S&D finds Toolbars but cannot delete them-Solved

[gin_jammer]

I am running S&D 1.6.2 as Administrator on a 64-bit Windows OS. S&D reports "ilivid.Toolbar" and "Delta.Toolbar" as problems, but cannot remove them. I have created a Registry backup with ERUNT and have run DDS. Attached is attach.zip, and following below is the copied text from DDS.txt:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16921
Run by Monica at 16:17:08 on 2014-07-03
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2811.1571 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Malware Fighter *Disabled/Outdated* {A751AC20-3B48-5237-898A-78C4436BB78D}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\PROGRA~2\DAILYB~2\bar\1.bin\2vbarsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Orchid\LiveAccessService.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.CMJ\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Tor\tor.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\loggingserver.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\AppIntegrator64.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\2vSrchMn.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://home.tb.ask.com/index.jhtml?n=77FD35DB&p2=^XM^xdm292^YYA^us&ptb=CE5567D9-5F79-495D-90B3-19819F57C55F&si=23178
uURLSearchHooks: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\7.0\iobitappsToolbarIE.dll
uURLSearchHooks: <No Name>: {f15ff29f-85a1-43cd-9674-e5ba40016c97} - C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\2vSrcAs.dll
dURLSearchHooks: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\7.0\iobitappsToolbarIE.dll
mWinlogon: Userinit = userinit.exe
BHO: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\7.0\iobitappsToolbarIE.dll
BHO: Search Assistant BHO: {0631bff0-6846-48ca-982d-d62d7f376e97} - C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\2vSrcAs.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.7.644\AVG Secure Search_toolbar.dll
BHO: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
BHO: Privacy Safeguard BHO: {A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE} - C:\Program Files\PrivacySafeGuard\PrivacySafeGuard.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll
BHO: Toolbar BHO: {beea7fa9-d1f4-49a2-9b1f-6fb7a2d9bc2a} - C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\2vbar.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
TB: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.7.644\AVG Secure Search_toolbar.dll
TB: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\7.0\iobitappsToolbarIE.dll
TB: DailyBibleGuide: {2a942ab7-2073-49bc-a7e1-77e93835889a} - C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\2vbar.dll
uRun: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [DailyBibleGuide EPM Support] "C:\PROGRA~2\DAILYB~2\bar\1.bin\2vmedint.exe" T8EPMSUP.DLL,S
mRun: [DailyBibleGuide Search Scope Monitor] "C:\PROGRA~2\DAILYB~2\bar\1.bin\2vsrchmn.exe" /m=2 /w /h
StartupFolder: C:\Users\Monica\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\Users\Monica\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxps://h50203.www5.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
TCP: NameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{283477CA-653C-4EB0-945B-F45866FB091A} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{4424A224-6E5F-43C2-970B-A33D6975C692} : DHCPNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{4424A224-6E5F-43C2-970B-A33D6975C692}\4545D2055726C6963633 : DHCPNameServer = 65.32.5.74 65.32.5.75
TCP: Interfaces\{4424A224-6E5F-43C2-970B-A33D6975C692}\47964796373763230457E656E2E65647E236F6 : DHCPNameServer = 200.31.208.101 200.13.249.101
TCP: Interfaces\{4424A224-6E5F-43C2-970B-A33D6975C692}\D456C626F65727E656027484 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{4424A224-6E5F-43C2-970B-A33D6975C692}\D494C4F4D20534F5E4564777F627B6 : DHCPNameServer = 192.168.2.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.7\ViProtocol.dll
AppInit_DLLs= c:\progra~3\bitguard\271769~1.27\{16cdf~1\bitguard.dll
SSODL: WebCheck - <orphaned>
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Privacy Safeguard BHO: {1036AD63-AEAC-460B-9060-C96005D4DC86} - C:\Program Files\PrivacySafeGuard\PrivacySafeGuard-x64.dll
x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [DailyBibleGuide Home Page Guard 64 bit] "C:\PROGRA~2\DAILYB~2\bar\1.bin\AppIntegrator64.exe"
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\q6tbbkv9.default\
FF - prefs.js: browser.search.selectedEngine - Ask Web Search
FF - prefs.js: browser.startup.homepage - hxxp://home.tb.ask.com/index.jhtml?ptb=CE5567D9-5F79-495D-90B3-19819F57C55F&n=780b5b68&p2=^XM^xdm292^YYA^us&si=23178
FF - prefs.js: keyword.URL - hxxp://search.tb.ask.com/search/GGmain.jhtml?st=kwd&ptb=CE5567D9-5F79-495D-90B3-19819F57C55F&n=780b5b68&ind=2014010216&p2=^XM^xdm292^YYA^us&si=23178&searchfor=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\NP2vStub.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\q6tbbkv9.default\extensions\{6ec74131-08b2-4f67-a9bc-5914ef1edb97}\plugins\np-mswmp.dll
FF - plugin: C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\q6tbbkv9.default\extensions\{6ec74131-08b2-4f67-a9bc-5914ef1edb97}\plugins\npFirefoxPlugin.dll
FF - plugin: C:\Users\Monica\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Monica\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Monica\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.claro.autoRvrt - false
FF - user.js: extensions.claro_i.newTab - false
FF - user.js: extensions.claro.id - e24b917800000000000090004e363f66
FF - user.js: extensions.claro.instlDay - 15562
FF - user.js: extensions.claro.vrsn - 1.6.4.1
FF - user.js: extensions.claro.vrsni - 1.6.4.1
FF - user.js: extensions.claro_i.vrsnTs - 1.6.4.116:02:26
FF - user.js: extensions.claro.prtnrId - claro
FF - user.js: extensions.claro.prdct - claro
FF - user.js: extensions.claro.aflt - babsst
FF - user.js: extensions.claro_i.smplGrp - none
FF - user.js: extensions.claro.tlbrId - claro
FF - user.js: extensions.claro.instlRef - sst
FF - user.js: extensions.claro.dfltLng - en
FF - user.js: extensions.claro.excTlbr - false
FF - user.js: extensions.claro.admin - false
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=e24b9178000000000000984be19b1f9c&q=
FF - user.js: extensions.BabylonToolbar.id - e24b9178000000000000984be19b1f9c
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15710
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.7.2
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.7.2
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.7.218:22:40
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - na
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar_i.excTlbr - false
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=17427&tt=0113_1
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - def
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar.rvrt - false
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-4-19 28480]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-1-31 36944]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2012-8-15 17720]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-11-8 307040]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-12-23 47696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-4-11 384800]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-8-6 50464]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2013-3-13 528192]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-11-20 203264]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2013-10-16 5175856]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-5-21 140272]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 DailyBibleGuideService;DailyBibleGuideService;C:\PROGRA~2\DAILYB~2\bar\1.bin\2vbarsvc.exe [2013-12-26 88648]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-12-10 127328]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\avgidsfiltera.sys [2011-12-23 29776]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-11-20 38456]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 AndNetDiag;LGE AndroidNet USB Serial Port;C:\Windows\System32\drivers\lgandnetdiag64.sys [2012-7-3 29184]
S3 ANDNetModem;LGE AndroidNet USB Modem;C:\Windows\System32\drivers\lgandnetmodem64.sys [2012-7-3 36352]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 rcmirror;rcmirror;C:\Windows\System32\drivers\rcmirror.sys [2010-1-18 4608]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-5-23 59392]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S4 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-11-20 98208]
.
=============== Created Last 30 ================
.
2014-07-03 14:29:55 20328 ----a-w- C:\Windows\System32\roboot64.exe
2014-07-03 14:28:32 -------- d-----w- C:\Users\Monica\AppData\Roaming\systweak
2014-07-03 14:28:31 -------- d-----w- C:\Users\Monica\AppData\Local\Programs
2014-07-02 13:22:48 -------- d-----w- C:\Users\Monica\AppData\Roaming\AVG
2014-07-02 13:22:48 -------- d-----w- C:\Users\Monica\AppData\Local\AVG
2014-07-02 13:22:04 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2014-07-02 13:22:03 288192 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2014-07-02 13:22:00 801280 ----a-w- C:\Windows\System32\usp10.dll
2014-07-02 13:21:59 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2014-07-02 13:21:53 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2014-07-02 13:21:52 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2014-07-02 13:21:49 2048 ----a-w- C:\Windows\SysWow64\msxml6r.dll
2014-07-02 13:21:49 2048 ----a-w- C:\Windows\System32\msxml6r.dll
2014-07-02 13:21:49 1389056 ----a-w- C:\Windows\SysWow64\msxml6.dll
2014-07-02 13:21:49 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2014-07-02 13:21:48 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2014-07-02 13:21:48 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2014-07-02 13:20:12 506368 ----a-w- C:\Windows\System32\aepdu.dll
2014-07-02 13:20:09 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-07-02 13:18:59 365568 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll
2014-07-02 13:11:32 -------- d-sh--w- C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-07-02 13:11:08 -------- d-----w- C:\ProgramData\AVG
2014-07-02 12:53:37 -------- d-----w- C:\Users\Monica\AppData\Roaming\TuneUp Software
.
==================== Find3M ====================
.
2014-07-02 12:36:51 50464 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2014-05-24 02:47:54 2239488 ----a-w- C:\Windows\System32\wininet.dll
2014-05-24 02:46:15 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2014-05-24 02:46:07 67072 ----a-w- C:\Windows\System32\iesetup.dll
2014-05-24 02:46:07 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2014-05-24 02:45:26 1508864 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-05-24 01:26:54 1766400 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-05-24 01:25:52 2862080 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-05-24 01:25:49 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-05-24 01:25:49 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2014-05-24 01:25:25 1440768 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-05-24 01:09:41 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-24 01:03:36 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-24 00:13:44 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2014-05-24 00:06:55 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 16:19:18.50 ===============

I added ".zip" to filename......you'll probably have to delete it to unzip file...

