 2010-06-18 19:26 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll
    2010-06-18 19:26 - 2010-06-18 19:26 - 00030264 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll
    2010-06-18 19:26 - 2010-06-18 19:26 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
    2013-03-13 14:21 - 2013-01-15 18:59 - 00161088 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCExtMenu_64.dll
    2012-08-15 23:36 - 2011-08-19 16:33 - 00047960 _____ () C:\Program Files (x86)\IObit\Smart Defrag 2\NtfsData.dll
    2010-05-19 14:05 - 2010-05-19 14:05 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
    2010-05-19 14:05 - 2010-05-19 14:05 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
    2010-05-19 14:05 - 2010-05-19 14:05 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
    2013-03-13 14:21 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 6\madExcept_.bpl
    2013-03-13 14:21 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 6\madBasic_.bpl
    2013-03-13 14:21 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 6\madDisAsm_.bpl
    2011-01-17 16:19 - 2011-03-20 12:23 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
    2010-02-09 21:58 - 2010-02-09 21:58 - 00061440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
    2010-02-09 21:58 - 2010-02-09 21:58 - 00131072 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
    2010-02-09 21:58 - 2010-02-09 21:58 - 00040960 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
    2010-02-09 21:58 - 2010-02-09 21:58 - 00005632 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
    2010-02-09 21:58 - 2010-02-09 21:58 - 00018944 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
    2010-02-09 21:58 - 2010-02-09 21:58 - 00036864 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
    2010-02-09 21:58 - 2010-02-09 21:58 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
    2010-02-09 21:58 - 2010-02-09 21:58 - 00007680 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll

    ==================== Alternate Data Streams (whitelisted) =========


    ==================== Safe Mode (whitelisted) ===================


    ==================== EXE Association (whitelisted) =============


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    MSCONFIG\Services: AERTFilters => 2
    MSCONFIG\startupreg: DailyBibleGuide Browser Plugin Loader => C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\2vbrmon.exe
    MSCONFIG\startupreg: DailyBibleGuide Browser Plugin Loader 64 => C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\2vbrmon64.exe
    MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    MSCONFIG\startupreg: Weather => C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================

    System errors:
    =============

    Microsoft Office Sessions:
    =========================

    CodeIntegrity Errors:
    ===================================
    Date: 2012-03-19 01:13:55.374
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\atiu9p64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2012-03-19 01:13:55.136
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\atiu9p64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2011-10-11 12:19:05.585
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\atiu9p64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2011-10-11 12:19:05.506
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\atiu9p64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2011-10-11 12:18:49.051
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\atiu9p64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2011-10-11 12:18:48.957
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\atiu9p64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2011-09-12 13:56:50.573
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\atiu9p64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2011-09-12 13:56:50.502
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\atiu9p64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2011-09-12 13:47:01.081
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\atiu9p64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2011-09-12 13:47:01.015
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\atiu9p64.dll because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Percentage of memory in use: 48%
    Total physical RAM: 2810.9 MB
    Available physical RAM: 1456.98 MB
    Total Pagefile: 5619.98 MB
    Available Pagefile: 3546.13 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.81 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:280.45 GB) (Free:212.18 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive d: (RECOVERY) (Fixed) (Total:17.34 GB) (Free:2.5 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive e: (May 01 2014) (CDROM) (Total:0.03 GB) (Free:0 GB) UDF
    Drive f: (TOSHIBA) (Removable) (Total:7.44 GB) (Free:7.2 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 298 GB) (Disk ID: 82337274)
    Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=280 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=17 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

    ========================================================
    Disk: 1 (MBR Code: Windows XP) (Size: 7 GB) (Disk ID: C3072E18)
    Partition 1: (Active) - (Size=7 GB) - (Type=0C)

    ==================== End Of Log ============================

  8. #8
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Did you have problems uninstalling IObit?

    In the script I've created below we'll take out the program and remaining tidbits.

    Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
    Paste this into the open notepad. save it to the Desktop as fixlist.txt
    NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
    It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

    start
    Advanced SystemCare 6 (HKLM-x32\...\Advanced SystemCare 6_is1) (Version: 6.1 - IObit)
    (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
    (IObit) C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
    (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
    HKLM-x32\...\Run: [DailyBibleGuide EPM Support] => "C:\PROGRA~2\DAILYB~2\bar\1.bin\2vmedint.exe" T8EPMSUP.DLL,S
    HKU\S-1-5-21-2318636694-3368949867-1376833035-1001\...\Run: [Advanced SystemCare 6] => C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe [491840 2013-01-15] (IObit)
    SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL =
    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM - {9E4290B9-D0E4-4842-9DCF-DF38620489BB} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    SearchScopes: HKLM-x32 - DefaultScope value is missing.
    SearchScopes: HKLM-x32 - {9E4290B9-D0E4-4842-9DCF-DF38620489BB} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    SearchScopes: HKCU - {9E4290B9-D0E4-4842-9DCF-DF38620489BB} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    BHO: Privacy Safeguard BHO - {1036AD63-AEAC-460B-9060-C96005D4DC86} - C:\Program Files\PrivacySafeGuard\PrivacySafeGuard-x64.dll (PrivaceySafeguard)
    BHO-x32: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll (IObit)
    CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Monica\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd [2013-05-01]
    CHR HKLM\...\Chrome\Extension: [geggofhlfbcmanadhknllmlajiafopoh] - C:\Program Files\PrivacySafeGuard\pschrome_im-c1_1_0.crx [2012-04-06]
    CHR HKLM-x32\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASC_GhromePlugin.crx [2013-03-13]
    R2 AdvancedSystemCareService6; C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [528192 2013-02-25] (IObit)
    S2 DailyBibleGuideService; C:\PROGRA~2\DAILYB~2\bar\1.bin\2vbarsvc.exe [X]
    R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [17720 2010-11-26] ()
    C:\Users\Monica\AppData\Local\Temp\DseShExt-x64.dll
    C:\Users\Monica\AppData\Local\Temp\DseShExt-x86.dll
    C:\Users\Monica\AppData\Local\Temp\Quarantine.exe
    C:\Users\Monica\AppData\Local\Temp\SDShelEx-win32.dll
    C:\Users\Monica\AppData\Local\Temp\SDShelEx-x64.dll
    Privacy SafeGuard version 1.0 (HKLM\...\{B820C985-D9F1-45B5-A7F5-0C5863CBEA04}_is1) (Version: 1.0 - Privacy SafeGuard)
    Task: {799221F9-3515-4D39-8779-C7441FBA773A} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe [2012-07-04] (IObit)
    Task: {A98A0B52-8DCD-4585-BB0B-2BFDCBD99909} - System32\Tasks\ASC6_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe [2013-01-15] (IObit)
    Task: {C7A0C837-064F-4EA5-A1FF-9B6D251C38C1} - \BitGuard No Task File <==== ATTENTION
    MSCONFIG\startupreg: DailyBibleGuide Browser Plugin Loader => C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\2vbrmon.exe
    MSCONFIG\startupreg: DailyBibleGuide Browser Plugin Loader 64 => C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\2vbrmon64.exe
    end
    Run FRST/FRST64 and press the Fix button just once and wait.
    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system


    *******

    What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
    Most reliable and thorough.
    The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
    This scanner can take quite a bit of time to run, depending of course how full your computer is.


    Go here to run an online scanner from ESET.
    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activeX control to install
    • Click Start
    • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
    • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    • Click Scan
    • Wait for the scan to finish
    • When the scan completes, press the LIST OF THREATS FOUND button
    • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
    • Include the contents of this report in your next reply.
    • Press the BACK button.
    • Press Finish


    ****

    Please post
    Fixlog.txt
    Eset log
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  9. #9
    Senior Member
    Join Date
    Oct 2005
    Location
    Indialantic, Florida USA
    Posts
    186

    Default S&D Finds Toolbars

    I did not notice a problem when running Uninstall on IOBit

    Fixlog.txt follows:

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-07-2014
    Ran by Monica at 2014-07-05 09:31:35 Run:1
    Running from C:\Users\Monica\Desktop
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    start
    Advanced SystemCare 6 (HKLM-x32\...\Advanced SystemCare 6_is1) (Version: 6.1 - IObit)
    (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
    (IObit) C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
    (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
    HKLM-x32\...\Run: [DailyBibleGuide EPM Support] => "C:\PROGRA~2\DAILYB~2\bar\1.bin\2vmedint.exe" T8EPMSUP.DLL,S
    HKU\S-1-5-21-2318636694-3368949867-1376833035-1001\...\Run: [Advanced SystemCare 6] => C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe [491840 2013-01-15] (IObit)
    SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL =
    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM - {9E4290B9-D0E4-4842-9DCF-DF38620489BB} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    SearchScopes: HKLM-x32 - DefaultScope value is missing.
    SearchScopes: HKLM-x32 - {9E4290B9-D0E4-4842-9DCF-DF38620489BB} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    SearchScopes: HKCU - {9E4290B9-D0E4-4842-9DCF-DF38620489BB} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    BHO: Privacy Safeguard BHO - {1036AD63-AEAC-460B-9060-C96005D4DC86} - C:\Program Files\PrivacySafeGuard\PrivacySafeGuard-x64.dll (PrivaceySafeguard)
    BHO-x32: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll (IObit)
    CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Monica\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd [2013-05-01]
    CHR HKLM\...\Chrome\Extension: [geggofhlfbcmanadhknllmlajiafopoh] - C:\Program Files\PrivacySafeGuard\pschrome_im-c1_1_0.crx [2012-04-06]
    CHR HKLM-x32\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASC_GhromePlugin.crx [2013-03-13]
    R2 AdvancedSystemCareService6; C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [528192 2013-02-25] (IObit)
    S2 DailyBibleGuideService; C:\PROGRA~2\DAILYB~2\bar\1.bin\2vbarsvc.exe [X]
    R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [17720 2010-11-26] ()
    C:\Users\Monica\AppData\Local\Temp\DseShExt-x64.dll
    C:\Users\Monica\AppData\Local\Temp\DseShExt-x86.dll
    C:\Users\Monica\AppData\Local\Temp\Quarantine.exe
    C:\Users\Monica\AppData\Local\Temp\SDShelEx-win32.dll
    C:\Users\Monica\AppData\Local\Temp\SDShelEx-x64.dll
    Privacy SafeGuard version 1.0 (HKLM\...\{B820C985-D9F1-45B5-A7F5-0C5863CBEA04}_is1) (Version: 1.0 - Privacy SafeGuard)
    Task: {799221F9-3515-4D39-8779-C7441FBA773A} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe [2012-07-04] (IObit)
    Task: {A98A0B52-8DCD-4585-BB0B-2BFDCBD99909} - System32\Tasks\ASC6_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe [2013-01-15] (IObit)
    Task: {C7A0C837-064F-4EA5-A1FF-9B6D251C38C1} - \BitGuard No Task File <==== ATTENTION
    MSCONFIG\startupreg: DailyBibleGuide Browser Plugin Loader => C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\2vbrmon.exe
    MSCONFIG\startupreg: DailyBibleGuide Browser Plugin Loader 64 => C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\2vbrmon64.exe
    end
    *****************

