Can A Malware that Keeps coming back be removed for good?

[gigglepot]

Hello, first time poster here, I keep getting the same malware (I think this is what it's called.....I'm such a newbie!) on my computer. Some of the stuff I've seen just pop up in my browser. I get these little green circles with a line through it, prompting me to click on it (I don't, I just hover and it tells me it's from SmartShopping.com). I get barowwsoe2Save, BestSaveForYou and CasaleMedia (I copied them down exactly as I saw them). I then ran Spybot and it detected the barowwsoe2Save and got rid of it. Then I went to my browser options and removed the BestSaveForYou extension. All seems well!

Except the problem is, every week it all comes back again. I've kept the kids off the internet for a week to see if perhaps they are the ones that keep installing this stuff, but no. Every Tuesday I see the same things come up. Then I remove them all, all is well for a week, and then the cycle continues. What am I doing wrong? Is it possible that these things are set up to repeat every week? Or is that just crazy? It's just too much of a coincidence.

Would it help to just uninstall Firefox and reinstall it? Would that make all of this go away? I've been using Spybot for years and never once needed to even go on the forums (thankfully )), so I'm not sure where to start really. Should I contact Firefox?

Thank you for reading,
Gigglepot

--------------------------------------

Admin Edit- Forum FAQ, for all users surfing in here:
"BEFORE You POST"(Please read this Procedure Before Requesting Assistance"
http://forums.spybot.info/showthread.php?t=288

 

[OCD]

Hi gigglepot,

My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

• I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
• The fixes are specific to your problem and should only be used for the issues on this machine.
• Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
• It's often worth reading through these instructions and printing them for ease of reference.
• If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
• Please reply to this thread. Do not start a new topic.
• Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Please stay with this topic until I let you know that your system appears to be "All Clear"

Important: All tools MUST be run from the Desktop.

=========================

Security Check

Download Security Check by screen317 from here or here.

• Save it to your Desktop.
  • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=========================

aswMBR

Download aswMBR.exe and save it to your desktop.

• • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
• When asked if you want to download Avast's virus definitions please select Yes.
• Click Scan
• Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
• You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

=========================

Download Farbar Recovery Scan Tool and save to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click and select "Run as Administrator" to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply

=========================

In your next post please provide the following:

• checkup.txt
• aswMBR.txt
• attach MBR.zip
• FRST.txt
• Addition.txt

 

[gigglepot]

Hi OCD,
Thank you for responding to my request! I just wanted to ask one thing before I proceed with all your steps below......is it ok to follow your steps AFTER I've already deleted the extension in Firefox and have already run a Spybot scan, which seems to have fixed everything for now? Or should I wait until next Tuesday (the day this seems to occur again) when it will probably all come back again?

 

[OCD]

Hi gigglepot,

Yes, it is alright to run these scans now. Although you did remove the FF extension, there are other parts of this infection on your computer that are probably not removed by just merely removing the extension causing the issue to reappear.

 

[gigglepot]

Here is the checkup.txt file:

Results of screen317's Security Check version 0.99.83
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
JavaFX 2.1.1
Java 7 Update 55
Adobe Flash Player 13.0.0.214
Adobe Reader 10.1.10 Adobe Reader out of Date!
Mozilla Firefox (29.0.1)
Google Chrome 34.0.1847.116
Google Chrome 34.0.1847.131
Google Chrome plugins...
````````Process Check: objlist.exe by Laurent````````
Spybot Teatimer.exe is disabled!
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

 

[gigglepot]

Hello, I'm running the aswMBR scan now.....how do I know when it is complete? The time on the left stopped moving (about 17 minutes in) but the "Scan" button is not highlighted yet so I didn't know when I should hit Save Log. Should it say "scan complete" or something like that?

 

[OCD]

Hi gigglepot,

I'm running the aswMBR scan now.....how do I know when it is complete? The time on the left stopped moving (about 17 minutes in) but the "Scan" button is not highlighted yet so I didn't know when I should hit Save Log. Should it say "scan complete" or something like that?

Please let the scan run, it may take awhile. If the scan button is grayed out it is still scanning. At the bottom of the interface window it will state "Scan Finished Successfully" when it is done. If it seems to have gotten hung up, click the Save Log button and post the log it provides. If it should be incomplete, we can run a different scanner to get the complete results.

Then just continue with the remainder of the steps.

 

[gigglepot]

Here is the aswMBR.txt. Just to let you know, the "Scan" button never did come back, it stayed greyed out, but because it said "Scan finished successfully", I hit Save Log and posted the results. Hope I did it right!

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-06-05 07:17:17
-----------------------------
07:17:17.305 OS Version: Windows x64 6.1.7601 Service Pack 1
07:17:17.305 Number of processors: 2 586 0x603
07:17:17.308 ComputerName: OWNER-HP UserName: Owner
07:17:21.219 Initialize success
07:17:24.997 AVAST engine defs: 14060500
07:18:01.716 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005a
07:18:01.732 Disk 0 Vendor: Hitachi_ JP3O Size: 715404MB BusType: 11
07:18:01.825 Disk 0 MBR read successfully
07:18:01.825 Disk 0 MBR scan
07:18:01.841 Disk 0 unknown MBR code
07:18:01.841 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
07:18:01.856 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 702969 MB offset 206848
07:18:01.903 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12333 MB offset 1439887360
07:18:01.950 Disk 0 scanning C:\Windows\system32\drivers
07:18:10.655 Service scanning
07:18:30.749 Modules scanning
07:18:30.749 Disk 0 trace - called modules:
07:18:30.780 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
07:18:30.780 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80031e4060]
07:18:30.795 3 CLASSPNP.SYS[fffff8800194343f] -> nt!IofCallDriver -> [0xfffffa8003186040]
07:18:30.795 5 amd_xata.sys[fffff8800109a8b4] -> nt!IofCallDriver -> \Device\0000005a[0xfffffa8002d13820]
07:18:32.730 AVAST engine scan C:\Windows
07:18:37.004 AVAST engine scan C:\Windows\system32
07:21:20.838 AVAST engine scan C:\Windows\system32\drivers
07:21:33.006 AVAST engine scan C:\Users\Owner
08:32:21.654 AVAST engine scan C:\ProgramData
08:35:32.179 Scan finished successfully
09:38:50.943 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
09:38:50.943 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"

 

[gigglepot]

Here is the MBR.zip file. Please let me know if I didn't do this correctly.

 

[gigglepot]

Here is the FRST.txt file.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014
Ran by Owner (administrator) on OWNER-HP on 05-06-2014 09:48:42
Running from C:\Users\Owner\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Saitek) C:\Program Files\SmartTechnology\Software\ProfilerU.exe
(Saitek) C:\Program Files\SmartTechnology\Software\SaiMfd.exe
(Akamai Technologies, Inc.) C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
(Pelmorex Media Inc.) C:\Users\Owner\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe
(Oberon Media ) C:\Program Files (x86)\GamesBar\update\SearchEngineProtection.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe
(PowerISO Computing, Inc.) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Discordia, LTD) C:\Program Files (x86)\Shareaza Applications\MediaBar\Datamngr\datamngrUI.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(AVAST Software) C:\Users\Owner\Desktop\aswMBR.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ProfilerU] => C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2013-04-16] (Saitek)
HKLM\...\Run: [SaiMfd] => C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2013-04-16] (Saitek)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-05-06] (PDF Complete Inc)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [180224 2010-04-12] (PowerISO Computing, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DATAMNGR] => C:\Program Files (x86)\Shareaza Applications\MediaBar\Datamngr\datamngrUI.exe [1693120 2012-03-14] (Discordia, LTD)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-27] (Microsoft Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [380088 2012-07-27] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-14] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3888648 2014-05-23] (AVAST Software)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKU\S-1-5-21-179166284-1700762968-3849658672-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-179166284-1700762968-3849658672-1000\...\Run: [WeatherEye] => C:\Users\Owner\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe [309104 2010-09-21] (Pelmorex Media Inc.)
HKU\S-1-5-21-179166284-1700762968-3849658672-1000\...\Run: [SearchEngineProtection] => C:\Program Files (x86)\GamesBar\update\SearchEngineProtection.exe [620480 2013-02-17] (Oberon Media )
HKU\S-1-5-21-179166284-1700762968-3849658672-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564992 2014-02-14] (Samsung)
HKU\S-1-5-21-179166284-1700762968-3849658672-1000\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-07-17] (Samsung Electronics)
HKU\S-1-5-21-179166284-1700762968-3849658672-1000\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-02-14] (Samsung)
HKU\S-1-5-21-179166284-1700762968-3849658672-1000\...\Run: [TBHostSupport] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Owner\AppData\Local\TBHostSupport\TBHostSupport.dll",DLLRunTBHostSupportPlugin <===== ATTENTION
HKU\S-1-5-21-179166284-1700762968-3849658672-1000\...\MountPoints2: F - F:\DisneySplash.exe
HKU\S-1-5-21-179166284-1700762968-3849658672-1000\...\MountPoints2: {8eb2cc2f-4e99-11e0-8f4f-806e6f6e6963} - E:\Launcher.exe
AppInit_DLLs: C:\PROGRA~2\SHAREA~1\MediaBar\Datamngr\x64\datamngr.dll => C:\Program Files (x86)\Shareaza Applications\MediaBar\Datamngr\x64\datamngr.dll [1778584 2012-03-14] (Discordia, LTD)
AppInit_DLLs: C:\PROGRA~2\SHAREA~1\MediaBar\Datamngr\x64\IEBHO.dll => C:\Program Files (x86)\Shareaza Applications\MediaBar\Datamngr\x64\IEBHO.dll [1791384 2012-03-14] (Discordia, LTD)
AppInit_DLLs: C:\PROGRA~2\SW-BOO~1\ASSIST~2.DLL => C:\Program Files (x86)\SW-Booster\Assistant_x64.dll [4210176 2014-05-12] ()
AppInit_DLLs-x32: c:\progra~2\sharea~1\mediabar\datamngr\datamngr.dll => C:\Program Files (x86)\Shareaza Applications\MediaBar\Datamngr\datamngr.dll [1234880 2012-03-14] (Discordia, LTD)
AppInit_DLLs-x32: c:\progra~2\sharea~1\mediabar\datamngr\iebho.dll => C:\Program Files (x86)\Shareaza Applications\MediaBar\Datamngr\IEBHO.dll [1233816 2012-03-14] (Discordia, LTD)
AppInit_DLLs-x32: ,c:\progra~2\citrix\icacli~1\rshook.dll => C:\Program Files (x86)\Citrix\ICA Client\RSHook.dll [257208 2012-07-27] (Citrix Systems, Inc.)
AppInit_DLLs-x32: c:\progra~2\sw-boo~1\assist~1.dll => "c:\progra~2\sw-boo~1\assist~1.dll" File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe (Leader Technologies)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe (Leader Technologies)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ca.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://ca.yahoo.com?fr=hp-avast&type=avastbcl
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB1FF8B4D93E0CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://ca.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://ca.yahoo.com?fr=hp-avast&type=avastbcl
URLSearchHook: HKLM-x32 - (No Name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
URLSearchHook: HKLM-x32 - (No Name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No File
URLSearchHook: HKCU - (No Name) - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=110&systemid=102&apn_dtid=BND102&apn_ptnrs=AG7&o=APN10646&apn_uid=0225276324554132&q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchTerms}&l=dis&o=CPDTDF
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=110&systemid=102&apn_dtid=BND102&apn_ptnrs=AG7&o=APN10646&apn_uid=0225276324554132&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD23} URL = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=3&sr=0&q={searchTerms}
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/706-111074-26712-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKLM-x32 - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = http://ca.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchTerms}&l=dis&o=CPDTDF
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=110&systemid=102&apn_dtid=BND102&apn_ptnrs=AG7&o=APN10646&apn_uid=0225276324554132&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD23} URL = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=3&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = http://ca.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF
SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.eazytosearch.info/?l=1&q={searchTerms}&pid=724&r=2014/05/12&hid=17791081079239329585&lg=EN&cc=CA
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/706-111074-26712-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKCU - DefaultScope {EC1B0DA3-6867-45AE-80BB-F8666CF8B271} URL = http://www.metacrawler.com/search/web?q={searchTerms}
SearchScopes: HKCU - {190EAB21-2083-42D6-83C7-DDE3C907E5C7} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}
SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = http://ca.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
SearchScopes: HKCU - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL =
SearchScopes: HKCU - {EC1B0DA3-6867-45AE-80BB-F8666CF8B271} URL = http://www.metacrawler.com/search/web?q={searchTerms}
BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - No File
BHO-x32: No Name - {0EEDB912-C5FA-486F-8334-57288578C627} - No File
BHO-x32: No Name - {11111111-1111-1111-1111-110011441193} - No File
BHO-x32: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: ExsttraSSaevinags - {2C236565-050C-9586-76E0-621F60838C79} - C:\ProgramData\ExsttraSSaevinags\1qC.dll ()
BHO-x32: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: No Name - {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - No File
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No File
BHO-x32: No Name - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
BHO-x32: No Name - {d48c9ead-f59f-4dea-ac97-7065fea79f42} - No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - No Name - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
Toolbar: HKLM-x32 - Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - No Name - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No File
Toolbar: HKLM-x32 - No Name - {A531D99C-5A22-449b-83DA-872725C6D0ED} - No File
Toolbar: HKLM-x32 - No Name - {d48c9ead-f59f-4dea-ac97-7065fea79f42} - No File
Toolbar: HKLM-x32 - No Name - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - No File
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - No Name - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
DPF: HKLM-x32 {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Plants%20vs.%20Zombies/Images/stg_drm.ocx
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://www.photolab.ca/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: HKLM-x32 {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/Plants%20vs.%20Zombies/Images/armhelper.ocx
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mwu17sic.default
FF NewTab: www.kijiji.ca
FF DefaultSearchEngine: Yahoo!
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "WebSearch");: user_pref("browser.search.order.1,S", "WebSearch");
FF SelectedSearchEngine: Yahoo!
FF Homepage: hxxp://calgary.kijiji.ca/
FF Keyword.URL: hxxp://ca.yhs4.search.yahoo.com/yhs/search
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Citrix.com/npican - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @nsroblox.roblox.com/launcher - C:\Users\Owner\AppData\Local\Roblox\Versions\version-e4be089b108348a6\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mwu17sic.default\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mwu17sic.default\searchplugins\metacrawler-search.xml
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mwu17sic.default\searchplugins\metacrawler.xml
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mwu17sic.default\searchplugins\yahoo-avast.xml
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mwu17sic.default\searchplugins\yahoo_ff.xml
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-05-15]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-05-15]

Chrome:
=======
CHR HomePage: https://ca.yahoo.com?fr=hp-avast&type=avastbcl
CHR RestoreOnStartup: "https://ca.yahoo.com?fr=hp-avast&type=avastbcl"
CHR StartupUrls: "https://ca.yahoo.com?fr=hp-avast&type=avastbcl"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Citrix ICA Client) - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR Plugin: (Windows Live? Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Roblox Launcher Plugin) - C:\Users\Owner\AppData\Local\Roblox\Versions\version-1a23fdbca04d4954\\NPRobloxProxy.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-06-29]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-16]
CHR Extension: (save neT) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\enekehjgaaanjlpmlbcipoigpncjejlp [2014-05-12]
CHR Extension: (MixiDJ V45) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\iehjklkgijkjfcfmmjmjlmcccholamaf [2013-08-13]
CHR Extension: (RobOSaveer) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmamejgjjfphnlodkkomcaicecpcdhm [2014-05-19]
CHR Extension: (NNextCoUp) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\llenmfobpkcbohomijckfhhehblnlilb [2014-05-22]
CHR Extension: (DealExpreesSe) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmeaffalpajefneffnmeajimmaidnfic [2014-05-25]
CHR Extension: (BuestSaveForYOu) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhlgfbhpfpbbbkdiggmpoddgpmolpkck [2014-06-02]
CHR Extension: (Ghostery) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-05-12]
CHR Extension: (SeaRuCH-uNEowTab) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmnofnnhckfmeelmncbocoabcggefgoh [2014-05-12]
CHR Extension: (save neT) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmebbfaopbbaeefhbhgfgdcganoifhje [2014-05-15]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-23]
CHR Extension: (save nEiT) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\olmcifmckodjahofoaagljdikbbfbmpp [2014-05-12]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-06-29]
CHR HKCU\...\Chrome\Extension: [iehjklkgijkjfcfmmjmjlmcccholamaf] - C:\Users\Owner\AppData\Local\CRE\iehjklkgijkjfcfmmjmjlmcccholamaf.crx [2013-08-07]
CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx [2013-08-07]
CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\ErrorAssistant_1.2.crx [2013-08-07]
CHR HKLM-x32\...\Chrome\Extension: [iehjklkgijkjfcfmmjmjlmcccholamaf] - C:\Users\Owner\AppData\Local\CRE\iehjklkgijkjfcfmmjmjlmcccholamaf.crx [2013-08-07]
CHR HKLM-x32\...\Chrome\Extension: [pbkdpahkifcigckmhiafindmaflfifgm] - C:\Users\Owner\AppData\Local\Coupon Companion\Chrome\Coupon Companion.crx [2013-08-07]
CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx [2013-08-07]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-23] (AVAST Software)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-27] (Microsoft Corp.)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-03-16] (WildTangent)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-05-06] (PDF Complete Inc)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [974016 2014-03-02] ()
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]

==================== Drivers (Whitelisted) ====================

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-04-23] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-23] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-23] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-23] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-04-23] ()
S3 SaiH0464; C:\Windows\System32\DRIVERS\SaiH0464.sys [178432 2008-03-31] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-30] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)
U3 aswMBR; \??\C:\Users\Owner\AppData\Local\Temp\aswMBR.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-05 09:48 - 2014-06-05 09:49 - 00036551 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-06-05 09:48 - 2014-06-05 09:48 - 00000000 ____D () C:\FRST
2014-06-05 09:47 - 2014-06-05 09:47 - 02068992 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2014-06-05 09:41 - 2014-06-05 09:41 - 00000526 _____ () C:\Users\Owner\Desktop\MBR.zip
2014-06-05 09:38 - 2014-06-05 09:38 - 00001988 _____ () C:\Users\Owner\Desktop\aswMBR.txt
2014-06-05 09:38 - 2014-06-05 09:38 - 00000512 _____ () C:\Users\Owner\Desktop\MBR.dat
2014-06-05 07:31 - 2014-06-05 07:31 - 00000000 ____D () C:\Users\Owner\AppData\Local\{CE4BE556-A269-4B46-B2A0-BF8D5B0DD392}
2014-06-05 07:16 - 2014-06-05 07:17 - 04745728 _____ (AVAST Software) C:\Users\Owner\Desktop\aswMBR.exe
2014-06-05 06:50 - 2014-06-05 06:50 - 00854367 _____ () C:\Users\Owner\Desktop\SecurityCheck.exe
2014-06-04 19:30 - 2014-06-04 19:30 - 00000000 ____D () C:\Users\Owner\AppData\Local\{C40631FE-151A-4518-8AD2-3913078B88E4}
2014-06-04 07:30 - 2014-06-04 07:30 - 00000000 ____D () C:\Users\Owner\AppData\Local\{2B5A88CC-9725-498E-90F5-2D2EB34CA220}
2014-06-04 05:47 - 2014-06-04 05:47 - 00000000 ____D () C:\Program Files (x86)\DowwnnSave
2014-06-03 19:28 - 2014-06-03 19:29 - 00000000 ____D () C:\Users\Owner\AppData\Local\{29CF0931-C75A-4839-9CA4-56BFFE6556D9}
2014-06-03 07:28 - 2014-06-03 07:28 - 00000000 ____D () C:\Users\Owner\AppData\Local\{604AB371-F7BD-4901-A66B-1AF810A85907}
2014-06-02 19:26 - 2014-06-02 19:27 - 00000000 ____D () C:\Users\Owner\AppData\Local\{3EE7FAEA-2474-4165-BD97-42661D3CA557}
2014-06-02 15:34 - 2014-06-05 06:38 - 00000000 ____D () C:\ProgramData\DowwnnSave
2014-06-02 07:25 - 2014-06-02 07:26 - 00000000 ____D () C:\Users\Owner\AppData\Local\{D1607A7F-0113-4467-976A-8A1AC4E9DD3B}
2014-06-01 19:24 - 2014-06-01 19:24 - 00000000 ____D () C:\Users\Owner\AppData\Local\{1C3DF919-F2B8-4E13-A821-A882F978CEC3}
2014-06-01 07:24 - 2014-06-01 07:24 - 00000000 ____D () C:\Users\Owner\AppData\Local\{AED18456-BE67-458D-93CB-46F35D81AA4C}
2014-05-31 19:09 - 2014-05-31 19:09 - 00000000 ____D () C:\Users\Owner\AppData\Local\{9D79D805-C73B-4F34-A6C2-ABABC6E5B642}
2014-05-31 07:09 - 2014-05-31 07:09 - 00000000 ____D () C:\Users\Owner\AppData\Local\{20306CD0-446B-411D-A959-1EA045D81C90}
2014-05-30 18:26 - 2014-05-30 18:26 - 00000000 ____D () C:\Users\Owner\AppData\Local\{68117BCC-A943-46E0-8069-7FDF5D175892}
2014-05-30 06:25 - 2014-05-30 06:26 - 00000000 ____D () C:\Users\Owner\AppData\Local\{466C8583-F82A-4F11-AF2E-5B22AD9F4573}
2014-05-29 18:19 - 2014-05-29 18:19 - 00000000 ____D () C:\Users\Owner\AppData\Local\{2C5CCA4D-18BC-4FFB-A6EF-054B88A99ED0}
2014-05-29 06:19 - 2014-05-29 06:19 - 00000000 ____D () C:\Users\Owner\AppData\Local\{11C136DC-26FF-45D3-900F-9635ADFC664D}
2014-05-28 10:18 - 2014-05-28 10:18 - 00000000 ____D () C:\Users\Owner\AppData\Local\{FF584924-6D5E-4A65-9610-BE980FF899BC}
2014-05-27 22:17 - 2014-05-27 22:17 - 00000000 ____D () C:\Users\Owner\AppData\Local\{49487722-3423-4531-853B-2BEB4B947E88}
2014-05-27 10:17 - 2014-05-27 10:17 - 00000000 ____D () C:\Users\Owner\AppData\Local\{E636AAC6-6DB0-4BCE-983D-18896D512C0F}
2014-05-27 06:30 - 2014-05-27 06:30 - 00000000 ____D () C:\Program Files (x86)\AlllCheapPriceo
2014-05-26 22:15 - 2014-05-26 22:16 - 00000000 ____D () C:\Users\Owner\AppData\Local\{F614D58E-DEE8-4744-AF3D-6C80AD404E2F}
2014-05-26 10:15 - 2014-05-26 10:15 - 00000000 ____D () C:\Users\Owner\AppData\Local\{00528024-D568-4FBE-9A42-7603CFA7B964}
2014-05-25 22:14 - 2014-05-25 22:14 - 00000000 ____D () C:\Users\Owner\AppData\Local\{033192FA-06D2-4C65-B9B9-464B619F57FA}
2014-05-25 20:34 - 2014-05-27 07:09 - 00000000 ____D () C:\ProgramData\AlllCheapPriceo
2014-05-25 20:34 - 2014-05-25 20:34 - 00000000 ____D () C:\Users\Owner\AppData\Local\Packages
2014-05-25 10:13 - 2014-05-25 10:13 - 00000000 ____D () C:\Users\Owner\AppData\Local\{24ECC140-1B93-42FB-B90F-138A987A6510}
2014-05-24 22:12 - 2014-05-24 22:12 - 00000000 ____D () C:\Users\Owner\AppData\Local\{3D3D4CE4-D0E2-4B0F-982E-9BAE798B09F7}
2014-05-24 10:12 - 2014-05-24 10:12 - 00000000 ____D () C:\Users\Owner\AppData\Local\{95180C63-5AB3-4C33-A5A5-B4825658850E}
2014-05-23 22:10 - 2014-05-23 22:11 - 00000000 ____D () C:\Users\Owner\AppData\Local\{2AC94C97-C269-4D12-B7A9-94E3DD1F2E0D}
2014-05-23 10:08 - 2014-05-23 10:09 - 00000000 ____D () C:\Users\Owner\AppData\Local\{CBAF96A7-23B5-47DE-931C-8A167E6F43D5}
2014-05-22 22:08 - 2014-05-22 22:08 - 00000000 ____D () C:\Users\Owner\AppData\Local\{06F2177B-C1F2-43D6-BA0B-19953DCE521C}
2014-05-22 10:08 - 2014-05-22 10:08 - 00000000 ____D () C:\Users\Owner\AppData\Local\{86A85726-B26D-4F8A-A3ED-E0050F478F82}
2014-05-22 06:40 - 2014-05-22 06:47 - 00000000 ____D () C:\ProgramData\NNextCoUp
2014-05-22 06:40 - 2014-05-22 06:40 - 02116320 _____ (their database support use requirements) C:\Windows\SysWOW64\setup.exe
2014-05-22 06:40 - 2014-05-22 06:40 - 00000000 ____D () C:\Program Files (x86)\NNextCoUp
2014-05-21 21:08 - 2014-05-21 21:09 - 00000000 ____D () C:\Users\Owner\AppData\Local\{1317234D-FDC9-4213-87CE-5759602D9B2D}
2014-05-21 09:08 - 2014-05-21 09:08 - 00000000 ____D () C:\Users\Owner\AppData\Local\{49300874-9A7E-4A27-A679-C2ED06036B19}
2014-05-20 21:07 - 2014-05-20 21:07 - 00000000 ____D () C:\Users\Owner\AppData\Local\{06C903EE-65AD-4FF9-AF4F-81D53CD84A60}
2014-05-20 09:06 - 2014-05-20 09:07 - 00000000 ____D () C:\Users\Owner\AppData\Local\{4ABE8DD2-E557-4C65-9B50-0BB27C593F9C}
2014-05-19 21:05 - 2014-05-19 21:05 - 00000000 ____D () C:\Users\Owner\AppData\Local\{A175EE99-9B6C-457A-B971-9E455076AC94}
2014-05-19 09:34 - 2014-05-19 09:34 - 00000000 ____D () C:\ProgramData\ExsttraSSaevinags
2014-05-19 09:04 - 2014-05-19 09:04 - 00000000 ____D () C:\Users\Owner\AppData\Local\{C283611C-4599-460A-B945-0BA443120110}
2014-05-18 21:03 - 2014-05-18 21:03 - 00000000 ____D () C:\Users\Owner\AppData\Local\{75F24BEB-34ED-481F-9505-48A67581FC7E}
2014-05-18 09:03 - 2014-05-18 09:03 - 00000000 ____D () C:\Users\Owner\AppData\Local\{91FA3E2F-DAF3-4677-BFDD-26CE80B99A61}
2014-05-17 21:01 - 2014-05-17 21:02 - 00000000 ____D () C:\Users\Owner\AppData\Local\{E92B2B6A-CBD1-4948-9247-ACD9C9A3E4B2}
2014-05-17 09:01 - 2014-05-17 09:01 - 00000000 ____D () C:\Users\Owner\AppData\Local\{E6848EF9-39D0-4D93-837C-50A431189EE4}
2014-05-16 21:01 - 2014-05-16 21:01 - 00000000 ____D () C:\Users\Owner\AppData\Local\{60338534-BDD6-466B-88CE-EBF7DD9482A4}
2014-05-16 09:00 - 2014-05-16 09:00 - 00000000 ____D () C:\Users\Owner\AppData\Local\{AFD1BB76-ED2B-4FEB-BF74-567D4DAA94A0}
2014-05-15 22:17 - 2014-05-05 18:46 - 17847808 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 22:17 - 2014-05-05 18:21 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 22:17 - 2014-05-05 18:21 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 22:17 - 2014-05-05 17:32 - 12347392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 22:17 - 2014-05-05 17:14 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 22:17 - 2014-05-05 17:14 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 20:58 - 2014-05-15 20:59 - 00000000 ____D () C:\Users\Owner\AppData\Local\{8D511BB9-9E9F-4AFA-9A58-6A7EA8EDA252}
2014-05-15 08:57 - 2014-05-15 08:58 - 00000000 ____D () C:\Users\Owner\AppData\Local\{D56D26A9-5717-4CAD-8EB0-5516A9148322}
2014-05-15 07:15 - 2014-05-09 00:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-15 07:15 - 2014-05-09 00:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-15 07:15 - 2014-03-24 20:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 07:15 - 2014-03-24 20:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-15 07:06 - 2014-04-11 20:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 07:06 - 2014-04-11 20:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 07:06 - 2014-04-11 20:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 07:06 - 2014-04-11 20:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 07:06 - 2014-04-11 20:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 07:06 - 2014-04-11 20:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 07:06 - 2014-04-11 20:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-15 07:06 - 2014-04-11 20:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-15 07:06 - 2014-04-11 20:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-15 07:06 - 2014-03-04 03:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 07:06 - 2014-03-04 03:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 07:06 - 2014-03-04 03:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 07:06 - 2014-03-04 03:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 07:06 - 2014-03-04 03:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 07:06 - 2014-03-04 03:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 07:06 - 2014-03-04 03:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 07:06 - 2014-03-04 03:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 07:06 - 2014-03-04 03:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-15 07:06 - 2014-03-04 03:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 07:06 - 2014-03-04 03:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-15 07:06 - 2014-03-04 03:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-15 07:06 - 2014-03-04 03:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-15 07:06 - 2014-03-04 03:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-15 07:06 - 2014-03-04 03:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 07:06 - 2014-03-04 03:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-15 07:06 - 2014-03-04 03:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-15 07:06 - 2014-03-04 03:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-15 07:06 - 2014-03-04 03:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-15 07:06 - 2014-03-04 03:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-15 07:06 - 2014-03-04 03:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-15 07:06 - 2014-03-04 03:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-15 07:06 - 2014-03-04 03:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-15 07:06 - 2014-03-04 03:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-15 07:06 - 2014-03-04 03:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-15 07:06 - 2014-03-04 03:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-15 07:06 - 2014-03-04 03:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-15 07:06 - 2014-03-04 03:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-15 07:06 - 2014-03-04 03:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-15 07:06 - 2014-03-04 03:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-15 07:06 - 2014-03-04 03:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-15 07:06 - 2014-03-04 03:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-15 07:00 - 2014-05-15 10:44 - 00000000 ____D () C:\Program Files\KMSpico
2014-05-15 07:00 - 2014-05-15 10:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2014-05-15 06:50 - 2014-05-22 06:41 - 00000000 ____D () C:\ProgramData\save neT
2014-05-15 06:50 - 2014-05-15 06:50 - 00000000 ____D () C:\Program Files (x86)\save neT
2014-05-15 06:42 - 2014-05-15 06:42 - 00000000 ____D () C:\ProgramData\saave net
2014-05-15 06:42 - 2014-05-15 06:42 - 00000000 ____D () C:\Program Files (x86)\saave net
2014-05-14 20:56 - 2014-05-14 20:56 - 00000000 ____D () C:\Users\Owner\AppData\Local\{94334CB5-5697-4C66-B936-B5A00A623129}
2014-05-14 08:55 - 2014-05-14 08:55 - 00000000 ____D () C:\Users\Owner\AppData\Local\{463C2A97-F156-4716-ADF2-F3C7CE673233}
2014-05-13 20:55 - 2014-05-13 20:55 - 00000000 ____D () C:\Users\Owner\AppData\Local\{DE1E6D13-0D11-4D72-8331-DF365C6EA668}
2014-05-13 08:54 - 2014-05-13 08:55 - 00000000 ____D () C:\Users\Owner\AppData\Local\{64AD5AC0-DC7C-4E64-9037-0CA6ECA6F1F6}
2014-05-12 20:53 - 2014-05-12 20:53 - 00000000 ____D () C:\Users\Owner\AppData\Local\{F85EA4EA-0331-4F9B-8BA8-406FF4201D81}
2014-05-12 12:16 - 2014-05-12 12:16 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\EZDownloader
2014-05-12 12:15 - 2014-05-15 06:28 - 00000000 ____D () C:\ProgramData\SeaRuCH-uNEowTab
2014-05-12 12:15 - 2014-05-12 12:15 - 00000000 ____D () C:\Program Files (x86)\SeaRuCH-uNEowTab
2014-05-12 12:13 - 2014-05-12 12:13 - 00000000 ____D () C:\ProgramData\saavee onett
2014-05-12 12:13 - 2014-05-12 12:13 - 00000000 ____D () C:\Program Files (x86)\saavee onett
2014-05-12 12:07 - 2014-05-12 12:07 - 00000000 ____D () C:\ProgramData\ItsMyApp
2014-05-12 12:06 - 2014-05-31 14:03 - 00000000 ____D () C:\Program Files (x86)\SW-Booster
2014-05-12 12:04 - 2014-05-22 10:48 - 00000000 ____D () C:\ProgramData\YoutubeAdblocker
2014-05-12 12:04 - 2014-05-14 06:33 - 00000000 ____D () C:\ProgramData\SAve net
2014-05-12 12:04 - 2014-05-12 12:04 - 00000000 ____D () C:\Program Files (x86)\YoutubeAdblocker
2014-05-12 12:04 - 2014-05-12 12:04 - 00000000 ____D () C:\Program Files (x86)\SAve net
2014-05-12 12:03 - 2014-06-04 05:47 - 00000000 ____D () C:\ProgramData\e13406c655b61ee0
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Owner\AppData\Local\Torch
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Owner\AppData\Local\Comodo
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Owner\AppData\Local\Chromatic Browser
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Guest
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Administrator
2014-05-12 12:01 - 2014-05-15 06:53 - 00000000 ____D () C:\ProgramData\InstallMate
2014-05-12 08:52 - 2014-05-12 08:52 - 00000000 ____D () C:\Users\Owner\AppData\Local\{7BB7E929-4BCE-4E18-B276-E67CA6EF034E}
2014-05-11 20:50 - 2014-05-11 20:51 - 00000000 ____D () C:\Users\Owner\AppData\Local\{1604A5B1-FD4F-486F-B347-C02083A8F075}
2014-05-11 08:50 - 2014-05-11 08:50 - 00000000 ____D () C:\Users\Owner\AppData\Local\{17DED07C-3454-47F0-8771-38C3DD9FD37C}
2014-05-10 20:50 - 2014-05-10 20:50 - 00000000 ____D () C:\Users\Owner\AppData\Local\{0A3770AA-82C7-41CD-B738-19C715022F10}
2014-05-10 09:59 - 2014-05-10 09:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-10 08:49 - 2014-05-10 08:49 - 00000000 ____D () C:\Users\Owner\AppData\Local\{341FE5A2-B22E-441E-BAEE-E317F66C0BAD}
2014-05-09 20:49 - 2014-05-09 20:49 - 00000000 ____D () C:\Users\Owner\AppData\Local\{9B39FF85-C47D-4EC3-98D6-A3BD01E4A7A5}
2014-05-09 08:48 - 2014-05-09 08:49 - 00000000 ____D () C:\Users\Owner\AppData\Local\{56141157-A8C2-4264-8AFF-E8232915E7FA}
2014-05-08 20:48 - 2014-05-08 20:48 - 00000000 ____D () C:\Users\Owner\AppData\Local\{646E5B60-DD6C-4C26-94A3-0893CAE2FDE7}
2014-05-08 08:47 - 2014-05-08 08:48 - 00000000 ____D () C:\Users\Owner\AppData\Local\{3C5AA9A2-6511-4087-9D19-6ACF3FC17A90}
2014-05-07 20:46 - 2014-05-07 20:47 - 00000000 ____D () C:\Users\Owner\AppData\Local\{708DB77E-A2CE-4D0F-A821-B520227C313C}
2014-05-07 08:46 - 2014-05-07 08:46 - 00000000 ____D () C:\Users\Owner\AppData\Local\{4FD3D5B2-E242-47AE-86FB-F3A70322FF2F}
2014-05-06 20:45 - 2014-05-06 20:46 - 00000000 ____D () C:\Users\Owner\AppData\Local\{8E225F09-26B0-4303-8202-D33CB0BA87D2}
2014-05-06 08:45 - 2014-05-06 08:45 - 00000000 ____D () C:\Users\Owner\AppData\Local\{AB53B037-1736-48BB-A122-19D973E7DC18}

The rest is coming in a separate post, as it was too long (more than 64000 characters long).

 

[gigglepot]

Here is part 2 of the FRST.txt file:

==== One Month Modified Files and Folders =======

2014-06-05 09:49 - 2014-06-05 09:48 - 00036551 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-06-05 09:49 - 2011-05-12 13:07 - 00000000 ____D () C:\Users\Owner\AppData\Local\Temp
2014-06-05 09:48 - 2014-06-05 09:48 - 00000000 ____D () C:\FRST
2014-06-05 09:47 - 2014-06-05 09:47 - 02068992 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2014-06-05 09:41 - 2014-06-05 09:41 - 00000526 _____ () C:\Users\Owner\Desktop\MBR.zip
2014-06-05 09:38 - 2014-06-05 09:38 - 00001988 _____ () C:\Users\Owner\Desktop\aswMBR.txt
2014-06-05 09:38 - 2014-06-05 09:38 - 00000512 _____ () C:\Users\Owner\Desktop\MBR.dat
2014-06-05 09:34 - 2013-08-13 08:34 - 00000290 _____ () C:\Windows\Tasks\Dealply.job
2014-06-05 09:12 - 2011-07-25 16:20 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-05 09:03 - 2013-12-12 07:54 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-05 07:59 - 2011-05-12 13:22 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{BF401F47-875B-4406-9B0C-8E70A5A1480F}
2014-06-05 07:50 - 2011-05-22 07:01 - 00000000 ____D () C:\Users\Owner\Documents\Lillian
2014-06-05 07:31 - 2014-06-05 07:31 - 00000000 ____D () C:\Users\Owner\AppData\Local\{CE4BE556-A269-4B46-B2A0-BF8D5B0DD392}
2014-06-05 07:17 - 2014-06-05 07:16 - 04745728 _____ (AVAST Software) C:\Users\Owner\Desktop\aswMBR.exe
2014-06-05 06:50 - 2014-06-05 06:50 - 00854367 _____ () C:\Users\Owner\Desktop\SecurityCheck.exe
2014-06-05 06:48 - 2009-07-13 22:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-05 06:48 - 2009-07-13 22:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-05 06:43 - 2011-03-14 16:03 - 01468371 _____ () C:\Windows\WindowsUpdate.log
2014-06-05 06:39 - 2012-07-11 08:07 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-06-05 06:39 - 2011-05-12 13:16 - 00000000 ____D () C:\Users\Owner\AppData\Local\VirtualStore
2014-06-05 06:39 - 2011-03-14 16:18 - 00000000 ____D () C:\ProgramData\PDFC
2014-06-05 06:38 - 2014-06-02 15:34 - 00000000 ____D () C:\ProgramData\DowwnnSave
2014-06-05 06:38 - 2011-07-25 16:20 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-05 06:38 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-05 06:38 - 2009-07-13 22:51 - 00177740 _____ () C:\Windows\setupact.log
2014-06-04 19:30 - 2014-06-04 19:30 - 00000000 ____D () C:\Users\Owner\AppData\Local\{C40631FE-151A-4518-8AD2-3913078B88E4}
2014-06-04 14:59 - 2013-01-05 14:53 - 00000000 ____D () C:\Users\Owner\AppData\Local\Paint.NET
2014-06-04 07:30 - 2014-06-04 07:30 - 00000000 ____D () C:\Users\Owner\AppData\Local\{2B5A88CC-9725-498E-90F5-2D2EB34CA220}
2014-06-04 05:47 - 2014-06-04 05:47 - 00000000 ____D () C:\Program Files (x86)\DowwnnSave
2014-06-04 05:47 - 2014-05-12 12:03 - 00000000 ____D () C:\ProgramData\e13406c655b61ee0
2014-06-03 19:29 - 2014-06-03 19:28 - 00000000 ____D () C:\Users\Owner\AppData\Local\{29CF0931-C75A-4839-9CA4-56BFFE6556D9}
2014-06-03 15:44 - 2013-10-02 15:10 - 00000000 ____D () C:\Program Files (x86)\WarThunder
2014-06-03 12:53 - 2013-09-06 18:23 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForOwner
2014-06-03 12:53 - 2013-09-06 18:23 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForOwner.job
2014-06-03 07:28 - 2014-06-03 07:28 - 00000000 ____D () C:\Users\Owner\AppData\Local\{604AB371-F7BD-4901-A66B-1AF810A85907}
2014-06-03 06:21 - 2009-07-13 23:08 - 00032654 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-02 19:27 - 2014-06-02 19:26 - 00000000 ____D () C:\Users\Owner\AppData\Local\{3EE7FAEA-2474-4165-BD97-42661D3CA557}
2014-06-02 07:26 - 2014-06-02 07:25 - 00000000 ____D () C:\Users\Owner\AppData\Local\{D1607A7F-0113-4467-976A-8A1AC4E9DD3B}
2014-06-02 06:57 - 2011-05-15 17:36 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\HpUpdate
2014-06-02 06:57 - 2011-05-15 17:36 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\HP Support Assistant
2014-06-01 22:31 - 2011-06-01 11:34 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\SoftGrid Client
2014-06-01 19:24 - 2014-06-01 19:24 - 00000000 ____D () C:\Users\Owner\AppData\Local\{1C3DF919-F2B8-4E13-A821-A882F978CEC3}
2014-06-01 07:24 - 2014-06-01 07:24 - 00000000 ____D () C:\Users\Owner\AppData\Local\{AED18456-BE67-458D-93CB-46F35D81AA4C}
2014-06-01 07:20 - 2011-03-14 18:17 - 00512922 _____ () C:\Windows\PFRO.log
2014-05-31 21:53 - 2009-07-13 21:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-31 19:09 - 2014-05-31 19:09 - 00000000 ____D () C:\Users\Owner\AppData\Local\{9D79D805-C73B-4F34-A6C2-ABABC6E5B642}
2014-05-31 16:25 - 2011-06-04 16:13 - 00000000 ____D () C:\Users\Owner\AppData\Local\CrashDumps
2014-05-31 14:03 - 2014-05-12 12:06 - 00000000 ____D () C:\Program Files (x86)\SW-Booster
2014-05-31 07:09 - 2014-05-31 07:09 - 00000000 ____D () C:\Users\Owner\AppData\Local\{20306CD0-446B-411D-A959-1EA045D81C90}
2014-05-30 18:26 - 2014-05-30 18:26 - 00000000 ____D () C:\Users\Owner\AppData\Local\{68117BCC-A943-46E0-8069-7FDF5D175892}
2014-05-30 06:26 - 2014-05-30 06:25 - 00000000 ____D () C:\Users\Owner\AppData\Local\{466C8583-F82A-4F11-AF2E-5B22AD9F4573}
2014-05-29 18:25 - 2011-06-13 06:25 - 00003218 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForOWNER-HP$
2014-05-29 18:25 - 2011-06-13 06:25 - 00000342 _____ () C:\Windows\Tasks\HPCeeScheduleForOWNER-HP$.job
2014-05-29 18:19 - 2014-05-29 18:19 - 00000000 ____D () C:\Users\Owner\AppData\Local\{2C5CCA4D-18BC-4FFB-A6EF-054B88A99ED0}
2014-05-29 06:19 - 2014-05-29 06:19 - 00000000 ____D () C:\Users\Owner\AppData\Local\{11C136DC-26FF-45D3-900F-9635ADFC664D}
2014-05-28 10:18 - 2014-05-28 10:18 - 00000000 ____D () C:\Users\Owner\AppData\Local\{FF584924-6D5E-4A65-9610-BE980FF899BC}
2014-05-27 22:17 - 2014-05-27 22:17 - 00000000 ____D () C:\Users\Owner\AppData\Local\{49487722-3423-4531-853B-2BEB4B947E88}
2014-05-27 13:58 - 2013-11-14 07:59 - 00001097 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-27 13:47 - 2011-05-17 14:49 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\DVD Flick
2014-05-27 10:17 - 2014-05-27 10:17 - 00000000 ____D () C:\Users\Owner\AppData\Local\{E636AAC6-6DB0-4BCE-983D-18896D512C0F}
2014-05-27 07:09 - 2014-05-25 20:34 - 00000000 ____D () C:\ProgramData\AlllCheapPriceo
2014-05-27 06:30 - 2014-05-27 06:30 - 00000000 ____D () C:\Program Files (x86)\AlllCheapPriceo
2014-05-26 22:16 - 2014-05-26 22:15 - 00000000 ____D () C:\Users\Owner\AppData\Local\{F614D58E-DEE8-4744-AF3D-6C80AD404E2F}
2014-05-26 10:15 - 2014-05-26 10:15 - 00000000 ____D () C:\Users\Owner\AppData\Local\{00528024-D568-4FBE-9A42-7603CFA7B964}
2014-05-25 22:14 - 2014-05-25 22:14 - 00000000 ____D () C:\Users\Owner\AppData\Local\{033192FA-06D2-4C65-B9B9-464B619F57FA}
2014-05-25 20:34 - 2014-05-25 20:34 - 00000000 ____D () C:\Users\Owner\AppData\Local\Packages
2014-05-25 10:13 - 2014-05-25 10:13 - 00000000 ____D () C:\Users\Owner\AppData\Local\{24ECC140-1B93-42FB-B90F-138A987A6510}
2014-05-24 22:12 - 2014-05-24 22:12 - 00000000 ____D () C:\Users\Owner\AppData\Local\{3D3D4CE4-D0E2-4B0F-982E-9BAE798B09F7}
2014-05-24 10:12 - 2014-05-24 10:12 - 00000000 ____D () C:\Users\Owner\AppData\Local\{95180C63-5AB3-4C33-A5A5-B4825658850E}
2014-05-23 22:11 - 2014-05-23 22:10 - 00000000 ____D () C:\Users\Owner\AppData\Local\{2AC94C97-C269-4D12-B7A9-94E3DD1F2E0D}
2014-05-23 10:09 - 2014-05-23 10:08 - 00000000 ____D () C:\Users\Owner\AppData\Local\{CBAF96A7-23B5-47DE-931C-8A167E6F43D5}
2014-05-22 22:08 - 2014-05-22 22:08 - 00000000 ____D () C:\Users\Owner\AppData\Local\{06F2177B-C1F2-43D6-BA0B-19953DCE521C}
2014-05-22 10:48 - 2014-05-12 12:04 - 00000000 ____D () C:\ProgramData\YoutubeAdblocker
2014-05-22 10:08 - 2014-05-22 10:08 - 00000000 ____D () C:\Users\Owner\AppData\Local\{86A85726-B26D-4F8A-A3ED-E0050F478F82}
2014-05-22 06:47 - 2014-05-22 06:40 - 00000000 ____D () C:\ProgramData\NNextCoUp
2014-05-22 06:41 - 2014-05-15 06:50 - 00000000 ____D () C:\ProgramData\save neT
2014-05-22 06:40 - 2014-05-22 06:40 - 02116320 _____ (their database support use requirements) C:\Windows\SysWOW64\setup.exe
2014-05-22 06:40 - 2014-05-22 06:40 - 00000000 ____D () C:\Program Files (x86)\NNextCoUp
2014-05-21 21:09 - 2014-05-21 21:08 - 00000000 ____D () C:\Users\Owner\AppData\Local\{1317234D-FDC9-4213-87CE-5759602D9B2D}
2014-05-21 09:08 - 2014-05-21 09:08 - 00000000 ____D () C:\Users\Owner\AppData\Local\{49300874-9A7E-4A27-A679-C2ED06036B19}
2014-05-20 21:07 - 2014-05-20 21:07 - 00000000 ____D () C:\Users\Owner\AppData\Local\{06C903EE-65AD-4FF9-AF4F-81D53CD84A60}
2014-05-20 09:07 - 2014-05-20 09:06 - 00000000 ____D () C:\Users\Owner\AppData\Local\{4ABE8DD2-E557-4C65-9B50-0BB27C593F9C}
2014-05-19 21:05 - 2014-05-19 21:05 - 00000000 ____D () C:\Users\Owner\AppData\Local\{A175EE99-9B6C-457A-B971-9E455076AC94}
2014-05-19 09:34 - 2014-05-19 09:34 - 00000000 ____D () C:\ProgramData\ExsttraSSaevinags
2014-05-19 09:04 - 2014-05-19 09:04 - 00000000 ____D () C:\Users\Owner\AppData\Local\{C283611C-4599-460A-B945-0BA443120110}
2014-05-18 21:03 - 2014-05-18 21:03 - 00000000 ____D () C:\Users\Owner\AppData\Local\{75F24BEB-34ED-481F-9505-48A67581FC7E}
2014-05-18 09:03 - 2014-05-18 09:03 - 00000000 ____D () C:\Users\Owner\AppData\Local\{91FA3E2F-DAF3-4677-BFDD-26CE80B99A61}
2014-05-17 21:02 - 2014-05-17 21:01 - 00000000 ____D () C:\Users\Owner\AppData\Local\{E92B2B6A-CBD1-4948-9247-ACD9C9A3E4B2}
2014-05-17 09:01 - 2014-05-17 09:01 - 00000000 ____D () C:\Users\Owner\AppData\Local\{E6848EF9-39D0-4D93-837C-50A431189EE4}
2014-05-17 06:21 - 2011-05-17 16:48 - 00000000 ____D () C:\Program Files (x86)\SystemScheduler
2014-05-16 21:01 - 2014-05-16 21:01 - 00000000 ____D () C:\Users\Owner\AppData\Local\{60338534-BDD6-466B-88CE-EBF7DD9482A4}
2014-05-16 17:11 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-05-16 09:00 - 2014-05-16 09:00 - 00000000 ____D () C:\Users\Owner\AppData\Local\{AFD1BB76-ED2B-4FEB-BF74-567D4DAA94A0}
2014-05-16 06:33 - 2011-07-25 16:25 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-16 06:29 - 2011-05-12 13:16 - 00000000 ___RD () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-16 06:29 - 2011-05-12 13:16 - 00000000 ___RD () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-16 06:26 - 2014-05-05 22:17 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 22:19 - 2011-06-01 11:58 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-15 22:16 - 2013-07-11 07:46 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 22:13 - 2011-05-12 14:24 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-15 20:59 - 2014-05-15 20:58 - 00000000 ____D () C:\Users\Owner\AppData\Local\{8D511BB9-9E9F-4AFA-9A58-6A7EA8EDA252}
2014-05-15 10:45 - 2011-05-16 15:53 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Azureus
2014-05-15 10:44 - 2014-05-15 07:00 - 00000000 ____D () C:\Program Files\KMSpico
2014-05-15 10:43 - 2014-05-15 07:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2014-05-15 08:58 - 2014-05-15 08:57 - 00000000 ____D () C:\Users\Owner\AppData\Local\{D56D26A9-5717-4CAD-8EB0-5516A9148322}
2014-05-15 06:53 - 2014-05-12 12:01 - 00000000 ____D () C:\ProgramData\InstallMate
2014-05-15 06:50 - 2014-05-15 06:50 - 00000000 ____D () C:\Program Files (x86)\save neT
2014-05-15 06:42 - 2014-05-15 06:42 - 00000000 ____D () C:\ProgramData\saave net
2014-05-15 06:42 - 2014-05-15 06:42 - 00000000 ____D () C:\Program Files (x86)\saave net
2014-05-15 06:35 - 2013-12-23 07:00 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-15 06:35 - 2011-05-15 23:54 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-05-15 06:35 - 2011-05-15 23:54 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-05-15 06:28 - 2014-05-12 12:15 - 00000000 ____D () C:\ProgramData\SeaRuCH-uNEowTab
2014-05-14 20:56 - 2014-05-14 20:56 - 00000000 ____D () C:\Users\Owner\AppData\Local\{94334CB5-5697-4C66-B936-B5A00A623129}
2014-05-14 08:55 - 2014-05-14 08:55 - 00000000 ____D () C:\Users\Owner\AppData\Local\{463C2A97-F156-4716-ADF2-F3C7CE673233}
2014-05-14 06:33 - 2014-05-12 12:04 - 00000000 ____D () C:\ProgramData\SAve net
2014-05-13 20:55 - 2014-05-13 20:55 - 00000000 ____D () C:\Users\Owner\AppData\Local\{DE1E6D13-0D11-4D72-8331-DF365C6EA668}
2014-05-13 16:05 - 2013-12-12 07:54 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-13 16:05 - 2012-05-14 06:53 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-13 16:05 - 2011-08-06 07:47 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-13 08:55 - 2014-05-13 08:54 - 00000000 ____D () C:\Users\Owner\AppData\Local\{64AD5AC0-DC7C-4E64-9037-0CA6ECA6F1F6}
2014-05-12 20:53 - 2014-05-12 20:53 - 00000000 ____D () C:\Users\Owner\AppData\Local\{F85EA4EA-0331-4F9B-8BA8-406FF4201D81}
2014-05-12 18:46 - 2009-07-13 23:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-05-12 12:16 - 2014-05-12 12:16 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\EZDownloader
2014-05-12 12:15 - 2014-05-12 12:15 - 00000000 ____D () C:\Program Files (x86)\SeaRuCH-uNEowTab
2014-05-12 12:13 - 2014-05-12 12:13 - 00000000 ____D () C:\ProgramData\saavee onett
2014-05-12 12:13 - 2014-05-12 12:13 - 00000000 ____D () C:\Program Files (x86)\saavee onett
2014-05-12 12:07 - 2014-05-12 12:07 - 00000000 ____D () C:\ProgramData\ItsMyApp
2014-05-12 12:04 - 2014-05-12 12:04 - 00000000 ____D () C:\Program Files (x86)\YoutubeAdblocker
2014-05-12 12:04 - 2014-05-12 12:04 - 00000000 ____D () C:\Program Files (x86)\SAve net
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Owner\AppData\Local\Torch
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Owner\AppData\Local\Comodo
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Owner\AppData\Local\Chromatic Browser
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Guest
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Administrator
2014-05-12 12:03 - 2011-05-17 15:05 - 00000000 ____D () C:\Users\Owner\AppData\Local\Google
2014-05-12 08:52 - 2014-05-12 08:52 - 00000000 ____D () C:\Users\Owner\AppData\Local\{7BB7E929-4BCE-4E18-B276-E67CA6EF034E}
2014-05-11 20:51 - 2014-05-11 20:50 - 00000000 ____D () C:\Users\Owner\AppData\Local\{1604A5B1-FD4F-486F-B347-C02083A8F075}
2014-05-11 19:51 - 2011-05-17 15:16 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\vlc
2014-05-11 08:50 - 2014-05-11 08:50 - 00000000 ____D () C:\Users\Owner\AppData\Local\{17DED07C-3454-47F0-8771-38C3DD9FD37C}
2014-05-11 06:59 - 2013-11-14 07:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-10 20:50 - 2014-05-10 20:50 - 00000000 ____D () C:\Users\Owner\AppData\Local\{0A3770AA-82C7-41CD-B738-19C715022F10}
2014-05-10 09:59 - 2014-05-10 09:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-10 08:49 - 2014-05-10 08:49 - 00000000 ____D () C:\Users\Owner\AppData\Local\{341FE5A2-B22E-441E-BAEE-E317F66C0BAD}
2014-05-09 20:49 - 2014-05-09 20:49 - 00000000 ____D () C:\Users\Owner\AppData\Local\{9B39FF85-C47D-4EC3-98D6-A3BD01E4A7A5}
2014-05-09 12:07 - 2011-07-25 16:20 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-09 12:07 - 2011-07-25 16:20 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-09 08:49 - 2014-05-09 08:48 - 00000000 ____D () C:\Users\Owner\AppData\Local\{56141157-A8C2-4264-8AFF-E8232915E7FA}
2014-05-09 00:14 - 2014-05-15 07:15 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 00:11 - 2014-05-15 07:15 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-08 20:48 - 2014-05-08 20:48 - 00000000 ____D () C:\Users\Owner\AppData\Local\{646E5B60-DD6C-4C26-94A3-0893CAE2FDE7}
2014-05-08 08:48 - 2014-05-08 08:47 - 00000000 ____D () C:\Users\Owner\AppData\Local\{3C5AA9A2-6511-4087-9D19-6ACF3FC17A90}
2014-05-07 20:47 - 2014-05-07 20:46 - 00000000 ____D () C:\Users\Owner\AppData\Local\{708DB77E-A2CE-4D0F-A821-B520227C313C}
2014-05-07 08:46 - 2014-05-07 08:46 - 00000000 ____D () C:\Users\Owner\AppData\Local\{4FD3D5B2-E242-47AE-86FB-F3A70322FF2F}
2014-05-06 20:46 - 2014-05-06 20:45 - 00000000 ____D () C:\Users\Owner\AppData\Local\{8E225F09-26B0-4303-8202-D33CB0BA87D2}
2014-05-06 08:45 - 2014-05-06 08:45 - 00000000 ____D () C:\Users\Owner\AppData\Local\{AB53B037-1736-48BB-A122-19D973E7DC18}

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-29 06:54

==================== End Of Log ============================

 

[gigglepot]

Here is the Addition.txt file.

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-06-2014
Ran by Owner at 2014-06-05 09:50:13
Running from C:\Users\Owner\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.7.0.1530 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.7.0.1530 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
Aimersoft Video Converter Ultimate(Build 4.1.0.2) (HKLM-x32\...\Aimersoft Video Converter Ultimate_is1) (Version: - Aimersoft Software)
Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc)
ALOT Appbar (HKLM-x32\...\alotAppbar) (Version: - ALOT)
Angry Birds (HKLM-x32\...\{F0000C3B-FD74-4E5F-B574-CA4AB150E86F}) (Version: 2.1.0 - Rovio)
Angry Birds Space (HKLM-x32\...\{C9C763DF-F912-457F-A8BF-88E043BC45FE}) (Version: 1.6.0 - Rovio Entertainment Ltd.)
Angry Birds Star Wars (HKLM-x32\...\{9013721D-0440-4CCF-81FC-D60DC138D412}) (Version: 1.1.0 - Rovio)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{7C7A5A92-046C-A38C-AE0F-8F9CCA0F67A8}) (Version: 3.0.774.0 - ATI Technologies, Inc.)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2018 - Avast Software)
Avidemux 2.5 (HKLM-x32\...\Avidemux 2.5) (Version: 2.5.4.6714 - )
Bad Piggies (HKLM-x32\...\{9524C306-CC16-44A0-82AA-996409D1A059}) (Version: 1.3.0.0 - Rovio Entertainment Ltd.)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.174.0 - Microsoft Corporation)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{504CC891-B140-4E1B-860B-5E4C1DFBA9E3}) (Version: 2.0.5350 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
CanoScan Toolbox Ver4.9 (HKLM-x32\...\{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}) (Version: - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0511.2153.37435 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help English (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help French (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help German (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
ccc-utility64 (Version: 2010.0511.2153.37435 - ATI) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Citrix Authentication Manager (x32 Version: 3.0.0.47031 - Citrix Systems, Inc.) Hidden
Citrix Receiver (HDX Flash Redirection) (x32 Version: 13.3.0.55 - Citrix Systems, Inc.) Hidden
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 13.3.0.55 - Citrix Systems, Inc.)
Citrix Receiver Inside (x32 Version: 3.3.0.17208 - Citrix Systems, Inc.) Hidden
Citrix Receiver Updater (x32 Version: 3.3.0.17207 - Citrix Systems, Inc.) Hidden
Citrix Receiver(Aero) (x32 Version: 13.3.0.55 - Citrix Systems, Inc.) Hidden
Citrix Receiver(DV) (x32 Version: 13.3.0.55 - Citrix Systems, Inc.) Hidden
Citrix Receiver(USB) (x32 Version: 13.3.0.55 - Citrix Systems, Inc.) Hidden
Compaq Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.0.12844.3519 - Hewlett-Packard Company)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conduit Engine (HKLM-x32\...\conduitEngine) (Version: - Conduit Ltd.) <==== ATTENTION
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.2) (Version: 5.0.0.2 - Coupons.com Incorporated)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3210 - CyberLink Corp.)
CyberLink DVD Suite Deluxe (x32 Version: 7.0.3210 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{349F73CA-653A-43A6-AE77-970B07D6EDA0}) (Version: - Microsoft)
Dora Backpack (HKLM-x32\...\{D859D35F-E947-4F2A-8591-C76A4D116178}) (Version: - )
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Drome Racers (HKLM-x32\...\{EC1DCD6C-3AE0-42CE-8EAA-6886CC4400DC}) (Version: - )
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FastStone Image Viewer 4.5 (HKLM-x32\...\FastStone Image Viewer) (Version: 4.5 - FastStone Soft)
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
FrostWire 5.3.8 (HKLM-x32\...\FrostWire 5) (Version: 5.3.8.0 - FrostWire Team)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Hewlett-Packard ACLM.NET v1.1.1.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Auto (Version: 1.0.12494.3472 - Hewlett-Packard Company) Hidden
HP Client Services (Version: 1.0.12656.3472 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.5 - WildTangent)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{53469506-A37E-4314-A9D9-38724EC23A75}) (Version: 8.4.4400.3525 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}) (Version: 6.0.5.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.6.0 - Hewlett-Packard)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
jZip (HKCU\...\jZip) (Version: 2.0.0.131826 - Bandoo Media Inc) <==== ATTENTION
KMSpico v9.2.2 RC (HKLM\...\KMSpico_is1) (Version: 9.2.2 RC - )
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3130 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.3130 - CyberLink Corp.) Hidden
LEGO Star Wars (HKLM-x32\...\InstallShield_{E914A24F-2412-4374-B420-86D21D6D444A}) (Version: 1.00.0000 - Giant)
LEGO Star Wars (x32 Version: 1.00.0000 - Giant) Hidden
LEGO Star Wars II (HKLM-x32\...\InstallShield_{578FA426-47C0-4A3F-98A4-01ACD26B7556}) (Version: 1.00.0000 - LucasArts)
LEGO Star Wars II (x32 Version: 1.00.0000 - LucasArts) Hidden
LEGO® Batman™ (HKLM-x32\...\InstallShield_{398AB469-77FC-4935-820B-D419388C0A6A}) (Version: 1.00.0000 - Warner Bros. Interactive Entertainment)
LEGO® Batman™ (x32 Version: 1.00.0000 - Warner Bros. Interactive Entertainment) Hidden
LEGO® Indiana Jones™ 2 (x32 Version: 1.00.0000 - LucasArts) Hidden
LEGO® Indiana Jones™ 2: The Adventure Continues (HKLM-x32\...\InstallShield_{11192AA7-FBE3-4150-9667-EE7279CCC769}) (Version: 1.00.0000 - LucasArts)
LEGO® Star Wars™ III: The Clone Wars™ (HKLM-x32\...\{6C0A6B81-0D00-453F-B220-E1F7931B3C2A}) (Version: 1.0.0.0 - LucasArts)
LightScribe System Software (HKLM-x32\...\{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}) (Version: 1.18.20.1 - LightScribe)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office XP Professional with FrontPage (HKLM-x32\...\{90280409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MyFreeCodec (HKCU\...\MyFreeCodec) (Version: - )
Mystery P.I. - The London Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden
Online Plug-in (x32 Version: 13.3.0.55 - Citrix Systems, Inc.) Hidden
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.57 - PDF Complete, Inc)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.7717 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.7717 - CyberLink Corp.) Hidden
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PictureMover (HKLM-x32\...\{264FE20A-757B-492a-B0C3-4009E2997D8A}) (Version: 3.5.0.33 - Hewlett-Packard Company)
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4329 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4329 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3129 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.3129 - CyberLink Corp.) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 4.7 - PowerISO Computing, Inc.)
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-13231864975E}) (Version: 5.10.1102.0 - NewspaperDirect Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3219 - CyberLink Corp.) Hidden
ROBLOX Player for Owner (HKCU\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)
ROBLOX Studio 2013 for Owner (HKCU\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version: - ROBLOX Corporation)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.34.0 - SAMSUNG Electronics Co., Ltd.)
Self-service Plug-in (x32 Version: 3.3.0.27839 - Citrix Systems, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
Shareaza (x32 Version: 8.0.0.123534 - Discordia, LTD) Hidden
Smart Technology Programming Software 7.0.27.13 (HKLM\...\{BD90BC1C-115D-47E1-B85C-07AE182C3AB8}) (Version: 7.0.27.13 - Mad Catz)
SoulSeek 157 NS 13e (HKLM-x32\...\Soulseek2) (Version: - )
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
StudioTax 2011 (HKLM\...\{85FD0263-98BB-4B0E-990C-A31094DE8DDE}) (Version: 7.0.4.0 - BHOK IT Consulting)
StudioTax 2012 (HKLM-x32\...\{FD31CD68-1D2F-4F9C-8ACB-9A7806D53D3B}) (Version: 8.0.5.2 - BHOK IT Consulting)
StudioTax 2013 (HKLM-x32\...\{3F525B18-4DA5-447A-97E5-8F00EA9DF4B1}) (Version: 9.1.8.2 - BHOK IT Consulting)
SW-Sustainer 1.80 (HKLM-x32\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{d0e87c27}) (Version: - Certified Publisher) <==== ATTENTION
System Scheduler 4.12 (HKLM-x32\...\Windows Scheduler_is1) (Version: - Splinterware Software Solutions)
Tom Clancy's H.A.W.X (HKLM-x32\...\{6E36A172-06FB-4BC8-B7FC-D30D219E6776}) (Version: 1.02.00000 - Ubisoft)
Toy Story 3 (HKLM-x32\...\{AAFD160A-2333-40D8-AA25-42D1989CA0F2}) (Version: 1.00.0000 - Disney Interactive Studios)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
uTorrentBar Toolbar (HKLM-x32\...\uTorrentBar Toolbar) (Version: 6.2.7.3 - uTorrentBar) <==== ATTENTION
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
VLC media player 1.0.3 (HKLM-x32\...\VLC media player) (Version: 1.0.3 - VideoLAN Team)
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.3.0.0 - Azureus Software, Inc.)
Vuze Remote Toolbar v8.5 (HKLM-x32\...\{EDF914BD-584C-48CE-8254-324201560529}) (Version: 8.5 - Spigot, Inc.) <==== ATTENTION
War Thunder CDK 0.1 (HKLM-x32\...\{ed8deea4-29fe-1932-9612-e2122d8a62d9}}_is1) (Version: - Gaijin Entertainment)
War Thunder Launcher 1.0.1.278 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version: - 2013 Gaijin Entertainment Corporation)
War Thunder Launcher 1.0.1.340 (HKLM-x32\...\{abc8eea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version: - Gaijin Entertainment)
WeatherEye (HKCU\...\WeatherEye) (Version: - )
WildTangent Games App for HP (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.11.2 - WildTangent)
Wincore MediaBar (HKLM-x32\...\Wincore MediaBar) (Version: 3.0.0.122470 - Discordia, LTD) <==== ATTENTION
Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinZip 17.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DD}) (Version: 17.5.10562 - WinZip Computing, S.L. )
World Cup Cricket 20-20 (x32 Version: 2.2.0.95 - WildTangent) Hidden
YoutubeAdblocker (HKLM-x32\...\{4820778D-AB0D-6D18-C316-52A6A0E1D507}) (Version: 4.0.0.1309 - YoutubeAdblocker) <==== ATTENTION
Zinio Reader 4 (HKLM-x32\...\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1) (Version: 4.0.3184 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.0.3184 - Zinio LLC) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Restore Points =========================

16-05-2014 04:10:19 Windows Update
21-05-2014 12:38:25 Windows Update
28-05-2014 13:43:08 Scheduled Checkpoint
30-05-2014 12:29:34 Windows Update
02-06-2014 12:56:18 HPSF Restore Point
03-06-2014 12:29:33 Windows Update

==================== Hosts content: ==========================

2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {03E018AA-5DB7-4BDF-AD31-9C3A9C593481} - System32\Tasks\Dealply => C:\Users\Owner\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {0FE7318E-4885-42C4-93E3-FB734E63E4E0} - System32\Tasks\HPCeeScheduleForOWNER-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {10DF89EB-9FDF-4E02-B093-67C3BED1B03E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-07-25] (Google Inc.)
Task: {115E6B96-E34D-42EA-B6F8-51A5D6B669DC} - System32\Tasks\da59223c => C:\Users\Owner\AppData\Local\Temp\\setup1892356880.exe <==== ATTENTION
Task: {1BF36836-FA3E-4B25-ACAA-DFFB7ADA9205} - System32\Tasks\HPCeeScheduleForOwner => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {1FE1297E-9315-4026-A9A3-FBB3481601FC} - System32\Tasks\6727a104 => C:\Users\Owner\AppData\Local\Temp\\setup845194372.exe <==== ATTENTION
Task: {289D4207-2D96-47E8-977A-86FEC4093B70} - System32\Tasks\69404464 => C:\Users\Owner\AppData\Local\Temp\\setup4099077816.exe <==== ATTENTION
Task: {46A89E40-5E03-4726-AA5F-D9ABABC78E01} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated)
Task: {54D3FEE4-D62D-4E98-80DF-9F38084D17CC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5D3BD67D-E18C-4C69-880F-3AA95EE9BB4F} - System32\Tasks\2b9f7ef8 => C:\Users\Owner\AppData\Local\Temp\\setup731873016.exe <==== ATTENTION
Task: {638B6E17-94EB-4093-8C88-E7F472175258} - System32\Tasks\4ed51aa0 => C:\Users\Owner\AppData\Local\Temp\\setup437132832.exe <==== ATTENTION
Task: {64DD2E96-C4B8-4E18-8D36-72544739F6EA} - System32\Tasks\7bd04b60 => C:\Users\Owner\AppData\Local\Temp\\setup1191792352.exe <==== ATTENTION
Task: {7D0B3D9E-25EE-4A0B-B43D-6B5F093D6339} - System32\Tasks\471fc6a8 => C:\Users\Owner\AppData\Local\Temp\\setup307808808.exe <==== ATTENTION
Task: {81D7DFF0-DCCD-4A68-94B8-CF1F486BC97A} - System32\Tasks\ec1d7bd4 => C:\Users\Owner\AppData\Local\Temp\\setup3075893544.exe <==== ATTENTION
Task: {88AE72CE-71D6-4131-AAC3-DD3132F47178} - System32\Tasks\5cc16f94 => C:\Users\Owner\AppData\Local\Temp\\setup1291538448.exe <==== ATTENTION
Task: {8A2B4C85-7287-4463-9AE1-B5439A79026F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-06-21] (Hewlett-Packard Company)
Task: {9B0D2FD5-45FC-442C-910B-487BE7A1D2EB} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-23] (AVAST Software)
Task: {9C9157B1-4249-47A0-BCE7-7E76C8CE1510} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-06-21] (Hewlett-Packard Company)
Task: {A2046887-4841-44D4-8FE6-9E6E7CCE795A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-06-14] (Hewlett-Packard)
Task: {A5F3EEBF-A2F2-4CA2-97BF-F62A92C9D09F} - System32\Tasks\7573361c => C:\Users\Owner\AppData\Local\Temp\\setup1085028764.exe <==== ATTENTION
Task: {BDFCE513-72FA-43AA-96EC-68300A8BDBC4} - System32\Tasks\41d9645c => C:\Users\Owner\AppData\Local\Temp\\setup3129333340.exe <==== ATTENTION
Task: {BF354FAF-7D5F-4066-BD2A-14D5157F5640} - System32\Tasks\1f76a5c0 => C:\Users\Owner\AppData\Local\Temp\\setup3937374996.exe <==== ATTENTION
Task: {C080B646-BD9B-40FC-BAE2-BF1F60742271} - System32\Tasks\4704 => Wscript.exe C:\Users\Owner\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {C5B38A47-A3E1-4A75-8ED0-9CA70F10F59B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-07-25] (Google Inc.)
Task: {C618024F-EFC9-40F6-B730-576BC19782B2} - System32\Tasks\7f8539c4 => C:\Users\Owner\AppData\Local\Temp\\setup1253975832.exe <==== ATTENTION
Task: {CC86B01E-CE0A-4E21-A91A-759BB6BA026B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-06-21] (Hewlett-Packard Company)
Task: {D52AC9CD-3184-486A-9054-FA180CAC9F81} - System32\Tasks\48b0fc00 => C:\Users\Owner\AppData\Local\Temp\\setup4206617504.exe <==== ATTENTION
Task: {D716852E-1BCC-442D-93EE-82FE89FC7519} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: {D79E2D4D-4D56-43A2-A2B5-280DD23AE663} - System32\Tasks\c53ae644 => C:\Users\Owner\AppData\Local\Temp\\setup652597912.exe <==== ATTENTION
Task: {FC0A2883-58B4-4B24-8468-2652A26F0B2E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2011-03-22] (Hewlett-Packard Company)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Dealply.job => C:\Users\Owner\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForOWNER-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForOwner.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-06-04 13:47 - 2014-06-04 13:47 - 02775040 _____ () C:\Program Files\AVAST Software\Avast\defs\14060401\algo.dll
2014-06-05 06:39 - 2014-06-05 06:39 - 02775040 _____ () C:\Program Files\AVAST Software\Avast\defs\14060500\algo.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-10-23 06:53 - 2013-10-23 06:53 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-05-10 09:59 - 2014-05-10 09:59 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:196FC0A6
AlternateDataStreams: C:\ProgramData\Temp:7D6EC5BE
AlternateDataStreams: C:\Users\Owner\Downloads:Shareaza.GUID
AlternateDataStreams: C:\Users\Owner\Documents\Re_ Wii Nunchuks.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish PictureMover.lnk => C:\Windows\pss\Snapfish PictureMover.lnk.CommonStartup
MSCONFIG\startupreg: HP Software Update => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpsysdrv => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
MSCONFIG\startupreg: Microsoft Default Manager => "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe
MSCONFIG\startupreg: StartCCC => "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

==================== Faulty Device Manager Devices =============

Name: Programmable Root Enumerator
Description: Programming Support
Class Guid: {678dcf40-e2e6-11d5-8cd5-e960089ea00a}
Manufacturer: Mad Catz
Service: SaiNtBus
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (06/04/2014 07:11:23 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.

Error: (06/04/2014 05:44:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Service_KMS.exe, version: 13.0.0.0, time stamp: 0x5312d36b
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x000007fe964c0368
Faulting process id: 0xaf0
Faulting application start time: 0xService_KMS.exe0
Faulting application path: Service_KMS.exe1
Faulting module path: Service_KMS.exe2
Report Id: Service_KMS.exe3

Error: (06/03/2014 07:34:56 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.

Error: (06/03/2014 07:04:31 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.

Error: (06/03/2014 06:23:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Service_KMS.exe, version: 13.0.0.0, time stamp: 0x5312d36b
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x000007fe99380368
Faulting process id: 0x8e0
Faulting application start time: 0xService_KMS.exe0
Faulting application path: Service_KMS.exe1
Faulting module path: Service_KMS.exe2
Report Id: Service_KMS.exe3

Error: (06/02/2014 05:24:28 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.

Error: (06/02/2014 06:26:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Service_KMS.exe, version: 13.0.0.0, time stamp: 0x5312d36b
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x000007fe96490368
Faulting process id: 0x914
Faulting application start time: 0xService_KMS.exe0
Faulting application path: Service_KMS.exe1
Faulting module path: Service_KMS.exe2
Report Id: Service_KMS.exe3

Error: (06/01/2014 10:22:02 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.

Error: (06/01/2014 10:01:19 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.

Error: (06/01/2014 07:22:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Service_KMS.exe, version: 13.0.0.0, time stamp: 0x5312d36b
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x000007fe95eb0368
Faulting process id: 0xacc
Faulting application start time: 0xService_KMS.exe0
Faulting application path: Service_KMS.exe1
Faulting module path: Service_KMS.exe2
Report Id: Service_KMS.exe3


System errors:
=============
Error: (06/05/2014 06:39:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Service KMSELDI service failed to start due to the following error:
%%1053

Error: (06/05/2014 06:39:04 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Service KMSELDI service to connect.

Error: (06/04/2014 05:50:49 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4}

Error: (06/04/2014 05:45:15 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Service KMSELDI service terminated unexpectedly. It has done this 1 time(s).

Error: (06/04/2014 05:44:21 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SBSD Security Center Service service failed to start due to the following error:
%%1053

Error: (06/04/2014 05:44:21 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.

Error: (06/03/2014 06:24:07 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Service KMSELDI service terminated unexpectedly. It has done this 1 time(s).

Error: (06/02/2014 10:29:03 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4}

Error: (06/02/2014 06:27:53 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Service KMSELDI service terminated unexpectedly. It has done this 1 time(s).

Error: (06/01/2014 07:22:40 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Service KMSELDI service terminated unexpectedly. It has done this 1 time(s).


Microsoft Office Sessions:
=========================
Error: (06/04/2014 07:11:23 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: C:\Program Files\WinZip\adxloader.dll.ManifestC:\Program Files\WinZip\adxloader.dll.Manifest2

Error: (06/04/2014 05:44:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Service_KMS.exe13.0.0.05312d36bunknown0.0.0.00000000000000000000007fe964c0368af001cf7fea3ebba19eC:\Program Files\KMSpico\Service_KMS.exeunknowna53387f5-ebdd-11e3-a433-6431503ceaa3

Error: (06/03/2014 07:34:56 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: C:\Program Files\WinZip\adxloader.dll.ManifestC:\Program Files\WinZip\adxloader.dll.Manifest2

Error: (06/03/2014 07:04:31 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: C:\Program Files\WinZip\adxloader.dll.ManifestC:\Program Files\WinZip\adxloader.dll.Manifest2

Error: (06/03/2014 06:23:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Service_KMS.exe13.0.0.05312d36bunknown0.0.0.00000000000000000000007fe993803688e001cf7f266b47e63bC:\Program Files\KMSpico\Service_KMS.exeunknownd944b894-eb19-11e3-b5d3-6431503ceaa3

Error: (06/02/2014 05:24:28 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: C:\Program Files\WinZip\adxloader.dll.ManifestC:\Program Files\WinZip\adxloader.dll.Manifest2

Error: (06/02/2014 06:26:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Service_KMS.exe13.0.0.05312d36bunknown0.0.0.00000000000000000000007fe9649036891401cf7e5dc987a039C:\Program Files\KMSpico\Service_KMS.exeunknown30b45521-ea51-11e3-89bd-6431503ceaa3

Error: (06/01/2014 10:22:02 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: C:\Program Files\WinZip\adxloader.dll.ManifestC:\Program Files\WinZip\adxloader.dll.Manifest2

Error: (06/01/2014 10:01:19 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: C:\Program Files\WinZip\adxloader.dll.ManifestC:\Program Files\WinZip\adxloader.dll.Manifest2

Error: (06/01/2014 07:22:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Service_KMS.exe13.0.0.05312d36bunknown0.0.0.00000000000000000000007fe95eb0368acc01cf7d9c5957a8dbC:\Program Files\KMSpico\Service_KMS.exeunknownbc9289a6-e98f-11e3-8bc6-6431503ceaa3


CodeIntegrity Errors:
===================================
Date: 2014-02-03 19:53:02.683
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-02-03 19:53:02.455
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-02-03 19:52:45.362
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-02-03 19:52:45.136
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-02-03 19:52:09.945
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-02-03 19:52:09.717
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-02-03 19:52:03.429
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-02-03 19:52:03.201
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-02-03 19:50:32.270
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-02-03 19:50:32.038
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 64%
Total physical RAM: 2815.29 MB
Available physical RAM: 1003.61 MB
Total Pagefile: 5628.75 MB
Available Pagefile: 3184.92 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:686.49 GB) (Free:432.16 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:12.04 GB) (Free:1.47 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 699 GB) (Disk ID: CCC43D8D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=686 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

[gigglepot]

I just wanted to add, thank you for taking the time to help me. Your instructions are amazingly written out, easy to follow, and complete!

 

[OCD]

Hi gigglepot,

I just wanted to add, thank you for taking the time to help me. Your instructions are amazingly written out, easy to follow, and complete!

You're welcome, and thanks for the kind words. We try and take some of the stress out of the whole ordeal by giving percise but easy to understand step by step directions.

All the logs are just what I needed to see. :bigthumb:

=========================

P2P - (Peer to Peer)

I see you have/had P2P software uTorrent, FrostWire, Shareaza, Vuze installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections and possibly Identity Theft. It likely contributed to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall this now.

Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:

• uTorrent
• FrostWire
• Shareaza
• Vuze

If you choose to not remove this programs please refrain from using it until we have finished cleaning your computer.

=========================

If you have chosen to not remove any of the P2P items listed above, just skip them in the next step also.

Uninstall via Programs and Features

Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:

• µTorrent
• FrostWire 5.3.8
• jZip
• Shareaza
• SW-Sustainer 1.80
• uTorrentBar Toolbar
• SW-Sustainer 1.80
• uTorrentBar Toolbar
• Vuze
• Vuze Remote Toolbar v8.5
• Wincore MediaBar
• YoutubeAdblocker

=========================

FRST Fix Script

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt

(Oberon Media ) C:\Program Files (x86)\GamesBar\update\SearchEngineProtection.exe
(Discordia, LTD) C:\Program Files (x86)\Shareaza Applications\MediaBar\Datamngr\datamngrUI.exe
HKLM-x32\...\Run: [DATAMNGR] => C:\Program Files (x86)\Shareaza Applications\MediaBar\Datamngr\datamngrUI.exe [1693120 2012-03-14] (Discordia, LTD)
HKU\S-1-5-21-179166284-1700762968-3849658672-1000\...\Run: [SearchEngineProtection] => C:\Program Files (x86)\GamesBar\update\SearchEngineProtection.exe [620480 2013-02-17] (Oberon Media )
HKU\S-1-5-21-179166284-1700762968-3849658672-1000\...\Run: [TBHostSupport] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Owner\AppData\Local\TBHostSupport\TBHostSupport.dll",DLLRunTBHostSupportPlugin <===== ATTENTION
AppInit_DLLs: C:\PROGRA~2\SHAREA~1\MediaBar\Datamngr\x64\datamngr.dll => C:\Program Files (x86)\Shareaza Applications\MediaBar\Datamngr\x64\datamngr.dll [1778584 2012-03-14] (Discordia, LTD)
AppInit_DLLs: C:\PROGRA~2\SHAREA~1\MediaBar\Datamngr\x64\IEBHO.dll => C:\Program Files (x86)\Shareaza Applications\MediaBar\Datamngr\x64\IEBHO.dll [1791384 2012-03-14] (Discordia, LTD)
AppInit_DLLs: C:\PROGRA~2\SW-BOO~1\ASSIST~2.DLL => C:\Program Files (x86)\SW-Booster\Assistant_x64.dll [4210176 2014-05-12] ()
AppInit_DLLs-x32: c:\progra~2\sharea~1\mediabar\datamngr\datamngr.dll => C:\Program Files (x86)\Shareaza Applications\MediaBar\Datamngr\datamngr.dll [1234880 2012-03-14] (Discordia, LTD)
AppInit_DLLs-x32: c:\progra~2\sharea~1\mediabar\datamngr\iebho.dll => C:\Program Files (x86)\Shareaza Applications\MediaBar\Datamngr\IEBHO.dll [1233816 2012-03-14] (Discordia, LTD)
AppInit_DLLs-x32: c:\progra~2\sw-boo~1\assist~1.dll => "c:\progra~2\sw-boo~1\assist~1.dll" File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe (Leader Technologies)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe (Leader Technologies
URLSearchHook: HKLM-x32 - (No Name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
URLSearchHook: HKLM-x32 - (No Name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No File
URLSearchHook: HKCU - (No Name) - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - No File
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=110&systemid=102&apn_dtid=BND102&apn_ptnrs=AG7&o=APN10646&apn_uid=0225276324554132&q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchTerms}&l=dis&o=CPDTDF
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=110&systemid=102&apn_dtid=BND102&apn_ptnrs=AG7&o=APN10646&apn_uid=0225276324554132&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD23} URL = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=3&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchTerms}&l=dis&o=CPDTDF
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=110&systemid=102&apn_dtid=BND102&apn_ptnrs=AG7&o=APN10646&apn_uid=0225276324554132&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD23} URL = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=3&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.eazytosearch.info/?l=1&q={searchTerms}&pid=724&r=2014/05/12&hid=17791081079239329585&lg=EN&cc=CA
BHO-x32: No Name - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - No File
BHO-x32: No Name - {0EEDB912-C5FA-486F-8334-57288578C627} - No File
BHO-x32: No Name - {11111111-1111-1111-1111-110011441193} - No File
BHO-x32: ExsttraSSaevinags - {2C236565-050C-9586-76E0-621F60838C79} - C:\ProgramData\ExsttraSSaevinags\1qC.dll ()
BHO-x32: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
BHO-x32: No Name - {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - No File
BHO-x32: No Name - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No File
BHO-x32: No Name - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
BHO-x32: No Name - {d48c9ead-f59f-4dea-ac97-7065fea79f42} - No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM-x32 - No Name - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
Toolbar: HKLM-x32 - Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - No Name - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No File
Toolbar: HKLM-x32 - No Name - {A531D99C-5A22-449b-83DA-872725C6D0ED} - No File
Toolbar: HKLM-x32 - No Name - {d48c9ead-f59f-4dea-ac97-7065fea79f42} - No File
Toolbar: HKLM-x32 - No Name - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - No Name - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "WebSearch");: user_pref("browser.search.order.1,S", "WebSearch");
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Task: {03E018AA-5DB7-4BDF-AD31-9C3A9C593481} - System32\Tasks\Dealply => C:\Users\Owner\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {115E6B96-E34D-42EA-B6F8-51A5D6B669DC} - System32\Tasks\da59223c => C:\Users\Owner\AppData\Local\Temp\\setup1892356880.exe <==== ATTENTION
Task: {1FE1297E-9315-4026-A9A3-FBB3481601FC} - System32\Tasks\6727a104 => C:\Users\Owner\AppData\Local\Temp\\setup845194372.exe <==== ATTENTION
Task: {289D4207-2D96-47E8-977A-86FEC4093B70} - System32\Tasks\69404464 => C:\Users\Owner\AppData\Local\Temp\\setup4099077816.exe <==== ATTENTION
Task: {5D3BD67D-E18C-4C69-880F-3AA95EE9BB4F} - System32\Tasks\2b9f7ef8 => C:\Users\Owner\AppData\Local\Temp\\setup731873016.exe <==== ATTENTION
Task: {638B6E17-94EB-4093-8C88-E7F472175258} - System32\Tasks\4ed51aa0 => C:\Users\Owner\AppData\Local\Temp\\setup437132832.exe <==== ATTENTION
Task: {64DD2E96-C4B8-4E18-8D36-72544739F6EA} - System32\Tasks\7bd04b60 => C:\Users\Owner\AppData\Local\Temp\\setup1191792352.exe <==== ATTENTION
Task: {7D0B3D9E-25EE-4A0B-B43D-6B5F093D6339} - System32\Tasks\471fc6a8 => C:\Users\Owner\AppData\Local\Temp\\setup307808808.exe <==== ATTENTION
Task: {81D7DFF0-DCCD-4A68-94B8-CF1F486BC97A} - System32\Tasks\ec1d7bd4 => C:\Users\Owner\AppData\Local\Temp\\setup3075893544.exe <==== ATTENTION
Task: {88AE72CE-71D6-4131-AAC3-DD3132F47178} - System32\Tasks\5cc16f94 => C:\Users\Owner\AppData\Local\Temp\\setup1291538448.exe <==== ATTENTION
Task: {A5F3EEBF-A2F2-4CA2-97BF-F62A92C9D09F} - System32\Tasks\7573361c => C:\Users\Owner\AppData\Local\Temp\\setup1085028764.exe <==== ATTENTION
Task: {BDFCE513-72FA-43AA-96EC-68300A8BDBC4} - System32\Tasks\41d9645c => C:\Users\Owner\AppData\Local\Temp\\setup3129333340.exe <==== ATTENTION
Task: {BF354FAF-7D5F-4066-BD2A-14D5157F5640} - System32\Tasks\1f76a5c0 => C:\Users\Owner\AppData\Local\Temp\\setup3937374996.exe <==== ATTENTION
Task: {C080B646-BD9B-40FC-BAE2-BF1F60742271} - System32\Tasks\4704 => Wscript.exe C:\Users\Owner\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {C618024F-EFC9-40F6-B730-576BC19782B2} - System32\Tasks\7f8539c4 => C:\Users\Owner\AppData\Local\Temp\\setup1253975832.exe <==== ATTENTION
Task: {D52AC9CD-3184-486A-9054-FA180CAC9F81} - System32\Tasks\48b0fc00 => C:\Users\Owner\AppData\Local\Temp\\setup4206617504.exe <==== ATTENTION
Task: {D716852E-1BCC-442D-93EE-82FE89FC7519} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: {D79E2D4D-4D56-43A2-A2B5-280DD23AE663} - System32\Tasks\c53ae644 => C:\Users\Owner\AppData\Local\Temp\\setup652597912.exe <==== ATTENTION
Task: C:\Windows\Tasks\Dealply.job => C:\Users\Owner\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

=========================

Please download AdwCleaner by Xplode and save to your Desktop.

• • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• After the scan has finished, click on the Report button...a log file (AdwCleaner[R0].txt) will open in Notepad for review.
• The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
• Copy and paste the contents of that log file in your next reply.
• A copy of all log files are saved in the C:\AdwCleaner folder which was created when running the tool.

=========================

Re-run Farbar Recovery Scan Tool it should be on your desktop.

• • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

=========================

In your next post please provide the following:

• Fixlog.txt
• AdwCleaner[R0].txt
• new FRST.txt
• Any change in performance?

 

[gigglepot]

Hello, the only one I'd like to keep is Vuze and also uTorrent which Vuze needs to operate.

I tried to uninstall Shareaza but even though it showed up in my program files, it wouldn't show up in my Programs and Features. So I had to reinstall it and then uninstall it. It seems to be gone now.

I tried to get rid of FrostWire but it too didn't show up in Programs and Features so I had to reinstall it and then uninstall it. Seems to be gone except I have a bunch of files left over on my Start button when I search for Frostwire. Not sure what they are. I tried to attach a Word document to show you but it said "error: invalid file".

SW Sustainer 1.80 was in my Programs and Features but would not delete. I got a RunDLL Error that says: There was a problem starting C:\Progra-2\SW-BOO-1/ASSIST-1.DLL The specific module cannot be found.

I couldn't uninstall the uTorrentBar Toolbar, I got the error message "Could not open INSTALL.LOG file".

I couldn't uninstall the YouTube Ad Blocker.......I double click on it and nothing happens.

I will wait to hear back from you before I continue with your previous instructions.

 

[gigglepot]

Hello, I continued on with your instructions. Here is the Fixlog.txt:


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-06-2014
Ran by Owner at 2014-06-06 11:32:52 Run:1
Running from C:\Users\Owner\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
(Oberon Media ) C:\Program Files (x86)\GamesBar\update\SearchEngineProtection.exe
(Discordia, LTD) C:\Program Files (x86)\Shareaza Applications\MediaBar\Datamngr\datamngrUI.exe
HKLM-x32\...\Run: [DATAMNGR] => C:\Program Files (x86)\Shareaza Applications\MediaBar\Datamngr\datamngrUI.exe [1693120 2012-03-14] (Discordia, LTD)
HKU\S-1-5-21-179166284-1700762968-3849658672-1000\...\Run: [SearchEngineProtection] => C:\Program Files (x86)\GamesBar\update\SearchEngineProtection.exe [620480 2013-02-17] (Oberon Media )
HKU\S-1-5-21-179166284-1700762968-3849658672-1000\...\Run: [TBHostSupport] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Owner\AppData\Local\TBHostSupport\TBHostSupport.dll",DLLRunTBHostSupportPlugin <===== ATTENTION
AppInit_DLLs: C:\PROGRA~2\SHAREA~1\MediaBar\Datamngr\x64\datamngr.dll => C:\Program Files (x86)\Shareaza Applications\MediaBar\Datamngr\x64\datamngr.dll [1778584 2012-03-14] (Discordia, LTD)
AppInit_DLLs: C:\PROGRA~2\SHAREA~1\MediaBar\Datamngr\x64\IEBHO.dll => C:\Program Files (x86)\Shareaza Applications\MediaBar\Datamngr\x64\IEBHO.dll [1791384 2012-03-14] (Discordia, LTD)
AppInit_DLLs: C:\PROGRA~2\SW-BOO~1\ASSIST~2.DLL => C:\Program Files (x86)\SW-Booster\Assistant_x64.dll [4210176 2014-05-12] ()
AppInit_DLLs-x32: c:\progra~2\sharea~1\mediabar\datamngr\datamngr.dll => C:\Program Files (x86)\Shareaza Applications\MediaBar\Datamngr\datamngr.dll [1234880 2012-03-14] (Discordia, LTD)
AppInit_DLLs-x32: c:\progra~2\sharea~1\mediabar\datamngr\iebho.dll => C:\Program Files (x86)\Shareaza Applications\MediaBar\Datamngr\IEBHO.dll [1233816 2012-03-14] (Discordia, LTD)
AppInit_DLLs-x32: c:\progra~2\sw-boo~1\assist~1.dll => "c:\progra~2\sw-boo~1\assist~1.dll" File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe (Leader Technologies)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe (Leader Technologies
URLSearchHook: HKLM-x32 - (No Name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
URLSearchHook: HKLM-x32 - (No Name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No File
URLSearchHook: HKCU - (No Name) - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - No File
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=110&systemid=102&apn_dtid=BND102&apn_ptnrs=AG7&o=APN10646&apn_uid=0225276324554132&q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchTerms}&l=dis&o=CPDTDF
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=110&systemid=102&apn_dtid=BND102&apn_ptnrs=AG7&o=APN10646&apn_uid=0225276324554132&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD23} URL = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=3&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchTerms}&l=dis&o=CPDTDF
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=110&systemid=102&apn_dtid=BND102&apn_ptnrs=AG7&o=APN10646&apn_uid=0225276324554132&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD23} URL = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=3&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.eazytosearch.info/?l=1&q={searchTerms}&pid=724&r=2014/05/12&hid=17791081079239329585&lg=EN&cc=CA
BHO-x32: No Name - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - No File
BHO-x32: No Name - {0EEDB912-C5FA-486F-8334-57288578C627} - No File
BHO-x32: No Name - {11111111-1111-1111-1111-110011441193} - No File
BHO-x32: ExsttraSSaevinags - {2C236565-050C-9586-76E0-621F60838C79} - C:\ProgramData\ExsttraSSaevinags\1qC.dll ()
BHO-x32: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
BHO-x32: No Name - {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - No File
BHO-x32: No Name - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No File
BHO-x32: No Name - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
BHO-x32: No Name - {d48c9ead-f59f-4dea-ac97-7065fea79f42} - No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM-x32 - No Name - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
Toolbar: HKLM-x32 - Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - No Name - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No File
Toolbar: HKLM-x32 - No Name - {A531D99C-5A22-449b-83DA-872725C6D0ED} - No File
Toolbar: HKLM-x32 - No Name - {d48c9ead-f59f-4dea-ac97-7065fea79f42} - No File
Toolbar: HKLM-x32 - No Name - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - No Name - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "WebSearch");: user_pref("browser.search.order.1,S", "WebSearch");
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Task: {03E018AA-5DB7-4BDF-AD31-9C3A9C593481} - System32\Tasks\Dealply => C:\Users\Owner\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {115E6B96-E34D-42EA-B6F8-51A5D6B669DC} - System32\Tasks\da59223c => C:\Users\Owner\AppData\Local\Temp\\setup1892356880.exe <==== ATTENTION
Task: {1FE1297E-9315-4026-A9A3-FBB3481601FC} - System32\Tasks\6727a104 => C:\Users\Owner\AppData\Local\Temp\\setup845194372.exe <==== ATTENTION
Task: {289D4207-2D96-47E8-977A-86FEC4093B70} - System32\Tasks\69404464 => C:\Users\Owner\AppData\Local\Temp\\setup4099077816.exe <==== ATTENTION
Task: {5D3BD67D-E18C-4C69-880F-3AA95EE9BB4F} - System32\Tasks\2b9f7ef8 => C:\Users\Owner\AppData\Local\Temp\\setup731873016.exe <==== ATTENTION
Task: {638B6E17-94EB-4093-8C88-E7F472175258} - System32\Tasks\4ed51aa0 => C:\Users\Owner\AppData\Local\Temp\\setup437132832.exe <==== ATTENTION
Task: {64DD2E96-C4B8-4E18-8D36-72544739F6EA} - System32\Tasks\7bd04b60 => C:\Users\Owner\AppData\Local\Temp\\setup1191792352.exe <==== ATTENTION
Task: {7D0B3D9E-25EE-4A0B-B43D-6B5F093D6339} - System32\Tasks\471fc6a8 => C:\Users\Owner\AppData\Local\Temp\\setup307808808.exe <==== ATTENTION
Task: {81D7DFF0-DCCD-4A68-94B8-CF1F486BC97A} - System32\Tasks\ec1d7bd4 => C:\Users\Owner\AppData\Local\Temp\\setup3075893544.exe <==== ATTENTION
Task: {88AE72CE-71D6-4131-AAC3-DD3132F47178} - System32\Tasks\5cc16f94 => C:\Users\Owner\AppData\Local\Temp\\setup1291538448.exe <==== ATTENTION
Task: {A5F3EEBF-A2F2-4CA2-97BF-F62A92C9D09F} - System32\Tasks\7573361c => C:\Users\Owner\AppData\Local\Temp\\setup1085028764.exe <==== ATTENTION
Task: {BDFCE513-72FA-43AA-96EC-68300A8BDBC4} - System32\Tasks\41d9645c => C:\Users\Owner\AppData\Local\Temp\\setup3129333340.exe <==== ATTENTION
Task: {BF354FAF-7D5F-4066-BD2A-14D5157F5640} - System32\Tasks\1f76a5c0 => C:\Users\Owner\AppData\Local\Temp\\setup3937374996.exe <==== ATTENTION
Task: {C080B646-BD9B-40FC-BAE2-BF1F60742271} - System32\Tasks\4704 => Wscript.exe C:\Users\Owner\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {C618024F-EFC9-40F6-B730-576BC19782B2} - System32\Tasks\7f8539c4 => C:\Users\Owner\AppData\Local\Temp\\setup1253975832.exe <==== ATTENTION
Task: {D52AC9CD-3184-486A-9054-FA180CAC9F81} - System32\Tasks\48b0fc00 => C:\Users\Owner\AppData\Local\Temp\\setup4206617504.exe <==== ATTENTION
Task: {D716852E-1BCC-442D-93EE-82FE89FC7519} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: {D79E2D4D-4D56-43A2-A2B5-280DD23AE663} - System32\Tasks\c53ae644 => C:\Users\Owner\AppData\Local\Temp\\setup652597912.exe <==== ATTENTION
Task: C:\Windows\Tasks\Dealply.job => C:\Users\Owner\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
*****************

[2376] C:\Program Files (x86)\GamesBar\update\SearchEngineProtection.exe => Process closed successfully.
[2196] C:\Program Files (x86)\Shareaza Applications\MediaBar\Datamngr\datamngrUI.exe => Process closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\DATAMNGR => value deleted successfully.
HKU\S-1-5-21-179166284-1700762968-3849658672-1000\Software\Microsoft\Windows\CurrentVersion\Run\\SearchEngineProtection => value deleted successfully.
HKU\S-1-5-21-179166284-1700762968-3849658672-1000\Software\Microsoft\Windows\CurrentVersion\Run\\TBHostSupport => value deleted successfully.
"C:\PROGRA~2\SHAREA~1\MediaBar\Datamngr\x64\datamngr.dll" => Value Data removed successfully.
"C:\PROGRA~2\SHAREA~1\MediaBar\Datamngr\x64\IEBHO.dll" => Value Data removed successfully.
"C:\PROGRA~2\SW-BOO~1\ASSIST~2.DLL" => Value Data removed successfully.
"c:\progra~2\sharea~1\mediabar\datamngr\datamngr.dll" => Value Data removed successfully.
"c:\progra~2\sharea~1\mediabar\datamngr\iebho.dll" => Value Data removed successfully.
"c:\progra~2\sw-boo~1\assist~1.dll" => Value Data removed successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe => Moved successfully.
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe (Leader Technologies not found.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} => value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} => value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{05478A66-EDB6-4A22-A870-A5987F80A7DA} => Value not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}' => Key deleted successfully.
'HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}' => Key deleted successfully.
'HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}' => Key deleted successfully.
'HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD23}' => Key deleted successfully.
'HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD23}'=> Key not found.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}'=> Key not found.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}'=> Key not found.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD23}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD23}'=> Key not found.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}'=> Key not found.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{05478A66-EDB6-4A22-A870-A5987F80A7DA}'=> Key not found.
'HKCR\Wow6432Node\CLSID\{05478A66-EDB6-4A22-A870-A5987F80A7DA}'=> Key not found.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0EEDB912-C5FA-486F-8334-57288578C627}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{0EEDB912-C5FA-486F-8334-57288578C627}'=> Key not found.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011441193}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{11111111-1111-1111-1111-110011441193}'=> Key not found.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C236565-050C-9586-76E0-621F60838C79}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{2C236565-050C-9586-76E0-621F60838C79}' => Key deleted successfully.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}' => Key deleted successfully.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2}'=> Key not found.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}'=> Key not found.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}'=> Key not found.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d48c9ead-f59f-4dea-ac97-7065fea79f42}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{d48c9ead-f59f-4dea-ac97-7065fea79f42}'=> Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
'HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}' => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{05478A66-EDB6-4A22-A870-A5987F80A7DA} => Value not found.
'HKCR\CLSID\{05478A66-EDB6-4A22-A870-A5987F80A7DA}'=> Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully.
'HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}'=> Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} => value deleted successfully.
'HKCR\Wow6432Node\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}'=> Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} => value deleted successfully.
'HKCR\Wow6432Node\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}'=> Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{ba14329e-9550-4989-b3f2-9732e92d17cc} => value deleted successfully.
'HKCR\Wow6432Node\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}'=> Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{A531D99C-5A22-449b-83DA-872725C6D0ED} => value deleted successfully.
'HKCR\Wow6432Node\CLSID\{A531D99C-5A22-449b-83DA-872725C6D0ED}'=> Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{d48c9ead-f59f-4dea-ac97-7065fea79f42} => value deleted successfully.
'HKCR\Wow6432Node\CLSID\{d48c9ead-f59f-4dea-ac97-7065fea79f42}'=> Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{05478A66-EDB6-4A22-A870-A5987F80A7DA} => Value not found.
'HKCR\Wow6432Node\CLSID\{05478A66-EDB6-4A22-A870-A5987F80A7DA}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
'HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} => value deleted successfully.
'HKCR\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}'=> Key not found.
'HKLM\SOFTWARE\Policies\Google' => Key deleted successfully.
'HKCU\SOFTWARE\Policies\Google' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{03E018AA-5DB7-4BDF-AD31-9C3A9C593481}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{03E018AA-5DB7-4BDF-AD31-9C3A9C593481}' => Key deleted successfully.
C:\Windows\System32\Tasks\Dealply => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dealply' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{115E6B96-E34D-42EA-B6F8-51A5D6B669DC}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{115E6B96-E34D-42EA-B6F8-51A5D6B669DC}' => Key deleted successfully.
C:\Windows\System32\Tasks\da59223c => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\da59223c' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1FE1297E-9315-4026-A9A3-FBB3481601FC}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1FE1297E-9315-4026-A9A3-FBB3481601FC}' => Key deleted successfully.
C:\Windows\System32\Tasks\6727a104 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\6727a104' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{289D4207-2D96-47E8-977A-86FEC4093B70}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{289D4207-2D96-47E8-977A-86FEC4093B70}' => Key deleted successfully.
C:\Windows\System32\Tasks\69404464 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\69404464' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5D3BD67D-E18C-4C69-880F-3AA95EE9BB4F}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D3BD67D-E18C-4C69-880F-3AA95EE9BB4F}' => Key deleted successfully.
C:\Windows\System32\Tasks\2b9f7ef8 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\2b9f7ef8' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{638B6E17-94EB-4093-8C88-E7F472175258}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{638B6E17-94EB-4093-8C88-E7F472175258}' => Key deleted successfully.
C:\Windows\System32\Tasks\4ed51aa0 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4ed51aa0' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{64DD2E96-C4B8-4E18-8D36-72544739F6EA}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{64DD2E96-C4B8-4E18-8D36-72544739F6EA}' => Key deleted successfully.
C:\Windows\System32\Tasks\7bd04b60 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\7bd04b60' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7D0B3D9E-25EE-4A0B-B43D-6B5F093D6339}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7D0B3D9E-25EE-4A0B-B43D-6B5F093D6339}' => Key deleted successfully.
C:\Windows\System32\Tasks\471fc6a8 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\471fc6a8' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{81D7DFF0-DCCD-4A68-94B8-CF1F486BC97A}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{81D7DFF0-DCCD-4A68-94B8-CF1F486BC97A}' => Key deleted successfully.
C:\Windows\System32\Tasks\ec1d7bd4 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ec1d7bd4' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{88AE72CE-71D6-4131-AAC3-DD3132F47178}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{88AE72CE-71D6-4131-AAC3-DD3132F47178}' => Key deleted successfully.
C:\Windows\System32\Tasks\5cc16f94 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\5cc16f94' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A5F3EEBF-A2F2-4CA2-97BF-F62A92C9D09F}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A5F3EEBF-A2F2-4CA2-97BF-F62A92C9D09F}' => Key deleted successfully.
C:\Windows\System32\Tasks\7573361c => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\7573361c' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BDFCE513-72FA-43AA-96EC-68300A8BDBC4}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BDFCE513-72FA-43AA-96EC-68300A8BDBC4}' => Key deleted successfully.
C:\Windows\System32\Tasks\41d9645c => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\41d9645c' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BF354FAF-7D5F-4066-BD2A-14D5157F5640}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF354FAF-7D5F-4066-BD2A-14D5157F5640}' => Key deleted successfully.
C:\Windows\System32\Tasks\1f76a5c0 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1f76a5c0' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C080B646-BD9B-40FC-BAE2-BF1F60742271}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C080B646-BD9B-40FC-BAE2-BF1F60742271}' => Key deleted successfully.
C:\Windows\System32\Tasks\4704 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4704' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C618024F-EFC9-40F6-B730-576BC19782B2}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C618024F-EFC9-40F6-B730-576BC19782B2}' => Key deleted successfully.
C:\Windows\System32\Tasks\7f8539c4 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\7f8539c4' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D52AC9CD-3184-486A-9054-FA180CAC9F81}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D52AC9CD-3184-486A-9054-FA180CAC9F81}' => Key deleted successfully.
C:\Windows\System32\Tasks\48b0fc00 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\48b0fc00' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D716852E-1BCC-442D-93EE-82FE89FC7519}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D716852E-1BCC-442D-93EE-82FE89FC7519}' => Key deleted successfully.
C:\Windows\System32\Tasks\0 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D79E2D4D-4D56-43A2-A2B5-280DD23AE663}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D79E2D4D-4D56-43A2-A2B5-280DD23AE663}' => Key deleted successfully.
C:\Windows\System32\Tasks\c53ae644 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\c53ae644' => Key deleted successfully.
C:\Windows\Tasks\Dealply.job => Moved successfully.

==== End of Fixlog ====

 

[gigglepot]

Ooops, I went to download AdwCleaner and instead of clicking on the blue download button, I clicked the big green one......which isn't AdwCleaner, it was Winzip Malware Protector. I realized my mistake when there was nothing that said AdwCleaner when it was running. I stopped the scan and deleted the program from Control Panel. Hope I didn't mess things up.

 

[gigglepot]

Here is the AdwCleaner[R0].txt file. The only thing I see that I'd want to keep is the Vuze and uTorrent programs. But if it's easier for you, I can always just reinstall it if I ever need it again. I see all those bad malware files that I was talking about in my original request!!!!


# AdwCleaner v3.212 - Report created 06/06/2014 at 11:52:12
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Owner - OWNER-HP
# Running from : C:\Users\Owner\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage
File Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal
File Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fastcontent.conduit.com_0.localstorage
File Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fastcontent.conduit.com_0.localstorage-journal
File Found : C:\Users\Owner\AppData\Local\Google\Chrome\user data\default\local storage\hxxp_pricegong.conduitapps.com_0.localstorage
File Found : C:\Users\Owner\AppData\Local\Google\Chrome\user data\default\local storage\hxxp_pricegong.conduitapps.com_0.localstorage-journal
File Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage
File Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage-journal
File Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Found : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mwu17sic.default\searchplugins\metaCrawler.xml
Folder Found : C:\Program Files (x86)\AlllCheapPriceo
Folder Found : C:\Program Files (x86)\alotappbar
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\ConduitEngine
Folder Found : C:\Program Files (x86)\GamesBar
Folder Found : C:\Program Files (x86)\glindorus
Folder Found : C:\Program Files (x86)\saave net
Folder Found : C:\Program Files (x86)\saavee onett
Folder Found : C:\Program Files (x86)\save neT
Folder Found : C:\Program Files (x86)\SAve net
Folder Found : C:\Program Files (x86)\SeaRuCH-uNEowTab
Folder Found : C:\Program Files (x86)\SW-Booster
Folder Found : C:\Program Files (x86)\uTorrentBar
Folder Found : C:\Program Files (x86)\Vuze
Folder Found : C:\Program Files (x86)\YoutubeAdblocker
Folder Found : C:\ProgramData\AlllCheapPriceo
Folder Found : C:\ProgramData\apn
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\ExsttraSSaevinags
Folder Found : C:\ProgramData\saave net
Folder Found : C:\ProgramData\saavee onett
Folder Found : C:\ProgramData\save neT
Folder Found : C:\ProgramData\SAve net
Folder Found : C:\ProgramData\SeaRuCH-uNEowTab
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\ProgramData\YoutubeAdblocker
Folder Found : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\enekehjgaaanjlpmlbcipoigpncjejlp
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikipapifkbcdpamlpjoomlcfbeopmhjk
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kljcpckmkjfjcncacblmkbeeibblkfph
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnodkiakfohbcpjjpodlnbmfmeddfeea
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmnofnnhckfmeelmncbocoabcggefgoh
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmebbfaopbbaeefhbhgfgdcganoifhje
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\olmcifmckodjahofoaagljdikbbfbmpp
Folder Found : C:\Users\Administrator\AppData\Local\torch
Folder Found : C:\Users\Guest\AppData\Local\Chromatic Browser
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\enekehjgaaanjlpmlbcipoigpncjejlp
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikipapifkbcdpamlpjoomlcfbeopmhjk
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kljcpckmkjfjcncacblmkbeeibblkfph
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnodkiakfohbcpjjpodlnbmfmeddfeea
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmnofnnhckfmeelmncbocoabcggefgoh
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmebbfaopbbaeefhbhgfgdcganoifhje
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\olmcifmckodjahofoaagljdikbbfbmpp
Folder Found : C:\Users\Guest\AppData\Local\torch
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\enekehjgaaanjlpmlbcipoigpncjejlp
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikipapifkbcdpamlpjoomlcfbeopmhjk
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\kljcpckmkjfjcncacblmkbeeibblkfph
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnodkiakfohbcpjjpodlnbmfmeddfeea
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmnofnnhckfmeelmncbocoabcggefgoh
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmebbfaopbbaeefhbhgfgdcganoifhje
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\olmcifmckodjahofoaagljdikbbfbmpp
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\torch
Folder Found : C:\Users\Owner\AppData\Local\apn
Folder Found : C:\Users\Owner\AppData\Local\Chromatic Browser
Folder Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\enekehjgaaanjlpmlbcipoigpncjejlp
Folder Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\iehjklkgijkjfcfmmjmjlmcccholamaf
Folder Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmeaffalpajefneffnmeajimmaidnfic
Folder Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmnofnnhckfmeelmncbocoabcggefgoh
Folder Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmebbfaopbbaeefhbhgfgdcganoifhje
Folder Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\olmcifmckodjahofoaagljdikbbfbmpp
Folder Found : C:\Users\Owner\AppData\Local\jZip
Folder Found : C:\Users\Owner\AppData\Local\NativeMessaging
Folder Found : C:\Users\Owner\AppData\Local\PackageAware
Folder Found : C:\Users\Owner\AppData\Local\Slick Savings
Folder Found : C:\Users\Owner\AppData\Local\SwvUpdater
Folder Found : C:\Users\Owner\AppData\Local\TBHostSupport
Folder Found : C:\Users\Owner\AppData\Local\Temp\jZip
Folder Found : C:\Users\Owner\AppData\Local\torch
Folder Found : C:\Users\Owner\AppData\Local\WhiteListing
Folder Found : C:\Users\Owner\AppData\Local\Zoom_Downloader
Folder Found : C:\Users\Owner\AppData\LocalLow\alotappbar
Folder Found : C:\Users\Owner\AppData\LocalLow\Conduit
Folder Found : C:\Users\Owner\AppData\LocalLow\ConduitEngine
Folder Found : C:\Users\Owner\AppData\LocalLow\mediabarsh
Folder Found : C:\Users\Owner\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Owner\AppData\LocalLow\uTorrentBar
Folder Found : C:\Users\Owner\AppData\LocalLow\Vuze_Remote
Folder Found : C:\Users\Owner\AppData\LocalLow\Vuze_Remote
Folder Found : C:\Users\Owner\AppData\Roaming\DealPly
Folder Found : C:\Users\Owner\AppData\Roaming\EZDownloader

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKCU\Software\AppDataLow\Software\alotAppbar
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\conduitEngine
Key Found : HKCU\Software\AppDataLow\Software\conduitEngine
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\Search Settings
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Software\uTorrentBar
Key Found : HKCU\Software\AppDataLow\Software\Vuze_Remote
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\Google\Chrome\Extensions\iehjklkgijkjfcfmmjmjlmcccholamaf
Key Found : HKCU\Software\installedbrowserextensions
Key Found : HKCU\Software\jZip
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{18466FA8-6950-4810-AB97-C5F873A77976}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B289A7A8-C712-4F25-B853-F38A92E7D51E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Found : HKCU\Software\Myfree Codec
Key Found : HKCU\Software\RegisteredApplicationsEx
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : [x64] HKCU\Software\APN PIP
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\DataMngr
Key Found : [x64] HKCU\Software\installedbrowserextensions
Key Found : [x64] HKCU\Software\jZip
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : [x64] HKCU\Software\Myfree Codec
Key Found : [x64] HKCU\Software\RegisteredApplicationsEx
Key Found : [x64] HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\Software\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Found : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Found : HKLM\SOFTWARE\Classes\AllCheapPruice.AllCheapPruice
Key Found : HKLM\SOFTWARE\Classes\AllCheapPruice.AllCheapPruice.5.2
Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Key Found : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Key Found : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
Key Found : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{020D5752-97B7-4FB3-A8C6-EA2F49E697A1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02C19EA4-445E-4E4E-A297-B91D42E4B805}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18466FA8-6950-4810-AB97-C5F873A77976}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220022442293}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220022442293}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2656B92B-0207-4AFB-BEBF-F5FD231ECD39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{34CB0620-E343-4772-BBA8-D3074BC47516}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3A035436-E66D-451B-A399-FFA7A7BA45C1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{412CD209-DDA4-4275-8C79-55F1C93FBD47}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{59570C1F-B692-48C9-91B4-7809E6945287}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{63A0F7FA-2C95-4D7E-AF25-EFCC303D20A1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6559E502-6EE1-46B8-A83C-F3A45BDA23EE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A2858A72-758F-4486-B6A1-7F1DCC0924FA}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B289A7A8-C712-4F25-B853-F38A92E7D51E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C63CA8A4-AB4E-49E5-A6C0-33FC86D80205}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C6A7847E-8931-4A9A-B4EF-72A91E3CCF4D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CFC4F59B-A2DA-4E12-B337-52A4F871E10C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D097398C-07F0-417F-AB38-2DE0608BFFC2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DCC3EA68-865C-C326-AB56-9406BD99A7DF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DD0F1D24-E250-4E93-966C-65615720AEFB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EC1277BB-1C71-4C0D-BA6D-BFEA16E773A6}
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\DnsBHO.BHO
Key Found : HKLM\SOFTWARE\Classes\DnsBHO.BHO.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{02935083-33EF-43B3-BF55-00B5BA32B648}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055445593}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066446693}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{978BDA89-DD75-4490-BE6A-1143A15E2B02}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Found : HKLM\SOFTWARE\Classes\speedupmypc
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3298581
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{1282B8C1-6644-4A40-95A7-83D78C57AB7F}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{1FA7FC2D-1E2B-4220-A506-55B0CEE22DFD}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{252C2315-CCE0-4446-8DA7-C00292A690BA}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440044444493}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{F211F559-1508-45D4-96D7-C7736D57FDFA}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\conduitEngine
Key Found : HKLM\Software\conduitEngine
Key Found : HKLM\Software\GamesBarSetup
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\iehjklkgijkjfcfmmjmjlmcccholamaf
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4E42-A125-57C0A11DBCDE}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{340A637A-FD57-4D5E-B638-A1C11DF2D606}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{343263AB-D732-4066-A274-4A487A07F108}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3614D305-2DBB-4991-9297-750DD60FFC73}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{38250339-75A4-4A1F-89FB-D5500A2F83D1}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{38250339-75A4-4A1F-89FB-D5500A2F83D1}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8AA47BBA-C44C-4C27-A0FF-D01EC395B871}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A662A68D-779F-4D07-BF21-5F705BA62931}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C42103E4-7D10-4CC9-B2B4-C546BCCF8706}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D48C9EAD-F59F-4DEA-AC97-7065FEA79F42}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\jZip_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\jZip_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_winmx-music_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_winmx-music_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_world-war_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_world-war_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02C19EA4-445E-4E4E-A297-B91D42E4B805}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3A035436-E66D-451B-A399-FFA7A7BA45C1}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DCC3EA68-865C-C326-AB56-9406BD99A7DF}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{d0e87c27}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7DD5E91C-3864-77EC-7635-D14910C2A03E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\alotAppbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar Toolbar
Key Found : HKLM\Software\Myfree Codec
Key Found : HKLM\Software\Uniblue
Key Found : HKLM\Software\Uniblue\DriverScanner
Key Found : HKLM\Software\uTorrentBar
Key Found : HKLM\Software\Vuze_Remote
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{020D5752-97B7-4FB3-A8C6-EA2F49E697A1}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{CFC4F59B-A2DA-4E12-B337-52A4F871E10C}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{D097398C-07F0-417F-AB38-2DE0608BFFC2}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{DCC3EA68-865C-C326-AB56-9406BD99A7DF}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{02935083-33EF-43B3-BF55-00B5BA32B648}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055445593}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066446693}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{978BDA89-DD75-4490-BE6A-1143A15E2B02}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : [x64] HKLM\SOFTWARE\Tarma Installer

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16545


-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mwu17sic.default\prefs.js ]

Line Found : user_pref("browser.search.defaultenginename,S", "WebSearch");
Line Found : user_pref("browser.search.order.1,S", "WebSearch");
Line Found : user_pref("browser.search.selectedEngine,S", "WebSearch");
Line Found : user_pref("extensions.Wymm.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.ne[...]

-\\ Google Chrome v34.0.1847.131

[ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=FWV5&o=14193&locale=en_US&apn_uid=74257dda-9a9f-4b97-998b-2471219e8321&apn_ptnrs=FM&apn_sauid=74B60A81-8307-44C5-9804-8F2015970982&apn_dtid=TES002UPCA&q={searchTerms}
Found [Search Provider] : hxxp://dts.search-results.com/sr?src=crb&gct=ds&appid=110&systemid=102&apn_dtid=BND102&apn_ptnrs=AG7&o=APN10646&apn_uid=0225276324554132&q={searchTerms}
Found [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN26275512576593021&ctid=CT3298581&UM=2
Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Found [Search Provider] : hxxp://www.metacrawler.com/info.metac.psp/search/web?q={searchTerms}
Found [Search Provider] : hxxp://websearch.eazytosearch.info/?l=1&q={searchTerms}&pid=724&r=2014/05/12&hid=17791081079239329585&lg=EN&cc=CA
Found [Extension] : enekehjgaaanjlpmlbcipoigpncjejlp
Found [Extension] : fjoijdanhaiflhibkljeklcghcmmfffh
Found [Extension] : iehjklkgijkjfcfmmjmjlmcccholamaf
Found [Extension] : ikipapifkbcdpamlpjoomlcfbeopmhjk
Found [Extension] : kljcpckmkjfjcncacblmkbeeibblkfph
Found [Extension] : lmeaffalpajefneffnmeajimmaidnfic
Found [Extension] : lnodkiakfohbcpjjpodlnbmfmeddfeea
Found [Extension] : mhkaekfpcppmmioggniknbnbdbcigpkk
Found [Extension] : mmnofnnhckfmeelmncbocoabcggefgoh
Found [Extension] : nmebbfaopbbaeefhbhgfgdcganoifhje
Found [Extension] : olmcifmckodjahofoaagljdikbbfbmpp

*************************

AdwCleaner[R0].txt - [25799 octets] - [06/06/2014 11:38:42]
AdwCleaner[R1].txt - [25606 octets] - [06/06/2014 11:52:12]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [25667 octets] ##########

 

[gigglepot]

Here is the FRST.txt file:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-06-2014
Ran by Owner (administrator) on OWNER-HP on 06-06-2014 11:59:06
Running from C:\Users\Owner\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Saitek) C:\Program Files\SmartTechnology\Software\ProfilerU.exe
(Saitek) C:\Program Files\SmartTechnology\Software\SaiMfd.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Akamai Technologies, Inc.) C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
(Pelmorex Media Inc.) C:\Users\Owner\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Akamai Technologies, Inc.) C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
(PowerISO Computing, Inc.) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ProfilerU] => C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2013-04-16] (Saitek)
HKLM\...\Run: [SaiMfd] => C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2013-04-16] (Saitek)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-05-06] (PDF Complete Inc)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [180224 2010-04-12] (PowerISO Computing, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-27] (Microsoft Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [380088 2012-07-27] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-14] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3888648 2014-05-23] (AVAST Software)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKU\S-1-5-21-179166284-1700762968-3849658672-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-179166284-1700762968-3849658672-1000\...\Run: [WeatherEye] => C:\Users\Owner\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe [309104 2010-09-21] (Pelmorex Media Inc.)
HKU\S-1-5-21-179166284-1700762968-3849658672-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564992 2014-02-14] (Samsung)
HKU\S-1-5-21-179166284-1700762968-3849658672-1000\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-07-17] (Samsung Electronics)
HKU\S-1-5-21-179166284-1700762968-3849658672-1000\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-02-14] (Samsung)
HKU\S-1-5-21-179166284-1700762968-3849658672-1000\...\MountPoints2: F - F:\DisneySplash.exe
AppInit_DLLs-x32: ,c:\progra~2\citrix\icacli~1\rshook.dll => C:\Program Files (x86)\Citrix\ICA Client\RSHook.dll [257208 2012-07-27] (Citrix Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe (Leader Technologies)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ca.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://ca.yahoo.com?fr=hp-avast&type=avastbcl
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB1FF8B4D93E0CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://ca.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://ca.yahoo.com?fr=hp-avast&type=avastbcl
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/706-111074-26712-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKLM-x32 - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = http://ca.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = http://ca.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/706-111074-26712-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKCU - DefaultScope {EC1B0DA3-6867-45AE-80BB-F8666CF8B271} URL = http://www.metacrawler.com/search/web?q={searchTerms}
SearchScopes: HKCU - {190EAB21-2083-42D6-83C7-DDE3C907E5C7} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}
SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = http://ca.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
SearchScopes: HKCU - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL =
SearchScopes: HKCU - {EC1B0DA3-6867-45AE-80BB-F8666CF8B271} URL = http://www.metacrawler.com/search/web?q={searchTerms}
BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
DPF: HKLM-x32 {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Plants%20vs.%20Zombies/Images/stg_drm.ocx
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://www.photolab.ca/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: HKLM-x32 {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/Plants%20vs.%20Zombies/Images/armhelper.ocx
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mwu17sic.default
FF NewTab: www.kijiji.ca
FF DefaultSearchEngine: Yahoo!
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "WebSearch");: user_pref("browser.search.order.1,S", "WebSearch");
FF SelectedSearchEngine: Yahoo!
FF Homepage: hxxp://calgary.kijiji.ca/
FF Keyword.URL: hxxp://ca.yhs4.search.yahoo.com/yhs/search
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Citrix.com/npican - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @nsroblox.roblox.com/launcher - C:\Users\Owner\AppData\Local\Roblox\Versions\version-e4be089b108348a6\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mwu17sic.default\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mwu17sic.default\searchplugins\metacrawler-search.xml
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mwu17sic.default\searchplugins\metacrawler.xml
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mwu17sic.default\searchplugins\yahoo-avast.xml
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mwu17sic.default\searchplugins\yahoo_ff.xml
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-05-15]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-05-15]

Chrome:
=======
CHR HomePage: https://ca.yahoo.com?fr=hp-avast&type=avastbcl
CHR RestoreOnStartup: "https://ca.yahoo.com?fr=hp-avast&type=avastbcl"
CHR StartupUrls: "https://ca.yahoo.com?fr=hp-avast&type=avastbcl"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Citrix ICA Client) - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR Plugin: (Windows Live? Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Roblox Launcher Plugin) - C:\Users\Owner\AppData\Local\Roblox\Versions\version-1a23fdbca04d4954\\NPRobloxProxy.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-06-29]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-16]
CHR Extension: (save neT) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\enekehjgaaanjlpmlbcipoigpncjejlp [2014-05-12]
CHR Extension: (MixiDJ V45) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\iehjklkgijkjfcfmmjmjlmcccholamaf [2013-08-13]
CHR Extension: (RobOSaveer) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmamejgjjfphnlodkkomcaicecpcdhm [2014-05-19]
CHR Extension: (NNextCoUp) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\llenmfobpkcbohomijckfhhehblnlilb [2014-05-22]
CHR Extension: (DealExpreesSe) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmeaffalpajefneffnmeajimmaidnfic [2014-05-25]
CHR Extension: (BuestSaveForYOu) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhlgfbhpfpbbbkdiggmpoddgpmolpkck [2014-06-02]
CHR Extension: (Ghostery) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-05-12]
CHR Extension: (SeaRuCH-uNEowTab) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmnofnnhckfmeelmncbocoabcggefgoh [2014-05-12]
CHR Extension: (save neT) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmebbfaopbbaeefhbhgfgdcganoifhje [2014-05-15]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-23]
CHR Extension: (save nEiT) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\olmcifmckodjahofoaagljdikbbfbmpp [2014-05-12]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-06-29]
CHR HKCU\...\Chrome\Extension: [iehjklkgijkjfcfmmjmjlmcccholamaf] - C:\Users\Owner\AppData\Local\CRE\iehjklkgijkjfcfmmjmjlmcccholamaf.crx [2013-08-07]
CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx [2013-08-07]
CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\ErrorAssistant_1.2.crx [2013-08-07]
CHR HKLM-x32\...\Chrome\Extension: [iehjklkgijkjfcfmmjmjlmcccholamaf] - C:\Users\Owner\AppData\Local\CRE\iehjklkgijkjfcfmmjmjlmcccholamaf.crx [2013-08-07]
CHR HKLM-x32\...\Chrome\Extension: [pbkdpahkifcigckmhiafindmaflfifgm] - C:\Users\Owner\AppData\Local\Coupon Companion\Chrome\Coupon Companion.crx [2013-08-07]
CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx [2013-08-07]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-23] (AVAST Software)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-27] (Microsoft Corp.)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-03-16] (WildTangent)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-05-06] (PDF Complete Inc)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [974016 2014-03-02] ()
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]

==================== Drivers (Whitelisted) ====================

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-04-23] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-23] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-23] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-23] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-04-23] ()
S3 SaiH0464; C:\Windows\System32\DRIVERS\SaiH0464.sys [178432 2008-03-31] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-30] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-06 11:39 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-06 11:38 - 2014-06-06 11:52 - 00000000 ____D () C:\AdwCleaner
2014-06-06 11:37 - 2014-06-06 11:38 - 01333465 _____ () C:\Users\Owner\Desktop\AdwCleaner.exe
2014-06-06 11:36 - 2014-06-06 11:36 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Nico Mak Computing
2014-06-06 11:35 - 2014-06-06 11:36 - 04892480 _____ (WinZip International LLC ) C:\Users\Owner\Desktop\wzmp_8.exe
2014-06-06 11:32 - 2014-06-06 11:32 - 00000000 ____D () C:\Users\Owner\Desktop\FRST-OlderVersion
2014-06-06 11:25 - 2014-06-06 11:25 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1
2014-06-06 10:59 - 2014-06-06 11:03 - 21782824 _____ (FrostWire LLC) C:\Users\Owner\Desktop\frostwire-5.7.3.windows.exe
2014-06-06 07:32 - 2014-06-06 07:33 - 00000000 ____D () C:\Users\Owner\AppData\Local\{C0493E59-F699-492A-9327-20733DB7DD0F}
2014-06-05 19:31 - 2014-06-05 19:31 - 00000000 ____D () C:\Users\Owner\AppData\Local\{2E19225A-29C1-4F94-B291-B41B1AD5FD56}
2014-06-05 09:50 - 2014-06-05 09:50 - 00053382 _____ () C:\Users\Owner\Desktop\Addition.txt
2014-06-05 09:48 - 2014-06-06 11:59 - 00030689 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-06-05 09:48 - 2014-06-06 11:59 - 00000000 ____D () C:\FRST
2014-06-05 09:47 - 2014-06-06 11:32 - 02072576 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2014-06-05 09:41 - 2014-06-05 09:41 - 00000526 _____ () C:\Users\Owner\Desktop\MBR.zip
2014-06-05 09:38 - 2014-06-05 09:38 - 00001988 _____ () C:\Users\Owner\Desktop\aswMBR.txt
2014-06-05 09:38 - 2014-06-05 09:38 - 00000512 _____ () C:\Users\Owner\Desktop\MBR.dat
2014-06-05 07:31 - 2014-06-05 07:31 - 00000000 ____D () C:\Users\Owner\AppData\Local\{CE4BE556-A269-4B46-B2A0-BF8D5B0DD392}
2014-06-05 07:16 - 2014-06-05 07:17 - 04745728 _____ (AVAST Software) C:\Users\Owner\Desktop\aswMBR.exe
2014-06-05 06:50 - 2014-06-05 06:50 - 00854367 _____ () C:\Users\Owner\Desktop\SecurityCheck.exe
2014-06-04 19:30 - 2014-06-04 19:30 - 00000000 ____D () C:\Users\Owner\AppData\Local\{C40631FE-151A-4518-8AD2-3913078B88E4}
2014-06-04 07:30 - 2014-06-04 07:30 - 00000000 ____D () C:\Users\Owner\AppData\Local\{2B5A88CC-9725-498E-90F5-2D2EB34CA220}
2014-06-04 05:47 - 2014-06-04 05:47 - 00000000 ____D () C:\Program Files (x86)\DowwnnSave
2014-06-03 19:28 - 2014-06-03 19:29 - 00000000 ____D () C:\Users\Owner\AppData\Local\{29CF0931-C75A-4839-9CA4-56BFFE6556D9}
2014-06-03 07:28 - 2014-06-03 07:28 - 00000000 ____D () C:\Users\Owner\AppData\Local\{604AB371-F7BD-4901-A66B-1AF810A85907}
2014-06-02 19:26 - 2014-06-02 19:27 - 00000000 ____D () C:\Users\Owner\AppData\Local\{3EE7FAEA-2474-4165-BD97-42661D3CA557}
2014-06-02 15:34 - 2014-06-05 06:38 - 00000000 ____D () C:\ProgramData\DowwnnSave
2014-06-02 07:25 - 2014-06-02 07:26 - 00000000 ____D () C:\Users\Owner\AppData\Local\{D1607A7F-0113-4467-976A-8A1AC4E9DD3B}
2014-06-01 19:24 - 2014-06-01 19:24 - 00000000 ____D () C:\Users\Owner\AppData\Local\{1C3DF919-F2B8-4E13-A821-A882F978CEC3}
2014-06-01 07:24 - 2014-06-01 07:24 - 00000000 ____D () C:\Users\Owner\AppData\Local\{AED18456-BE67-458D-93CB-46F35D81AA4C}
2014-05-31 19:09 - 2014-05-31 19:09 - 00000000 ____D () C:\Users\Owner\AppData\Local\{9D79D805-C73B-4F34-A6C2-ABABC6E5B642}
2014-05-31 07:09 - 2014-05-31 07:09 - 00000000 ____D () C:\Users\Owner\AppData\Local\{20306CD0-446B-411D-A959-1EA045D81C90}
2014-05-30 18:26 - 2014-05-30 18:26 - 00000000 ____D () C:\Users\Owner\AppData\Local\{68117BCC-A943-46E0-8069-7FDF5D175892}
2014-05-30 06:25 - 2014-05-30 06:26 - 00000000 ____D () C:\Users\Owner\AppData\Local\{466C8583-F82A-4F11-AF2E-5B22AD9F4573}
2014-05-29 18:19 - 2014-05-29 18:19 - 00000000 ____D () C:\Users\Owner\AppData\Local\{2C5CCA4D-18BC-4FFB-A6EF-054B88A99ED0}
2014-05-29 06:19 - 2014-05-29 06:19 - 00000000 ____D () C:\Users\Owner\AppData\Local\{11C136DC-26FF-45D3-900F-9635ADFC664D}
2014-05-28 10:18 - 2014-05-28 10:18 - 00000000 ____D () C:\Users\Owner\AppData\Local\{FF584924-6D5E-4A65-9610-BE980FF899BC}
2014-05-27 22:17 - 2014-05-27 22:17 - 00000000 ____D () C:\Users\Owner\AppData\Local\{49487722-3423-4531-853B-2BEB4B947E88}
2014-05-27 10:17 - 2014-05-27 10:17 - 00000000 ____D () C:\Users\Owner\AppData\Local\{E636AAC6-6DB0-4BCE-983D-18896D512C0F}
2014-05-27 06:30 - 2014-05-27 06:30 - 00000000 ____D () C:\Program Files (x86)\AlllCheapPriceo
2014-05-26 22:15 - 2014-05-26 22:16 - 00000000 ____D () C:\Users\Owner\AppData\Local\{F614D58E-DEE8-4744-AF3D-6C80AD404E2F}
2014-05-26 10:15 - 2014-05-26 10:15 - 00000000 ____D () C:\Users\Owner\AppData\Local\{00528024-D568-4FBE-9A42-7603CFA7B964}
2014-05-25 22:14 - 2014-05-25 22:14 - 00000000 ____D () C:\Users\Owner\AppData\Local\{033192FA-06D2-4C65-B9B9-464B619F57FA}
2014-05-25 20:34 - 2014-05-27 07:09 - 00000000 ____D () C:\ProgramData\AlllCheapPriceo
2014-05-25 20:34 - 2014-05-25 20:34 - 00000000 ____D () C:\Users\Owner\AppData\Local\Packages
2014-05-25 10:13 - 2014-05-25 10:13 - 00000000 ____D () C:\Users\Owner\AppData\Local\{24ECC140-1B93-42FB-B90F-138A987A6510}
2014-05-24 22:12 - 2014-05-24 22:12 - 00000000 ____D () C:\Users\Owner\AppData\Local\{3D3D4CE4-D0E2-4B0F-982E-9BAE798B09F7}
2014-05-24 10:12 - 2014-05-24 10:12 - 00000000 ____D () C:\Users\Owner\AppData\Local\{95180C63-5AB3-4C33-A5A5-B4825658850E}
2014-05-23 22:10 - 2014-05-23 22:11 - 00000000 ____D () C:\Users\Owner\AppData\Local\{2AC94C97-C269-4D12-B7A9-94E3DD1F2E0D}
2014-05-23 10:08 - 2014-05-23 10:09 - 00000000 ____D () C:\Users\Owner\AppData\Local\{CBAF96A7-23B5-47DE-931C-8A167E6F43D5}
2014-05-22 22:08 - 2014-05-22 22:08 - 00000000 ____D () C:\Users\Owner\AppData\Local\{06F2177B-C1F2-43D6-BA0B-19953DCE521C}
2014-05-22 10:08 - 2014-05-22 10:08 - 00000000 ____D () C:\Users\Owner\AppData\Local\{86A85726-B26D-4F8A-A3ED-E0050F478F82}
2014-05-22 06:40 - 2014-05-22 06:47 - 00000000 ____D () C:\ProgramData\NNextCoUp
2014-05-22 06:40 - 2014-05-22 06:40 - 02116320 _____ (their database support use requirements) C:\Windows\SysWOW64\setup.exe
2014-05-22 06:40 - 2014-05-22 06:40 - 00000000 ____D () C:\Program Files (x86)\NNextCoUp
2014-05-21 21:08 - 2014-05-21 21:09 - 00000000 ____D () C:\Users\Owner\AppData\Local\{1317234D-FDC9-4213-87CE-5759602D9B2D}
2014-05-21 09:08 - 2014-05-21 09:08 - 00000000 ____D () C:\Users\Owner\AppData\Local\{49300874-9A7E-4A27-A679-C2ED06036B19}
2014-05-20 21:07 - 2014-05-20 21:07 - 00000000 ____D () C:\Users\Owner\AppData\Local\{06C903EE-65AD-4FF9-AF4F-81D53CD84A60}
2014-05-20 09:06 - 2014-05-20 09:07 - 00000000 ____D () C:\Users\Owner\AppData\Local\{4ABE8DD2-E557-4C65-9B50-0BB27C593F9C}
2014-05-19 21:05 - 2014-05-19 21:05 - 00000000 ____D () C:\Users\Owner\AppData\Local\{A175EE99-9B6C-457A-B971-9E455076AC94}
2014-05-19 09:34 - 2014-05-19 09:34 - 00000000 ____D () C:\ProgramData\ExsttraSSaevinags
2014-05-19 09:04 - 2014-05-19 09:04 - 00000000 ____D () C:\Users\Owner\AppData\Local\{C283611C-4599-460A-B945-0BA443120110}
2014-05-18 21:03 - 2014-05-18 21:03 - 00000000 ____D () C:\Users\Owner\AppData\Local\{75F24BEB-34ED-481F-9505-48A67581FC7E}
2014-05-18 09:03 - 2014-05-18 09:03 - 00000000 ____D () C:\Users\Owner\AppData\Local\{91FA3E2F-DAF3-4677-BFDD-26CE80B99A61}
2014-05-17 21:01 - 2014-05-17 21:02 - 00000000 ____D () C:\Users\Owner\AppData\Local\{E92B2B6A-CBD1-4948-9247-ACD9C9A3E4B2}
2014-05-17 09:01 - 2014-05-17 09:01 - 00000000 ____D () C:\Users\Owner\AppData\Local\{E6848EF9-39D0-4D93-837C-50A431189EE4}
2014-05-16 21:01 - 2014-05-16 21:01 - 00000000 ____D () C:\Users\Owner\AppData\Local\{60338534-BDD6-466B-88CE-EBF7DD9482A4}
2014-05-16 09:00 - 2014-05-16 09:00 - 00000000 ____D () C:\Users\Owner\AppData\Local\{AFD1BB76-ED2B-4FEB-BF74-567D4DAA94A0}
2014-05-15 22:17 - 2014-05-05 18:46 - 17847808 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 22:17 - 2014-05-05 18:21 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 22:17 - 2014-05-05 18:21 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 22:17 - 2014-05-05 17:32 - 12347392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 22:17 - 2014-05-05 17:14 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 22:17 - 2014-05-05 17:14 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 20:58 - 2014-05-15 20:59 - 00000000 ____D () C:\Users\Owner\AppData\Local\{8D511BB9-9E9F-4AFA-9A58-6A7EA8EDA252}
2014-05-15 08:57 - 2014-05-15 08:58 - 00000000 ____D () C:\Users\Owner\AppData\Local\{D56D26A9-5717-4CAD-8EB0-5516A9148322}
2014-05-15 07:15 - 2014-05-09 00:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-15 07:15 - 2014-05-09 00:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-15 07:15 - 2014-03-24 20:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 07:15 - 2014-03-24 20:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-15 07:06 - 2014-04-11 20:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 07:06 - 2014-04-11 20:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 07:06 - 2014-04-11 20:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 07:06 - 2014-04-11 20:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 07:06 - 2014-04-11 20:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 07:06 - 2014-04-11 20:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 07:06 - 2014-04-11 20:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-15 07:06 - 2014-04-11 20:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-15 07:06 - 2014-04-11 20:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-15 07:06 - 2014-03-04 03:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 07:06 - 2014-03-04 03:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 07:06 - 2014-03-04 03:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 07:06 - 2014-03-04 03:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 07:06 - 2014-03-04 03:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 07:06 - 2014-03-04 03:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 07:06 - 2014-03-04 03:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 07:06 - 2014-03-04 03:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 07:06 - 2014-03-04 03:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-15 07:06 - 2014-03-04 03:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 07:06 - 2014-03-04 03:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-15 07:06 - 2014-03-04 03:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-15 07:06 - 2014-03-04 03:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-15 07:06 - 2014-03-04 03:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-15 07:06 - 2014-03-04 03:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 07:06 - 2014-03-04 03:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-15 07:06 - 2014-03-04 03:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-15 07:06 - 2014-03-04 03:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-15 07:06 - 2014-03-04 03:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-15 07:06 - 2014-03-04 03:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-15 07:06 - 2014-03-04 03:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-15 07:06 - 2014-03-04 03:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-15 07:06 - 2014-03-04 03:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-15 07:06 - 2014-03-04 03:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-15 07:06 - 2014-03-04 03:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-15 07:06 - 2014-03-04 03:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-15 07:06 - 2014-03-04 03:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-15 07:06 - 2014-03-04 03:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-15 07:06 - 2014-03-04 03:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-15 07:06 - 2014-03-04 03:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-15 07:06 - 2014-03-04 03:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-15 07:06 - 2014-03-04 03:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-15 07:00 - 2014-05-15 10:44 - 00000000 ____D () C:\Program Files\KMSpico
2014-05-15 07:00 - 2014-05-15 10:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2014-05-15 06:50 - 2014-05-22 06:41 - 00000000 ____D () C:\ProgramData\save neT
2014-05-15 06:50 - 2014-05-15 06:50 - 00000000 ____D () C:\Program Files (x86)\save neT
2014-05-15 06:42 - 2014-05-15 06:42 - 00000000 ____D () C:\ProgramData\saave net
2014-05-15 06:42 - 2014-05-15 06:42 - 00000000 ____D () C:\Program Files (x86)\saave net
2014-05-14 20:56 - 2014-05-14 20:56 - 00000000 ____D () C:\Users\Owner\AppData\Local\{94334CB5-5697-4C66-B936-B5A00A623129}
2014-05-14 08:55 - 2014-05-14 08:55 - 00000000 ____D () C:\Users\Owner\AppData\Local\{463C2A97-F156-4716-ADF2-F3C7CE673233}
2014-05-13 20:55 - 2014-05-13 20:55 - 00000000 ____D () C:\Users\Owner\AppData\Local\{DE1E6D13-0D11-4D72-8331-DF365C6EA668}
2014-05-13 08:54 - 2014-05-13 08:55 - 00000000 ____D () C:\Users\Owner\AppData\Local\{64AD5AC0-DC7C-4E64-9037-0CA6ECA6F1F6}
2014-05-12 20:53 - 2014-05-12 20:53 - 00000000 ____D () C:\Users\Owner\AppData\Local\{F85EA4EA-0331-4F9B-8BA8-406FF4201D81}
2014-05-12 12:16 - 2014-05-12 12:16 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\EZDownloader
2014-05-12 12:15 - 2014-05-15 06:28 - 00000000 ____D () C:\ProgramData\SeaRuCH-uNEowTab
2014-05-12 12:15 - 2014-05-12 12:15 - 00000000 ____D () C:\Program Files (x86)\SeaRuCH-uNEowTab
2014-05-12 12:13 - 2014-05-12 12:13 - 00000000 ____D () C:\ProgramData\saavee onett
2014-05-12 12:13 - 2014-05-12 12:13 - 00000000 ____D () C:\Program Files (x86)\saavee onett
2014-05-12 12:07 - 2014-05-12 12:07 - 00000000 ____D () C:\ProgramData\ItsMyApp
2014-05-12 12:06 - 2014-05-31 14:03 - 00000000 ____D () C:\Program Files (x86)\SW-Booster
2014-05-12 12:04 - 2014-05-22 10:48 - 00000000 ____D () C:\ProgramData\YoutubeAdblocker
2014-05-12 12:04 - 2014-05-14 06:33 - 00000000 ____D () C:\ProgramData\SAve net
2014-05-12 12:04 - 2014-05-12 12:04 - 00000000 ____D () C:\Program Files (x86)\YoutubeAdblocker
2014-05-12 12:04 - 2014-05-12 12:04 - 00000000 ____D () C:\Program Files (x86)\SAve net
2014-05-12 12:03 - 2014-06-04 05:47 - 00000000 ____D () C:\ProgramData\e13406c655b61ee0
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Owner\AppData\Local\Torch
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Owner\AppData\Local\Comodo
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Owner\AppData\Local\Chromatic Browser
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Guest
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Administrator
2014-05-12 12:01 - 2014-05-15 06:53 - 00000000 ____D () C:\ProgramData\InstallMate
2014-05-12 08:52 - 2014-05-12 08:52 - 00000000 ____D () C:\Users\Owner\AppData\Local\{7BB7E929-4BCE-4E18-B276-E67CA6EF034E}
2014-05-11 20:50 - 2014-05-11 20:51 - 00000000 ____D () C:\Users\Owner\AppData\Local\{1604A5B1-FD4F-486F-B347-C02083A8F075}
2014-05-11 08:50 - 2014-05-11 08:50 - 00000000 ____D () C:\Users\Owner\AppData\Local\{17DED07C-3454-47F0-8771-38C3DD9FD37C}
2014-05-10 20:50 - 2014-05-10 20:50 - 00000000 ____D () C:\Users\Owner\AppData\Local\{0A3770AA-82C7-41CD-B738-19C715022F10}
2014-05-10 09:59 - 2014-05-10 09:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-10 08:49 - 2014-05-10 08:49 - 00000000 ____D () C:\Users\Owner\AppData\Local\{341FE5A2-B22E-441E-BAEE-E317F66C0BAD}
2014-05-09 20:49 - 2014-05-09 20:49 - 00000000 ____D () C:\Users\Owner\AppData\Local\{9B39FF85-C47D-4EC3-98D6-A3BD01E4A7A5}
2014-05-09 08:48 - 2014-05-09 08:49 - 00000000 ____D () C:\Users\Owner\AppData\Local\{56141157-A8C2-4264-8AFF-E8232915E7FA}
2014-05-08 20:48 - 2014-05-08 20:48 - 00000000 ____D () C:\Users\Owner\AppData\Local\{646E5B60-DD6C-4C26-94A3-0893CAE2FDE7}
2014-05-08 08:47 - 2014-05-08 08:48 - 00000000 ____D () C:\Users\Owner\AppData\Local\{3C5AA9A2-6511-4087-9D19-6ACF3FC17A90}
2014-05-07 20:46 - 2014-05-07 20:47 - 00000000 ____D () C:\Users\Owner\AppData\Local\{708DB77E-A2CE-4D0F-A821-B520227C313C}
2014-05-07 08:46 - 2014-05-07 08:46 - 00000000 ____D () C:\Users\Owner\AppData\Local\{4FD3D5B2-E242-47AE-86FB-F3A70322FF2F}


Too long again, I'll post Part 2 next.....

 

[gigglepot]

Here is Part 2 of the FRST.txt file:

==================== One Month Modified Files and Folders =======

2014-06-06 11:59 - 2014-06-05 09:48 - 00030689 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-06-06 11:59 - 2014-06-05 09:48 - 00000000 ____D () C:\FRST
2014-06-06 11:59 - 2011-05-12 13:07 - 00000000 ____D () C:\Users\Owner\AppData\Local\Temp
2014-06-06 11:52 - 2014-06-06 11:38 - 00000000 ____D () C:\AdwCleaner
2014-06-06 11:49 - 2011-05-16 15:53 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Azureus
2014-06-06 11:39 - 2014-06-06 11:36 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Nico Mak Computing
2014-06-06 11:38 - 2014-06-06 11:37 - 01333465 _____ () C:\Users\Owner\Desktop\AdwCleaner.exe
2014-06-06 11:36 - 2014-06-06 11:35 - 04892480 _____ (WinZip International LLC ) C:\Users\Owner\Desktop\wzmp_8.exe
2014-06-06 11:32 - 2014-06-06 11:32 - 00000000 ____D () C:\Users\Owner\Desktop\FRST-OlderVersion
2014-06-06 11:32 - 2014-06-05 09:47 - 02072576 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2014-06-06 11:32 - 2009-07-13 21:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-06 11:27 - 2011-03-14 16:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eReaders
2014-06-06 11:25 - 2014-06-06 11:25 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1
2014-06-06 11:21 - 2013-03-19 20:43 - 00000000 ____D () C:\Users\Owner\AppData\Local\jZip
2014-06-06 11:18 - 2011-05-22 07:01 - 00000000 ____D () C:\Users\Owner\Documents\Lillian
2014-06-06 11:17 - 2011-05-16 15:51 - 00000000 ____D () C:\Program Files (x86)\uTorrentBar
2014-06-06 11:12 - 2011-07-25 16:20 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-06 11:03 - 2014-06-06 10:59 - 21782824 _____ (FrostWire LLC) C:\Users\Owner\Desktop\frostwire-5.7.3.windows.exe
2014-06-06 11:03 - 2013-12-12 07:54 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-06 10:56 - 2012-04-12 14:57 - 00000000 ____D () C:\Program Files (x86)\Shareaza Applications
2014-06-06 10:41 - 2012-04-12 15:00 - 00122368 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-06 10:40 - 2014-01-15 13:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shareaza
2014-06-06 10:35 - 2011-05-17 15:16 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\vlc
2014-06-06 08:40 - 2011-05-12 13:22 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{BF401F47-875B-4406-9B0C-8E70A5A1480F}
2014-06-06 07:33 - 2014-06-06 07:32 - 00000000 ____D () C:\Users\Owner\AppData\Local\{C0493E59-F699-492A-9327-20733DB7DD0F}
2014-06-06 07:23 - 2011-03-14 16:18 - 00000000 ____D () C:\ProgramData\PDFC
2014-06-06 06:29 - 2011-03-14 16:03 - 01500069 _____ () C:\Windows\WindowsUpdate.log
2014-06-06 06:28 - 2009-07-13 22:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-06 06:28 - 2009-07-13 22:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-06 06:22 - 2012-07-11 08:07 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-06-06 06:21 - 2011-07-25 16:20 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-06 06:21 - 2011-05-12 13:16 - 00000000 ____D () C:\Users\Owner\AppData\Local\VirtualStore
2014-06-06 06:21 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-06 06:21 - 2009-07-13 22:51 - 00177796 _____ () C:\Windows\setupact.log
2014-06-05 22:24 - 2011-06-01 11:34 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\SoftGrid Client
2014-06-05 19:31 - 2014-06-05 19:31 - 00000000 ____D () C:\Users\Owner\AppData\Local\{2E19225A-29C1-4F94-B291-B41B1AD5FD56}
2014-06-05 09:50 - 2014-06-05 09:50 - 00053382 _____ () C:\Users\Owner\Desktop\Addition.txt
2014-06-05 09:41 - 2014-06-05 09:41 - 00000526 _____ () C:\Users\Owner\Desktop\MBR.zip
2014-06-05 09:38 - 2014-06-05 09:38 - 00001988 _____ () C:\Users\Owner\Desktop\aswMBR.txt
2014-06-05 09:38 - 2014-06-05 09:38 - 00000512 _____ () C:\Users\Owner\Desktop\MBR.dat
2014-06-05 07:31 - 2014-06-05 07:31 - 00000000 ____D () C:\Users\Owner\AppData\Local\{CE4BE556-A269-4B46-B2A0-BF8D5B0DD392}
2014-06-05 07:17 - 2014-06-05 07:16 - 04745728 _____ (AVAST Software) C:\Users\Owner\Desktop\aswMBR.exe
2014-06-05 06:50 - 2014-06-05 06:50 - 00854367 _____ () C:\Users\Owner\Desktop\SecurityCheck.exe
2014-06-05 06:38 - 2014-06-02 15:34 - 00000000 ____D () C:\ProgramData\DowwnnSave
2014-06-04 19:30 - 2014-06-04 19:30 - 00000000 ____D () C:\Users\Owner\AppData\Local\{C40631FE-151A-4518-8AD2-3913078B88E4}
2014-06-04 14:59 - 2013-01-05 14:53 - 00000000 ____D () C:\Users\Owner\AppData\Local\Paint.NET
2014-06-04 07:30 - 2014-06-04 07:30 - 00000000 ____D () C:\Users\Owner\AppData\Local\{2B5A88CC-9725-498E-90F5-2D2EB34CA220}
2014-06-04 05:47 - 2014-06-04 05:47 - 00000000 ____D () C:\Program Files (x86)\DowwnnSave
2014-06-04 05:47 - 2014-05-12 12:03 - 00000000 ____D () C:\ProgramData\e13406c655b61ee0
2014-06-03 19:29 - 2014-06-03 19:28 - 00000000 ____D () C:\Users\Owner\AppData\Local\{29CF0931-C75A-4839-9CA4-56BFFE6556D9}
2014-06-03 15:44 - 2013-10-02 15:10 - 00000000 ____D () C:\Program Files (x86)\WarThunder
2014-06-03 12:53 - 2013-09-06 18:23 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForOwner
2014-06-03 12:53 - 2013-09-06 18:23 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForOwner.job
2014-06-03 07:28 - 2014-06-03 07:28 - 00000000 ____D () C:\Users\Owner\AppData\Local\{604AB371-F7BD-4901-A66B-1AF810A85907}
2014-06-03 06:21 - 2009-07-13 23:08 - 00032654 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-02 19:27 - 2014-06-02 19:26 - 00000000 ____D () C:\Users\Owner\AppData\Local\{3EE7FAEA-2474-4165-BD97-42661D3CA557}
2014-06-02 07:26 - 2014-06-02 07:25 - 00000000 ____D () C:\Users\Owner\AppData\Local\{D1607A7F-0113-4467-976A-8A1AC4E9DD3B}
2014-06-02 06:57 - 2011-05-15 17:36 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\HpUpdate
2014-06-02 06:57 - 2011-05-15 17:36 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\HP Support Assistant
2014-06-01 19:24 - 2014-06-01 19:24 - 00000000 ____D () C:\Users\Owner\AppData\Local\{1C3DF919-F2B8-4E13-A821-A882F978CEC3}
2014-06-01 07:24 - 2014-06-01 07:24 - 00000000 ____D () C:\Users\Owner\AppData\Local\{AED18456-BE67-458D-93CB-46F35D81AA4C}
2014-06-01 07:20 - 2011-03-14 18:17 - 00512922 _____ () C:\Windows\PFRO.log
2014-05-31 19:09 - 2014-05-31 19:09 - 00000000 ____D () C:\Users\Owner\AppData\Local\{9D79D805-C73B-4F34-A6C2-ABABC6E5B642}
2014-05-31 16:25 - 2011-06-04 16:13 - 00000000 ____D () C:\Users\Owner\AppData\Local\CrashDumps
2014-05-31 14:03 - 2014-05-12 12:06 - 00000000 ____D () C:\Program Files (x86)\SW-Booster
2014-05-31 07:09 - 2014-05-31 07:09 - 00000000 ____D () C:\Users\Owner\AppData\Local\{20306CD0-446B-411D-A959-1EA045D81C90}
2014-05-30 18:26 - 2014-05-30 18:26 - 00000000 ____D () C:\Users\Owner\AppData\Local\{68117BCC-A943-46E0-8069-7FDF5D175892}
2014-05-30 06:26 - 2014-05-30 06:25 - 00000000 ____D () C:\Users\Owner\AppData\Local\{466C8583-F82A-4F11-AF2E-5B22AD9F4573}
2014-05-29 18:25 - 2011-06-13 06:25 - 00003218 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForOWNER-HP$
2014-05-29 18:25 - 2011-06-13 06:25 - 00000342 _____ () C:\Windows\Tasks\HPCeeScheduleForOWNER-HP$.job
2014-05-29 18:19 - 2014-05-29 18:19 - 00000000 ____D () C:\Users\Owner\AppData\Local\{2C5CCA4D-18BC-4FFB-A6EF-054B88A99ED0}
2014-05-29 06:19 - 2014-05-29 06:19 - 00000000 ____D () C:\Users\Owner\AppData\Local\{11C136DC-26FF-45D3-900F-9635ADFC664D}
2014-05-28 10:18 - 2014-05-28 10:18 - 00000000 ____D () C:\Users\Owner\AppData\Local\{FF584924-6D5E-4A65-9610-BE980FF899BC}
2014-05-27 22:17 - 2014-05-27 22:17 - 00000000 ____D () C:\Users\Owner\AppData\Local\{49487722-3423-4531-853B-2BEB4B947E88}
2014-05-27 13:58 - 2013-11-14 07:59 - 00001097 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-27 13:47 - 2011-05-17 14:49 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\DVD Flick
2014-05-27 10:17 - 2014-05-27 10:17 - 00000000 ____D () C:\Users\Owner\AppData\Local\{E636AAC6-6DB0-4BCE-983D-18896D512C0F}
2014-05-27 07:09 - 2014-05-25 20:34 - 00000000 ____D () C:\ProgramData\AlllCheapPriceo
2014-05-27 06:30 - 2014-05-27 06:30 - 00000000 ____D () C:\Program Files (x86)\AlllCheapPriceo
2014-05-26 22:16 - 2014-05-26 22:15 - 00000000 ____D () C:\Users\Owner\AppData\Local\{F614D58E-DEE8-4744-AF3D-6C80AD404E2F}
2014-05-26 10:15 - 2014-05-26 10:15 - 00000000 ____D () C:\Users\Owner\AppData\Local\{00528024-D568-4FBE-9A42-7603CFA7B964}
2014-05-25 22:14 - 2014-05-25 22:14 - 00000000 ____D () C:\Users\Owner\AppData\Local\{033192FA-06D2-4C65-B9B9-464B619F57FA}
2014-05-25 20:34 - 2014-05-25 20:34 - 00000000 ____D () C:\Users\Owner\AppData\Local\Packages
2014-05-25 10:13 - 2014-05-25 10:13 - 00000000 ____D () C:\Users\Owner\AppData\Local\{24ECC140-1B93-42FB-B90F-138A987A6510}
2014-05-24 22:12 - 2014-05-24 22:12 - 00000000 ____D () C:\Users\Owner\AppData\Local\{3D3D4CE4-D0E2-4B0F-982E-9BAE798B09F7}
2014-05-24 10:12 - 2014-05-24 10:12 - 00000000 ____D () C:\Users\Owner\AppData\Local\{95180C63-5AB3-4C33-A5A5-B4825658850E}
2014-05-23 22:11 - 2014-05-23 22:10 - 00000000 ____D () C:\Users\Owner\AppData\Local\{2AC94C97-C269-4D12-B7A9-94E3DD1F2E0D}
2014-05-23 10:09 - 2014-05-23 10:08 - 00000000 ____D () C:\Users\Owner\AppData\Local\{CBAF96A7-23B5-47DE-931C-8A167E6F43D5}
2014-05-22 22:08 - 2014-05-22 22:08 - 00000000 ____D () C:\Users\Owner\AppData\Local\{06F2177B-C1F2-43D6-BA0B-19953DCE521C}
2014-05-22 10:48 - 2014-05-12 12:04 - 00000000 ____D () C:\ProgramData\YoutubeAdblocker
2014-05-22 10:08 - 2014-05-22 10:08 - 00000000 ____D () C:\Users\Owner\AppData\Local\{86A85726-B26D-4F8A-A3ED-E0050F478F82}
2014-05-22 06:47 - 2014-05-22 06:40 - 00000000 ____D () C:\ProgramData\NNextCoUp
2014-05-22 06:41 - 2014-05-15 06:50 - 00000000 ____D () C:\ProgramData\save neT
2014-05-22 06:40 - 2014-05-22 06:40 - 02116320 _____ (their database support use requirements) C:\Windows\SysWOW64\setup.exe
2014-05-22 06:40 - 2014-05-22 06:40 - 00000000 ____D () C:\Program Files (x86)\NNextCoUp
2014-05-21 21:09 - 2014-05-21 21:08 - 00000000 ____D () C:\Users\Owner\AppData\Local\{1317234D-FDC9-4213-87CE-5759602D9B2D}
2014-05-21 09:08 - 2014-05-21 09:08 - 00000000 ____D () C:\Users\Owner\AppData\Local\{49300874-9A7E-4A27-A679-C2ED06036B19}
2014-05-20 21:07 - 2014-05-20 21:07 - 00000000 ____D () C:\Users\Owner\AppData\Local\{06C903EE-65AD-4FF9-AF4F-81D53CD84A60}
2014-05-20 09:07 - 2014-05-20 09:06 - 00000000 ____D () C:\Users\Owner\AppData\Local\{4ABE8DD2-E557-4C65-9B50-0BB27C593F9C}
2014-05-19 21:05 - 2014-05-19 21:05 - 00000000 ____D () C:\Users\Owner\AppData\Local\{A175EE99-9B6C-457A-B971-9E455076AC94}
2014-05-19 09:34 - 2014-05-19 09:34 - 00000000 ____D () C:\ProgramData\ExsttraSSaevinags
2014-05-19 09:04 - 2014-05-19 09:04 - 00000000 ____D () C:\Users\Owner\AppData\Local\{C283611C-4599-460A-B945-0BA443120110}
2014-05-18 21:03 - 2014-05-18 21:03 - 00000000 ____D () C:\Users\Owner\AppData\Local\{75F24BEB-34ED-481F-9505-48A67581FC7E}
2014-05-18 09:03 - 2014-05-18 09:03 - 00000000 ____D () C:\Users\Owner\AppData\Local\{91FA3E2F-DAF3-4677-BFDD-26CE80B99A61}
2014-05-17 21:02 - 2014-05-17 21:01 - 00000000 ____D () C:\Users\Owner\AppData\Local\{E92B2B6A-CBD1-4948-9247-ACD9C9A3E4B2}
2014-05-17 09:01 - 2014-05-17 09:01 - 00000000 ____D () C:\Users\Owner\AppData\Local\{E6848EF9-39D0-4D93-837C-50A431189EE4}
2014-05-17 06:21 - 2011-05-17 16:48 - 00000000 ____D () C:\Program Files (x86)\SystemScheduler
2014-05-16 21:01 - 2014-05-16 21:01 - 00000000 ____D () C:\Users\Owner\AppData\Local\{60338534-BDD6-466B-88CE-EBF7DD9482A4}
2014-05-16 17:11 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-05-16 09:00 - 2014-05-16 09:00 - 00000000 ____D () C:\Users\Owner\AppData\Local\{AFD1BB76-ED2B-4FEB-BF74-567D4DAA94A0}
2014-05-16 06:33 - 2011-07-25 16:25 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-16 06:29 - 2011-05-12 13:16 - 00000000 ___RD () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-16 06:29 - 2011-05-12 13:16 - 00000000 ___RD () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-16 06:26 - 2014-05-05 22:17 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 22:19 - 2011-06-01 11:58 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-15 22:16 - 2013-07-11 07:46 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 22:13 - 2011-05-12 14:24 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-15 20:59 - 2014-05-15 20:58 - 00000000 ____D () C:\Users\Owner\AppData\Local\{8D511BB9-9E9F-4AFA-9A58-6A7EA8EDA252}
2014-05-15 10:44 - 2014-05-15 07:00 - 00000000 ____D () C:\Program Files\KMSpico
2014-05-15 10:43 - 2014-05-15 07:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2014-05-15 08:58 - 2014-05-15 08:57 - 00000000 ____D () C:\Users\Owner\AppData\Local\{D56D26A9-5717-4CAD-8EB0-5516A9148322}
2014-05-15 06:53 - 2014-05-12 12:01 - 00000000 ____D () C:\ProgramData\InstallMate
2014-05-15 06:50 - 2014-05-15 06:50 - 00000000 ____D () C:\Program Files (x86)\save neT
2014-05-15 06:42 - 2014-05-15 06:42 - 00000000 ____D () C:\ProgramData\saave net
2014-05-15 06:42 - 2014-05-15 06:42 - 00000000 ____D () C:\Program Files (x86)\saave net
2014-05-15 06:35 - 2013-12-23 07:00 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-15 06:35 - 2011-05-15 23:54 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-05-15 06:35 - 2011-05-15 23:54 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-05-15 06:28 - 2014-05-12 12:15 - 00000000 ____D () C:\ProgramData\SeaRuCH-uNEowTab
2014-05-14 20:56 - 2014-05-14 20:56 - 00000000 ____D () C:\Users\Owner\AppData\Local\{94334CB5-5697-4C66-B936-B5A00A623129}
2014-05-14 08:55 - 2014-05-14 08:55 - 00000000 ____D () C:\Users\Owner\AppData\Local\{463C2A97-F156-4716-ADF2-F3C7CE673233}
2014-05-14 06:33 - 2014-05-12 12:04 - 00000000 ____D () C:\ProgramData\SAve net
2014-05-13 20:55 - 2014-05-13 20:55 - 00000000 ____D () C:\Users\Owner\AppData\Local\{DE1E6D13-0D11-4D72-8331-DF365C6EA668}
2014-05-13 16:05 - 2013-12-12 07:54 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-13 16:05 - 2012-05-14 06:53 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-13 16:05 - 2011-08-06 07:47 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-13 08:55 - 2014-05-13 08:54 - 00000000 ____D () C:\Users\Owner\AppData\Local\{64AD5AC0-DC7C-4E64-9037-0CA6ECA6F1F6}
2014-05-12 20:53 - 2014-05-12 20:53 - 00000000 ____D () C:\Users\Owner\AppData\Local\{F85EA4EA-0331-4F9B-8BA8-406FF4201D81}
2014-05-12 18:46 - 2009-07-13 23:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-05-12 12:16 - 2014-05-12 12:16 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\EZDownloader
2014-05-12 12:15 - 2014-05-12 12:15 - 00000000 ____D () C:\Program Files (x86)\SeaRuCH-uNEowTab
2014-05-12 12:13 - 2014-05-12 12:13 - 00000000 ____D () C:\ProgramData\saavee onett
2014-05-12 12:13 - 2014-05-12 12:13 - 00000000 ____D () C:\Program Files (x86)\saavee onett
2014-05-12 12:07 - 2014-05-12 12:07 - 00000000 ____D () C:\ProgramData\ItsMyApp
2014-05-12 12:04 - 2014-05-12 12:04 - 00000000 ____D () C:\Program Files (x86)\YoutubeAdblocker
2014-05-12 12:04 - 2014-05-12 12:04 - 00000000 ____D () C:\Program Files (x86)\SAve net
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Owner\AppData\Local\Torch
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Owner\AppData\Local\Comodo
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Owner\AppData\Local\Chromatic Browser
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Guest
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-05-12 12:03 - 2014-05-12 12:03 - 00000000 ____D () C:\Users\Administrator
2014-05-12 12:03 - 2011-05-17 15:05 - 00000000 ____D () C:\Users\Owner\AppData\Local\Google
2014-05-12 08:52 - 2014-05-12 08:52 - 00000000 ____D () C:\Users\Owner\AppData\Local\{7BB7E929-4BCE-4E18-B276-E67CA6EF034E}
2014-05-11 20:51 - 2014-05-11 20:50 - 00000000 ____D () C:\Users\Owner\AppData\Local\{1604A5B1-FD4F-486F-B347-C02083A8F075}
2014-05-11 08:50 - 2014-05-11 08:50 - 00000000 ____D () C:\Users\Owner\AppData\Local\{17DED07C-3454-47F0-8771-38C3DD9FD37C}
2014-05-11 06:59 - 2013-11-14 07:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-10 20:50 - 2014-05-10 20:50 - 00000000 ____D () C:\Users\Owner\AppData\Local\{0A3770AA-82C7-41CD-B738-19C715022F10}
2014-05-10 09:59 - 2014-05-10 09:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-10 08:49 - 2014-05-10 08:49 - 00000000 ____D () C:\Users\Owner\AppData\Local\{341FE5A2-B22E-441E-BAEE-E317F66C0BAD}
2014-05-09 20:49 - 2014-05-09 20:49 - 00000000 ____D () C:\Users\Owner\AppData\Local\{9B39FF85-C47D-4EC3-98D6-A3BD01E4A7A5}
2014-05-09 12:07 - 2011-07-25 16:20 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-09 12:07 - 2011-07-25 16:20 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-09 08:49 - 2014-05-09 08:48 - 00000000 ____D () C:\Users\Owner\AppData\Local\{56141157-A8C2-4264-8AFF-E8232915E7FA}
2014-05-09 00:14 - 2014-05-15 07:15 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 00:11 - 2014-05-15 07:15 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-08 20:48 - 2014-05-08 20:48 - 00000000 ____D () C:\Users\Owner\AppData\Local\{646E5B60-DD6C-4C26-94A3-0893CAE2FDE7}
2014-05-08 08:48 - 2014-05-08 08:47 - 00000000 ____D () C:\Users\Owner\AppData\Local\{3C5AA9A2-6511-4087-9D19-6ACF3FC17A90}
2014-05-07 20:47 - 2014-05-07 20:46 - 00000000 ____D () C:\Users\Owner\AppData\Local\{708DB77E-A2CE-4D0F-A821-B520227C313C}
2014-05-07 08:46 - 2014-05-07 08:46 - 00000000 ____D () C:\Users\Owner\AppData\Local\{4FD3D5B2-E242-47AE-86FB-F3A70322FF2F}

Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\GLB1A2B.EXE
C:\Users\Owner\AppData\Local\Temp\i4jdel0.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-29 06:54

==================== End Of Log ============================