[Juliet]

Welcome

There is a lot going on here. I doubt we can get this all removed in one swipe.

You need to go to add/remove programs and remove/uninstall these 2 items.

Daily Bible Guide Toolbar installs MyWebSearch, a potentially unwanted program gets installed without your permission. Causes popup ads interrupts browsing activities.

IObit
(http://blogs.computerworld.com/15026...m_malwarebytes)

*******
Save these instructions to wordpad/notepad or print them out, while some of the fix will have all windows closed and will help you complete all the necessary steps.

**
Click on this link to download : ADWCleaner
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

Do not click on any links in the top Advertisment.


Close all open windows and browsers.

• Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  
  *****
  
• Click the Scan button and wait for the scan to finish.

• After the Scan has finished the window may or may not show what it found and above the progress bar you will see
  You will then see the screen below, click on the Scan button (as indicated), accept any prompts that appear and allow it to run, it may take several minutes to complete, when it is done click on the Clean button, accept any prompts that appear and allow the system to reboot. You will then be presented with the report, Copy & Paste it into your next post.
  
  This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
• NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

**********************


Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

***********************

Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure which version: Start --> Computer (right click) --> properties)
(To use correct version for your system.....Which system am I using?)

• Run FRST.
• Don´t change one of the checkboxes and hit Scan.
• Logfiles are created on your desktop.
• Poste the FRST.txt
• The first time the tool is run it generates another log (Addition.txt - Please also paste that along with the FRST.txt into your reply.

Please post:
C:\AdwCleaner\AdwCleaner.txt
JRT.txt
FRST.txt with the created Addition.txt

You may need to make multiple post to ensure they they don't get cut off.

[gin_jammer]

Daily Bible Guide and IOBit uninstalled.

AdwCleaner report follows:

# AdwCleaner v3.214 - Report created 04/07/2014 at 12:17:41
# Updated 29/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Monica - MONICA-HP
# Running from : C:\Users\Monica\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : vToolbarUpdater18.1.7

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\~0
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\IBUpdaterService
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\iMesh Applications
Folder Deleted : C:\Program Files (x86)\Search Toolbar
Folder Deleted : C:\Program Files (x86)\SearchCore for Browsers
Folder Deleted : C:\Program Files (x86)\Windows iLivid Toolbar
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Users\Guest\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Guest\AppData\Local\Babylon
Folder Deleted : C:\Users\Guest\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Guest\AppData\LocalLow\DataMngr
Folder Deleted : C:\Users\Guest\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Guest\AppData\LocalLow\searchquband
Folder Deleted : C:\Users\Guest\AppData\LocalLow\Searchqutoolbar
Folder Deleted : C:\Users\Guest\AppData\LocalLow\TelevisionFanatic
Folder Deleted : C:\Users\Guest\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Monica\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Monica\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Monica\AppData\Local\PackageAware
Folder Deleted : C:\Users\Monica\AppData\Local\TelevisionFanatic
Folder Deleted : C:\Users\Monica\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Monica\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Monica\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Monica\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Monica\AppData\LocalLow\searchquband
Folder Deleted : C:\Users\Monica\AppData\Roaming\file scout
Folder Deleted : C:\Users\Monica\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Monica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Ride Games
Folder Deleted : C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\q6tbbkv9.default\Smartbar
Folder Deleted : C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\q6tbbkv9.default\ValueApps
Folder Deleted : C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\q6tbbkv9.default\CT3299872
Folder Deleted : C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\q6tbbkv9.default\Extensions\ffxtlbr@claro.com
Folder Deleted : C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\q6tbbkv9.default\Extensions\{6ec74131-08b2-4f67-a9bc-5914ef1edb97}
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Deleted : C:\Users\Monica\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\q6tbbkv9.default\searchplugins\ask-web-search.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
File Deleted : C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\q6tbbkv9.default\searchplugins\babylon1.xml
File Deleted : C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\q6tbbkv9.default\searchplugins\bProtect.xml
File Deleted : C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\q6tbbkv9.default\searchplugins\my-web-search.xml
File Deleted : C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\q6tbbkv9.default\searchplugins\Search_Results.xml
File Deleted : C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\q6tbbkv9.default\searchplugins\SearchResults.xml
File Deleted : C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\q6tbbkv9.default\user.js
File Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
File Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
File Deleted : C:\Windows\System32\Tasks\BitGuard

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{B64982B1-D112-42B5-B1E4-D3867C4533F8}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [specialsavings@superfish.com]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\Applications\iMesh_V11_en_Setup.exe
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_V11_en_Setup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_V11_en_Setup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKCU\Software\e4da8bbd3deb49
Key Deleted : HKLM\SOFTWARE\e4da8bbd3deb49
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_smart-defrag_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_smart-defrag_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{04D2B915-19FF-41E9-994D-95DC898BEA43}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5D79F641-C168-40DF-A32F-BACEA7509E75}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9E131A93-EED7-4BEB-B015-A0ADB30B5646}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C98D5B61-B0EA-4D48-9839-1079D352D880}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C1B9042-3D32-49A1-916B-0AA3A9CDDFD6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{9D425283-D487-4337-BAB6-AB8354A81457}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{9D425283-D487-4337-BAB6-AB8354A81457}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B3595550-5007-4AEB-BB04-D00E62E836A8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F0786343-938E-456B-8798-DE7EEC08F820}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
[#] Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\filescout
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\Imesh
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : [x64] HKLM\SOFTWARE\SearchCore for Browsers
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~3\bitguard\271769~1.27\{16cdf~1\bitguard.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~3\bitguard\271769~1.27\{16cdf~1\loader.dll

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16921

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\iy46uy8r.default\prefs.js ]


[ File : C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\q6tbbkv9.default\prefs.js ]

Line Deleted : user_pref("CT3299872.1000082.isPlayDisplay", "true");
Line Deleted : user_pref("CT3299872.1000082.state", "{\"state\":\"stopped\",\"text\":\"1.FM (Cou...\",\"description\":\"1.FM (Country)\",\"url\":\"hxxp://1.fm/wm/energycountry32k.asx\"}");
Line Deleted : user_pref("CT3299872.1000234.TWC_TMP_city", "ORLANDO");
Line Deleted : user_pref("CT3299872.1000234.TWC_TMP_country", "US");
Line Deleted : user_pref("CT3299872.1000234.TWC_country", "UNITED STATES");
Line Deleted : user_pref("CT3299872.1000234.TWC_locId", "USFL0372");
Line Deleted : user_pref("CT3299872.1000234.TWC_location", "Orlando, FL");
Line Deleted : user_pref("CT3299872.1000234.TWC_region", "US");
Line Deleted : user_pref("CT3299872.1000234.TWC_temp_dis", "f");
Line Deleted : user_pref("CT3299872.1000234.TWC_wind_dis", "mph");
Line Deleted : user_pref("CT3299872.1000234.weatherData", "{\"icon\":\"30.png\",\"temperature\":\"84°F\",\"temperatureClear\":\"84°F\",\"highTemperature\":\"84°F\",\"lowTemperature\":\"75°F\",\"feelsLike\":\"93°F\",[...]
Line Deleted : user_pref("CT3299872.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3299872.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3299872.FirstTime", "true");
Line Deleted : user_pref("CT3299872.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3299872.ILK.enc", "MTM3Nzg4MTUwMjIyMzIzNDE3MzIxNjg3MDI4OTU4");
Line Deleted : user_pref("CT3299872.PG_ENABLE", "dHJ1ZQ==");
Line Deleted : user_pref("CT3299872.PG_ENABLE.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3299872.RestartDialogFirstTime", "false");
Line Deleted : user_pref("CT3299872.RestartDialogShouldDisplay", "false");
Line Deleted : user_pref("CT3299872.SF_JUST_INSTALLED.enc", "RkFMU0U=");
Line Deleted : user_pref("CT3299872.SF_STATUS.enc", "RU5BQkxFRA==");
Line Deleted : user_pref("CT3299872.SF_USER_ID.enc", "Y2lkXzE0NzIwMTMxNjUxMjQ2MzIzMzMz");
Line Deleted : user_pref("CT3299872.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?octid=CT3299872&ctid=CT3299872&SearchSource=2&CUI=UN74877533678437857&UM=false&q=");
Line Deleted : user_pref("CT3299872.UserID", "UN74877533678437857");
Line Deleted : user_pref("CT3299872._key_cl_active", "%B9%B8%B6%BF%BB%B7%EB%BF%B3%BE%BC%B7%EA%B3%BA%E7%EC%EA%B3%BF%BE%E9%BB%B3%EC%BE%BC%BF%BF%BF%EB%E7%B7%B8%EA%BE");
Line Deleted : user_pref("CT3299872._key_cl_active.enc", "MzIwOTUxZTktODYxZC00YWZkLTk4YzUtZjg2OTk5ZWExMmQ4");
Line Deleted : user_pref("CT3299872.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3299872.browser.search.defaultthis.engineName", true);
Line Deleted : user_pref("CT3299872.cb_experience_000.enc", "MjQ=");
Line Deleted : user_pref("CT3299872.cb_firstuse0100.enc", "MQ==");
Line Deleted : user_pref("CT3299872.cb_user_id_000.enc", "Q0I2NTU4MTkwMTA3ODJfMTM3NDE4MTQwMTYyMl9GaXJlZm94");
Line Deleted : user_pref("CT3299872.cbfirsttime.enc", "U3VuIEp1bCAxNCAyMDEzIDE2OjUxOjIyIEdNVC0wNDAwIChFYXN0ZXJuIFN0YW5kYXJkIFRpbWUp");
Line Deleted : user_pref("CT3299872.countryCode", "US");
Line Deleted : user_pref("CT3299872.discover-experiments-photopop.enc", "eyJuYW1lIjoicGhvdG9wb3BfbmEiLCJ2ZXJzaW9uIjoxMH0=");
Line Deleted : user_pref("CT3299872.discover-periodic-reports.enc", "eyJwaW5nXzAiOlsxMzc3NjMxMzY3MzIyLDE0NDAwMDAwXX0=");
Line Deleted : user_pref("CT3299872.discover-user-id.enc", "IjU5Y2M0OTQxLTU3Y2UtNDdjOS04MGUxLTIwYWE0ZTg5MGU3YiI=");
Line Deleted : user_pref("CT3299872.enableFix404ByUser", "TRUE");
Line Deleted : user_pref("CT3299872.event_data.enc", "JTVCJTVE");
Line Deleted : user_pref("CT3299872.fired_events.enc", "");
Line Deleted : user_pref("CT3299872.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT3299872.fixPageNotFoundErrorByUser", "TRUE");
Line Deleted : user_pref("CT3299872.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3299872.fixUrls", true);
Line Deleted : user_pref("CT3299872.fullUserID", "UN74877533678437857.TB.20130712192027");
Line Deleted : user_pref("CT3299872.ground-country-code.enc", "IlVTIg==");
Line Deleted : user_pref("CT3299872.iData.enc", "eyJhY3RpdmUiOnRydWUsImludGVydmFsIjowLCJ0aW1lc3RhbXAiOjAsImNvdW50ZXIiOjB9");
Line Deleted : user_pref("CT3299872.installType", "Unknown");
Line Deleted : user_pref("CT3299872.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3299872.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3299872.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3299872.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3299872.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3299872.key_date.enc", "MTM=");
Line Deleted : user_pref("CT3299872.keyword", true);
Line Deleted : user_pref("CT3299872.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?gd=&ctid=CT3299872&octid=CT3299872&ISID=ISID_ID&SearchSource=15&CUI=UN74877533678437857&Lay=1&[...]
Line Deleted : user_pref("CT3299872.lastVersion", "10.33.0.505");
Line Deleted : user_pref("CT3299872.mam_gk_appStateReportTime", "%B7%B9%BE%BB%B6%BD%BF%B9%BE%B7%B6%B7%B6");
Line Deleted : user_pref("CT3299872.mam_gk_appStateReportTime.enc", "MTM4NTA3OTM4MTAxMA==");
Line Deleted : user_pref("CT3299872.mam_gk_appState_ACplus.enc", "b2Zm");
Line Deleted : user_pref("CT3299872.mam_gk_appState_ActualClick.enc", "b24=");
Line Deleted : user_pref("CT3299872.mam_gk_appState_Clarity_Active", "%F5%F4");
Line Deleted : user_pref("CT3299872.mam_gk_appState_Clarity_Active.enc", "b24=");
Line Deleted : user_pref("CT3299872.mam_gk_appState_CouponBuddy.enc", "b24=");
Line Deleted : user_pref("CT3299872.mam_gk_appState_Discover.enc", "b2Zm");
Line Deleted : user_pref("CT3299872.mam_gk_appState_Easytobook.enc", "b24=");
Line Deleted : user_pref("CT3299872.mam_gk_appState_Easytobook_targeted.enc", "b24=");
Line Deleted : user_pref("CT3299872.mam_gk_appState_Find-a-Pro.enc", "b2Zm");
Line Deleted : user_pref("CT3299872.mam_gk_appState_PiclickV2-WebSearch.enc", "b2Zm");
Line Deleted : user_pref("CT3299872.mam_gk_appState_PriceGong.enc", "b2Zm");
Line Deleted : user_pref("CT3299872.mam_gk_appState_WindowShopper.enc", "b24=");
Line Deleted : user_pref("CT3299872.mam_gk_appsConfig.enc", "eyJBcHBzQ29uZmlndXJhdGlvbiI6W3siaWQiOiJDbGFyaXR5X0FjdGl2ZSIsInVybCI6Imh0dHA6Ly9zdG9yYWdlLmNvbmR1aXQuY29tL21hbS8zcmRwYXJ0eWFwcHMvY2xhcml0eVJheS9jcl9hY3Rpdm[...]
Line Deleted : user_pref("CT3299872.mam_gk_appsDefaultEnabled", "%F4%FB%F2%F2");
Line Deleted : user_pref("CT3299872.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Line Deleted : user_pref("CT3299872.mam_gk_calledSetupService.enc", "MQ==");
Line Deleted : user_pref("CT3299872.mam_gk_currentBadgeValue", "%B6");
Line Deleted : user_pref("CT3299872.mam_gk_currentBadgeValue.enc", "MA==");
Line Deleted : user_pref("CT3299872.mam_gk_currentVersion", "%B7%B4%B7%B7%B4%BA%B4%B8");
Line Deleted : user_pref("CT3299872.mam_gk_currentVersion.enc", "MS4xMS40LjI=");
Line Deleted : user_pref("CT3299872.mam_gk_eventsCache", "%u0101%A8%BF%BC%B6%BD%BE%EA%EB%EA%B3%B9%B6%BD%BA%B3%BA%B8%E9%B7%B3%E7%EB%BC%E7%B3%EC%BD%EB%BB%B8%B7%E8%BB%E9%BC%BD%E8%A8%C0%u0101%A8%FA%F5%F6%EF%E9%A8%C0%A8%[...]
Line Deleted : user_pref("CT3299872.mam_gk_eventsCache.enc", "eyI5NjA3OGRlZC0zMDc0LTQyYzEtYWU2YS1mN2U1MjFiNWM2N2IiOnsidG9waWMiOiJzZW5kVXNhZ2UiLCJkYXRhIjp7ImNhdGVnb3J5IjoiV2VsY29tZSIsImFjdGlvbiI6IlZpZXcifSwidW5pcXVlS[...]
Line Deleted : user_pref("CT3299872.mam_gk_existingUsersRecoveryDone.enc", "MQ==");
Line Deleted : user_pref("CT3299872.mam_gk_first_time", "%B7");
Line Deleted : user_pref("CT3299872.mam_gk_first_time.enc", "MQ==");
Line Deleted : user_pref("CT3299872.mam_gk_gadgetOpen.enc", "MA==");
Line Deleted : user_pref("CT3299872.mam_gk_globalKeysMigratedToLocalStorage", "%B7");
Line Deleted : user_pref("CT3299872.mam_gk_globalKeysMigratedToLocalStorage.enc", "MQ==");
Line Deleted : user_pref("CT3299872.mam_gk_lastLoginTime", "%B7%B9%BE%BB%B6%BD%BF%B9%BE%B9%BF%BF%BE");
Line Deleted : user_pref("CT3299872.mam_gk_lastLoginTime.enc", "MTM4NTA3OTM4Mzk5OA==");
Line Deleted : user_pref("CT3299872.mam_gk_localization.enc", "eyJkaWFsb2dPSyI6eyJUZXh0IjoiT0sifSwiZG1ib3gxIjp7IlRleHQiOiJEZWFsXHJcbm9mIHRoZSBkYXkifSwiZG1ib3gyIjp7IlRleHQiOiJGcmVlXHJcblNoaXBtZW50In0sImRtYnVsbGV0MSI6[...]
Line Deleted : user_pref("CT3299872.mam_gk_mamEnabled.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3299872.mam_gk_newApps", "%E1%E3");
Line Deleted : user_pref("CT3299872.mam_gk_newApps.enc", "W10=");
Line Deleted : user_pref("CT3299872.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3299872.mam_gk_settings1.10.2.5.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMTU3XzEiLCJpc1Rlc3QiOnRydWUsIlVzZXJDb3VudHJ5Q29kZSI6IlVTIiwiaXNXZWxjb21lRXhw[...]
Line Deleted : user_pref("CT3299872.mam_gk_settings1.10.4.0.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMTYzXzAiLCJpc1Rlc3QiOnRydWUsIlVzZXJDb3VudHJ5Q29kZSI6IlVTIiwiaXNXZWxjb21lRXhw[...]
Line Deleted : user_pref("CT3299872.mam_gk_settings1.11.4.2", "%u0101%A8%D9%FA%E7%FA%FB%F9%A8%C0%A8%F9%FB%E9%E9%EB%EB%EA%EB%EA%A8%B2%A8%CA%E7%FA%E7%A8%C0%u0101%A8%E9%FB%F8%F8%EB%F4%FA%CA%E7%FA%EB%A8%C0%A8%B8%B6%B7%B[...]
Line Deleted : user_pref("CT3299872.mam_gk_settings1.11.4.2.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImN1cnJlbnREYXRlIjoiMjAxMzExMjIiLCJpbnRlcnZhbCI6MjQwLCJzdGFtcCI6IjEwNDNfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50[...]
Line Deleted : user_pref("CT3299872.mam_gk_settings1.8.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMzVfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiVVMiLCJpc1dlbGNvbWVFeHBlc[...]
Line Deleted : user_pref("CT3299872.mam_gk_settings1.9.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMzVfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiVVMiLCJpc1dlbGNvbWVFeHBlc[...]
Line Deleted : user_pref("CT3299872.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3299872.mam_gk_showWelcomeGadget", "%EC%E7%F2%F9%EB");
Line Deleted : user_pref("CT3299872.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3299872.mam_gk_stamp", "%B7%B6%BA%B9%E5%B6");
Line Deleted : user_pref("CT3299872.mam_gk_stamp.enc", "MTA0M18w");
Line Deleted : user_pref("CT3299872.mam_gk_userId", "%EC%EB%B6%E9%E7%BE%B7%B9%B3%EB%E7%BD%E8%B3%BA%BB%BF%BE%B3%BF%EA%E8%BA%B3%BE%BE%BA%BE%E8%EC%EB%B6%BF%BA%B8%EC");
Line Deleted : user_pref("CT3299872.mam_gk_userId.enc", "ZmUwY2E4MTMtZWE3Yi00NTk4LTlkYjQtODg0OGJmZTA5NDJm");
Line Deleted : user_pref("CT3299872.mam_gk_user_approval_interacted", "%B7");
Line Deleted : user_pref("CT3299872.mam_gk_user_approval_interacted.enc", "MQ==");
Line Deleted : user_pref("CT3299872.mam_gk_welcomeDialogMode", "%B7");
Line Deleted : user_pref("CT3299872.mam_gk_welcomeDialogMode.enc", "MQ==");
Line Deleted : user_pref("CT3299872.migrateAppsAndComponents", true);
Line Deleted : user_pref("CT3299872.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_SEARCH_TERM\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://InstalllConverter.OurToolbar.com/\",\"[...]
Line Deleted : user_pref("CT3299872.originalHomepage", "hxxp://www.pageset.com/slp?psver=3&sid=24f306ae-efab-43bf-b2a8-2c43eb9ebd5c-0-ps_gse&dm=bing.com&cd=241306");
Line Deleted : user_pref("CT3299872.originalSearchAddressUrl", "hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=668083&p=");
Line Deleted : user_pref("CT3299872.originalSearchEngine", "Yahoo");
Line Deleted : user_pref("CT3299872.performedDomainChangesMigration", "true");
Line Deleted : user_pref("CT3299872.personalApps", "{\"dataType\":\"object\",\"data\":\"[\\\"BROWSER_COMPONENT\\\"]\"}");
Line Deleted : user_pref("CT3299872.price-gong.isManagedApp", "true");
Line Deleted : user_pref("CT3299872.revertSettingsEnabled", "false");
Line Deleted : user_pref("CT3299872.sData.enc", "eyJhY3RpdmUiOnRydWUsImludGVydmFsIjowfQ==");
Line Deleted : user_pref("CT3299872.search.searchAppId", "130116395078024690");
Line Deleted : user_pref("CT3299872.search.searchCount", "2");
Line Deleted : user_pref("CT3299872.searchFromAddressBarEnabledByUser", "true");
Line Deleted : user_pref("CT3299872.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT3299872.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT3299872.searchSuggestEnabledByUser", "TRUE");
Line Deleted : user_pref("CT3299872.searchUserMode", "false");
Line Deleted : user_pref("CT3299872.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3299872.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3299872.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT3299872.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3299872\"}");
Line Deleted : user_pref("CT3299872.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://InstalllConverter.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT3299872.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"Installl Converter \"}");
Line Deleted : user_pref("CT3299872.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3299872.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT3299872.serviceLayer_services_Configuration_lastUpdate", "1404488649335");
Line Deleted : user_pref("CT3299872.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1386081814988");
Line Deleted : user_pref("CT3299872.serviceLayer_services_appsMetadata_lastUpdate", "1386561038350");
Line Deleted : user_pref("CT3299872.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1386460750927");
Line Deleted : user_pref("CT3299872.serviceLayer_services_login_10.16.420.1_lastUpdate", "1375299446707");
Line Deleted : user_pref("CT3299872.serviceLayer_services_login_10.19.2.505_lastUpdate", "1378506183745");
Line Deleted : user_pref("CT3299872.serviceLayer_services_login_10.20.0.513_lastUpdate", "1379131952742");
Line Deleted : user_pref("CT3299872.serviceLayer_services_login_10.21.1.507_lastUpdate", "1384224547894");
Line Deleted : user_pref("CT3299872.serviceLayer_services_login_10.22.2.530_lastUpdate", "1384477578650");
Line Deleted : user_pref("CT3299872.serviceLayer_services_login_10.22.3.518_lastUpdate", "1385079473302");
Line Deleted : user_pref("CT3299872.serviceLayer_services_login_10.22.5.510_lastUpdate", "1386961481080");
Line Deleted : user_pref("CT3299872.serviceLayer_services_login_10.29.0.520_lastUpdate", "1399593082792");
Line Deleted : user_pref("CT3299872.serviceLayer_services_login_10.30.1.502_lastUpdate", "1400007688621");
Line Deleted : user_pref("CT3299872.serviceLayer_services_login_10.31.0.526_lastUpdate", "1404305622323");
Line Deleted : user_pref("CT3299872.serviceLayer_services_login_10.33.0.505_lastUpdate", "1404488645578");
Line Deleted : user_pref("CT3299872.serviceLayer_services_menu_769c590835a76d075fe33b9a87a87786_lastUpdate", "1386460730980");
Line Deleted : user_pref("CT3299872.serviceLayer_services_menu_d32f45618f5a02bd965c56155a643855_lastUpdate", "1386460728784");
Line Deleted : user_pref("CT3299872.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1386460750928");
Line Deleted : user_pref("CT3299872.serviceLayer_services_searchAPI_lastUpdate", "1404488647920");
Line Deleted : user_pref("CT3299872.serviceLayer_services_serviceMap_lastUpdate", "1404488646377");
Line Deleted : user_pref("CT3299872.serviceLayer_services_toolbarContextMenu_lastUpdate", "1386561038352");
Line Deleted : user_pref("CT3299872.serviceLayer_services_toolbarSettings_lastUpdate", "1404488645457");
Line Deleted : user_pref("CT3299872.serviceLayer_services_translation_lastUpdate", "1404488645363");
Line Deleted : user_pref("CT3299872.settingsINI", true);
Line Deleted : user_pref("CT3299872.showToolbarPermission", "false");
Line Deleted : user_pref("CT3299872.smartbar.CTID", "CT3299872");
Line Deleted : user_pref("CT3299872.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3299872.smartbar.homepage", true);
Line Deleted : user_pref("CT3299872.smartbar.toolbarName", "Installl Converter ");
Line Deleted : user_pref("CT3299872.toolbarBornServerTime", "14-7-2013");
Line Deleted : user_pref("CT3299872.toolbarCurrentServerTime", "4-7-2014");
Line Deleted : user_pref("CT3299872.toolbarLoginClientTime", "Sat Jul 13 2013 17:14:03 GMT-0400 (Eastern Standard Time)");
Line Deleted : user_pref("CT3299872.url_history0001", "%EE%FA%FA%F6%C0%B5%B5%F9%F6%E7%E9%EB%E9%F5%E7%F9%FA%B4%E9%F8%E7%EF%ED%F9%F2%EF%F9%FA%B4%F5%F8%ED%B5%F9%F6%E7%B5%BA%B8%B6%BB%B6%B6%BA%B6%B6%B6%B4%EE%FA%F3%F2%C0%[...]
Line Deleted : user_pref("CT3299872.url_history0001.enc", "aHR0cDovL3NwYWNlY29hc3QuY3JhaWdzbGlzdC5vcmcvc3BhLzQyMDUwMDQwMDAuaHRtbDo6OmNsaWNraGFuZGxlcjo6OjEzODUwNzg3MzA1NDIsLCxodHRwOi8vc3BhY2Vjb2FzdC5jcmFpZ3NsaXN0Lm9y[...]
Line Deleted : user_pref("CT3299872.userIdGenerationCounter", "1");
Line Deleted : user_pref("CT3299872_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1404488613927,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=668083&p=");
Line Deleted : user_pref("Smartbar.TBHomepagesList", "");
Line Deleted : user_pref("Smartbar.TBSearchEngineList", "");
Line Deleted : user_pref("Smartbar.TBSearchUrlList", "");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3299872");
Line Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\18.1.0.443");
Line Deleted : user_pref("avg.install.userHPSettings", "hxxp://home.tb.ask.com/index.jhtml?ptb=CE5567D9-5F79-495D-90B3-19819F57C55F&n=780b5b68&p2=^XM^xdm292^YYA^us&si=23178");
Line Deleted : user_pref("avg.install.userSPSettings", "Ask Web Search");
Line Deleted : user_pref("avg.userPreferences.URLBarFocus.whiteList", "bing\\.com|google\\.\\w+|yahoo\\.\\w+|gmail\\.\\w+|hotmail\\.\\w+|live\\.\\w+|isearch\\.avg\\.com|mysearch\\.avg\\.com");
Line Deleted : user_pref("browser.newtab.url", "hxxp://www.claro-search.com/?affID=114024&tt=090812_clr_3212_8&babsrc=NT_ss&mntrId=e24b917800000000000090004e363f66");
Line Deleted : user_pref("browser.search.defaultenginename", "Ask Web Search");
Line Deleted : user_pref("browser.search.selectedEngine", "Ask Web Search");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://home.tb.ask.com/index.jhtml?ptb=CE5567D9-5F79-495D-90B3-19819F57C55F&n=780b5b68&p2=^XM^xdm292^YYA^us&si=23178");
Line Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Line Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Line Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Line Deleted : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Line Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Line Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
Line Deleted : user_pref("extensions.BabylonToolbar.id", "e24b9178000000000000984be19b1f9c");
Line Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15710");
Line Deleted : user_pref("extensions.BabylonToolbar.instlRef", "na");
Line Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Line Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Line Deleted : user_pref("extensions.BabylonToolbar.rvrt", "false");
Line Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Line Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=e24b9178000000000000984be19b1f9c&q=");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.8.7.2");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.8.7.2");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=17427&tt=0113_1");
Line Deleted : user_pref("extensions.BabylonToolbar_i.excTlbr", false);
Line Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);
Line Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Line Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "def");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.7.218:22:40");
Line Deleted : user_pref("extensions.claro.admin", false);
Line Deleted : user_pref("extensions.claro.aflt", "babsst");
Line Deleted : user_pref("extensions.claro.autoRvrt", "false");
Line Deleted : user_pref("extensions.claro.dfltLng", "en");
Line Deleted : user_pref("extensions.claro.excTlbr", false);
Line Deleted : user_pref("extensions.claro.id", "e24b917800000000000090004e363f66");
Line Deleted : user_pref("extensions.claro.instlDay", "15562");
Line Deleted : user_pref("extensions.claro.instlRef", "sst");
Line Deleted : user_pref("extensions.claro.prdct", "claro");
Line Deleted : user_pref("extensions.claro.prtnrId", "claro");
Line Deleted : user_pref("extensions.claro.tlbrId", "claro");
Line Deleted : user_pref("extensions.claro.vrsn", "1.6.4.1");
Line Deleted : user_pref("extensions.claro.vrsni", "1.6.4.1");
Line Deleted : user_pref("extensions.claro_i.newTab", false);
Line Deleted : user_pref("extensions.claro_i.smplGrp", "none");
Line Deleted : user_pref("extensions.claro_i.vrsnTs", "1.6.4.116:02:26");
Line Deleted : user_pref("extensions.crossrider.bic", "13912268e3b849136867bf9e01c06acd");
Line Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Line Deleted : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://www.searchqu.com/web?src=ffb&appid=119&systemid=406&sr=0&q=");
Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.BUTTON_STRUCTURE", "[{\"b\":221356240,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":221356241,\"c\":\"mindspark.entersearchterms\",\"p\":\"L.0.0[...]
Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.browser.search.defaultenginename.prev", "Installl Converter Customized Web Search");
Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.browser.search.defaultenginename.savedPrev", "true");
Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.browser.search.defaultenginename.tb", "Ask Web Search");
Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.browser.search.selectedEngine.prev", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.browser.search.selectedEngine.savedPrev", "true");
Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.browser.search.selectedEngine.tb", "Ask Web Search");
Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.browser.startup.homepage.prev", "hxxp://search.conduit.com/?octid=CT3299872&ctid=CT3299872&SearchSource=13&CUI=UN74877533678437857");
Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.browser.startup.homepage.savedPrev", "true");
Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.browser.startup.homepage.tb", "hxxp://home.tb.ask.com/index.jhtml?ptb=CE5567D9-5F79-495D-90B3-19819F57C55F&n=780b5b68&p2=^XM^xdm292^YYA^us&si=23178"[...]
Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.browser.startup.page.savedPrev", 1);
Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.browser.startup.page.tb", 1);
Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.competitorDNS", "{\"comment\":\"refresh every 1 week (7*24*60*60*1000)\",\"refreshPeriod\":604800000,\"list\":[{\"url\":\"hxxp://www.dnsrsearch.com/[...]
Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.firstKnownVersion", "5.75.3.1281");
Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.homepage", "hxxp://home.tb.ask.com/index.jhtml?ptb=CE5567D9-5F79-495D-90B3-19819F57C55F&n=780b5b68&p2=^XM^xdm292^YYA^us&si=23178");
Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.hp.enabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.hp.lastGuardTime", 1281687674);
Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.hp.numGuards", 1);
Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.initialized", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.installKeysSource", "File");
Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.installation.contextKey", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.installation.installDate", "2014010216");
Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.installation.partnerId", "^XM^xdm292^YYA^us");
Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.installation.partnerSubId", "23178");
Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.installation.success", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.installation.toolbarId", "CE5567D9-5F79-495D-90B3-19819F57C55F");
Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.isCompliantUninstallImplementation", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.lastActivePing", "1404488624081");
Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.lastKnownVersion", "6.52.4.5107");
Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.options.defaultSearch", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.options.homePageEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.options.keywordEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.options.tabEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.searchHistory", "youtube rafael nadal y jackovik||gmail sign in||hotmail sign in||oracion san miguel arcangel||.Padre nuestro oracion||Rey de Reyes [...]
Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.toolbarCollapsed", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.weather.location", "32701");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=76A4C6AC-C41E-494A-8B8C-66E0D9167D71&n=77ed26fe&ptnrS=XPxdm044YYus&si=CIfGl-_a1a4CFZNV7AodZ1[...]
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.initialized", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.installDate", "2012030718");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.partnerId", "XPxdm044YYus");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.partnerSubId", "CIfGl-_a1a4CFZNV7AodZ1ICaw");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.success", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.toolbarId", "76A4C6AC-C41E-494A-8B8C-66E0D9167D71");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.lastActivePing", "1344615504258");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.options.defaultSearch", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.options.homePageEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.options.keywordEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.options.tabEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.recentlyClosed", "{\"list\":[{\"url\":\"hxxp://search.yahoo.com/search;_ylt=A0oGdbkgtMpPuRYAL9xXNyoA?p=how%20to%20watch%20facebook%20the%20movie%20o[...]
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.searchHistory", "dubai social life pics||dubai socialmen life pics");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.weather.location", "32114");
Line Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "dailybibleguide@mindspark.com");
Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "dailybibleguide@mindspark.com");
Line Deleted : user_pref("keyword.URL", "hxxp://search.tb.ask.com/search/GGmain.jhtml?st=kwd&ptb=CE5567D9-5F79-495D-90B3-19819F57C55F&n=780b5b68&ind=2014010216&p2=^XM^xdm292^YYA^us&si=23178&searchfor=");
Line Deleted : user_pref("plugin.state.npconduitfirefoxplugin", 2);
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3299872");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?octid=CT3299872&ctid=CT3299872&SearchSource=13&CUI=UN74877533678437857");
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?octid=CT3299872&ctid=CT3299872&SearchSource=2&CUI=UN74877533678437857&UM=false&q=,hxxp://search.conduit.com[...]
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3299872");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3299872");
Line Deleted : user_pref("smartbar.homepageList", "hxxp://search.conduit.com/?octid=CT3299872&ctid=CT3299872&SearchSource=13&CUI=UN74877533678437857");
Line Deleted : user_pref("smartbar.machineId", "AE8EML/HRWZTYBNU0Z6/YPNQK0EMUWXXQXP0F5QYBWNTUDP8GWYF12883BUDFFJQ59UXTZPBJI/CZ6PQMIKBTQ");
Line Deleted : user_pref("smartbar.searchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?octid=CT3299872&ctid=CT3299872&SearchSource=2&CUI=UN74877533678437857&UM=false&q=,hxxp://search.conduit.com/Result[...]
Line Deleted : user_pref("valueApps.CT3299872.SF_JUST_INSTALLED", "46414C5345");
Line Deleted : user_pref("valueApps.CT3299872.SF_JUST_INSTALLED.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3299872.SF_STATUS", "454E41424C4544");
Line Deleted : user_pref("valueApps.CT3299872.SF_STATUS.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3299872.SF_USER_ID", "6369645F323231313230313331303135313133383737393434");
Line Deleted : user_pref("valueApps.CT3299872.SF_USER_ID.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3299872._key_cl_active", "33323039353165392D383631642D346166642D393863352D663836393939656131326438");
Line Deleted : user_pref("valueApps.CT3299872._key_cl_active.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3299872.cb_experience_000", "3237");
Line Deleted : user_pref("valueApps.CT3299872.cb_experience_000.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3299872.cb_firstuse0100", "31");
Line Deleted : user_pref("valueApps.CT3299872.cb_firstuse0100.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3299872.cb_user_id_000", "43423133353835343234353730385F313339393038303836303537355F46697265666F78");
Line Deleted : user_pref("valueApps.CT3299872.cb_user_id_000.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3299872.cbfirsttime", "53756E204A756C20313420323031332031363A35313A323220474D542D3034303020284561737465726E205374616E646172642054696D6529");
Line Deleted : user_pref("valueApps.CT3299872.cbfirsttime.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_appStateReportTime", "31343034343838363532323831");
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_appStateReportTime.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_appState_ACplus", "6F6666");
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_appState_ACplus.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_appState_Clarity_Active", "6F6E");
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_appState_Clarity_Active.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_appState_CouponBuddy", "6F6E");
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_appState_CouponBuddy.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_appState_Discover", "6F6666");
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_appState_Discover.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_appState_Easytobook", "6F6E");
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_appState_Easytobook.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_appState_Easytobook_targeted", "6F6E");
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_appState_Easytobook_targeted.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_appState_Find-a-Pro", "6F6666");
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_appState_Find-a-Pro.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_appState_PiclickV2-WebSearch", "6F6666");
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_appState_PiclickV2-WebSearch.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_appState_PriceGong", "6F6666");
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_appState_PriceGong.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_appState_WindowShopper", "6F6E");
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_appState_WindowShopper.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_appsConfig.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_appsDefaultEnabled", "6E756C6C");
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_appsDefaultEnabled.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_calledSetupService", "31");
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_calledSetupService.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_currentBadgeValue", "31");
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_currentBadgeValue.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_currentVersion", "312E31332E302E3137");
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_currentVersion.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_eventsCache.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_existingUsersRecoveryDone", "31");
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_existingUsersRecoveryDone.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_first_time", "31");
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_first_time.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_gadgetOpen", "30");
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_gadgetOpen.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_globalKeysMigratedToLocalStorage", "31");
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_globalKeysMigratedToLocalStorage.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_lastLoginTime", "31343034343838363532343230");
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_lastLoginTime.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_localization.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_mamEnabled", "74727565");
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_mamEnabled.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_migrated_from_ls", "31");
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_migrated_from_ls.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_newApps", "5B7B226964223A2245617379746F626F6F6B5F7461726765746564222C226E616D65223A224C617374204D696E75746520426F6F6B696E67222C226465736372697074696F6E223A22536D6[...]
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_newApps.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_pgUnloadedOnce", "74727565");
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_pgUnloadedOnce.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_settings1.10.4.0.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_settings1.11.4.2.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_settings1.12.0.5.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_settings1.13.0.17.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_showWelcomeGadget", "66616C7365");
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_showWelcomeGadget.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_stamp", "35345F30");
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_stamp.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_userBornDate", "4E2F41");
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_userBornDate.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_userId", "66653063613831332D656137622D343539382D396462342D383834386266653039343266");
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_userId.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_user_approval_interacted", "31");
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_user_approval_interacted.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_welcomeDialogMode", "31");
Line Deleted : user_pref("valueApps.CT3299872.mam_gk_welcomeDialogMode.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3299872.rematchGround.upstairs", "7B22687474703A2F2F66617374636F6E74656E742E636F6E647569742E636F6D2F646F776E6C6F61645F6F66666572732E68746D6C3F637469643D4354333239393837327E62313[...]
Line Deleted : user_pref("valueApps.CT3299872.rematchGround.upstairs.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3299872.rematchagent-matkot-user-id", "22313339383936333836363334333839323334353622");
Line Deleted : user_pref("valueApps.CT3299872.rematchagent-matkot-user-id.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3299872.rematchagent-periodic-reports", "7B2270696E675F30223A5B313339383936333836363930332C31343430303030305D7D");
Line Deleted : user_pref("valueApps.CT3299872.rematchagent-periodic-reports.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3299872.url_history0001.storedInFile", true);

-\\ Google Chrome v35.0.1916.153

[ File : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof

[ File : C:\Users\Monica\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://isearch.avg.com/search?cid={6DC02F73-AE57-4A57-8234-5CF0F2B24D25}&mid=80050d90450547d6aad94902a77ff66f-a02703f07077a19be9159f751d22ed12fb2a9109&lang=en&ds=AVG&pr=fr&d=2012-08-06 21:15:14&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
Deleted [Search Provider] : hxxp://www.claro-search.com/?q={searchTerms}&affID=114024&tt=090812_clr_3212_8&babsrc=SP_ss&mntrId=e24b917800000000000090004e363f66
Deleted [Search Provider] : hxxp://dts.search-results.com/sr?src=crb&gct=ds&appid=221&systemid=1&apn_dtid=IME001&apn_ptnrs=AGE&o=APN10653&apn_uid=5020704175454444&q={searchTerms}
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Extension] : aidbbndgjnlaclnmhkdimcdjiebjpdel
Deleted [Extension] : bfcpnihmbfoaeoakalclfalkdepgiaje
Deleted [Extension] : cfcbmgbfdbijmjgjihagbomfbjfjmgon
Deleted [Extension] : hgojaaaiddhmiiakpejiklijbalpckih
Deleted [Extension] : mocblcnaofikinigmceddfghppkkjbog
Deleted [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof
Deleted [Extension] : pfndaklgolladniicklehhancnlgocpp

*************************

AdwCleaner[R0].txt - [59393 octets] - [04/07/2014 12:14:10]
AdwCleaner[S0].txt - [59372 octets] - [04/07/2014 12:17:41]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [59433 octets] ##########


Will post Junkware Removal Tool (JRT.txt) separately

[Juliet]

That definitely took out a ton of stuff, and much of it I didn't see.

Have you done the other scans?

[gin_jammer]

Stopped for 4th of July doings.

JRT.txt follows:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Monica on Sat 07/05/2014 at 5:33:35.00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2318636694-3368949867-1376833035-1001\Software\sweetim
Successfully deleted: [Registry Key] HKEY_USERS\.DEFAULT\Software\bProtector
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501160}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5ADCE93E-4285-4987-8464-FEA2EF4C0B23}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{89457C92-825C-4565-B00E-B272E770B0D4}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{89457C92-825C-4565-B00E-B272E770B0D4}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE}



~~~ Files

Successfully deleted: [File] "C:\Program Files (x86)\adobe\reader 10.0\reader\plug_ins\babylon\babylonrpi.api"
Successfully deleted: [File] C:\Windows\syswow64\sho6E30.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoC6A0.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoC73.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoCA9A.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoFA3F.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoFC85.tmp



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\Monica\appdata\locallow\dailybibleguide"
Successfully deleted: [Folder] "C:\Program Files (x86)\dailybibleguide"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\privacy safeguard"



~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted: [Folder] C:\Users\Monica\AppData\Roaming\mozilla\firefox\profiles\q6tbbkv9.default\extensions\2vffxtbr@dailybibleguide.com
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@dailybibleguide.com/plugin
Emptied folder: C:\Users\Monica\AppData\Roaming\mozilla\firefox\profiles\q6tbbkv9.default\minidumps [85 files]



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Monica\appdata\local\Google\Chrome\User Data\Default\Extensions\geggofhlfbcmanadhknllmlajiafopoh
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\geggofhlfbcmanadhknllmlajiafopoh



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 07/05/2014 at 5:55:45.72
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Will run FRST and post result separately.

[gin_jammer]

FRST.txt follows:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-07-2014
Ran by Monica (administrator) on MONICA-HP on 05-07-2014 06:04:59
Running from C:\Users\Monica\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/down...an-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/down...an-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
(CinemaNow, Inc.) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(CMJ Designs Inc.) C:\Program Files (x86)\Orchid\LiveAccessService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.CMJ\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
() C:\Program Files (x86)\Tor\tor.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(IObit) C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2281256 2012-02-06] (Synaptics Incorporated)
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-06-18] (Hewlett-Packard Company)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6245408 2010-05-25] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-06-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AVG_TRAY] => C:\Program Files (x86)\AVG\AVG2012\avgtray.exe [2598520 2012-11-19] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [DailyBibleGuide EPM Support] => "C:\PROGRA~2\DAILYB~2\bar\1.bin\2vmedint.exe" T8EPMSUP.DLL,S
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-06-24] (Hewlett-Packard)
HKU\S-1-5-21-2318636694-3368949867-1376833035-1001\...\Run: [HPAdvisorDock] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\S-1-5-21-2318636694-3368949867-1376833035-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-05-19] (Hewlett-Packard Company)
HKU\S-1-5-21-2318636694-3368949867-1376833035-1001\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-2318636694-3368949867-1376833035-1001\...\Run: [Advanced SystemCare 6] => C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe [491840 2013-01-15] (IObit)
HKU\S-1-5-21-2318636694-3368949867-1376833035-1001\...\MountPoints2: G - G:\LGAutoRun.exe
HKU\S-1-5-21-2318636694-3368949867-1376833035-1001\...\MountPoints2: {78edb978-13cc-11e2-a51a-984be19b1f9c} - H:\ZTE_Handset_USB_Driver.exe
HKU\S-1-5-21-2318636694-3368949867-1376833035-1001\...\MountPoints2: {a1a78e3f-9233-11e2-9d61-984be19b1f9c} - G:\LGAutoRun.exe
Startup: C:\Users\Monica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
Startup: C:\Users\Monica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
BootExecute: autocheck autochk * SmartDefragBootTime.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {89457C92-825C-4565-B00E-B272E770B0D4} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {9E4290B9-D0E4-4842-9DCF-DF38620489BB} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM - {EAC78F53-4829-46F4-858B-497D2E767FB7} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {9E4290B9-D0E4-4842-9DCF-DF38620489BB} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - {EAC78F53-4829-46F4-858B-497D2E767FB7} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - {0662EB16-9EE1-418A-A57C-B3AB0FF6663D} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=668083&p={searchTerms}
SearchScopes: HKCU - {9E4290B9-D0E4-4842-9DCF-DF38620489BB} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKCU - {EAC78F53-4829-46F4-858B-497D2E767FB7} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
BHO: Privacy Safeguard BHO - {1036AD63-AEAC-460B-9060-C96005D4DC86} - C:\Program Files\PrivacySafeGuard\PrivacySafeGuard-x64.dll (PrivaceySafeguard)
BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
DPF: HKLM-x32 {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h50203.www5.hp.com/CSMWeb/Cu...ataManager.CAB
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112

FireFox:
========
FF ProfilePath: C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\q6tbbkv9.default
FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", "");
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Monica\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Monica\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\Monica\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\q6tbbkv9.default\searchplugins\installl-converter-customized-web-search.xml
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\q6tbbkv9.default\Extensions\ascsurfingprotection@iobit.com [2013-03-13]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-03-29]
FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG2012\Firefox4
FF Extension: AVG Safe Search - C:\Program Files (x86)\AVG\AVG2012\Firefox4 [2012-08-06]

Chrome:
=======
CHR HomePage:
CHR DefaultSearchKeyword: yahoo.com
CHR DefaultSearchProvider: Yahoo!
CHR DefaultSearchURL: http://search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=668083&p={searchTerms}
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Google Talk Plugin) - C:\Users\Monica\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Monica\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\Monica\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Monica\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-29]
CHR Extension: (Skype Click to Call) - C:\Users\Monica\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-05-01]
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Monica\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd [2013-05-01]
CHR Extension: (Google Wallet) - C:\Users\Monica\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-15]
CHR HKLM\...\Chrome\Extension: [geggofhlfbcmanadhknllmlajiafopoh] - C:\Program Files\PrivacySafeGuard\pschrome_im-c1_1_0.crx [2012-04-06]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-04-09]
CHR HKLM-x32\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASC_GhromePlugin.crx [2013-03-13]

==================== Services (Whitelisted) =================

R2 AdvancedSystemCareService6; C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [528192 2013-02-25] (IObit)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [5175856 2013-10-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-05-19] (Hewlett-Packard Company) [File not signed]
R2 Live_Access; C:\Program Files (x86)\Orchid\LiveAccessService.exe [25824 2012-12-19] (CMJ Designs Inc.)
R2 MSSQL$CMJ; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.CMJ\MSSQL\Binn\sqlservr.exe [42884448 2010-04-03] (Microsoft Corporation)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S4 SQLAgent$CMJ; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.CMJ\MSSQL\Binn\SQLAGENT.EXE [367456 2010-04-03] (Microsoft Corporation)
R2 tor; C:\Program Files (x86)\Tor\tor.exe [3233806 2013-08-30] () [File not signed]
S2 DailyBibleGuideService; C:\PROGRA~2\DAILYB~2\bar\1.bin\2vbarsvc.exe [X]

==================== Drivers (Whitelisted) ====================

S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2012-07-03] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [36352 2012-07-03] (LG Electronics Inc.)
R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [127328 2012-12-10] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [307040 2012-11-08] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [384800 2013-04-11] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-07-02] (AVG Technologies)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [17720 2010-11-26] ()
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-05 06:04 - 2014-07-05 06:06 - 00021560 _____ () C:\Users\Monica\Desktop\FRST.txt
2014-07-05 06:04 - 2014-07-05 06:05 - 00000000 ____D () C:\FRST
2014-07-05 06:03 - 2014-07-05 06:03 - 02084352 _____ (Farbar) C:\Users\Monica\Desktop\FRST64.exe
2014-07-05 05:55 - 2014-07-05 05:56 - 00003349 _____ () C:\Users\Monica\Desktop\JRT.txt
2014-07-05 05:33 - 2014-07-05 05:33 - 00000000 ____D () C:\Windows\ERUNT
2014-07-05 05:31 - 2014-07-05 05:31 - 01016261 _____ (Thisisu) C:\Users\Monica\Desktop\JRT.exe
2014-07-04 12:40 - 2014-07-04 12:40 - 00059570 _____ () C:\Users\Monica\Desktop\AdwCleaner[S0].txt
2014-07-04 12:15 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-04 12:14 - 2014-07-04 12:18 - 00000000 ____D () C:\AdwCleaner
2014-07-04 12:12 - 2014-07-04 12:13 - 00001493 _____ () C:\Users\Monica\Desktop\AdwCleaner - Shortcut.lnk
2014-07-04 12:12 - 2014-07-04 12:12 - 01346519 _____ () C:\Users\Monica\Downloads\AdwCleaner.exe
2014-07-03 16:50 - 2014-07-03 16:29 - 00003092 _____ () C:\Users\Monica\Documents\attach.zip.zip
2014-07-03 16:30 - 2014-07-03 16:29 - 00003092 _____ () C:\Users\Monica\Documents\attach.zip
2014-07-03 16:29 - 2014-07-03 16:29 - 00003092 _____ () C:\Users\Monica\Desktop\attach.zip
2014-07-03 16:19 - 2014-07-03 16:19 - 00026505 _____ () C:\Users\Monica\Desktop\dds.txt
2014-07-03 16:19 - 2014-07-03 16:19 - 00007658 _____ () C:\Users\Monica\Desktop\attach.txt
2014-07-03 16:11 - 2014-07-03 16:11 - 00688992 ____R (Swearware) C:\Users\Monica\Downloads\dds.scr
2014-07-03 15:51 - 2014-07-03 15:51 - 00001162 _____ () C:\Users\Monica\Desktop\Live PC Help.lnk
2014-07-03 15:38 - 2014-07-03 15:41 - 00003230 _____ () C:\Windows\System32\Tasks\Erunt Backup
2014-07-03 15:10 - 2014-07-03 15:45 - 00000000 ____D () C:\Windows\ERDNT
2014-07-03 15:09 - 2014-07-03 15:09 - 00000928 _____ () C:\Users\Monica\Desktop\NTREGOPT.lnk
2014-07-03 15:09 - 2014-07-03 15:09 - 00000928 _____ () C:\Users\Guest\Desktop\NTREGOPT.lnk
2014-07-03 15:09 - 2014-07-03 15:09 - 00000909 _____ () C:\Users\Monica\Desktop\ERUNT.lnk
2014-07-03 15:09 - 2014-07-03 15:09 - 00000909 _____ () C:\Users\Guest\Desktop\ERUNT.lnk
2014-07-03 15:09 - 2014-07-03 15:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-07-03 15:09 - 2014-07-03 15:09 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-07-03 14:58 - 2014-07-03 14:58 - 00791393 _____ (Lars Hederer ) C:\Users\Monica\Downloads\erunt-setup.exe
2014-07-03 10:26 - 2014-07-03 10:26 - 04500592 _____ (Systweak Inc ) C:\Users\Monica\Downloads\rcpa_03070225468304048.exe
2014-07-03 01:55 - 2014-07-03 01:56 - 00985600 _____ () C:\Users\Monica\Downloads\MicrosoftFixit50123(1).msi
2014-07-02 13:12 - 2014-07-02 13:12 - 00000000 _____ () C:\Users\Monica\AppData\Local\{D85759F7-3B77-4D17-8ACC-81FC2125C2C1}
2014-07-02 09:42 - 2014-07-02 09:42 - 00003694 _____ () C:\Windows\System32\Tasks\Adobe online update program
2014-07-02 09:42 - 2014-07-02 09:42 - 00003676 _____ () C:\Windows\System32\Tasks\HP online update program
2014-07-02 09:22 - 2014-07-02 09:22 - 00000000 ____D () C:\Users\Monica\AppData\Roaming\AVG
2014-07-02 09:22 - 2014-07-02 09:22 - 00000000 ____D () C:\Users\Monica\AppData\Local\AVG
2014-07-02 09:22 - 2014-04-24 22:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-07-02 09:22 - 2014-04-04 22:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-07-02 09:22 - 2014-04-04 22:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-07-02 09:21 - 2014-04-24 22:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-07-02 09:21 - 2014-03-26 10:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-07-02 09:21 - 2014-03-26 10:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-07-02 09:21 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-07-02 09:21 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-07-02 09:21 - 2014-03-26 10:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-07-02 09:21 - 2014-03-26 10:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-07-02 09:21 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-07-02 09:21 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-07-02 09:20 - 2014-06-08 05:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-02 09:20 - 2014-06-08 05:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-02 09:19 - 2014-05-23 22:48 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-02 09:19 - 2014-05-23 22:47 - 01366016 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-02 09:19 - 2014-05-23 22:46 - 02650112 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-02 09:19 - 2014-05-23 22:46 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-02 09:19 - 2014-05-23 22:46 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-02 09:19 - 2014-05-23 22:46 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-02 09:19 - 2014-05-23 22:46 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-02 09:19 - 2014-05-23 22:46 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-02 09:19 - 2014-05-23 22:46 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-02 09:19 - 2014-05-23 22:46 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-02 09:19 - 2014-05-23 22:45 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-02 09:19 - 2014-05-23 22:45 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-02 09:19 - 2014-05-23 22:45 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-02 09:19 - 2014-05-23 21:26 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-02 09:19 - 2014-05-23 21:26 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-02 09:19 - 2014-05-23 21:26 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-02 09:19 - 2014-05-23 21:26 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-02 09:19 - 2014-05-23 21:25 - 13731328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-02 09:19 - 2014-05-23 21:25 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-02 09:19 - 2014-05-23 21:25 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-02 09:19 - 2014-05-23 21:25 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-02 09:19 - 2014-05-23 21:25 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-02 09:19 - 2014-05-23 21:25 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-02 09:19 - 2014-05-23 21:25 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-02 09:19 - 2014-05-23 21:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-02 09:19 - 2014-05-23 21:09 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-02 09:19 - 2014-05-23 21:03 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-02 09:18 - 2014-05-23 22:47 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-02 09:18 - 2014-05-23 22:46 - 19290112 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-02 09:18 - 2014-05-23 22:46 - 15368704 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-02 09:18 - 2014-05-23 22:46 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-02 09:18 - 2014-05-23 22:46 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-07-02 09:18 - 2014-05-23 22:46 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-02 09:18 - 2014-05-23 21:26 - 14365696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-02 09:18 - 2014-05-23 21:26 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-02 09:18 - 2014-05-23 21:25 - 02862080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-02 09:18 - 2014-05-23 21:25 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-07-02 09:18 - 2014-05-23 21:25 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-07-02 09:18 - 2014-05-23 21:25 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-02 09:18 - 2014-05-23 20:13 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-07-02 09:18 - 2014-05-23 20:06 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-07-02 09:11 - 2014-07-02 09:41 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-07-02 09:11 - 2014-07-02 09:24 - 00000000 ____D () C:\ProgramData\AVG
2014-07-02 08:59 - 2014-07-02 09:00 - 77105064 _____ (AVG) C:\Users\Monica\Downloads\avg_tuh_stf_all_2014_489_24c28(1).exe
2014-07-02 08:58 - 2014-07-02 08:59 - 77105064 _____ (AVG) C:\Users\Monica\Downloads\avg_tuh_stf_all_2014_489_24c28.exe
2014-07-02 08:53 - 2014-07-02 08:53 - 00000000 ____D () C:\Users\Monica\AppData\Roaming\TuneUp Software

==================== One Month Modified Files and Folders =======

2014-07-05 06:06 - 2014-07-05 06:04 - 00021560 _____ () C:\Users\Monica\Desktop\FRST.txt
2014-07-05 06:05 - 2014-07-05 06:04 - 00000000 ____D () C:\FRST
2014-07-05 06:03 - 2014-07-05 06:03 - 02084352 _____ (Farbar) C:\Users\Monica\Desktop\FRST64.exe
2014-07-05 05:59 - 2012-01-19 04:01 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-05 05:56 - 2014-07-05 05:55 - 00003349 _____ () C:\Users\Monica\Desktop\JRT.txt
2014-07-05 05:33 - 2014-07-05 05:33 - 00000000 ____D () C:\Windows\ERUNT
2014-07-05 05:31 - 2014-07-05 05:31 - 01016261 _____ (Thisisu) C:\Users\Monica\Desktop\JRT.exe
2014-07-05 05:18 - 2010-11-20 04:46 - 01527729 _____ () C:\Windows\WindowsUpdate.log
2014-07-05 05:17 - 2009-07-14 00:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-05 05:17 - 2009-07-14 00:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-05 05:13 - 2011-03-20 10:27 - 00000000 ____D () C:\Windows\system32\Drivers\AVG
2014-07-05 05:09 - 2012-01-19 04:01 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-05 05:08 - 2013-05-02 16:56 - 00028404 _____ () C:\Windows\setupact.log
2014-07-05 05:08 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-04 13:33 - 2013-11-26 04:01 - 00453972 _____ () C:\Windows\IE11_main.log
2014-07-04 12:40 - 2014-07-04 12:40 - 00059570 _____ () C:\Users\Monica\Desktop\AdwCleaner[S0].txt
2014-07-04 12:21 - 2013-05-02 16:56 - 00251384 _____ () C:\Windows\PFRO.log
2014-07-04 12:18 - 2014-07-04 12:14 - 00000000 ____D () C:\AdwCleaner
2014-07-04 12:13 - 2014-07-04 12:12 - 00001493 _____ () C:\Users\Monica\Desktop\AdwCleaner - Shortcut.lnk
2014-07-04 12:12 - 2014-07-04 12:12 - 01346519 _____ () C:\Users\Monica\Downloads\AdwCleaner.exe
2014-07-04 12:01 - 2010-07-11 00:08 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-07-04 11:58 - 2009-07-14 01:13 - 00006832 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-04 11:44 - 2014-03-29 20:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-03 16:29 - 2014-07-03 16:50 - 00003092 _____ () C:\Users\Monica\Documents\attach.zip.zip
2014-07-03 16:29 - 2014-07-03 16:30 - 00003092 _____ () C:\Users\Monica\Documents\attach.zip
2014-07-03 16:29 - 2014-07-03 16:29 - 00003092 _____ () C:\Users\Monica\Desktop\attach.zip
2014-07-03 16:19 - 2014-07-03 16:19 - 00026505 _____ () C:\Users\Monica\Desktop\dds.txt
2014-07-03 16:19 - 2014-07-03 16:19 - 00007658 _____ () C:\Users\Monica\Desktop\attach.txt
2014-07-03 16:11 - 2014-07-03 16:11 - 00688992 ____R (Swearware) C:\Users\Monica\Downloads\dds.scr
2014-07-03 15:51 - 2014-07-03 15:51 - 00001162 _____ () C:\Users\Monica\Desktop\Live PC Help.lnk
2014-07-03 15:45 - 2014-07-03 15:10 - 00000000 ____D () C:\Windows\ERDNT
2014-07-03 15:41 - 2014-07-03 15:38 - 00003230 _____ () C:\Windows\System32\Tasks\Erunt Backup
2014-07-03 15:09 - 2014-07-03 15:09 - 00000928 _____ () C:\Users\Monica\Desktop\NTREGOPT.lnk
2014-07-03 15:09 - 2014-07-03 15:09 - 00000928 _____ () C:\Users\Guest\Desktop\NTREGOPT.lnk
2014-07-03 15:09 - 2014-07-03 15:09 - 00000909 _____ () C:\Users\Monica\Desktop\ERUNT.lnk
2014-07-03 15:09 - 2014-07-03 15:09 - 00000909 _____ () C:\Users\Guest\Desktop\ERUNT.lnk
2014-07-03 15:09 - 2014-07-03 15:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-07-03 15:09 - 2014-07-03 15:09 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-07-03 14:58 - 2014-07-03 14:58 - 00791393 _____ (Lars Hederer ) C:\Users\Monica\Downloads\erunt-setup.exe
2014-07-03 12:00 - 2012-04-03 18:20 - 00000000 ____D () C:\Users\Monica\AppData\Roaming\SoftGrid Client
2014-07-03 11:35 - 2011-03-20 10:26 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-07-03 10:26 - 2014-07-03 10:26 - 04500592 _____ (Systweak Inc ) C:\Users\Monica\Downloads\rcpa_03070225468304048.exe
2014-07-03 01:56 - 2014-07-03 01:55 - 00985600 _____ () C:\Users\Monica\Downloads\MicrosoftFixit50123(1).msi
2014-07-03 01:45 - 2014-05-07 03:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-03 01:43 - 2013-08-15 03:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-03 01:39 - 2011-09-12 19:56 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-02 15:02 - 2013-01-08 06:28 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-02 13:37 - 2014-05-03 13:15 - 00003192 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForMonica
2014-07-02 13:37 - 2014-05-03 13:15 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleForMonica.job
2014-07-02 13:31 - 2011-03-21 10:53 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-07-02 13:30 - 2012-02-06 20:07 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-07-02 13:12 - 2014-07-02 13:12 - 00000000 _____ () C:\Users\Monica\AppData\Local\{D85759F7-3B77-4D17-8ACC-81FC2125C2C1}
2014-07-02 09:42 - 2014-07-02 09:42 - 00003694 _____ () C:\Windows\System32\Tasks\Adobe online update program
2014-07-02 09:42 - 2014-07-02 09:42 - 00003676 _____ () C:\Windows\System32\Tasks\HP online update program
2014-07-02 09:41 - 2014-07-02 09:11 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-07-02 09:41 - 2014-01-28 13:33 - 00000000 ____D () C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
2014-07-02 09:41 - 2011-03-20 10:15 - 00000000 ____D () C:\Users\Monica\AppData\Roaming\hpqLog
2014-07-02 09:24 - 2014-07-02 09:11 - 00000000 ____D () C:\ProgramData\AVG
2014-07-02 09:22 - 2014-07-02 09:22 - 00000000 ____D () C:\Users\Monica\AppData\Roaming\AVG
2014-07-02 09:22 - 2014-07-02 09:22 - 00000000 ____D () C:\Users\Monica\AppData\Local\AVG
2014-07-02 09:02 - 2012-09-30 04:03 - 00096768 ___SH () C:\Users\Monica\Thumbs.db
2014-07-02 09:00 - 2014-07-02 08:59 - 77105064 _____ (AVG) C:\Users\Monica\Downloads\avg_tuh_stf_all_2014_489_24c28(1).exe
2014-07-02 08:59 - 2014-07-02 08:58 - 77105064 _____ (AVG) C:\Users\Monica\Downloads\avg_tuh_stf_all_2014_489_24c28.exe
2014-07-02 08:55 - 2012-01-19 04:01 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-07-02 08:54 - 2012-01-19 04:01 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-07-02 08:53 - 2014-07-02 08:53 - 00000000 ____D () C:\Users\Monica\AppData\Roaming\TuneUp Software
2014-07-02 08:52 - 2013-06-26 13:43 - 00003728 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2014-07-02 08:36 - 2012-08-06 21:15 - 00050464 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2014-06-08 05:13 - 2014-07-02 09:20 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 05:08 - 2014-07-02 09:20 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

Some content of TEMP:
====================
C:\Users\Monica\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Monica\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Monica\AppData\Local\Temp\Quarantine.exe
C:\Users\Monica\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Monica\AppData\Local\Temp\SDShelEx-x64.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-05-29 22:32

==================== End Of Log ============================