    [768] C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe => Process closed successfully.
    [3520] C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe => Process closed successfully.
    [4736] C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe => Process closed successfully.
    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\DailyBibleGuide EPM Support => value deleted successfully.
    HKU\S-1-5-21-2318636694-3368949867-1376833035-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Advanced SystemCare 6 => value deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
    'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}' => Key deleted successfully.
    'HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}'=> Key not found.
    'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9E4290B9-D0E4-4842-9DCF-DF38620489BB}' => Key deleted successfully.
    'HKCR\CLSID\{9E4290B9-D0E4-4842-9DCF-DF38620489BB}'=> Key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
    'HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9E4290B9-D0E4-4842-9DCF-DF38620489BB}' => Key deleted successfully.
    'HKCR\Wow6432Node\CLSID\{9E4290B9-D0E4-4842-9DCF-DF38620489BB}'=> Key not found.
    'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9E4290B9-D0E4-4842-9DCF-DF38620489BB}' => Key deleted successfully.
    'HKCR\CLSID\{9E4290B9-D0E4-4842-9DCF-DF38620489BB}'=> Key not found.
    'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1036AD63-AEAC-460B-9060-C96005D4DC86}' => Key deleted successfully.
    'HKCR\CLSID\{1036AD63-AEAC-460B-9060-C96005D4DC86}' => Key deleted successfully.
    'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}' => Key deleted successfully.
    'HKCR\Wow6432Node\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}' => Key deleted successfully.
    C:\Users\Monica\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd => Moved successfully.
    'HKLM\SOFTWARE\Google\Chrome\Extensions\geggofhlfbcmanadhknllmlajiafopoh' => Key deleted successfully.
    C:\Program Files\PrivacySafeGuard\pschrome_im-c1_1_0.crx => Moved successfully.
    'HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd' => Key deleted successfully.
    C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASC_GhromePlugin.crx => Moved successfully.
    AdvancedSystemCareService6 => Service deleted successfully.
    DailyBibleGuideService => Service deleted successfully.
    SmartDefragDriver => Service stopped successfully.
    SmartDefragDriver => Service deleted successfully.
    C:\Users\Monica\AppData\Local\Temp\DseShExt-x64.dll => Moved successfully.
    C:\Users\Monica\AppData\Local\Temp\DseShExt-x86.dll => Moved successfully.
    C:\Users\Monica\AppData\Local\Temp\Quarantine.exe => Moved successfully.
    C:\Users\Monica\AppData\Local\Temp\SDShelEx-win32.dll => Moved successfully.
    C:\Users\Monica\AppData\Local\Temp\SDShelEx-x64.dll => Moved successfully.
    'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{799221F9-3515-4D39-8779-C7441FBA773A}' => Key deleted successfully.
    'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{799221F9-3515-4D39-8779-C7441FBA773A}' => Key deleted successfully.
    C:\Windows\System32\Tasks\SmartDefrag_Startup => Moved successfully.
    'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartDefrag_Startup' => Key deleted successfully.
    'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A98A0B52-8DCD-4585-BB0B-2BFDCBD99909}' => Key deleted successfully.
    'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A98A0B52-8DCD-4585-BB0B-2BFDCBD99909}' => Key deleted successfully.
    C:\Windows\System32\Tasks\ASC6_PerformanceMonitor => Moved successfully.
    'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC6_PerformanceMonitor' => Key deleted successfully.
    'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C7A0C837-064F-4EA5-A1FF-9B6D251C38C1}' => Key deleted successfully.
    'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C7A0C837-064F-4EA5-A1FF-9B6D251C38C1}' => Key deleted successfully.
    'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BitGuard' => Key deleted successfully.

    ==== End of Fixlog ====


    ESETSCAN.txt follows:

    C:\$Recycle.Bin\S-1-5-21-2318636694-3368949867-1376833035-1001\$R1976BU.nik\zzNikki.decor\adobepho5-setup.exe Win32/InstallMonetizer.AN potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Search Toolbar\SearchToolbar.dll.vir Win32/Toolbar.Zugo potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Search Toolbar\SearchToolbarUpdater.exe.vir Win32/Toolbar.Zugo potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\DnsBHO.dll.vir Win32/Toolbar.SearchSuite.R potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll.vir a variant of Win32/Toolbar.SearchSuite potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\datamngr.dll.vir a variant of Win64/Toolbar.SearchSuite.A potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\IEBHO.dll.vir a variant of Win64/Toolbar.SearchSuite.A potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\q6tbbkv9.default\Extensions\{6ec74131-08b2-4f67-a9bc-5914ef1edb97}\ctypes\FirefoxCtype.dll.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\q6tbbkv9.default\Extensions\{6ec74131-08b2-4f67-a9bc-5914ef1edb97}\Plugins\npFirefoxPlugin.dll.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
    C:\Program Files (x86)\IObit\Advanced SystemCare 5\asc6_setup_v5tov6-0306.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application
    C:\Program Files (x86)\IObit\Advanced SystemCare 6\Toolbar\iobitappsToolbar-stub-1.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application
    C:\ProgramData\Spybot - Search & Destroy\Recovery\WinDownloadergen.zip Win32/Bagle.gen.zip worm
    C:\Users\All Users\Spybot - Search & Destroy\Recovery\WinDownloadergen.zip Win32/Bagle.gen.zip worm
    C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KH77HJT4\18[1].7z a variant of Win32/bProtector.B potentially unwanted application
    C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KKDICAZF\pack[1].7z Win32/bProtector.F potentially unwanted application
    C:\Users\Monica\AppData\Local\Mozilla\Firefox\Profiles\q6tbbkv9.default\Cache\5\7D\CEFC5d01 a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
    C:\Users\Monica\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\206c5a96-4533b3cc a variant of Java/Exploit.CVE-2012-5076.W trojan
    C:\Users\Monica\Desktop\defragsetup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application
    C:\Users\Monica\Downloads\flvmplayer.exe MSIL/Solimba.H potentially unwanted application
    C:\Users\Monica\Downloads\GraboidVideoSetup-2.2-Complete.exe Win32/Graboid potentially unsafe application
    C:\Users\Monica\Downloads\movie_player_1280.exe a variant of Win32/InstallIQ.A potentially unwanted application
    C:\Users\Monica\Downloads\Setup_TSV14UVS7.exe Win32/Toolbar.Conduit.AE potentially unwanted application
    C:\Users\Monica\Downloads\Setup_TSV25B20E.exe Win32/Toolbar.Conduit.AE potentially unwanted application
    C:\Users\Monica\Downloads\Setup_TSV35A2K9.exe Win32/Toolbar.Conduit.AE potentially unwanted application
    C:\Users\Monica\Downloads\Setup_TSV35A2NX.exe Win32/Toolbar.Conduit.AE potentially unwanted application

  10. #10
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    For items located in the recovery folder of Spybot, open Spybot and go to the Recovery Folder and you can empty it all out.
    ****


    Please locate the fixlist.txt we created earlier, right click on that and select delete, we'll proceed with a new one.



    Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
    Paste this into the open notepad. save it to the Desktop as fixlist.txt
    NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
    It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

    start
    C:\$Recycle.Bin\S-1-5-21-2318636694-3368949867-1376833035-1001\$R1976BU.nik\zzNikki.decor\adobepho5-setup.exe
    C:\Program Files (x86)\IObit\Advanced SystemCare 5\asc6_setup_v5tov6-0306.exe
    C:\Program Files (x86)\IObit\Advanced SystemCare 6\Toolbar\iobitappsToolbar-stub-1.exe
    C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KH77HJT4\18[1].7z
    C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KKDICAZF\pack[1].7z
    C:\Users\Monica\AppData\Local\Mozilla\Firefox\Profiles\q6tbbkv9.default\Cache\5\7D\CEFC5d01
    C:\Users\Monica\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\206c5a96-4533b3cc
    C:\Users\Monica\Desktop\defragsetup.exe
    C:\Users\Monica\Downloads\flvmplayer.exe
    C:\Users\Monica\Downloads\GraboidVideoSetup-2.2-Complete.exe
    C:\Users\Monica\Downloads\movie_player_1280.exe
    C:\Users\Monica\Downloads\Setup_TSV14UVS7.exe
    C:\Users\Monica\Downloads\Setup_TSV25B20E.exe
    C:\Users\Monica\Downloads\Setup_TSV35A2NX.exe
    end
    Run FRST/FRST64 and press the Fix button just once and wait.
    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


    Please post this log when finished.

    How is your computer now?
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •