Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log: Please help Diagnose


  • This topic is locked This topic is locked
13 replies to this topic

#1 MrRip

MrRip

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:59 AM

Posted 03 March 2014 - 01:04 AM

Here is the log. Any assistance would be greatly appreciated as I have run Spybot, AVG, Malware Bytes, and Adaware in Safe Mode after updating definitions, and still getting popups on all web browsers. Thank you.

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:58:55 PM, on 3/2/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16518)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Users\Daddy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Users\Daddy\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
C:\Program Files (x86)\SanDisk\SanDisk Media Manager\SanDiskMediaManager-Launcher.EXE
C:\Program Files (x86)\PIXELA\VideoBrowser\CameraMonitor.exe
C:\Users\Daddy\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\PSDrt.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_7&idate=2013-11-28&ent=hp&u=C9C85D4BA269C94F470D7752977E38D3
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
O2 - BHO: BHO_Startup - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll
O2 - BHO: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [IFXSPMGT] "C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe" /NotifyLogon
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
O4 - HKLM\..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
O4 - HKLM\..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.138.290\AsusWSPanel.exe /S
O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\Run: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
O4 - HKLM\..\Run: [ASUS Sync Loader] "C:\Program Files (x86)\ASUS\ASUS Sync\asusUPCTLoader.exe" -startup
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll",DllRegisterServer
O4 - HKLM\..\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Transcode Engine\plugins\mc_demux_mp2_ds.ax] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Transcode Engine\plugins\mc_demux_mp2_ds.ax",DllRegisterServer
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Daddy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [Amazon Cloud Player] C:\Users\Daddy\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
O4 - HKCU\..\Run: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
O4 - HKCU\..\RunOnce: [iCloud] "C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Users\Daddy\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
O4 - Global Startup: SanDisk Media Manager.lnk = ?
O4 - Global Startup: VideoBrowser Camera Monitor.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: ActivIdentity Shared Store Service (ac.sharedstore) - ActivIdentity - C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: DEBridge - McAfee, Inc. - C:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe
O23 - Service: @C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\Windows\SysWOW64\flcdlock.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
O23 - Service: HP Connection Manager 4 Service (hpCMSrv) - Hewlett-Packard Development Company L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - McAfee, Inc. - C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: File Sanitizer for HP ProtectTools (HPFSService) - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Splashtop® Remote Service (SplashtopRemoteService) - Splashtop Inc. - C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Splashtop Software Updater Service (SSUService) - Splashtop Inc. - C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: AVG PC TuneUp Service (TuneUp.UtilitiesSvc) - AVG - C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater17.3.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 21061 bytes
 



BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,400 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:59 AM

Posted 03 March 2014 - 04:49 AM

:welcome:

Hello MrRip,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Logs can take a while to research, so please be patient.
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


1. Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


2. Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 MrRip

MrRip
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:59 AM

Posted 03 March 2014 - 01:18 PM

Thank you. I have provided the requested logs below.

> Security Check Log

 Results of screen317's Security Check version 0.99.79  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
AVG Internet Security 2014   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Spybot - Search & Destroy
 AVG PC TuneUp 2014  
 AVG PC TuneUp 2014 (en-US)
 JavaFX 2.1.1    
 JavaFX 2.0.3 SDK   
 Java 7 Update 51  
 Java™ SE Development Kit 7 Update 3
  Adobe Flash Player 12.0.0.70 Flash Player out of Date!  
 Adobe Reader 10.1.9 Adobe Reader out of Date!  
 Mozilla Firefox (27.0.1)
 Google Chrome 32.0.1700.107  
 Google Chrome 33.0.1750.117  
 Google Chrome Plugins...  
````````Process Check: objlist.exe by Laurent````````  
 Spybot Teatimer.exe is disabled!
 AVG avgwdsvc.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````


> FRST log

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-03-2014
Ran by Daddy (administrator) on DADDY-PC on 03-03-2014 12:13:54
Running from C:\Users\Daddy\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(McAfee, Inc.) C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Microsoft Corporation) C:\Windows\System32\tcpsvcs.exe
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(McAfee, Inc.) C:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(AVG Secure Search) C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_MAY2013_TB.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Spotify Ltd) C:\Users\Daddy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Users\Daddy\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(SanDisk Corporation) C:\Program Files (x86)\SanDisk\SanDisk Media Manager\SanDiskMediaManager-Launcher.EXE
(PIXELA CORPORATION) C:\Program Files (x86)\PIXELA\VideoBrowser\CameraMonitor.exe
(Dropbox, Inc.) C:\Users\Daddy\AppData\Roaming\Dropbox\bin\Dropbox.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\PSDrt.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.138.290\AsusWSPanel.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(Futuredial Inc.) C:\Program Files (x86)\ASUS\ASUS Sync\asusUPCTLoader.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.138.290\AsusWSService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\loggingserver.exe
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Users\Daddy\Desktop\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2174760 2010-06-04] (Synaptics Incorporated)
HKLM\...\Run: [acevents] - C:\Program Files\ActivIdentity\ActivClient\acevents.exe [196648 2009-06-03] (ActivIdentity)
HKLM\...\Run: [accrdsub] - C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [483880 2009-06-03] (ActivIdentity)
HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2010-04-05] (Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [489472 2010-09-08] (IDT, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [IFXSPMGT] - C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe [1107232 2009-10-02] (Infineon Technologies AG)
HKLM-x32\...\Run: [QlbCtrl.exe] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [111640 2010-03-03] ()
HKLM-x32\...\Run: [File Sanitizer] - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [11268096 2010-05-06] (Hewlett-Packard)
HKLM-x32\...\Run: [HPConnectionManager] - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [103992 2011-05-23] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NBAgent] - C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1406248 2011-04-08] (Nero AG)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [BingDesktop] - C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-20] (Microsoft Corp.)
HKLM-x32\...\Run: [ASUSWebStorage] - C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.138.290\AsusWSPanel.exe [740704 2012-03-14] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-09-10] (DivX, LLC)
HKLM-x32\...\Run: [Monitor] - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [298616 2013-02-16] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [ASUS Sync Loader] - C:\Program Files (x86)\ASUS\ASUS Sync\asusUPCTLoader.exe [638976 2013-03-01] (Futuredial Inc.)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG Secure Search\vprot.exe [2539544 2014-03-03] ()
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4962320 2014-01-22] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Runonce: [B Register C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll] - "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll",DllRegisterServer [X]
HKLM-x32\...\Runonce: [B Register C:\Program Files (x86)\DivX\DivX Transcode Engine\plugins\mc_demux_mp2_ds.ax] - "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Transcode Engine\plugins\mc_demux_mp2_ds.ax",DllRegisterServer [X]
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\.DEFAULT\...\Run: [SearchProtect] - \SearchProtect\bin\cltmng.exe
HKU\S-1-5-21-780973051-3223984240-3344064217-1000\...\Run: [DAEMON Tools Pro Agent] - C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [842048 2011-03-17] (DT Soft Ltd)
HKU\S-1-5-21-780973051-3223984240-3344064217-1000\...\Run: [Xvid] - C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\S-1-5-21-780973051-3223984240-3344064217-1000\...\Run: [Spotify Web Helper] - C:\Users\Daddy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-15] (Spotify Ltd)
HKU\S-1-5-21-780973051-3223984240-3344064217-1000\...\Run: [Amazon Cloud Player] - C:\Users\Daddy\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3109376 2013-07-21] ()
HKU\S-1-5-21-780973051-3223984240-3344064217-1000\...\Run: [Spybot-S&D Cleaning] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)
HKU\S-1-5-21-780973051-3223984240-3344064217-1000\...\MountPoints2: {94a54c40-0330-11e1-a64f-806e6f6e6963} - E:\/files/openindex.exe index.hta
HKU\S-1-5-21-780973051-3223984240-3344064217-1000\...\MountPoints2: {d95820d0-9d63-11e3-9299-70f3957daf41} - G:\VZW_Software_upgrade_assistant.exe
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Daddy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_7&idate=2013-11-28&ent=hp&u=C9C85D4BA269C94F470D7752977E38D3
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7DA640AFC91DCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKLM-x32 - DefaultScope {7F65626E-40FC-457B-A50B-A0E7A42137C0} URL =
SearchScopes: HKCU - DefaultScope {7F65626E-40FC-457B-A50B-A0E7A42137C0} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3298573&CUI=UN29155594134211252&UM=2
SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_7&idate=2013-11-28&hsimp=yhs-lavasoft&ent=ch&q={searchTerms}
SearchScopes: HKCU - {7F65626E-40FC-457B-A50B-A0E7A42137C0} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3298573&CUI=UN29155594134211252&UM=2
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={D9D883B7-FD4B-4926-B8B0-560409D75E53}&mid=580a179c335c47d18c2fa1bad39946b2-2e982d21b327cdd74c30b0b89d701d068b983f72&lang=en&ds=AVG&coid=&pr=fr&d=2013-07-24 01:29:52&v=17.1.2.1&pid=avg&sg=0&sap=dsp&q={searchTerms}
BHO: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -  No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
BHO-x32: File Sanitizer for HP ProtectTools - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO-x32: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.0.0.248\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.0.0.248\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKCU - No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.0\ViProtocol.dll (AVG Secure Search)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Daddy\AppData\Roaming\Mozilla\Firefox\Profiles\u5h7h9ly.default
FF user.js: detected! => C:\Users\Daddy\AppData\Roaming\Mozilla\Firefox\Profiles\u5h7h9ly.default\user.js
FF Homepage: hxxp://www.google.com
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298573&SearchSource=2&CUI=UN27813463531738812&UM=2&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.0\\npsitesafety.dll (AVG Technologies)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Daddy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Users\Daddy\AppData\Roaming\Mozilla\Firefox\Profiles\u5h7h9ly.default\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Users\Daddy\AppData\Roaming\Mozilla\Firefox\Profiles\u5h7h9ly.default\searchplugins\mixidj-v37-customized-web-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF Extension: MixiDJ V37  - C:\Users\Daddy\AppData\Roaming\Mozilla\Firefox\Profiles\u5h7h9ly.default\Extensions\{eef3855c-fc2d-41e6-8d91-d368f51b3055} [2013-12-18]
FF Extension: lucky leap - C:\Users\Daddy\AppData\Roaming\Mozilla\Firefox\Profiles\u5h7h9ly.default\Extensions\{3b232d24-d5de-4194-b4d7-d53b41a09748}.xpi [2013-12-10]
FF Extension: Adblock Plus - C:\Users\Daddy\AppData\Roaming\Mozilla\Firefox\Profiles\u5h7h9ly.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-04]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ []
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: Adobe Contribute Toolbar - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011-10-23]
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\18.0.0.248
FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\FireFoxExt\18.0.0.248 [2014-03-03]

Chrome:
=======
CHR RestoreOnStartup: "translate_blocked_languages": [ "en" ],
   "translate_whitelists"
CHR Extension: (Google Docs) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-29]
CHR Extension: (Google Drive) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-29]
CHR Extension: (YouTube) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-21]
CHR Extension: (Google Search) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-21]
CHR Extension: (Shop With Purpose) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon [2011-12-15]
CHR Extension: (MixiDJ V37) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfchmfgdaabgdjbcaophikcobddojjoe [2013-08-28]
CHR Extension: (AVG Security Toolbar) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2013-12-02]
CHR Extension: (Google Wallet) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-21]
CHR HKCU\...\Chrome\Extension: [mfchmfgdaabgdjbcaophikcobddojjoe] - C:\Users\Daddy\AppData\Local\CRE\mfchmfgdaabgdjbcaophikcobddojjoe.crx [2013-08-26]
CHR HKLM-x32\...\Chrome\Extension: [eiimolhnbbbdagljikeckdkldgemmmlj] - C:\Program Files (x86)\lucky leap\eiimolhnbbbdagljikeckdkldgemmmlj.crx [2013-08-26]
CHR HKLM-x32\...\Chrome\Extension: [lkpmjnommfoljgjbckjmjhkmnhfmcmon] - C:\ProgramData\WeCareReminder\\wecarereminderro.crx [2011-11-22]
CHR HKLM-x32\...\Chrome\Extension: [mfchmfgdaabgdjbcaophikcobddojjoe] - C:\Users\Daddy\AppData\Local\CRE\mfchmfgdaabgdjbcaophikcobddojjoe.crx [2013-08-26]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\18.0.0.248\avg.crx [2014-03-03]
CHR HKLM-x32\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome-newtab-search.crx [2014-03-03]

==================== Services (Whitelisted) =================

R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-03] (ActivIdentity)
R2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1358944 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3788816 2014-01-22] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-20] (Microsoft Corp.)
R3 DEBridge; C:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [704512 2009-11-11] (McAfee, Inc.)
R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [462160 2010-07-16] (DigitalPersona, Inc.)
S3 FLCDLOCK; C:\Windows\SysWOW64\flcdlock.exe [362040 2009-11-17] (Hewlett-Packard Ltd)
S2 HP ProtectTools Service; C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [32768 2010-10-19] (Hewlett-Packard Development Company, L.P)
R2 HpFkCryptService; C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [277096 2009-11-11] (McAfee, Inc.)
R2 IFXSpMgtSrv; C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe [1107232 2009-10-02] (Infineon Technologies AG)
R2 IFXTCS; C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe [988448 2009-10-02] (Infineon Technologies AG)
R2 iprip; C:\Windows\System32\iprip.dll [35328 2009-07-13] (Microsoft Corporation)
R2 PersonalSecureDriveService; C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe [214304 2009-10-02] (Infineon Technologies AG)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-20] (Microsoft Corporation)
R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2010-11-20] (Microsoft Corporation)
S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [81920 2009-07-13] (Microsoft Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2102072 2013-12-18] (AVG)
R2 vToolbarUpdater18.0.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe [1759768 2014-03-03] (AVG Secure Search)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [243480 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [196376 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-03-03] (AVG Technologies)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [40760 2009-10-21] (Hewlett-Packard Development Company L.P.)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R1 PersonalSecureDrive; C:\Windows\System32\drivers\psd.sys [44576 2009-10-02] (Infineon Technologies AG)
S3 RICOH SmartCard Reader; C:\Windows\System32\DRIVERS\rismcx64.sys [59008 2009-07-20] (RICOH Company, Ltd.)
R3 rismcx64; C:\Windows\System32\DRIVERS\rismcx64.sys [59008 2009-07-20] (RICOH Company, Ltd.)
R1 RsvLock; C:\Windows\System32\Drivers\RsvLock.sys [58184 2009-11-11] (McAfee, Inc.)
R1 RsvLock; C:\Windows\SysWow64\Drivers\RsvLock.sys [40088 2009-11-11] (McAfee, Inc.)
R0 SafeBoot; C:\Windows\System32\Drivers\SafeBoot.sys [56648 2009-11-11] ()
R0 SafeBoot; C:\Windows\SysWow64\Drivers\SafeBoot.sys [110520 2009-11-11] (McAfee, Inc.)
R0 SbAlg; C:\Windows\System32\Drivers\SbAlg.sys [60160 2009-06-04] (McAfee, Inc.)
R0 SbAlg; C:\Windows\SysWow64\Drivers\SbAlg.sys [51800 2009-11-11] (McAfee, Inc.)
R0 SbFsLock; C:\Windows\System32\Drivers\SbFsLock.sys [15688 2009-11-11] (McAfee, Inc.)
R0 SbFsLock; C:\Windows\SysWow64\Drivers\SbFsLock.sys [13256 2009-11-11] (McAfee, Inc.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1803904 2010-06-03] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [526392 2011-10-30] ()
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [14112 2013-12-16] (TuneUp Software)
U3 aa5tb2dm; C:\Windows\System32\Drivers\aa5tb2dm.sys [0 ] (Intel Corporation)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-03 12:13 - 2014-03-03 12:14 - 00033931 _____ () C:\Users\Daddy\Desktop\FRST.txt
2014-03-03 12:13 - 2014-03-03 12:13 - 00000000 ____D () C:\FRST
2014-03-03 12:12 - 2014-03-03 12:12 - 02156544 _____ (Farbar) C:\Users\Daddy\Desktop\FRST64.exe
2014-03-03 12:10 - 2014-03-03 12:10 - 00020489 _____ () C:\Users\Daddy\Desktop\RzFZFaIK.htm
2014-03-03 11:00 - 2014-03-03 11:00 - 00987425 _____ () C:\Users\Daddy\Desktop\SecurityCheck.exe
2014-03-03 10:59 - 2014-03-03 10:59 - 00987425 _____ () C:\Users\Daddy\Downloads\SecurityCheck.exe
2014-03-03 03:50 - 2014-03-03 03:51 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-03-03 01:52 - 2014-03-03 01:52 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\systemcplx64.dll
2014-03-03 01:52 - 2014-03-03 01:52 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\slwga.dll
2014-03-03 01:52 - 2014-03-03 01:52 - 00013824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\slwga.dll
2014-03-03 01:52 - 2014-03-03 01:52 - 00000000 ____D () C:\aws
2014-03-03 01:28 - 2014-03-03 01:29 - 00000000 ____D () C:\Users\Daddy\Downloads\New Windows 7 Activator [2010] [blaze69]
2014-03-02 23:58 - 2014-03-02 23:58 - 00021063 _____ () C:\Users\Daddy\Desktop\hijackthis.log
2014-03-01 11:28 - 2014-03-01 11:28 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-01 11:27 - 2014-03-01 11:28 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-01 11:27 - 2014-03-01 11:28 - 00000000 ____D () C:\Program Files\iTunes
2014-03-01 11:27 - 2014-03-01 11:28 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-01 11:27 - 2014-03-01 11:27 - 00000000 ____D () C:\Program Files\iPod
2014-03-01 11:20 - 2014-03-01 11:20 - 00001845 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-03-01 11:20 - 2014-03-01 11:20 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-02-26 03:02 - 2014-01-08 20:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-02-26 03:02 - 2014-01-03 16:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-02-25 10:47 - 2014-02-25 10:47 - 00000000 ____D () C:\Users\Daddy\Documents\Important Personal Docs
2014-02-21 00:42 - 2014-02-21 00:42 - 00000000 ____D () C:\Users\Daddy\Desktop\GS4 Pics
2014-02-21 00:27 - 2014-02-21 01:14 - 17858952 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-02-18 23:08 - 2013-10-01 20:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-02-18 23:08 - 2013-10-01 20:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-02-18 23:08 - 2013-10-01 20:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-02-18 23:08 - 2013-10-01 19:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-02-18 23:08 - 2013-10-01 19:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-02-18 23:08 - 2013-10-01 19:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-02-18 23:08 - 2013-10-01 19:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-02-18 23:08 - 2013-10-01 18:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-02-18 23:08 - 2013-10-01 18:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-02-18 23:08 - 2013-10-01 18:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-02-18 23:08 - 2013-10-01 18:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-02-18 23:08 - 2013-10-01 18:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-02-18 23:08 - 2013-10-01 17:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-02-18 23:08 - 2013-10-01 17:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-02-18 23:08 - 2013-10-01 17:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-02-18 23:08 - 2013-10-01 16:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-02-18 23:06 - 2013-09-24 20:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-02-18 23:06 - 2013-09-24 19:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-02-15 21:49 - 2014-02-15 21:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-15 19:29 - 2014-02-15 19:29 - 00000032 _____ () C:\Users\Daddy\Desktop\Sprint Ticket #.txt
2014-02-14 22:52 - 2014-02-14 22:52 - 00002975 _____ () C:\Users\Daddy\Desktop\HiJackThis.lnk
2014-02-14 22:52 - 2014-02-14 22:52 - 00000000 ____D () C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-02-14 22:52 - 2014-02-14 22:52 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-02-14 22:49 - 2014-02-14 22:49 - 00000000 ____D () C:\Users\Daddy\AppData\Roaming\Unity
2014-02-14 22:49 - 2014-02-14 22:49 - 00000000 ____D () C:\Users\Daddy\AppData\Local\Unity
2014-02-14 22:48 - 2014-02-14 22:48 - 01050624 _____ (Unity Technologies ApS) C:\Users\Daddy\Downloads\UnityWebPlayer(1).exe
2014-02-14 22:47 - 2014-02-14 22:47 - 01050624 _____ (Unity Technologies ApS) C:\Users\Daddy\Downloads\UnityWebPlayer.exe
2014-02-14 22:46 - 2014-02-14 22:46 - 01402880 _____ () C:\Users\Daddy\Downloads\HijackThis.msi
2014-02-14 22:37 - 2014-02-19 03:16 - 00247888 _____ () C:\Windows\PFRO.log
2014-02-14 20:19 - 2014-02-14 22:11 - 00008332 _____ () C:\Users\Daddy\Desktop\avgrep.txt
2014-02-12 03:01 - 2013-12-21 03:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 03:01 - 2013-12-21 02:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-12 03:00 - 2014-02-06 06:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 03:00 - 2014-02-06 05:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 03:00 - 2014-02-06 05:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-12 03:00 - 2014-02-06 05:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 03:00 - 2014-02-06 05:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-12 03:00 - 2014-02-06 05:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-12 03:00 - 2014-02-06 04:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 03:00 - 2014-02-06 04:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-12 03:00 - 2014-02-06 04:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 03:00 - 2014-02-06 04:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 03:00 - 2014-02-06 04:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-12 03:00 - 2014-02-06 04:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-12 03:00 - 2014-02-06 04:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-12 03:00 - 2014-02-06 04:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-12 03:00 - 2014-02-06 04:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-12 03:00 - 2014-02-06 04:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-12 03:00 - 2014-02-06 04:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 03:00 - 2014-02-06 04:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-12 03:00 - 2014-02-06 04:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-12 03:00 - 2014-02-06 03:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-12 03:00 - 2014-02-06 03:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 03:00 - 2014-02-06 03:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-12 03:00 - 2014-02-06 03:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-12 03:00 - 2014-02-06 03:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 03:00 - 2014-02-06 03:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-12 03:00 - 2014-02-06 03:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-12 03:00 - 2014-02-06 03:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-12 03:00 - 2014-02-06 03:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-12 03:00 - 2014-02-06 03:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-12 03:00 - 2014-02-06 03:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 03:00 - 2014-02-06 03:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 03:00 - 2014-02-06 03:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-12 03:00 - 2014-02-06 03:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-12 03:00 - 2014-02-06 03:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-12 03:00 - 2014-02-06 02:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 03:00 - 2014-02-06 02:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-12 03:00 - 2014-02-06 02:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-12 03:00 - 2014-02-06 02:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-12 03:00 - 2014-02-06 02:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-12 01:22 - 2013-12-31 17:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-12 01:22 - 2013-12-31 17:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-12 01:21 - 2013-12-05 20:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 01:21 - 2013-12-05 20:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 01:21 - 2013-12-05 20:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-12 01:21 - 2013-12-05 20:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-12 01:21 - 2013-12-03 20:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-12 01:21 - 2013-12-03 20:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-12 01:21 - 2013-12-03 20:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 01:21 - 2013-12-03 20:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-12 01:21 - 2013-12-03 20:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-12 01:21 - 2013-12-03 20:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-12 01:21 - 2013-12-03 20:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-12 01:21 - 2013-12-03 20:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 01:21 - 2013-12-03 20:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 01:21 - 2013-12-03 20:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-12 01:21 - 2013-12-03 20:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-12 01:21 - 2013-12-03 20:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-12 01:21 - 2013-12-03 20:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-12 01:21 - 2013-12-03 20:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-12 01:21 - 2013-12-03 19:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-12 01:21 - 2013-12-03 19:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-12 01:21 - 2013-12-03 19:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-12 01:21 - 2013-12-03 19:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-12 01:20 - 2013-12-24 17:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 01:20 - 2013-12-24 16:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 01:20 - 2013-11-26 02:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-12 01:20 - 2013-11-22 16:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-11 01:08 - 2014-02-11 01:08 - 00588672 _____ ( ) C:\Users\Daddy\Downloads\Setup (6).exe
2014-02-07 09:43 - 2014-03-03 01:50 - 00001536 _____ () C:\Windows\setupact.log
2014-02-07 09:43 - 2014-02-07 09:43 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-06 02:52 - 2014-02-06 02:52 - 00000000 ____D () C:\Users\Daddy\AppData\Roaming\Malwarebytes
2014-02-06 02:51 - 2014-02-06 02:51 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-06 02:45 - 2014-02-06 02:45 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Daddy\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-05 01:20 - 2014-02-05 01:20 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-02-05 01:20 - 2014-02-05 01:20 - 00000000 ____D () C:\Program Files\CCleaner
2014-02-04 05:09 - 2014-02-04 05:09 - 00002762 _____ () C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013
2014-02-04 01:52 - 2014-02-04 01:52 - 00003704 _____ () C:\Windows\System32\Tasks\Java Update Scheduler
2014-02-03 23:55 - 2014-02-03 23:55 - 00002225 _____ () C:\Users\Public\Desktop\AVG 1-Click Maintenance.lnk
2014-02-03 23:55 - 2014-02-03 23:55 - 00002199 _____ () C:\Users\Public\Desktop\AVG PC TuneUp 2014.lnk
2014-02-03 23:55 - 2013-12-18 09:38 - 00040248 _____ (AVG) C:\Windows\system32\TURegOpt.exe
2014-02-03 23:55 - 2013-12-18 09:38 - 00029496 _____ (AVG) C:\Windows\system32\authuitu.dll
2014-02-03 23:55 - 2013-12-18 09:38 - 00025400 _____ (AVG) C:\Windows\SysWOW64\authuitu.dll
2014-02-03 23:42 - 2014-02-03 23:44 - 78353832 _____ (AVG) C:\Users\Daddy\Downloads\avg_tuh_stf_all_2014_295_24c4.exe
2014-02-03 19:27 - 2014-02-03 19:27 - 00000000 ____D () C:\Users\Daddy\AppData\Roaming\AVG2014
2014-02-03 19:26 - 2014-02-13 07:48 - 00000965 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-02-03 19:26 - 2014-02-03 19:27 - 00000000 ____D () C:\ProgramData\AVG2014
2014-02-03 19:26 - 2014-02-03 19:26 - 00000000 ___HD () C:\$AVG
2014-02-03 19:25 - 2014-02-03 23:54 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-02-03 19:21 - 2014-02-03 23:43 - 00000000 ____D () C:\Users\Daddy\AppData\Local\Avg2014
2014-02-03 10:31 - 2014-02-03 10:32 - 04436944 _____ (AVG Technologies) C:\Users\Daddy\Desktop\avg_free_stb_all_2014_4259_cnet.exe

==================== One Month Modified Files and Folders =======

2014-03-03 12:14 - 2014-03-03 12:13 - 00033931 _____ () C:\Users\Daddy\Desktop\FRST.txt
2014-03-03 12:14 - 2012-03-29 11:23 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-03 12:13 - 2014-03-03 12:13 - 00000000 ____D () C:\FRST
2014-03-03 12:12 - 2014-03-03 12:12 - 02156544 _____ (Farbar) C:\Users\Daddy\Desktop\FRST64.exe
2014-03-03 12:10 - 2014-03-03 12:10 - 00020489 _____ () C:\Users\Daddy\Desktop\RzFZFaIK.htm
2014-03-03 11:47 - 2011-10-23 01:10 - 00000000 ____D () C:\ProgramData\MFAData
2014-03-03 11:18 - 2011-10-22 23:19 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-03 11:00 - 2014-03-03 11:00 - 00987425 _____ () C:\Users\Daddy\Desktop\SecurityCheck.exe
2014-03-03 10:59 - 2014-03-03 10:59 - 00987425 _____ () C:\Users\Daddy\Downloads\SecurityCheck.exe
2014-03-03 03:51 - 2014-03-03 03:50 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-03-03 03:50 - 2014-01-08 17:59 - 00003728 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2014-03-03 03:50 - 2013-07-24 00:29 - 00000000 ____D () C:\Program Files (x86)\AVG Secure Search
2014-03-03 03:50 - 2013-05-03 12:35 - 00050976 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2014-03-03 03:00 - 2011-10-20 23:04 - 01653412 _____ () C:\Windows\WindowsUpdate.log
2014-03-03 02:00 - 2011-10-22 23:53 - 00000000 ____D () C:\Users\Daddy\AppData\Local\Adobe
2014-03-03 01:55 - 2009-07-13 22:45 - 00023600 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-03 01:55 - 2009-07-13 22:45 - 00023600 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-03 01:53 - 2013-07-09 11:56 - 00000000 ____D () C:\Users\Daddy\AppData\Roaming\Dropbox
2014-03-03 01:53 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-03-03 01:52 - 2014-03-03 01:52 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\systemcplx64.dll
2014-03-03 01:52 - 2014-03-03 01:52 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\slwga.dll
2014-03-03 01:52 - 2014-03-03 01:52 - 00013824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\slwga.dll
2014-03-03 01:52 - 2014-03-03 01:52 - 00000000 ____D () C:\aws
2014-03-03 01:52 - 2013-10-08 09:55 - 00001818 _____ () C:\Users\Daddy\Desktop\MySyncFolder.lnk
2014-03-03 01:52 - 2013-07-09 12:03 - 00000000 ___RD () C:\Users\Daddy\Dropbox
2014-03-03 01:52 - 2012-05-01 07:36 - 00000000 ____D () C:\Users\Daddy\AppData\Roaming\ASUS WebStorage
2014-03-03 01:51 - 2013-06-14 11:17 - 00000352 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_MAY2013_TB_rel.job
2014-03-03 01:51 - 2011-10-22 23:19 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-03 01:50 - 2014-02-07 09:43 - 00001536 _____ () C:\Windows\setupact.log
2014-03-03 01:50 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-03 01:43 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\oobe
2014-03-03 01:30 - 2011-10-22 23:15 - 00000000 ____D () C:\Users\Daddy\AppData\Roaming\uTorrent
2014-03-03 01:29 - 2014-03-03 01:28 - 00000000 ____D () C:\Users\Daddy\Downloads\New Windows 7 Activator [2010] [blaze69]
2014-03-02 23:58 - 2014-03-02 23:58 - 00021063 _____ () C:\Users\Daddy\Desktop\hijackthis.log
2014-03-01 11:28 - 2014-03-01 11:28 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-01 11:28 - 2014-03-01 11:27 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-01 11:28 - 2014-03-01 11:27 - 00000000 ____D () C:\Program Files\iTunes
2014-03-01 11:28 - 2014-03-01 11:27 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-01 11:27 - 2014-03-01 11:27 - 00000000 ____D () C:\Program Files\iPod
2014-03-01 11:23 - 2011-10-22 20:34 - 00000000 ____D () C:\ProgramData\Apple
2014-03-01 11:20 - 2014-03-01 11:20 - 00001845 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-03-01 11:20 - 2014-03-01 11:20 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-03-01 11:15 - 2009-07-13 23:13 - 00819142 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-26 05:45 - 2012-05-14 02:59 - 00000000 ____D () C:\Users\Daddy\AppData\Roaming\Media Player Classic
2014-02-25 10:47 - 2014-02-25 10:47 - 00000000 ____D () C:\Users\Daddy\Documents\Important Personal Docs
2014-02-23 02:31 - 2009-07-13 23:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-02-22 01:25 - 2011-10-31 19:48 - 00000000 ____D () C:\Users\Daddy\Documents\Outlook Files
2014-02-21 01:14 - 2014-02-21 00:27 - 17858952 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-02-21 01:14 - 2012-03-29 11:23 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-21 01:14 - 2012-03-29 11:23 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-21 01:14 - 2011-10-22 23:53 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-21 00:42 - 2014-02-21 00:42 - 00000000 ____D () C:\Users\Daddy\Desktop\GS4 Pics
2014-02-19 23:16 - 2012-04-13 01:58 - 00811756 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-19 09:48 - 2009-07-13 23:08 - 00032568 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-19 03:16 - 2014-02-14 22:37 - 00247888 _____ () C:\Windows\PFRO.log
2014-02-18 23:00 - 2012-06-30 17:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-18 22:47 - 2013-10-20 14:14 - 00007598 _____ () C:\Users\Daddy\AppData\Local\Resmon.ResmonCfg
2014-02-18 15:56 - 2013-12-24 21:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak
2014-02-15 21:49 - 2014-02-15 21:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-15 20:49 - 2013-07-12 12:25 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-15 20:46 - 2011-10-22 20:10 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-15 19:29 - 2014-02-15 19:29 - 00000032 _____ () C:\Users\Daddy\Desktop\Sprint Ticket #.txt
2014-02-14 22:55 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-14 22:52 - 2014-02-14 22:52 - 00002975 _____ () C:\Users\Daddy\Desktop\HiJackThis.lnk
2014-02-14 22:52 - 2014-02-14 22:52 - 00000000 ____D () C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-02-14 22:52 - 2014-02-14 22:52 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-02-14 22:49 - 2014-02-14 22:49 - 00000000 ____D () C:\Users\Daddy\AppData\Roaming\Unity
2014-02-14 22:49 - 2014-02-14 22:49 - 00000000 ____D () C:\Users\Daddy\AppData\Local\Unity
2014-02-14 22:48 - 2014-02-14 22:48 - 01050624 _____ (Unity Technologies ApS) C:\Users\Daddy\Downloads\UnityWebPlayer(1).exe
2014-02-14 22:47 - 2014-02-14 22:47 - 01050624 _____ (Unity Technologies ApS) C:\Users\Daddy\Downloads\UnityWebPlayer.exe
2014-02-14 22:46 - 2014-02-14 22:46 - 01402880 _____ () C:\Users\Daddy\Downloads\HijackThis.msi
2014-02-14 22:35 - 2013-08-28 21:06 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-02-14 22:35 - 2012-04-11 15:01 - 00000000 ____D () C:\Users\Daddy\Downloads\Android Apps_eBooks
2014-02-14 22:35 - 2011-12-15 18:30 - 00000000 ____D () C:\ProgramData\WeCareReminder
2014-02-14 22:11 - 2014-02-14 20:19 - 00008332 _____ () C:\Users\Daddy\Desktop\avgrep.txt
2014-02-13 07:48 - 2014-02-03 19:26 - 00000965 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-02-11 12:13 - 2011-10-22 23:19 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-11 12:13 - 2011-10-22 23:19 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-11 01:08 - 2014-02-11 01:08 - 00588672 _____ ( ) C:\Users\Daddy\Downloads\Setup (6).exe
2014-02-07 09:43 - 2014-02-07 09:43 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-06 06:16 - 2014-02-12 03:00 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 05:30 - 2014-02-12 03:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 05:30 - 2014-02-12 03:00 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 05:12 - 2014-02-12 03:00 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 05:07 - 2014-02-12 03:00 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 05:06 - 2014-02-12 03:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 04:57 - 2014-02-12 03:00 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 04:56 - 2014-02-12 03:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 04:52 - 2014-02-12 03:00 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 04:49 - 2014-02-12 03:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 04:48 - 2014-02-12 03:00 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 04:48 - 2014-02-12 03:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 04:38 - 2014-02-12 03:00 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 04:32 - 2014-02-12 03:00 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 04:20 - 2014-02-12 03:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 04:17 - 2014-02-12 03:00 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 04:11 - 2014-02-12 03:00 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 04:01 - 2014-02-12 03:00 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 04:00 - 2014-02-12 03:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 03:57 - 2014-02-12 03:00 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 03:57 - 2014-02-12 03:00 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 03:52 - 2014-02-12 03:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 03:52 - 2014-02-12 03:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 03:50 - 2014-02-12 03:00 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 03:49 - 2014-02-12 03:00 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 03:47 - 2014-02-12 03:00 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 03:46 - 2014-02-12 03:00 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 03:25 - 2014-02-12 03:00 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 03:25 - 2014-02-12 03:00 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 03:24 - 2014-02-12 03:00 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 03:22 - 2014-02-12 03:00 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 03:13 - 2014-02-12 03:00 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 03:09 - 2014-02-12 03:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 03:03 - 2014-02-12 03:00 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 02:55 - 2014-02-12 03:00 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 02:52 - 2014-02-06 02:52 - 00000000 ____D () C:\Users\Daddy\AppData\Roaming\Malwarebytes
2014-02-06 02:51 - 2014-02-06 02:51 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-06 02:45 - 2014-02-06 02:45 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Daddy\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-06 02:41 - 2014-02-12 03:00 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 02:40 - 2014-02-12 03:00 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 02:36 - 2014-02-12 03:00 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 02:34 - 2014-02-12 03:00 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-05 01:30 - 2011-10-30 13:14 - 00000000 ____D () C:\Users\Daddy\AppData\Roaming\DAEMON Tools Pro
2014-02-05 01:22 - 2011-11-02 23:16 - 00000000 ____D () C:\Windows\Minidump
2014-02-05 01:22 - 2011-10-21 01:24 - 00000000 ____D () C:\Windows\Panther
2014-02-05 01:20 - 2014-02-05 01:20 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-02-05 01:20 - 2014-02-05 01:20 - 00000000 ____D () C:\Program Files\CCleaner
2014-02-04 05:09 - 2014-02-04 05:09 - 00002762 _____ () C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013
2014-02-04 01:52 - 2014-02-04 01:52 - 00003704 _____ () C:\Windows\System32\Tasks\Java Update Scheduler
2014-02-04 01:52 - 2012-12-12 23:33 - 00003694 _____ () C:\Windows\System32\Tasks\Adobe online update program
2014-02-04 01:38 - 2013-11-28 11:49 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-02-04 01:38 - 2012-12-12 23:28 - 00000000 __SHD () C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2014-02-04 01:38 - 2012-02-29 10:42 - 00000000 ____D () C:\Users\Daddy\AppData\Local\Downloaded Installations
2014-02-04 01:38 - 2011-11-10 19:57 - 00000000 ____D () C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2014-02-04 01:38 - 2011-10-30 13:57 - 00000000 ____D () C:\Users\Daddy\AppData\Local\Microsoft Help
2014-02-04 01:38 - 2011-10-22 20:40 - 00000000 ____D () C:\Users\Daddy\AppData\Roaming\hpqLog
2014-02-04 01:35 - 2011-10-22 20:09 - 00000000 ____D () C:\Intel
2014-02-04 00:14 - 2012-12-12 23:28 - 00000000 ____D () C:\ProgramData\AVG
2014-02-03 23:55 - 2014-02-03 23:55 - 00002225 _____ () C:\Users\Public\Desktop\AVG 1-Click Maintenance.lnk
2014-02-03 23:55 - 2014-02-03 23:55 - 00002199 _____ () C:\Users\Public\Desktop\AVG PC TuneUp 2014.lnk
2014-02-03 23:54 - 2014-02-03 19:25 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-02-03 23:54 - 2012-12-12 23:28 - 00000000 ____D () C:\Users\Daddy\AppData\Roaming\AVG
2014-02-03 23:44 - 2014-02-03 23:42 - 78353832 _____ (AVG) C:\Users\Daddy\Downloads\avg_tuh_stf_all_2014_295_24c4.exe
2014-02-03 23:43 - 2014-02-03 19:21 - 00000000 ____D () C:\Users\Daddy\AppData\Local\Avg2014
2014-02-03 23:39 - 2012-02-29 14:10 - 00000000 ____D () C:\Android
2014-02-03 19:27 - 2014-02-03 19:27 - 00000000 ____D () C:\Users\Daddy\AppData\Roaming\AVG2014
2014-02-03 19:27 - 2014-02-03 19:26 - 00000000 ____D () C:\ProgramData\AVG2014
2014-02-03 19:26 - 2014-02-03 19:26 - 00000000 ___HD () C:\$AVG
2014-02-03 10:32 - 2014-02-03 10:31 - 04436944 _____ (AVG Technologies) C:\Users\Daddy\Desktop\avg_free_stb_all_2014_4259_cnet.exe
2014-02-03 10:24 - 2013-11-28 11:32 - 00000000 ____D () C:\Program Files (x86)\Lavasoft

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-28 07:21

==================== End Of Log ============================


> Addition Log

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-03-2014
Ran by Daddy at 2014-03-03 12:14:52
Running from C:\Users\Daddy\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG Internet Security 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: AVG Internet Security 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

==================== Installed Programs ======================

µTorrent (HKCU\...\uTorrent) (Version: 3.3.2.30303 - BitTorrent Inc.)
ActivClient x64 (HKLM\...\{86E45973-5352-439F-A115-2E8EE4D40140}) (Version: 6.2 - ActivIdentity)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.6.0.5970 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.6.0.5970 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Community Help (x32 Version: 3.4.980 - Adobe Systems Incorporated.) Hidden
Adobe Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 1.4.0 - Adobe Systems Incorporated)
Adobe Content Viewer (x32 Version: 1.4.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 5.5 Master Collection (HKLM-x32\...\{D57FC112-312E-4D70-860F-2DB8FB6858F0}) (Version: 5.5 - Adobe Systems Incorporated)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 3.4 64-bit (HKLM\...\{1D5CE83C-BFDD-4668-8BCB-E8614334A657}) (Version: 3.4.1 - Adobe)
Adobe Reader X (10.1.9) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)
Adobe Story (HKLM-x32\...\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.0.571 - Adobe Systems Incorporated)
Adobe Story (x32 Version: 1.0.571 - Adobe Systems Incorporated) Hidden
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.)
Adobe Widget Browser (x32 Version: 2.0.230 - Adobe Systems Incorporated.) Hidden
Amazon Cloud Player (HKCU\...\Amazon Amazon Cloud Player) (Version: 1.1.0.337 - Amazon Services LLC)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 0.7 - Google Inc.)
Any DVD Converter Professional 4.3.1 (HKLM-x32\...\Any DVD Converter Professional_is1) (Version:  - Any-DVD-Converter.com)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Android USB Drivers (HKLM\...\{F6AEADC0-6B97-430E-B78A-C1D633A6528D}) (Version: 4.0.6753 - ASUSTeK Computer Inc.)
ASUS Sync (HKLM-x32\...\{488E9FD9-7C30-4120-8790-410F46F13CD6}) (Version: 1.0.97 - FutureDial Inc.)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.138.290 - ASUS Cloud Corporation)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4335 - AVG Technologies)
AVG 2014 (Version: 14.0.3705 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4335 - AVG Technologies) Hidden
AVG PC TuneUp 2014 (en-US) (x32 Version: 14.0.1001.295 - AVG) Hidden
AVG PC TuneUp 2014 (HKLM-x32\...\AVG PC TuneUp) (Version: 14.0.1001.295 - AVG)
AVG PC TuneUp 2014 (x32 Version: 14.0.1001.295 - AVG) Hidden
AVG Security Toolbar (HKLM-x32\...\AVG Secure Search) (Version: 18.0.0.248 - AVG Technologies)
Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.171.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Boson Exam Environment (HKLM-x32\...\{12F69331-DCBB-46D5-B475-6BFD0F9048B3}) (Version: 1.5.5 - Boson Software, LLC)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.350.6 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 3.20 - Piriform)
CD Recovery Toolbox Free 1.1 (HKLM-x32\...\CD Recovery Toolbox Free_is1) (Version:  - Recovery Toolbox, Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco Packet Tracer 5.3 (HKLM-x32\...\Cisco Packet Tracer 5.3_is1) (Version:  - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CleanWaterAction Reminder by We-Care.com v5.0.5.1 (HKLM-x32\...\{1CCF681C-C203-49B3-83F4-A54F0F944416}) (Version: 5.0.5.1 - We-Care.com)
ComicRack v0.9.154 (HKLM\...\ComicRack) (Version: v0.9.154 - cYo Soft)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 4.41.0314.0232 - DT Soft Ltd)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{81FB7C60-565A-4869-9D90-3BE1D270E8B7}) (Version:  - Microsoft)
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 5.0.1.5 - Hewlett-Packard)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.87 - DivX, LLC)
Drive Encryption for HP ProtectTools (HKLM\...\{D6782B98-BDC0-45F4-A046-9D26C475CBF8}) (Version: 5.0.2.10 - Hewlett-Packard)
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)
DVDFab 8.1.5.9 (20/01/2012) Qt (HKLM-x32\...\DVDFab 8 Qt_is1) (Version:  - Fengtao Software Inc.)
Embedded Security for HP ProtectTools (HKLM\...\{544A04F6-28FD-4C24-A34D-FC2B89222505}) (Version: 5.7.000 - Hewlett-Packard)
File Sanitizer For HP ProtectTools (HKLM-x32\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 5.0.1.4 - Hewlett-Packard)
Free Video Flip and Rotate version 1.8.13.908 (HKLM-x32\...\Free Video Flip and Rotate_is1) (Version:  - DVDVideoSoft Ltd.)
FreeScreenSharing (HKCU\...\FreeScreenSharing) (Version: 0.56.21.0 - Free Conferencing Corporation)
GNS3 0.7.4 (HKLM-x32\...\GNS3) (Version: 0.7.4 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.117 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Hard Disk Low Level Format Tool 4.12 (HKLM-x32\...\Hard Disk Low Level Format Tool_is1) (Version:  - HDDGURU)
High-Definition Video Playback (x32 Version: 7.3.10800.5.0 - Nero AG) Hidden
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HP Connection Manager (HKLM-x32\...\{7A6B4340-7090-418F-8976-EE9650B35550}) (Version: 4.1.22.1 - Hewlett-Packard Company)
HP Power Data (HKLM\...\{1C292266-E054-4090-84D5-869649E4F9C7}) (Version: 1.0.35.187 - Hewlett-Packard Company)
HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 5.12.754 - Hewlett-Packard Company)
HP ProtectTools Security Manager (Version: 5.12.754 - Hewlett-Packard Company) Hidden
HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.12.1 - Hewlett-Packard)
HP USB Disk Storage Format Tool (HKLM-x32\...\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}) (Version:  - )
HP Web Camera (Version: 1.0.0 - Hewlett-Packard) Hidden
HP Webcam (HKLM-x32\...\{1D61E881-43CD-447B-9E6B-D2C6138B2862}) (Version: 1.0.26.3 - Roxio)
HP Webcam Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.50009.6 - Sonix)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6300.0 - IDT)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.6.0 - LIGHTNING UK!)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java 7 Update 9 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417009FF}) (Version: 7.0.90 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java Card Security for HP ProtectTools (HKLM\...\{F4477CC0-7293-414A-93BC-20EE897A80F0}) (Version: 5.0.4.1 - Hewlett-Packard)
Java SE Development Kit 7 Update 9 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170090}) (Version: 1.7.0.90 - Oracle)
Java™ SE Development Kit 7 Update 3 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170030}) (Version: 1.7.0.30 - Oracle)
JavaFX 2.0.3 SDK (HKLM-x32\...\{2222706F-666A-4037-7777-203328764D10}) (Version: 2.0.3 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Mega Codec Pack 8.7.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 8.7.0 - )
LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 4.2.13.16151 - LeapFrog)
LeapFrog Connect (x32 Version: 4.2.13.16151 - LeapFrog) Hidden
LeapFrog LeapPad Explorer Plugin (x32 Version: 4.2.13.16151 - LeapFrog) Hidden
LightScribe System Software (HKLM-x32\...\{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}) (Version: 1.18.22.2 - LightScribe)
Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7259) - Logitech Inc..)
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.97 - LSI Corporation)
lucky leap 3.0.0 (HKLM\...\lucky leap) (Version: 3.0.0 - luckyleap)
Media Player Classic - Home Cinema 1.5.3.3920 x64 (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.5.3.3920 - MPC-HC Team)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.1.177.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (Version: 2.1.177.0 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Nero 10 ClipartPack (HKLM-x32\...\{96ED4B78-300E-4033-AE6C-C115CEB4DF07}) (Version: 10.6.10000.11.0 - Nero AG)
Nero 10 Kwik Themes 1 (HKLM-x32\...\{43FBAB46-5969-4200-9958-1FF81FEE506F}) (Version: 10.6.10000.1.0 - Nero AG)
Nero 10 Kwik Themes 2 (HKLM-x32\...\{70F19404-B96C-4EBB-AD2B-3574F8736197}) (Version: 10.6.10000.2.0 - Nero AG)
Nero 10 Kwik Themes 3 (HKLM-x32\...\{DD238642-14C7-4D54-8BD7-FAD6DEA9999B}) (Version: 10.6.10000.1.0 - Nero AG)
Nero 10 Kwik Themes 4 (HKLM-x32\...\{A70B0C7B-3527-4D53-A694-E9492ECE9EE1}) (Version: 10.6.10000.1.0 - Nero AG)
Nero 10 Menu TemplatePack 1 (HKLM-x32\...\{42C8B7DF-FEB0-4D51-B169-506B6BEC5797}) (Version: 10.6.10000.0.0 - Nero AG)
Nero 10 Menu TemplatePack 2 (HKLM-x32\...\{E712C273-7564-4C8E-AA59-0FA19BC35117}) (Version: 10.6.10000.0.0 - Nero AG)
Nero 10 Menu TemplatePack 3 (HKLM-x32\...\{92146419-AE44-4C8B-A48B-0ABB1B5EC026}) (Version: 10.6.10000.1.0 - Nero AG)
Nero 10 Menu TemplatePack Basic (x32 Version: 10.6.10000.0.0 - Nero AG) Hidden
Nero 10 Movie ThemePack Basic (x32 Version: 10.6.10000.1.0 - Nero AG) Hidden
Nero 10 PiP EffectPack 1 (HKLM-x32\...\{EF3A4DAE-F16F-4AC1-87BB-FE00A784084F}) (Version: 10.6.10000.0.0 - Nero AG)
Nero 10 Sample ImagePack (HKLM-x32\...\{ACD15FDF-FC42-4175-B477-576F92FF2256}) (Version: 10.6.10000.11.0 - Nero AG)
Nero 10 Sample Videos (HKLM-x32\...\{92A10E9D-EA00-4A46-8F22-EEA660992D61}) (Version: 10.6.10000.11.0 - Nero AG)
Nero 10 Video TransitionPack 1 (HKLM-x32\...\{85BEC8F6-9AA3-43FF-B56B-8276277137B3}) (Version: 10.6.10000.0.0 - Nero AG)
Nero BackItUp 10 (HKLM-x32\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.8.10400.4.100 - Nero AG)
Nero BackItUp 10 Help (CHM) (x32 Version: 10.6.10600 - Nero AG) Hidden
Nero Burning ROM 10 (HKLM-x32\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.6.10600.4.100 - Nero AG)
Nero BurningROM 10 Help (CHM) (x32 Version: 10.6.10600 - Nero AG) Hidden
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.4.10300.1.100 - Nero AG)
Nero BurnRights 10 Help (CHM) (x32 Version: 10.6.10600 - Nero AG) Hidden
Nero Control Center 10 (x32 Version: 10.6.12600.0.5 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.19800.9.10 - Nero AG) Hidden
Nero CoverDesigner 10 (HKLM-x32\...\{FCF00A6E-FB58-477A-ABE9-232907105521}) (Version: 5.6.10500.3.100 - Nero AG)
Nero CoverDesigner 10 Help (CHM) (x32 Version: 10.6.10600 - Nero AG) Hidden
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.4.10400.0.100 - Nero AG)
Nero DiscSpeed 10 Help (CHM) (x32 Version: 10.6.10600 - Nero AG) Hidden
Nero Dolby Files 10 (x32 Version: 2.0.13000.0.10 - Nero AG) Hidden
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.6.10600.4.100 - Nero AG)
Nero Express 10 Help (CHM) (x32 Version: 10.6.10600 - Nero AG) Hidden
Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.4.10200.0.100 - Nero AG)
Nero InfoTool 10 Help (CHM) (x32 Version: 10.6.10600 - Nero AG) Hidden
Nero Kwik Media (HKLM-x32\...\{1F7D9F37-C39C-486C-BDF8-8F440FFB3352}) (Version: 1.6.14000.46.100 - Nero AG)
Nero Multimedia Suite 10 Platinum HD (HKLM-x32\...\{277C1559-4CF7-44FF-8D07-98AA9C13AABD}) (Version: 10.6.11800 - Nero AG)
Nero Recode 10 (HKLM-x32\...\{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}) (Version: 4.10.10600.4.100 - Nero AG)
Nero Recode 10 Help (CHM) (x32 Version: 10.6.10600 - Nero AG) Hidden
Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.6.10500.3.100 - Nero AG)
Nero RescueAgent 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
Nero SoundTrax 10 (HKLM-x32\...\{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}) (Version: 4.10.10300.2.100 - Nero AG)
Nero SoundTrax 10 Help (CHM) (x32 Version: 10.6.10600 - Nero AG) Hidden
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.6.10400.2.100 - Nero AG)
Nero StartSmart 10 Help (CHM) (x32 Version: 10.6.10600 - Nero AG) Hidden
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.10900.31.0 - Nero AG)
Nero Vision 10 (HKLM-x32\...\{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}) (Version: 7.4.10800.7.100 - Nero AG)
Nero Vision 10 Help (CHM) (x32 Version: 10.6.10600 - Nero AG) Hidden
Nero WaveEditor 10 (HKLM-x32\...\{EDCDFAD5-DF80-4600-A493-E9DAD6810230}) (Version: 5.10.10400.3.100 - Nero AG)
Nero WaveEditor 10 Help (CHM) (x32 Version: 10.6.10600 - Nero AG) Hidden
NeroKwikMedia Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
NetBeans IDE 7.1 (HKLM-x32\...\nbi-nb-base-7.1.0.0.0) (Version: 7.1 - NetBeans.org)
NetBeans IDE 7.2.1 (HKLM\...\nbi-nb-base-7.2.1.0.201210100934) (Version: 7.2.1 - NetBeans.org)
Pass4sure Questions and Answers for Cisco 640-802 (HKLM-x32\...\{32EA694B-0F67-4E8A-911A-9D627FCA0D26}) (Version: 12.4.13738 - Pass4sure)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Pearson IT Certification Practice Test (HKLM-x32\...\Pearson IT Certification Practice Test_is1) (Version: 1.0.0.21 - Pearson IT Certification)
PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.6.1 - Prolific Technology INC)
Privacy Manager for HP ProtectTools (HKLM\...\{32394B71-1E8E-4233-8958-B84F4CDC8F4D}) (Version: 5.11.814 - Hewlett-Packard Company)
PuTTY version 0.62 (HKLM-x32\...\PuTTY_is1) (Version: 0.62 - Simon Tatham)
PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden
QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RICOH Media Driver (HKLM-x32\...\{F5CC2EF8-20A4-4366-A681-3FE849E65809}) (Version: 2.13.00.05 - RICOH)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.650.0 - SAMSUNG Electronics Co., Ltd.)
SanDisk ® Media Manager (HKLM-x32\...\{8BAF591E-B0E0-4DF6-B73C-AD10826E0DB7}) (Version: 2.1.0.4 - SanDisk)
Splashtop Streamer (HKLM-x32\...\InstallShield_{2EFEAD58-3311-4B2B-9D8A-8D663581D109}) (Version: 2.0.0.4 - Splashtop Inc.)
Splashtop Streamer (x32 Version: 2.0.0.4 - Splashtop Inc.) Hidden
Spotify (HKCU\...\Spotify) (Version: 0.9.7.16.g4b197456 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.24.0 - Synaptics Incorporated)
Tftpd64 Standalone Edition (remove only) (HKLM-x32\...\Tftpd64) (Version:  - )
Total Video Converter 3.71 100812 (HKLM-x32\...\Total Video Converter 3.71_is1) (Version:  - EffectMatrix Inc.)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin) (HKLM-x32\...\LeapPadExplorerPlugin) (Version:  - LeapFrog)
Validity Fingerprint Driver (HKLM\...\{DD966CEF-5EA9-4BA2-B210-490FEBC27EA7}) (Version: 4.0.15.0 - Validity Sensors, Inc.)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VideoBrowser (HKLM-x32\...\{D79DC615-EC9F-4EFA-9482-5911168D8F32}) (Version: 1.01.100 - PIXELA)
Visual CertExam Suite (HKLM-x32\...\Visual CertExam Suite_is1) (Version:  - Avanset)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VUDU To Go (HKLM-x32\...\com.vudu.air.Downloader) (Version: 1.3.6 - Vudu)
VUDU To Go (x32 Version: 1.3.6 - Vudu) Hidden
WinAVI All in One Converter (HKLM-x32\...\WinAVI All in One Converter) (Version: 1.2.0.3939 - ZJMedia Digital Technology Ltd.)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
WinZip 15.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}) (Version: 15.0.9302 - WinZip Computing, S.L. )
Wireshark 1.10.1 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.10.1 - The Wireshark developer community, http://www.wireshark.org)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)

==================== Restore Points  =========================

19-02-2014 05:07:34 Windows Update
20-02-2014 05:15:33 Windows Update
27-02-2014 09:00:14 Windows Update
03-03-2014 07:20:44 Windows Modules Installer

==================== Hosts content: ==========================

2009-07-13 20:34 - 2011-01-27 14:00 - 00001211 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net


==================== Scheduled Tasks (whitelisted) =============

Task: {031E7292-A8EB-4ED7-8C7E-8EB1E63C3588} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {041A5948-6715-410F-9727-F0BF07D10993} - System32\Tasks\Launch ASUS Sync Loader => C:\Program Files (x86)\ASUS\ASUS Sync\asusUPCTLoader.exe [2013-03-01] (Futuredial Inc.)
Task: {0D6EB353-4E54-4BDB-A676-C4E8F821E4FB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-06-22] (Piriform Ltd)
Task: {0FAE2093-B28C-4419-975B-4E9CB2E776BE} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {12E0490D-633A-4607-9D79-E673792EABDA} - System32\Tasks\AdobeAAMUpdater-1.0-Daddy-PC-Daddy => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {24D6AB98-32C2-4F90-9BB7-11394DEB93B4} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {3A361F64-2970-4E59-B050-F21C6427E8E7} - System32\Tasks\AVG-Secure-Search-Update_MAY2013_TB_rel => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_MAY2013_TB.exe [2013-06-14] (AVG Secure Search)
Task: {40BB8CEA-8BB6-425E-B60A-4B7BF1A27D20} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-22] (Google Inc.)
Task: {42A06F3C-145E-49E4-9377-F73A7005CEF5} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {42CA3EB4-8C80-44AF-81E6-7BB9D3CE43EE} - System32\Tasks\{DBAC1DF9-CDE8-48E1-A953-463323B17F92} => C:\Program Files (x86)\DivX\DivX Plus Player\DivX Plus Player.exe
Task: {677326DC-BD44-4A86-B0A4-4834FC9C8C59} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {70C0DA51-CB62-497E-AE34-F8F3FABD1145} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {7E23BACD-BE97-4A19-B170-D2DCA4007F0C} - System32\Tasks\BackgroundContainer Startup Task => Rundll32.exe "C:\Users\Daddy\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <==== ATTENTION
Task: {8C7C892C-7F25-45A9-8CE0-8C93AFB52CBE} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-01-29] (Microsoft)
Task: {94294CEA-2905-459A-AC3A-F84673A334DE} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {9798E18F-1850-4DB2-B77B-4D06FE301341} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {A7E92D7A-9815-446A-B41B-D01321D59906} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: {BB1B959F-007C-4E74-A19D-420DCE0B52B0} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: {BEC6D825-DCB2-4221-9AB1-6DD4840DB687} - System32\Tasks\{67177082-B0A3-4B8E-9CCA-FB66142191EA} => C:\Program Files (x86)\DivX\DivX Plus Player\DivX Plus Player.exe
Task: {C8C616DC-5B61-4643-827A-89636B5B8B20} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-22] (Google Inc.)
Task: {DA3E6B1D-009F-4569-AB0B-E4FA9624593D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E1DCA8D6-B1F5-4322-A202-DB20DCB77800} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-21] (Adobe Systems Incorporated)
Task: {F5E81742-83D0-4306-9EBC-0EA5FD7F0E3F} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe [2013-12-18] (AVG)
Task: {FBFD9754-9FE3-48D3-BCBA-EA21E4C69FF9} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => c:\Program Files\Microsoft Device Center\devicecenter.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_MAY2013_TB_rel.job => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_MAY2013_TB.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-04-20 07:10 - 2010-04-20 07:10 - 00100352 _____ () C:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll
2013-12-18 09:38 - 2013-12-18 09:38 - 00742200 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\avgrepliba.dll
2011-08-31 18:13 - 2011-08-31 18:13 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-06-17 22:16 - 2013-07-21 19:08 - 03109376 _____ () C:\Users\Daddy\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
2012-03-14 20:06 - 2012-03-14 20:06 - 01234784 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.138.290\AsusWSService.exe
2010-01-09 19:17 - 2010-01-09 19:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 00:40 - 2010-01-21 00:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2011-10-22 23:17 - 2010-03-15 10:28 - 00166400 _____ () C:\Program Files\WinRAR\rarext.dll
2012-05-11 15:08 - 2010-07-29 17:19 - 00293888 _____ () C:\Program Files (x86)\Total Video Converter\TVCShellExtx64.dll
2011-04-08 08:57 - 2011-04-08 08:57 - 01102336 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\System.Data.SQLite.dll
2009-07-01 14:44 - 2009-07-01 14:44 - 00632888 _____ () C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
2014-03-03 03:50 - 2014-03-03 03:50 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\loggingserver.exe
2013-07-24 00:29 - 2014-03-03 03:50 - 02539544 _____ () C:\Program Files (x86)\AVG Secure Search\vprot.exe
2014-03-03 11:00 - 2014-03-03 11:00 - 00987425 _____ () C:\Users\Daddy\Desktop\SecurityCheck.exe
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-11-29 03:16 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-11-29 03:16 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-11-29 03:16 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-11-29 03:16 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-11-29 03:16 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2012-04-09 22:44 - 2010-07-01 19:27 - 00364544 ____N () C:\Program Files (x86)\PIXELA\VideoBrowser\pxl_m17n_tool.dll
2013-10-18 17:55 - 2013-10-18 17:55 - 25100288 _____ () C:\Users\Daddy\AppData\Roaming\Dropbox\bin\libcef.dll
2011-09-05 01:19 - 2011-09-05 01:19 - 00028672 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.138.290\AxInterop.ShockwaveFlashObjects.dll
2013-03-01 09:55 - 2013-03-01 09:55 - 00516599 _____ () C:\Program Files (x86)\ASUS\ASUS Sync\sqlite3.dll
2013-03-01 09:55 - 2013-03-01 09:55 - 00094208 _____ () C:\Program Files (x86)\ASUS\ASUS Sync\fdHttpd.dll
2013-03-01 09:55 - 2013-03-01 09:55 - 00356352 _____ () C:\Program Files (x86)\ASUS\ASUS Sync\asusDetect.dll
2013-03-01 09:55 - 2013-03-01 09:55 - 00147456 _____ () C:\Program Files (x86)\ASUS\ASUS Sync\asusDetectLegend.dll
2013-03-01 09:55 - 2013-03-01 09:55 - 00559244 _____ () C:\Program Files (x86)\ASUS\ASUS Sync\sqlite3.7.dll
2013-03-01 09:55 - 2013-03-01 09:55 - 00139264 _____ () C:\Program Files (x86)\ASUS\ASUS Sync\asusDisk.dll
2014-02-15 21:49 - 2014-02-15 21:49 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2010-01-09 19:18 - 2010-01-09 19:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 00:34 - 2010-01-21 00:34 - 08793952 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2011-04-08 08:57 - 2011-04-08 08:57 - 00514570 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2014-03-03 03:50 - 2014-03-03 03:50 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\log4cplusU.dll
2014-02-21 01:14 - 2014-02-21 01:14 - 16265096 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll
2010-01-09 19:18 - 2010-01-09 19:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:FB1B13D8

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/03/2014 01:50:53 AM) (Source: Microsoft-Windows-WMI) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/03/2014 01:50:22 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (03/01/2014 01:40:51 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (03/01/2014 11:15:42 AM) (Source: Application Hang) (User: )
Description: The program OneClick.exe version 14.0.1001.295 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: eec

Start Time: 01cf32eb088995b2

Termination Time: 2181

Application Path: C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe

Report Id: 0e795727-a165-11e3-9299-70f3957daf41

Error: (02/25/2014 00:33:16 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (02/24/2014 08:57:28 AM) (Source: Microsoft-Windows-WMI) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/24/2014 08:57:07 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (02/24/2014 02:39:54 AM) (Source: Application Error) (User: )
Description: Faulting application name: firefox.exe, version: 27.0.1.5156, time stamp: 0x52fc0faa
Faulting module name: xul.dll, version: 27.0.1.5156, time stamp: 0x52fc0f79
Exception code: 0xc0000005
Fault offset: 0x001560c7
Faulting process id: 0x1a98
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3

Error: (02/23/2014 04:31:52 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (02/23/2014 02:31:06 AM) (Source: Microsoft-Windows-WMI) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (03/03/2014 01:51:48 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (03/03/2014 01:50:31 AM) (Source: SNMP) (User: )
Description: The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

Error: (03/03/2014 01:50:22 AM) (Source: Service Control Manager) (User: )
Description: The HP ProtectTools Service service failed to start due to the following error:
%%14001

Error: (03/03/2014 01:48:00 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (03/03/2014 01:46:54 AM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (03/03/2014 01:43:41 AM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: 490@01010004

Error: (03/01/2014 11:24:29 AM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (02/24/2014 08:58:24 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (02/24/2014 08:57:18 AM) (Source: SNMP) (User: )
Description: The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

Error: (02/24/2014 08:57:07 AM) (Source: Service Control Manager) (User: )
Description: The HP ProtectTools Service service failed to start due to the following error:
%%14001


Microsoft Office Sessions:
=========================
Error: (03/03/2014 01:50:53 AM) (Source: Microsoft-Windows-WMI)(User: NT AUTHORITY)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/03/2014 01:50:22 AM) (Source: SideBySide)(User: )
Description: C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exeC:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe.Config0

Error: (03/01/2014 01:40:51 PM) (Source: SideBySide)(User: )
Description: C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exeC:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe.Config0

Error: (03/01/2014 11:15:42 AM) (Source: Application Hang)(User: )
Description: OneClick.exe14.0.1001.295eec01cf32eb088995b22181C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe0e795727-a165-11e3-9299-70f3957daf41

Error: (02/25/2014 00:33:16 AM) (Source: SideBySide)(User: )
Description: C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exeC:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe.Config0

Error: (02/24/2014 08:57:28 AM) (Source: Microsoft-Windows-WMI)(User: NT AUTHORITY)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/24/2014 08:57:07 AM) (Source: SideBySide)(User: )
Description: C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exeC:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe.Config0

Error: (02/24/2014 02:39:54 AM) (Source: Application Error)(User: )
Description: firefox.exe27.0.1.515652fc0faaxul.dll27.0.1.515652fc0f79c0000005001560c71a9801cf3071b9c022dbC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\xul.dll3b0bd11c-9d2f-11e3-bb49-70f3957daf41

Error: (02/23/2014 04:31:52 AM) (Source: SideBySide)(User: )
Description: C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exeC:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe.Config0

Error: (02/23/2014 02:31:06 AM) (Source: Microsoft-Windows-WMI)(User: NT AUTHORITY)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Percentage of memory in use: 47%
Total physical RAM: 7981.81 MB
Available physical RAM: 4215.66 MB
Total Pagefile: 15961.8 MB
Available Pagefile: 11595.65 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.79 GB) (Free:50.41 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: B97CE5BA)

Partition: GPT Partition Type.

==================== End Of Log ============================



#4 Jo*

Jo*

  • Malware Response Team
  • 3,400 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:59 AM

Posted 03 March 2014 - 01:40 PM

Hello MrRip,

Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    The actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


P2P - I see you have P2P software uTorrent installed on your machine.
  • Avoid P2P
  • Identity Theft and / or malware infection may happen, when P2P software is running on your computer.
  • Here you will find more information.
  • Please note:
    • If you think you're using a "safe" P2P program, only the program is safe, not the data.
    • You will share files from unsafe sources, and these may be infected.
    • Some bad guys use P2P filesharing as an important chanel to spread their wares.
    I would advice you, uninstall it now.
    You can do this via Start > Control Panel > Add Remove Programs (XP) or Start > Control Panel > Programs and Features (Vista / 7).

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#5 MrRip

MrRip
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:59 AM

Posted 03 March 2014 - 02:56 PM

Hello,

 

Here are the current results of the last steps requested. Thank you again for all of your assistance.

 

> Malware Bytes

Results: Scan Finished: No malware found!


> Adwcleaner

# AdwCleaner v3.020 - Report created 03/03/2014 at 13:38:28
# Updated 27/02/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Daddy - DADDY-PC
# Running from : C:\Users\Daddy\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : splashtopremoteservice
Service Found : SSUService

***** [ Files / Folders ] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
File Found : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
File Found : C:\Program Files (x86)\Mozilla Firefox\nsprotector.js
File Found : C:\Users\Daddy\AppData\Roaming\Mozilla\Firefox\Profiles\u5h7h9ly.default\Extensions\{3b232d24-d5de-4194-b4d7-d53b41a09748}.xpi
File Found : C:\Users\Daddy\AppData\Roaming\Mozilla\Firefox\Profiles\u5h7h9ly.default\searchplugins\avg-secure-search.xml
File Found : C:\Users\Daddy\AppData\Roaming\Mozilla\Firefox\Profiles\u5h7h9ly.default\user.js
File Found : C:\Windows\System32\Tasks\BackgroundContainer Startup Task
Folder Found : C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfchmfgdaabgdjbcaophikcobddojjoe
Folder Found : C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfchmfgdaabgdjbcaophikcobddojjoe
Folder Found : C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfchmfgdaabgdjbcaophikcobddojjoe
Folder Found : C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfchmfgdaabgdjbcaophikcobddojjoe
Folder Found : C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfchmfgdaabgdjbcaophikcobddojjoe
Folder Found : C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfchmfgdaabgdjbcaophikcobddojjoe
Folder Found : C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Found : C:\Users\Daddy\AppData\Roaming\Mozilla\Firefox\Profiles\u5h7h9ly.default\Extensions\{eef3855c-fc2d-41e6-8d91-d368f51b3055}
Folder Found C:\Program Files (x86)\AVG SafeGuard toolbar
Folder Found C:\Program Files (x86)\AVG Secure Search
Folder Found C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Folder Found C:\Program Files (x86)\Conduit
Folder Found C:\Program Files (x86)\SearchProtect
Folder Found C:\Program Files (x86)\Splashtop
Folder Found C:\ProgramData\AVG Secure Search
Folder Found C:\ProgramData\AVG Security Toolbar
Folder Found C:\ProgramData\Splashtop
Folder Found C:\ProgramData\WeCareReminder
Folder Found C:\SearchProtect
Folder Found C:\Users\Daddy\AppData\Local\AVG Secure Search
Folder Found C:\Users\Daddy\AppData\LocalLow\AVG Secure Search
Folder Found C:\Users\Daddy\AppData\LocalLow\boost_interprocess
Folder Found C:\Users\Daddy\AppData\LocalLow\Conduit
Folder Found C:\Users\Daddy\AppData\LocalLow\PriceGong
Folder Found C:\Users\Daddy\AppData\Roaming\Mozilla\Firefox\Profiles\u5h7h9ly.default\CT3298573
Folder Found C:\Users\Daddy\AppData\Roaming\Mozilla\Firefox\Profiles\u5h7h9ly.default\Smartbar
Folder Found C:\Users\Daddy\AppData\Roaming\Mozilla\Firefox\Profiles\u5h7h9ly.default\ValueApps

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Google\Chrome\Extensions\mfchmfgdaabgdjbcaophikcobddojjoe
Key Found : HKCU\Software\Google\Chrome\Extensions\mfchmfgdaabgdjbcaophikcobddojjoe
Key Found : HKCU\Software\Google\Chrome\Extensions\mfchmfgdaabgdjbcaophikcobddojjoe
Key Found : HKCU\Software\Google\Chrome\Extensions\mfchmfgdaabgdjbcaophikcobddojjoe
Key Found : HKCU\Software\Google\Chrome\Extensions\mfchmfgdaabgdjbcaophikcobddojjoe
Key Found : HKCU\Software\Google\Chrome\Extensions\mfchmfgdaabgdjbcaophikcobddojjoe
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\Splashtop Inc.
Key Found : HKCU\Software\wecarereminder
Key Found : [x64] HKCU\Software\AVG Secure Search
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : [x64] HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\Splashtop Inc.
Key Found : [x64] HKCU\Software\wecarereminder
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\Software\caphyon
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\dlQUE
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\eiimolhnbbbdagljikeckdkldgemmmlj
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\mfchmfgdaabgdjbcaophikcobddojjoe
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\mfchmfgdaabgdjbcaophikcobddojjoe
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\mfchmfgdaabgdjbcaophikcobddojjoe
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\mfchmfgdaabgdjbcaophikcobddojjoe
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\mfchmfgdaabgdjbcaophikcobddojjoe
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\mfchmfgdaabgdjbcaophikcobddojjoe
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_bendometer-playing-system_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_bendometer-playing-system_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_windows-live-movie-maker_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_windows-live-movie-maker_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Splashtop Software Updater
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\Software\SearchProtect
Key Found : HKLM\Software\Splashtop Inc.
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\lucky leap
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\Daddy\AppData\Roaming\Mozilla\Firefox\Profiles\u5h7h9ly.default\prefs.js ]

Line Found : user_pref("CT3298573.1000082.isPlayDisplay", "true");
Line Found : user_pref("CT3298573.1000082.muteState", "on");
Line Found : user_pref("CT3298573.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock - Rock\",\"url\":\"hxxp://www.feedlive.net/california.asx\"}");
Line Found : user_pref("CT3298573.1000234.TWC_TMP_city", "DALLAS");
Line Found : user_pref("CT3298573.1000234.TWC_TMP_country", "US");
Line Found : user_pref("CT3298573.1000234.TWC_country", "UNITED STATES");
Line Found : user_pref("CT3298573.1000234.TWC_locId", "USTX0327");
Line Found : user_pref("CT3298573.1000234.TWC_location", "Dallas, TX");
Line Found : user_pref("CT3298573.1000234.TWC_region", "US");
Line Found : user_pref("CT3298573.1000234.TWC_temp_dis", "f");
Line Found : user_pref("CT3298573.1000234.TWC_wind_dis", "mph");
Line Found : user_pref("CT3298573.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3298573.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3298573.FirstTime", "true");
Line Found : user_pref("CT3298573.FirstTimeFF3", "true");
Line Found : user_pref("CT3298573.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298573&SearchSource=2&CUI=UN27813463531738812&UM=2&q=");
Line Found : user_pref("CT3298573.TopHitsConfig.enc", "ew0KICAgICJzcHJpdGVVcmwiOiAiaHR0cDovL3N0b3JhZ2UuY29uZHVpdC5jb20vcHMvVG9wSGl0c0dlbmVyaWNBcHAvY29uZmlncy9VUy1VSy1EYW5jZS1Sb2NrLVJhcC9zcHJpdGUucG5nIiwNCiAgICAiaX[...]
Line Found : user_pref("CT3298573.UserID", "UN27813463531738812");
Line Found : user_pref("CT3298573.YTbyClickFavorites.enc", "W10=");
Line Found : user_pref("CT3298573.YTbyClickRecent.enc", "JTVCJTdCJTIyaWQlMjIlM0ElMjJmMkhlcktTam1OUSUyMiUyQyUyMnRpdGxlJTIyJTNBJTIyVGhlJTIwQm9vayUyMG9mJTIwUmV2ZWxhdGlvbnMlMjBGdWxsJTIwTW92aWUtJTIwVGhlJTIwUmV2ZWxhdGlv[...]
Line Found : user_pref("CT3298573.addressBarTakeOverEnabledInHidden", "true");
Line Found : user_pref("CT3298573.appOptions", "{\"1000034\":{\"render\":true},\"1000234\":{\"render\":true}}");
Line Found : user_pref("CT3298573.browser.search.defaultthis.engineName", true);
Line Found : user_pref("CT3298573.countryCode", "US");
Line Found : user_pref("CT3298573.embeddedsData", "[{\"appId\":\"130110228602769889\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Found : user_pref("CT3298573.enlargeSearchBox", "{\"enabled\":true,\"maxWidth\":1000,\"minWidth\":250,\"width\":500}");
Line Found : user_pref("CT3298573.firstTimeDialogOpened", "true");
Line Found : user_pref("CT3298573.fixPageNotFoundErrorByUser", "TRUE");
Line Found : user_pref("CT3298573.fixPageNotFoundErrorInHidden", "true");
Line Found : user_pref("CT3298573.fullUserID", "UN27813463531738812.IN.20130828220618");
Line Found : user_pref("CT3298573.installType", "DirectDownload");
Line Found : user_pref("CT3298573.isCheckedStartAsHidden", true);
Line Found : user_pref("CT3298573.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3298573.isFirstTimeToolbarLoading", "false");
Line Found : user_pref("CT3298573.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Found : user_pref("CT3298573.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Found : user_pref("CT3298573.keyword", true);
Line Found : user_pref("CT3298573.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3298573&octid=CT3298573&SearchSource=15&CUI=UN27813463531738812&SSPV=&Lay=1&UM=2\"}");
Line Found : user_pref("CT3298573.lastVersion", "10.23.0.822");
Line Found : user_pref("CT3298573.mam_gk_installer_preapproved.enc", "VFJVRQ==");
Line Found : user_pref("CT3298573.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fsearch.conduit.com%2F%3FUM%3D2%26ctid%3DCT3298573%26SearchSource%3D13%26CUI%3DUN278134635317[...]
Line Found : user_pref("CT3298573.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Found : user_pref("CT3298573.originalHomepage", "chrome://branding/locale/browserconfig.properties");
Line Found : user_pref("CT3298573.originalSearchAddressUrl", "hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_7&idate=__installtime__&hsimp=yhs-lavasoft&ent=bs&q=");
Line Found : user_pref("CT3298573.originalSearchEngine", "SecureSearch");
Line Found : user_pref("CT3298573.originalSearchEngineName", "Google");
Line Found : user_pref("CT3298573.personalApps", "{\"dataType\":\"object\",\"data\":\"[\\\"EMAIL_NOTIFIER\\\",\\\"WEATHER\\\"]\"}");
Line Found : user_pref("CT3298573.revertSettingsEnabled", "false");
Line Found : user_pref("CT3298573.search.searchAppId", "130110228602769889");
Line Found : user_pref("CT3298573.search.searchCount", "0");
Line Found : user_pref("CT3298573.searchFromAddressBarEnabledByUser", "true");
Line Found : user_pref("CT3298573.searchInNewTabEnabledByUser", "true");
Line Found : user_pref("CT3298573.searchInNewTabEnabledInHidden", "true");
Line Found : user_pref("CT3298573.searchSuggestEnabledByUser", "TRUE");
Line Found : user_pref("CT3298573.searchUninstallUserMode", "2");
Line Found : user_pref("CT3298573.searchUserMode", "2");
Line Found : user_pref("CT3298573.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3298573.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Found : user_pref("CT3298573.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Found : user_pref("CT3298573.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3298573\"}");
Line Found : user_pref("CT3298573.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://MixiDJV37.OurToolbar.com//xpi\"}");
Line Found : user_pref("CT3298573.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"MixiDJ V37 \"}");
Line Found : user_pref("CT3298573.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3298573.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Found : user_pref("CT3298573.serviceLayer_services_Configuration_lastUpdate", "1390966375197");
Line Found : user_pref("CT3298573.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1390197837766");
Line Found : user_pref("CT3298573.serviceLayer_services_appsMetadata_lastUpdate", "1390966373764");
Line Found : user_pref("CT3298573.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1389821854973");
Line Found : user_pref("CT3298573.serviceLayer_services_login_10.23.0.822_lastUpdate", "1390966374116");
Line Found : user_pref("CT3298573.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1389821855049");
Line Found : user_pref("CT3298573.serviceLayer_services_searchAPI_lastUpdate", "1390966374284");
Line Found : user_pref("CT3298573.serviceLayer_services_serviceMap_lastUpdate", "1390966373718");
Line Found : user_pref("CT3298573.serviceLayer_services_setupAPI_lastUpdate", "1387386898453");
Line Found : user_pref("CT3298573.serviceLayer_services_toolbarContextMenu_lastUpdate", "1390966373805");
Line Found : user_pref("CT3298573.serviceLayer_services_toolbarSettings_lastUpdate", "1390980211595");
Line Found : user_pref("CT3298573.serviceLayer_services_translation_lastUpdate", "1390966373645");
Line Found : user_pref("CT3298573.settingsINI", true);
Line Found : user_pref("CT3298573.showToolbarPermission", "false");
Line Found : user_pref("CT3298573.smartbar.CTID", "CT3298573");
Line Found : user_pref("CT3298573.smartbar.Uninstall", "0");
Line Found : user_pref("CT3298573.smartbar.homepage", true);
Line Found : user_pref("CT3298573.smartbar.toolbarName", "MixiDJ V37 ");
Line Found : user_pref("CT3298573.toolbarBornServerTime", "18-12-2013");
Line Found : user_pref("CT3298573.toolbarCurrentServerTime", "29-1-2014");
Line Found : user_pref("CT3298573.toolbarDisabled", "true");
Line Found : user_pref("CT3298573.toolbarInstallDate", "18-12-2013 11:14:58");
Line Found : user_pref("CT3298573.toolbarLoginClientTime", "Wed Dec 18 2013 11:15:09 GMT-0600 (Central Standard Time)");
Line Found : user_pref("CT3298573_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1390966370228,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Found : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?UM=2&ctid=CT3298573&SearchSource=13&CUI=UN27813463531738812");
Line Found : user_pref("Smartbar.ConduitSearchEngineList", "MixiDJ V37 Customized Web Search");
Line Found : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298573&SearchSource=2&CUI=UN27813463531738812&UM=2&q=");
Line Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_7&idate=__installtime__&hsimp=yhs-lavasoft&ent=bs&q=");
Line Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT3298573");
Line Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298573&SearchSource=2&CUI=UN27813463531738812&UM=2&q=");
Line Found : user_pref("plugin.state.npconduitfirefoxplugin", 2);
Line Found : user_pref("smartbar.addressBarOwnerCTID", "CT3298573");
Line Found : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?UM=2&ctid=CT3298573&SearchSource=13&CUI=UN27813463531738812");
Line Found : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298573&SearchSource=2&CUI=UN27813463531738812&UM=2&q=");
Line Found : user_pref("smartbar.defaultSearchOwnerCTID", "CT3298573");
Line Found : user_pref("smartbar.homePageOwnerCTID", "CT3298573");
Line Found : user_pref("smartbar.machineId", "E/0GE6L/9I0YZBWYFFMGEKZWWDNBOQ3H9/KLZLZINAQKCMVJIOF6UTU0G7YBPFSFTRRYE2PMBBX7IBVTVOYUQQ");
Line Found : user_pref("valueApps.CT3298573./9B+7E+x305.storedInFile", true);
Line Found : user_pref("valueApps.CT3298573./9B+7E,x305.storedInFile", true);
Line Found : user_pref("valueApps.CT3298573./9B+7E-x305.storedInFile", true);
Line Found : user_pref("valueApps.CT3298573./9B+7E.:2z527.storedInFile", true);
Line Found : user_pref("valueApps.CT3298573./9B+7E.x305.storedInFile", true);
Line Found : user_pref("valueApps.CT3298573./9B+7E/x305.storedInFile", true);
Line Found : user_pref("valueApps.CT3298573./9B+7E06CG5EL8:", "6E6D68726A6E6F73706F");
Line Found : user_pref("valueApps.CT3298573./9B+7E06CG5EL8:.storedInFile", false);
Line Found : user_pref("valueApps.CT3298573./9B+7E06CG5EL;8I:K", "247E2D2F226A74736E78707475797675242F4B49474F42357D5D5C3D");
Line Found : user_pref("valueApps.CT3298573./9B+7E06CG5EL;8I:K.storedInFile", false);
Line Found : user_pref("valueApps.CT3298573./9B+7E0x305.storedInFile", true);
Line Found : user_pref("valueApps.CT3298573./9B+7E1x305.storedInFile", true);
Line Found : user_pref("valueApps.CT3298573./9B+7E2x305.storedInFile", true);
Line Found : user_pref("valueApps.CT3298573./9B+7E31;CJ06@DB6#NCF.storedInFile", true);
Line Found : user_pref("valueApps.CT3298573./9B+7E31;CJ7FK;KG#8QKEF)TIL.storedInFile", true);
Line Found : user_pref("valueApps.CT3298573./9B+7E31;CJ7FK;KG#NCEP@MC+VKN.storedInFile", true);
Line Found : user_pref("valueApps.CT3298573./9B+7E31;CJ<F8GBF8$ODG", "247E61393F236B257078767A2A212C6E414F444D327A34485244534E5244305B5053403742256257525A5558524B344D7A7D504752357275635740594B455C535E416D6E77634C6[...]
Line Found : user_pref("valueApps.CT3298573./9B+7E31;CJ<F8GBF8$ODG.storedInFile", false);
Line Found : user_pref("valueApps.CT3298573./9B+7E31;CJB<99GN<B@&QFI", "247E61393F236B2575787375752B222D6F4250454E337B354F494646545B494F4D335E5356433A4528655A555D585B554E37507D21534A5567666A766679695D4665604370207[...]
Line Found : user_pref("valueApps.CT3298573./9B+7E31;CJB<99GN<B@&QFI.storedInFile", false);
Line Found : user_pref("valueApps.CT3298573./9B+7E31;CJHB>F!LAD.storedInFile", true);
Line Found : user_pref("valueApps.CT3298573./9B+7E31;CJII=8:\"MBE.storedInFile", true);
Line Found : user_pref("valueApps.CT3298573./9B+7E3x305.storedInFile", true);
Line Found : user_pref("valueApps.CT3298573./9B+7E4x305.storedInFile", true);
Line Found : user_pref("valueApps.CT3298573./9B+7E5x305.storedInFile", true);
Line Found : user_pref("valueApps.CT3298573./9B+7E6x305.storedInFile", true);
Line Found : user_pref("valueApps.CT3298573./9B+7E7x305.storedInFile", true);
Line Found : user_pref("valueApps.CT3298573./9B+7E8x305.storedInFile", true);
Line Found : user_pref("valueApps.CT3298573./9B+7E9x305.storedInFile", true);
Line Found : user_pref("valueApps.CT3298573./9B+7E:x305.storedInFile", true);
Line Found : user_pref("valueApps.CT3298573./9B+7E;x305.storedInFile", true);
Line Found : user_pref("valueApps.CT3298573./9B+7E<x305.storedInFile", true);
Line Found : user_pref("valueApps.CT3298573./9B+7E=x305.storedInFile", true);
Line Found : user_pref("valueApps.CT3298573./9B+7E>x305.storedInFile", true);
Line Found : user_pref("valueApps.CT3298573./9B+7E?x305.storedInFile", true);
Line Found : user_pref("valueApps.CT3298573./9B+7E@x305.storedInFile", true);
Line Found : user_pref("valueApps.CT3298573./9B+7EAx305.storedInFile", true);
Line Found : user_pref("valueApps.CT3298573./9B+7EBE3G=;D9N9=D", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D334B57");
Line Found : user_pref("valueApps.CT3298573./9B+7EBE3G=;D9N9=D.storedInFile", false);
Line Found : user_pref("valueApps.CT3298573./9B+7EBx305.storedInFile", true);
Line Found : user_pref("valueApps.CT3298573./9B+7ECx305.storedInFile", true);
Line Found : user_pref("valueApps.CT3298573./9B+7EDx305.storedInFile", true);
Line Found : user_pref("valueApps.CT3298573./9B+7Etx305.storedInFile", true);
Line Found : user_pref("valueApps.CT3298573./9B-0?3G>D", "6C3C3F3D6B3F75447A77707373204A4D497A254C4F51262A205326272A255827292E302E");
Line Found : user_pref("valueApps.CT3298573./9B-0?3G>D.storedInFile", false);
Line Found : user_pref("valueApps.CT3298573./9B-0?3G@6:5;", "");
Line Found : user_pref("valueApps.CT3298573./9B-0?3G@6:5;.storedInFile", false);
Line Found : user_pref("valueApps.CT3298573./9B-0?3GFA7EF", "2B2E2C3D");
Line Found : user_pref("valueApps.CT3298573./9B-0?3GFA7EF.storedInFile", false);
Line Found : user_pref("valueApps.CT3298573./9B-3=3ECCJA=F>", "247E333D2C452F4135276F292A212C393D44307832332A354448584C3A23282E2E3132333435363B466068576C5E6857705A6C60606B6668563F73796F697861");
Line Found : user_pref("valueApps.CT3298573./9B-3=3ECCJA=F>.storedInFile", false);
Line Found : user_pref("valueApps.CT3298573./9B/>01=9A6K6<IM;KRIE@PDAWM", "6A696B7273747576");
Line Found : user_pref("valueApps.CT3298573./9B/>01=9A6K6<IM;KRIE@PDAWM.storedInFile", false);
Line Found : user_pref("valueApps.CT3298573./9B3=>@44I48?", "372C2D3269757633423633414847203E3D474E4D4C45474F2A554A4D2D5858585E4B554E366352564F");
Line Found : user_pref("valueApps.CT3298573./9B3=>@44I48?.storedInFile", false);
Line Found : user_pref("valueApps.CT3298573./9B5BA==9CJAG", "3B693C3D71706D6E7A71447477477449497B7D7B50");
Line Found : user_pref("valueApps.CT3298573./9B5BA==9CJAG.storedInFile", false);
Line Found : user_pref("valueApps.CT3298573./9B6B11G4C56B>F;P;ANR@P", "6E6D68726A6E6F736F76787778");
Line Found : user_pref("valueApps.CT3298573./9B6B11G4C56B>F;P;ANR@P.storedInFile", false);
Line Found : user_pref("valueApps.CT3298573./9B90E@.3C;7B=?OFB>>RHIQS", "393F352F3E");
Line Found : user_pref("valueApps.CT3298573./9B90E@.3C;7B=?OFB>>RHIQS.storedInFile", false);
Line Found : user_pref("valueApps.CT3298573./9B9643G3/9E", "6A");
Line Found : user_pref("valueApps.CT3298573./9B9643G3/9E.storedInFile", false);
Line Found : user_pref("valueApps.CT3298573./9B;45>:BI9I7IE", "2B2E2C3D");
Line Found : user_pref("valueApps.CT3298573./9B;45>:BI9I7IE.storedInFile", false);
Line Found : user_pref("valueApps.CT3298573./9B<:222H64<", "393F352F3E");
Line Found : user_pref("valueApps.CT3298573./9B<:222H64<.storedInFile", false);
Line Found : user_pref("valueApps.CT3298573./9B<:222H64<L8DAJ", "6D70706F7673737976702A7974727C79752179");
Line Found : user_pref("valueApps.CT3298573./9B<:222H64<L8DAJ.storedInFile", false);
Line Found : user_pref("valueApps.CT3298573./9B=+03EH8H8J?:", "4443");
Line Found : user_pref("valueApps.CT3298573./9B=+03EH8H8J?:.storedInFile", false);
Line Found : user_pref("valueApps.CT3298573./9B?+E2A52D8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52");
Line Found : user_pref("valueApps.CT3298573./9B?+E2A52D8.storedInFile", false);
Line Found : user_pref("valueApps.CT3298573./9B?B0D:8AJ62<H", "6D");
Line Found : user_pref("valueApps.CT3298573./9B?B0D:8AJ62<H.storedInFile", false);
Line Found : user_pref("valueApps.CT3298573./9BA@0<0BI6A7GN:6@L?", "6C");
Line Found : user_pref("valueApps.CT3298573./9BA@0<0BI6A7GN:6@L?.storedInFile", false);
Line Found : user_pref("valueApps.CT3298573.Desvio_App_Keys", "7B226175746F5F7265646972656374223A22222C2263757272656E745F646F6D61696E223A22222C2272656469726563745F646F6D61696E223A22222C226469645F726564697265637422[...]
Line Found : user_pref("valueApps.CT3298573.Desvio_App_Keys.storedInFile", false);
Line Found : user_pref("valueApps.CT3298573.PG_ENABLE", "74727565");
Line Found : user_pref("valueApps.CT3298573.PG_ENABLE.storedInFile", false);
Line Found : user_pref("valueApps.CT3298573.SF_JUST_INSTALLED", "46414C5345");
Line Found : user_pref("valueApps.CT3298573.SF_JUST_INSTALLED.storedInFile", false);
Line Found : user_pref("valueApps.CT3298573.SF_STATUS", "454E41424C4544");
Line Found : user_pref("valueApps.CT3298573.SF_STATUS.storedInFile", false);
Line Found : user_pref("valueApps.CT3298573.SF_USER_ID", "6369645F313831323230313331313135313332353534343532");
Line Found : user_pref("valueApps.CT3298573.SF_USER_ID.storedInFile", false);
Line Found : user_pref("valueApps.CT3298573._key_cl_active", "34376565306261642D393563622D343037652D393931382D313531646630353832623836");
Line Found : user_pref("valueApps.CT3298573._key_cl_active.storedInFile", false);
Line Found : user_pref("valueApps.CT3298573._key_edilia__uID", "61306132616265642D666337322D346635342D386434352D303263313431323135316239");
Line Found : user_pref("valueApps.CT3298573._key_edilia__uID.storedInFile", false);
Line Found : user_pref("valueApps.CT3298573.cb_experience_000", "3131");
Line Found : user_pref("valueApps.CT3298573.cb_experience_000.storedInFile", false);
Line Found : user_pref("valueApps.CT3298573.cb_firstuse0100", "31");
Line Found : user_pref("valueApps.CT3298573.cb_firstuse0100.storedInFile", false);
Line Found : user_pref("valueApps.CT3298573.cb_user_id_000", "43423732353136353835353134375F313338373933393131383337375F46697265666F78");
Line Found : user_pref("valueApps.CT3298573.cb_user_id_000.storedInFile", false);
Line Found : user_pref("valueApps.CT3298573.cbfirsttime", "5765642044656320313820323031332031313A31353A313120474D542D30363030202843656E7472616C205374616E646172642054696D6529");
Line Found : user_pref("valueApps.CT3298573.cbfirsttime.storedInFile", false);
Line Found : user_pref("valueApps.CT3298573.discover-experiments-photopop", "7B226E616D65223A2270686F746F706F705F6E61222C2276657273696F6E223A31307D");
Line Found : user_pref("valueApps.CT3298573.discover-experiments-photopop.storedInFile", false);
Line Found : user_pref("valueApps.CT3298573.discover-periodic-reports", "7B2270696E675F30223A5B313338393936333437343237392C31343430303030305D7D");
Line Found : user_pref("valueApps.CT3298573.discover-periodic-reports.storedInFile", false);
Line Found : user_pref("valueApps.CT3298573.discover-user-id", "2230643235363834302D316163632D343362322D613630352D33643039613235303436623422");
Line Found : user_pref("valueApps.CT3298573.discover-user-id.storedInFile", false);
Line Found : user_pref("valueApps.CT3298573.ground-country-code", "22555322");
Line Found : user_pref("valueApps.CT3298573.ground-country-code.storedInFile", false);
Line Found : user_pref("valueApps.CT3298573.hover_counter", "32");
Line Found : user_pref("valueApps.CT3298573.hover_counter.storedInFile", false);
Line Found : user_pref("valueApps.CT3298573.impression_counter", "33");
Line Found : user_pref("valueApps.CT3298573.impression_counter.storedInFile", false);
Line Found : user_pref("valueApps.CT3298573.impression_session_counter", "3235");
Line Found : user_pref("valueApps.CT3298573.impression_session_counter.storedInFile", false);
Line Found : user_pref("valueApps.CT3298573.impression_session_id", "2263326438666263342D366364652D343065352D383261622D66363938333637373734633822");
Line Found : user_pref("valueApps.CT3298573.impression_session_id.storedInFile", false);
Line Found : user_pref("valueApps.CT3298573.impression_session_last_active", "31333930323438313335373135");
Line Found : user_pref("valueApps.CT3298573.impression_session_last_active.storedInFile", false);
Line Found : user_pref("valueApps.CT3298573.mam_gk_appStateReportTime", "31333930393636333738363331");
Line Found : user_pref("valueApps.CT3298573.mam_gk_appStateReportTime.storedInFile", false);
Line Found : user_pref("valueApps.CT3298573.mam_gk_appState_Clarity_Active", "6F6E");
Line Found : user_pref("valueApps.CT3298573.mam_gk_appState_Clarity_Active.storedInFile", false);
Line Found : user_pref("valueApps.CT3298573.mam_gk_appState_CouponBuddy", "6F6E");
Line Found : user_pref("valueApps.CT3298573.mam_gk_appState_CouponBuddy.storedInFile", false);
Line Found : user_pref("valueApps.CT3298573.mam_gk_appState_Discover", "6F6E");
Line Found : user_pref("valueApps.CT3298573.mam_gk_appState_Discover.storedInFile", false);
Line Found : user_pref("valueApps.CT3298573.mam_gk_appState_Easytobook", "6F6E");
Line Found : user_pref("valueApps.CT3298573.mam_gk_appState_Easytobook.storedInFile", false);
Line Found : user_pref("valueApps.CT3298573.mam_gk_appState_Easytobook_targeted", "6F6E");
Line Found : user_pref("valueApps.CT3298573.mam_gk_appState_Easytobook_targeted.storedInFile", false);
Line Found : user_pref("valueApps.CT3298573.mam_gk_appState_Find-a-Pro", "6F6E");
Line Found : user_pref("valueApps.CT3298573.mam_gk_appState_Find-a-Pro.storedInFile", false);
Line Found : user_pref("valueApps.CT3298573.mam_gk_appState_JobsMiner", "6F6E");
Line Found : user_pref("valueApps.CT3298573.mam_gk_appState_JobsMiner.storedInFile", false);
Line Found : user_pref("valueApps.CT3298573.mam_gk_appState_PriceGong", "6F6E");
Line Found : user_pref("valueApps.CT3298573.mam_gk_appState_PriceGong.storedInFile", false);
Line Found : user_pref("valueApps.CT3298573.mam_gk_appState_WindowShopper", "6F6E");
Line Found : user_pref("valueApps.CT3298573.mam_gk_appState_WindowShopper.storedInFile", false);
Line Found : user_pref("valueApps.CT3298573.mam_gk_appsConfig.storedInFile", true);
Line Found : user_pref("valueApps.CT3298573.mam_gk_appsDefaultEnabled", "6E756C6C");
Line Found : user_pref("valueApps.CT3298573.mam_gk_appsDefaultEnabled.storedInFile", false);
Line Found : user_pref("valueApps.CT3298573.mam_gk_calledSetupService", "31");
Line Found : user_pref("valueApps.CT3298573.mam_gk_calledSetupService.storedInFile", false);
Line Found : user_pref("valueApps.CT3298573.mam_gk_currentBadgeValue", "30");
Line Found : user_pref("valueApps.CT3298573.mam_gk_currentBadgeValue.storedInFile", false);
Line Found : user_pref("valueApps.CT3298573.mam_gk_currentVersion", "312E31322E302E35");
Line Found : user_pref("valueApps.CT3298573.mam_gk_currentVersion.storedInFile", false);
Line Found : user_pref("valueApps.CT3298573.mam_gk_eventsCache.storedInFile", true);
Line Found : user_pref("valueApps.CT3298573.mam_gk_existingUsersRecoveryDone", "31");
Line Found : user_pref("valueApps.CT3298573.mam_gk_existingUsersRecoveryDone.storedInFile", false);
Line Found : user_pref("valueApps.CT3298573.mam_gk_first_time", "31");
Line Found : user_pref("valueApps.CT3298573.mam_gk_first_time.storedInFile", false);
Line Found : user_pref("valueApps.CT3298573.mam_gk_globalKeysMigratedToLocalStorage", "31");
Line Found : user_pref("valueApps.CT3298573.mam_gk_globalKeysMigratedToLocalStorage.storedInFile", false);
Line Found : user_pref("valueApps.CT3298573.mam_gk_lastLoginTime", "31333930393636333739333334");
Line Found : user_pref("valueApps.CT3298573.mam_gk_lastLoginTime.storedInFile", false);
Line Found : user_pref("valueApps.CT3298573.mam_gk_localization.storedInFile", true);
Line Found : user_pref("valueApps.CT3298573.mam_gk_mamEnabled", "74727565");
Line Found : user_pref("valueApps.CT3298573.mam_gk_mamEnabled.storedInFile", false);
Line Found : user_pref("valueApps.CT3298573.mam_gk_migrated_from_ls", "31");
Line Found : user_pref("valueApps.CT3298573.mam_gk_migrated_from_ls.storedInFile", false);
Line Found : user_pref("valueApps.CT3298573.mam_gk_newApps", "5B5D");
Line Found : user_pref("valueApps.CT3298573.mam_gk_newApps.storedInFile", false);
Line Found : user_pref("valueApps.CT3298573.mam_gk_new_welcome_experience", "31");
Line Found : user_pref("valueApps.CT3298573.mam_gk_new_welcome_experience.storedInFile", false);
Line Found : user_pref("valueApps.CT3298573.mam_gk_settings1.12.0.5.storedInFile", true);
Line Found : user_pref("valueApps.CT3298573.mam_gk_showWelcomeGadget", "66616C7365");
Line Found : user_pref("valueApps.CT3298573.mam_gk_showWelcomeGadget.storedInFile", false);
Line Found : user_pref("valueApps.CT3298573.mam_gk_stamp", "38365F30");
Line Found : user_pref("valueApps.CT3298573.mam_gk_stamp.storedInFile", false);
Line Found : user_pref("valueApps.CT3298573.mam_gk_userId", "66343464356636322D666232352D343938612D383366612D653434656437383234663533");
Line Found : user_pref("valueApps.CT3298573.mam_gk_userId.storedInFile", false);
Line Found : user_pref("valueApps.CT3298573.mam_gk_user_approval_interacted", "31");
Line Found : user_pref("valueApps.CT3298573.mam_gk_user_approval_interacted.storedInFile", false);
Line Found : user_pref("valueApps.CT3298573.mam_gk_welcomeDialogMode", "31");
Line Found : user_pref("valueApps.CT3298573.mam_gk_welcomeDialogMode.storedInFile", false);
Line Found : user_pref("valueApps.CT3298573.rematchGround-country-code", "22555322");
Line Found : user_pref("valueApps.CT3298573.rematchGround-country-code.storedInFile", false);
Line Found : user_pref("valueApps.CT3298573.rematchGround.upstairs", "7B22687474703A2F2F66617374636F6E74656E742E636F6E647569742E636F6D2F646F776E6C6F61645F6F66666572732E68746D6C3F637469643D4354333239383537337E38365[...]
Line Found : user_pref("valueApps.CT3298573.rematchGround.upstairs.storedInFile", false);
Line Found : user_pref("valueApps.CT3298573.rematchagent-is-test-user", "66616C7365");
Line Found : user_pref("valueApps.CT3298573.rematchagent-is-test-user.storedInFile", false);
Line Found : user_pref("valueApps.CT3298573.rematchagent-matkot-user-id", "22313338393838353630353937353234323334353622");
Line Found : user_pref("valueApps.CT3298573.rematchagent-matkot-user-id.storedInFile", false);
Line Found : user_pref("valueApps.CT3298573.rematchagent-periodic-reports", "7B2270696E675F30223A5B313339303234373635323530342C31343430303030305D7D");
Line Found : user_pref("valueApps.CT3298573.rematchagent-periodic-reports.storedInFile", false);
Line Found : user_pref("valueApps.CT3298573.rematchagent-user-id", "2262623164626431362D616233342D343164322D393166652D38636330396233303761363622");
Line Found : user_pref("valueApps.CT3298573.rematchagent-user-id.storedInFile", false);
Line Found : user_pref("valueApps.CT3298573.response_cache.storedInFile", true);
Line Found : user_pref("valueApps.CT3298573.url_history0001.storedInFile", true);

-\\ Google Chrome v33.0.1750.117

[ File : C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [41093 octets] - [03/03/2014 13:38:28]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [41154 octets] ##########
 



#6 Jo*

Jo*

  • Malware Response Team
  • 3,400 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:59 AM

Posted 03 March 2014 - 03:20 PM

Hello MrRip,

Double click on AdwCleaner.exe to run the tool again.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove". Look through the scan results and uncheck any entries that you do not wish to remove.
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

***


Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.


***


Run the Farbar Recovery Scan Tool again.
  • Double-click to run FSRT / FSRT64. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

***


How the computer is running now?


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#7 MrRip

MrRip
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:59 AM

Posted 05 March 2014 - 06:09 AM

Here are the requested logs from the scans: (I think AdwCleaner removed the necessary offending files)

> AdwCleaner

# AdwCleaner v3.020 - Report created 05/03/2014 at 04:45:07
# Updated 27/02/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Daddy - DADDY-PC
# Running from : C:\Users\Daddy\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[x] Not Deleted : splashtopremoteservice
[x] Not Deleted : SSUService

***** [ Files / Folders ] *****

Folder Deleted : C:\SearchProtect
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\ProgramData\Splashtop
Folder Deleted : C:\ProgramData\WeCareReminder
Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\SearchProtect
[x] Not Deleted : C:\Program Files (x86)\Splashtop
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Folder Deleted : C:\Users\Daddy\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Daddy\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Daddy\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Daddy\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Daddy\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Daddy\AppData\Roaming\Mozilla\Firefox\Profiles\u5h7h9ly.default\Smartbar
Folder Deleted : C:\Users\Daddy\AppData\Roaming\Mozilla\Firefox\Profiles\u5h7h9ly.default\ValueApps
Folder Deleted : C:\Users\Daddy\AppData\Roaming\Mozilla\Firefox\Profiles\u5h7h9ly.default\CT3298573
Folder Deleted : C:\Users\Daddy\AppData\Roaming\Mozilla\Firefox\Profiles\u5h7h9ly.default\Extensions\{eef3855c-fc2d-41e6-8d91-d368f51b3055}
Folder Deleted : C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Deleted : C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfchmfgdaabgdjbcaophikcobddojjoe
[!] Folder Deleted : C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfchmfgdaabgdjbcaophikcobddojjoe
[!] Folder Deleted : C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfchmfgdaabgdjbcaophikcobddojjoe
[!] Folder Deleted : C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfchmfgdaabgdjbcaophikcobddojjoe
[!] Folder Deleted : C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfchmfgdaabgdjbcaophikcobddojjoe
[!] Folder Deleted : C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfchmfgdaabgdjbcaophikcobddojjoe
File Deleted : C:\Users\Daddy\AppData\Roaming\Mozilla\Firefox\Profiles\u5h7h9ly.default\Extensions\{3b232d24-d5de-4194-b4d7-d53b41a09748}.xpi
File Deleted : C:\Program Files (x86)\Mozilla Firefox\nsprotector.js
File Deleted : C:\Users\Daddy\AppData\Roaming\Mozilla\Firefox\Profiles\u5h7h9ly.default\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
File Deleted : C:\Users\Daddy\AppData\Roaming\Mozilla\Firefox\Profiles\u5h7h9ly.default\user.js
File Deleted : C:\Windows\System32\Tasks\BackgroundContainer Startup Task

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eiimolhnbbbdagljikeckdkldgemmmlj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKCU\Software\Google\Chrome\Extensions\mfchmfgdaabgdjbcaophikcobddojjoe
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mfchmfgdaabgdjbcaophikcobddojjoe
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
[x] Not Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
[x] Not Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_bendometer-playing-system_RASAPI32
[x] Not Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_bendometer-playing-system_RASMANCS
[x] Not Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_windows-live-movie-maker_RASAPI32
[x] Not Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_windows-live-movie-maker_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Softonic
[x] Not Deleted : HKCU\Software\Splashtop Inc.
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\caphyon
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\dlQUE
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\Splashtop Inc.
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Splashtop Software Updater
[x] Not Deleted : [x64] HKCU\Software\Splashtop Inc.
Key Deleted : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\lucky leap

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\Daddy\AppData\Roaming\Mozilla\Firefox\Profiles\u5h7h9ly.default\prefs.js ]

Line Deleted : user_pref("CT3298573.1000082.isPlayDisplay", "true");
Line Deleted : user_pref("CT3298573.1000082.muteState", "on");
Line Deleted : user_pref("CT3298573.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock - Rock\",\"url\":\"hxxp://www.feedlive.net/california.asx\"}");
Line Deleted : user_pref("CT3298573.1000234.TWC_TMP_city", "DALLAS");
Line Deleted : user_pref("CT3298573.1000234.TWC_TMP_country", "US");
Line Deleted : user_pref("CT3298573.1000234.TWC_country", "UNITED STATES");
Line Deleted : user_pref("CT3298573.1000234.TWC_locId", "USTX0327");
Line Deleted : user_pref("CT3298573.1000234.TWC_location", "Dallas, TX");
Line Deleted : user_pref("CT3298573.1000234.TWC_region", "US");
Line Deleted : user_pref("CT3298573.1000234.TWC_temp_dis", "f");
Line Deleted : user_pref("CT3298573.1000234.TWC_wind_dis", "mph");
Line Deleted : user_pref("CT3298573.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3298573.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3298573.FirstTime", "true");
Line Deleted : user_pref("CT3298573.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3298573.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298573&SearchSource=2&CUI=UN27813463531738812&UM=2&q=");
Line Deleted : user_pref("CT3298573.TopHitsConfig.enc", "ew0KICAgICJzcHJpdGVVcmwiOiAiaHR0cDovL3N0b3JhZ2UuY29uZHVpdC5jb20vcHMvVG9wSGl0c0dlbmVyaWNBcHAvY29uZmlncy9VUy1VSy1EYW5jZS1Sb2NrLVJhcC9zcHJpdGUucG5nIiwNCiAgICAiaX[...]
Line Deleted : user_pref("CT3298573.UserID", "UN27813463531738812");
Line Deleted : user_pref("CT3298573.YTbyClickFavorites.enc", "W10=");
Line Deleted : user_pref("CT3298573.YTbyClickRecent.enc", "JTVCJTdCJTIyaWQlMjIlM0ElMjJmMkhlcktTam1OUSUyMiUyQyUyMnRpdGxlJTIyJTNBJTIyVGhlJTIwQm9vayUyMG9mJTIwUmV2ZWxhdGlvbnMlMjBGdWxsJTIwTW92aWUtJTIwVGhlJTIwUmV2ZWxhdGlv[...]
Line Deleted : user_pref("CT3298573.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3298573.appOptions", "{\"1000034\":{\"render\":true},\"1000234\":{\"render\":true}}");
Line Deleted : user_pref("CT3298573.browser.search.defaultthis.engineName", true);
Line Deleted : user_pref("CT3298573.countryCode", "US");
Line Deleted : user_pref("CT3298573.embeddedsData", "[{\"appId\":\"130110228602769889\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Deleted : user_pref("CT3298573.enlargeSearchBox", "{\"enabled\":true,\"maxWidth\":1000,\"minWidth\":250,\"width\":500}");
Line Deleted : user_pref("CT3298573.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT3298573.fixPageNotFoundErrorByUser", "TRUE");
Line Deleted : user_pref("CT3298573.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3298573.fullUserID", "UN27813463531738812.IN.20130828220618");
Line Deleted : user_pref("CT3298573.installType", "DirectDownload");
Line Deleted : user_pref("CT3298573.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3298573.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3298573.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3298573.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3298573.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3298573.keyword", true);
Line Deleted : user_pref("CT3298573.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3298573&octid=CT3298573&SearchSource=15&CUI=UN27813463531738812&SSPV=&Lay=1&UM=2\"}");
Line Deleted : user_pref("CT3298573.lastVersion", "10.23.0.822");
Line Deleted : user_pref("CT3298573.mam_gk_installer_preapproved.enc", "VFJVRQ==");
Line Deleted : user_pref("CT3298573.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fsearch.conduit.com%2F%3FUM%3D2%26ctid%3DCT3298573%26SearchSource%3D13%26CUI%3DUN278134635317[...]
Line Deleted : user_pref("CT3298573.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3298573.originalHomepage", "chrome://branding/locale/browserconfig.properties");
Line Deleted : user_pref("CT3298573.originalSearchAddressUrl", "hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_7&idate=__installtime__&hsimp=yhs-lavasoft&ent=bs&q=");
Line Deleted : user_pref("CT3298573.originalSearchEngine", "SecureSearch");
Line Deleted : user_pref("CT3298573.originalSearchEngineName", "Google");
Line Deleted : user_pref("CT3298573.personalApps", "{\"dataType\":\"object\",\"data\":\"[\\\"EMAIL_NOTIFIER\\\",\\\"WEATHER\\\"]\"}");
Line Deleted : user_pref("CT3298573.revertSettingsEnabled", "false");
Line Deleted : user_pref("CT3298573.search.searchAppId", "130110228602769889");
Line Deleted : user_pref("CT3298573.search.searchCount", "0");
Line Deleted : user_pref("CT3298573.searchFromAddressBarEnabledByUser", "true");
Line Deleted : user_pref("CT3298573.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT3298573.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT3298573.searchSuggestEnabledByUser", "TRUE");
Line Deleted : user_pref("CT3298573.searchUninstallUserMode", "2");
Line Deleted : user_pref("CT3298573.searchUserMode", "2");
Line Deleted : user_pref("CT3298573.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3298573.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3298573.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT3298573.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3298573\"}");
Line Deleted : user_pref("CT3298573.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://MixiDJV37.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT3298573.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"MixiDJ V37 \"}");
Line Deleted : user_pref("CT3298573.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3298573.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT3298573.serviceLayer_services_Configuration_lastUpdate", "1390966375197");
Line Deleted : user_pref("CT3298573.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1390197837766");
Line Deleted : user_pref("CT3298573.serviceLayer_services_appsMetadata_lastUpdate", "1390966373764");
Line Deleted : user_pref("CT3298573.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1389821854973");
Line Deleted : user_pref("CT3298573.serviceLayer_services_login_10.23.0.822_lastUpdate", "1390966374116");
Line Deleted : user_pref("CT3298573.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1389821855049");
Line Deleted : user_pref("CT3298573.serviceLayer_services_searchAPI_lastUpdate", "1390966374284");
Line Deleted : user_pref("CT3298573.serviceLayer_services_serviceMap_lastUpdate", "1390966373718");
Line Deleted : user_pref("CT3298573.serviceLayer_services_setupAPI_lastUpdate", "1387386898453");
Line Deleted : user_pref("CT3298573.serviceLayer_services_toolbarContextMenu_lastUpdate", "1390966373805");
Line Deleted : user_pref("CT3298573.serviceLayer_services_toolbarSettings_lastUpdate", "1390980211595");
Line Deleted : user_pref("CT3298573.serviceLayer_services_translation_lastUpdate", "1390966373645");
Line Deleted : user_pref("CT3298573.settingsINI", true);
Line Deleted : user_pref("CT3298573.showToolbarPermission", "false");
Line Deleted : user_pref("CT3298573.smartbar.CTID", "CT3298573");
Line Deleted : user_pref("CT3298573.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3298573.smartbar.homepage", true);
Line Deleted : user_pref("CT3298573.smartbar.toolbarName", "MixiDJ V37 ");
Line Deleted : user_pref("CT3298573.toolbarBornServerTime", "18-12-2013");
Line Deleted : user_pref("CT3298573.toolbarCurrentServerTime", "29-1-2014");
Line Deleted : user_pref("CT3298573.toolbarDisabled", "true");
Line Deleted : user_pref("CT3298573.toolbarInstallDate", "18-12-2013 11:14:58");
Line Deleted : user_pref("CT3298573.toolbarLoginClientTime", "Wed Dec 18 2013 11:15:09 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("CT3298573_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1390966370228,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?UM=2&ctid=CT3298573&SearchSource=13&CUI=UN27813463531738812");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "MixiDJ V37 Customized Web Search");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298573&SearchSource=2&CUI=UN27813463531738812&UM=2&q=");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_7&idate=__installtime__&hsimp=yhs-lavasoft&ent=bs&q=");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3298573");
Line Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298573&SearchSource=2&CUI=UN27813463531738812&UM=2&q=");
Line Deleted : user_pref("plugin.state.npconduitfirefoxplugin", 2);
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3298573");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?UM=2&ctid=CT3298573&SearchSource=13&CUI=UN27813463531738812");
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298573&SearchSource=2&CUI=UN27813463531738812&UM=2&q=");
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3298573");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3298573");
Line Deleted : user_pref("smartbar.machineId", "E/0GE6L/9I0YZBWYFFMGEKZWWDNBOQ3H9/KLZLZINAQKCMVJIOF6UTU0G7YBPFSFTRRYE2PMBBX7IBVTVOYUQQ");
Line Deleted : user_pref("valueApps.CT3298573./9B+7E+x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3298573./9B+7E,x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3298573./9B+7E-x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3298573./9B+7E.:2z527.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3298573./9B+7E.x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3298573./9B+7E/x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3298573./9B+7E06CG5EL8:", "6E6D68726A6E6F73706F");
Line Deleted : user_pref("valueApps.CT3298573./9B+7E06CG5EL8:.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298573./9B+7E06CG5EL;8I:K", "247E2D2F226A74736E78707475797675242F4B49474F42357D5D5C3D");
Line Deleted : user_pref("valueApps.CT3298573./9B+7E06CG5EL;8I:K.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298573./9B+7E0x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3298573./9B+7E1x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3298573./9B+7E2x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3298573./9B+7E31;CJ06@DB6#NCF.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3298573./9B+7E31;CJ7FK;KG#8QKEF)TIL.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3298573./9B+7E31;CJ7FK;KG#NCEP@MC+VKN.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3298573./9B+7E31;CJ<F8GBF8$ODG", "247E61393F236B257078767A2A212C6E414F444D327A34485244534E5244305B5053403742256257525A5558524B344D7A7D504752357275635740594B455C535E416D6E77634C6[...]
Line Deleted : user_pref("valueApps.CT3298573./9B+7E31;CJ<F8GBF8$ODG.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298573./9B+7E31;CJB<99GN<B@&QFI", "247E61393F236B2575787375752B222D6F4250454E337B354F494646545B494F4D335E5356433A4528655A555D585B554E37507D21534A5567666A766679695D4665604370207[...]
Line Deleted : user_pref("valueApps.CT3298573./9B+7E31;CJB<99GN<B@&QFI.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298573./9B+7E31;CJHB>F!LAD.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3298573./9B+7E31;CJII=8:\"MBE.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3298573./9B+7E3x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3298573./9B+7E4x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3298573./9B+7E5x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3298573./9B+7E6x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3298573./9B+7E7x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3298573./9B+7E8x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3298573./9B+7E9x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3298573./9B+7E:x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3298573./9B+7E;x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3298573./9B+7E<x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3298573./9B+7E=x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3298573./9B+7E>x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3298573./9B+7E?x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3298573./9B+7E@x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3298573./9B+7EAx305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3298573./9B+7EBE3G=;D9N9=D", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D334B57");
Line Deleted : user_pref("valueApps.CT3298573./9B+7EBE3G=;D9N9=D.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298573./9B+7EBx305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3298573./9B+7ECx305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3298573./9B+7EDx305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3298573./9B+7Etx305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3298573./9B-0?3G>D", "6C3C3F3D6B3F75447A77707373204A4D497A254C4F51262A205326272A255827292E302E");
Line Deleted : user_pref("valueApps.CT3298573./9B-0?3G>D.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298573./9B-0?3G@6:5;", "");
Line Deleted : user_pref("valueApps.CT3298573./9B-0?3G@6:5;.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298573./9B-0?3GFA7EF", "2B2E2C3D");
Line Deleted : user_pref("valueApps.CT3298573./9B-0?3GFA7EF.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298573./9B-3=3ECCJA=F>", "247E333D2C452F4135276F292A212C393D44307832332A354448584C3A23282E2E3132333435363B466068576C5E6857705A6C60606B6668563F73796F697861");
Line Deleted : user_pref("valueApps.CT3298573./9B-3=3ECCJA=F>.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298573./9B/>01=9A6K6<IM;KRIE@PDAWM", "6A696B7273747576");
Line Deleted : user_pref("valueApps.CT3298573./9B/>01=9A6K6<IM;KRIE@PDAWM.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298573./9B3=>@44I48?", "372C2D3269757633423633414847203E3D474E4D4C45474F2A554A4D2D5858585E4B554E366352564F");
Line Deleted : user_pref("valueApps.CT3298573./9B3=>@44I48?.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298573./9B5BA==9CJAG", "3B693C3D71706D6E7A71447477477449497B7D7B50");
Line Deleted : user_pref("valueApps.CT3298573./9B5BA==9CJAG.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298573./9B6B11G4C56B>F;P;ANR@P", "6E6D68726A6E6F736F76787778");
Line Deleted : user_pref("valueApps.CT3298573./9B6B11G4C56B>F;P;ANR@P.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298573./9B90E@.3C;7B=?OFB>>RHIQS", "393F352F3E");
Line Deleted : user_pref("valueApps.CT3298573./9B90E@.3C;7B=?OFB>>RHIQS.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298573./9B9643G3/9E", "6A");
Line Deleted : user_pref("valueApps.CT3298573./9B9643G3/9E.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298573./9B;45>:BI9I7IE", "2B2E2C3D");
Line Deleted : user_pref("valueApps.CT3298573./9B;45>:BI9I7IE.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298573./9B<:222H64<", "393F352F3E");
Line Deleted : user_pref("valueApps.CT3298573./9B<:222H64<.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298573./9B<:222H64<L8DAJ", "6D70706F7673737976702A7974727C79752179");
Line Deleted : user_pref("valueApps.CT3298573./9B<:222H64<L8DAJ.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298573./9B=+03EH8H8J?:", "4443");
Line Deleted : user_pref("valueApps.CT3298573./9B=+03EH8H8J?:.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298573./9B?+E2A52D8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52");
Line Deleted : user_pref("valueApps.CT3298573./9B?+E2A52D8.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298573./9B?B0D:8AJ62<H", "6D");
Line Deleted : user_pref("valueApps.CT3298573./9B?B0D:8AJ62<H.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298573./9BA@0<0BI6A7GN:6@L?", "6C");
Line Deleted : user_pref("valueApps.CT3298573./9BA@0<0BI6A7GN:6@L?.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298573.Desvio_App_Keys", "7B226175746F5F7265646972656374223A22222C2263757272656E745F646F6D61696E223A22222C2272656469726563745F646F6D61696E223A22222C226469645F726564697265637422[...]
Line Deleted : user_pref("valueApps.CT3298573.Desvio_App_Keys.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298573.PG_ENABLE", "74727565");
Line Deleted : user_pref("valueApps.CT3298573.PG_ENABLE.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298573.SF_JUST_INSTALLED", "46414C5345");
Line Deleted : user_pref("valueApps.CT3298573.SF_JUST_INSTALLED.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298573.SF_STATUS", "454E41424C4544");
Line Deleted : user_pref("valueApps.CT3298573.SF_STATUS.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298573.SF_USER_ID", "6369645F313831323230313331313135313332353534343532");
Line Deleted : user_pref("valueApps.CT3298573.SF_USER_ID.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298573._key_cl_active", "34376565306261642D393563622D343037652D393931382D313531646630353832623836");
Line Deleted : user_pref("valueApps.CT3298573._key_cl_active.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298573._key_edilia__uID", "61306132616265642D666337322D346635342D386434352D303263313431323135316239");
Line Deleted : user_pref("valueApps.CT3298573._key_edilia__uID.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298573.cb_experience_000", "3131");
Line Deleted : user_pref("valueApps.CT3298573.cb_experience_000.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298573.cb_firstuse0100", "31");
Line Deleted : user_pref("valueApps.CT3298573.cb_firstuse0100.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298573.cb_user_id_000", "43423732353136353835353134375F313338373933393131383337375F46697265666F78");
Line Deleted : user_pref("valueApps.CT3298573.cb_user_id_000.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298573.cbfirsttime", "5765642044656320313820323031332031313A31353A313120474D542D30363030202843656E7472616C205374616E646172642054696D6529");
Line Deleted : user_pref("valueApps.CT3298573.cbfirsttime.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298573.discover-experiments-photopop", "7B226E616D65223A2270686F746F706F705F6E61222C2276657273696F6E223A31307D");
Line Deleted : user_pref("valueApps.CT3298573.discover-experiments-photopop.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298573.discover-periodic-reports", "7B2270696E675F30223A5B313338393936333437343237392C31343430303030305D7D");
Line Deleted : user_pref("valueApps.CT3298573.discover-periodic-reports.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298573.discover-user-id", "2230643235363834302D316163632D343362322D613630352D33643039613235303436623422");
Line Deleted : user_pref("valueApps.CT3298573.discover-user-id.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298573.ground-country-code", "22555322");
Line Deleted : user_pref("valueApps.CT3298573.ground-country-code.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298573.hover_counter", "32");
Line Deleted : user_pref("valueApps.CT3298573.hover_counter.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298573.impression_counter", "33");
Line Deleted : user_pref("valueApps.CT3298573.impression_counter.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298573.impression_session_counter", "3235");
Line Deleted : user_pref("valueApps.CT3298573.impression_session_counter.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298573.impression_session_id", "2263326438666263342D366364652D343065352D383261622D66363938333637373734633822");
Line Deleted : user_pref("valueApps.CT3298573.impression_session_id.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298573.impression_session_last_active", "31333930323438313335373135");
Line Deleted : user_pref("valueApps.CT3298573.impression_session_last_active.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298573.mam_gk_appStateReportTime", "31333930393636333738363331");
Line Deleted : user_pref("valueApps.CT3298573.mam_gk_appStateReportTime.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298573.mam_gk_appState_Clarity_Active", "6F6E");
Line Deleted : user_pref("valueApps.CT3298573.mam_gk_appState_Clarity_Active.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298573.mam_gk_appState_CouponBuddy", "6F6E");
Line Deleted : user_pref("valueApps.CT3298573.mam_gk_appState_CouponBuddy.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298573.mam_gk_appState_Discover", "6F6E");
Line Deleted : user_pref("valueApps.CT3298573.mam_gk_appState_Discover.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298573.mam_gk_appState_Easytobook", "6F6E");
Line Deleted : user_pref("valueApps.CT3298573.mam_gk_appState_Easytobook.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298573.mam_gk_appState_Easytobook_targeted", "6F6E");
Line Deleted : user_pref("valueApps.CT3298573.mam_gk_appState_Easytobook_targeted.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298573.mam_gk_appState_Find-a-Pro", "6F6E");
Line Deleted : user_pref("valueApps.CT3298573.mam_gk_appState_Find-a-Pro.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298573.mam_gk_appState_JobsMiner", "6F6E");
Line Deleted : user_pref("valueApps.CT3298573.mam_gk_appState_JobsMiner.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298573.mam_gk_appState_PriceGong", "6F6E");
Line Deleted : user_pref("valueApps.CT3298573.mam_gk_appState_PriceGong.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298573.mam_gk_appState_WindowShopper", "6F6E");
Line Deleted : user_pref("valueApps.CT3298573.mam_gk_appState_WindowShopper.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298573.mam_gk_appsConfig.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3298573.mam_gk_appsDefaultEnabled", "6E756C6C");
Line Deleted : user_pref("valueApps.CT3298573.mam_gk_appsDefaultEnabled.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298573.mam_gk_calledSetupService", "31");
Line Deleted : user_pref("valueApps.CT3298573.mam_gk_calledSetupService.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298573.mam_gk_currentBadgeValue", "30");
Line Deleted : user_pref("valueApps.CT3298573.mam_gk_currentBadgeValue.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298573.mam_gk_currentVersion", "312E31322E302E35");
Line Deleted : user_pref("valueApps.CT3298573.mam_gk_currentVersion.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298573.mam_gk_eventsCache.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3298573.mam_gk_existingUsersRecoveryDone", "31");
Line Deleted : user_pref("valueApps.CT3298573.mam_gk_existingUsersRecoveryDone.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298573.mam_gk_first_time", "31");
Line Deleted : user_pref("valueApps.CT3298573.mam_gk_first_time.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298573.mam_gk_globalKeysMigratedToLocalStorage", "31");
Line Deleted : user_pref("valueApps.CT3298573.mam_gk_globalKeysMigratedToLocalStorage.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298573.mam_gk_lastLoginTime", "31333930393636333739333334");
Line Deleted : user_pref("valueApps.CT3298573.mam_gk_lastLoginTime.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298573.mam_gk_localization.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3298573.mam_gk_mamEnabled", "74727565");
Line Deleted : user_pref("valueApps.CT3298573.mam_gk_mamEnabled.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298573.mam_gk_migrated_from_ls", "31");
Line Deleted : user_pref("valueApps.CT3298573.mam_gk_migrated_from_ls.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298573.mam_gk_newApps", "5B5D");
Line Deleted : user_pref("valueApps.CT3298573.mam_gk_newApps.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298573.mam_gk_new_welcome_experience", "31");
Line Deleted : user_pref("valueApps.CT3298573.mam_gk_new_welcome_experience.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298573.mam_gk_settings1.12.0.5.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3298573.mam_gk_showWelcomeGadget", "66616C7365");
Line Deleted : user_pref("valueApps.CT3298573.mam_gk_showWelcomeGadget.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298573.mam_gk_stamp", "38365F30");
Line Deleted : user_pref("valueApps.CT3298573.mam_gk_stamp.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298573.mam_gk_userId", "66343464356636322D666232352D343938612D383366612D653434656437383234663533");
Line Deleted : user_pref("valueApps.CT3298573.mam_gk_userId.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298573.mam_gk_user_approval_interacted", "31");
Line Deleted : user_pref("valueApps.CT3298573.mam_gk_user_approval_interacted.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298573.mam_gk_welcomeDialogMode", "31");
Line Deleted : user_pref("valueApps.CT3298573.mam_gk_welcomeDialogMode.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298573.rematchGround-country-code", "22555322");
Line Deleted : user_pref("valueApps.CT3298573.rematchGround-country-code.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298573.rematchGround.upstairs", "7B22687474703A2F2F66617374636F6E74656E742E636F6E647569742E636F6D2F646F776E6C6F61645F6F66666572732E68746D6C3F637469643D4354333239383537337E38365[...]
Line Deleted : user_pref("valueApps.CT3298573.rematchGround.upstairs.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298573.rematchagent-is-test-user", "66616C7365");
Line Deleted : user_pref("valueApps.CT3298573.rematchagent-is-test-user.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298573.rematchagent-matkot-user-id", "22313338393838353630353937353234323334353622");
Line Deleted : user_pref("valueApps.CT3298573.rematchagent-matkot-user-id.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298573.rematchagent-periodic-reports", "7B2270696E675F30223A5B313339303234373635323530342C31343430303030305D7D");
Line Deleted : user_pref("valueApps.CT3298573.rematchagent-periodic-reports.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298573.rematchagent-user-id", "2262623164626431362D616233342D343164322D393166652D38636330396233303761363622");
Line Deleted : user_pref("valueApps.CT3298573.rematchagent-user-id.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298573.response_cache.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3298573.url_history0001.storedInFile", true);

-\\ Google Chrome v33.0.1750.146

[ File : C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [41307 octets] - [03/03/2014 13:38:28]
AdwCleaner[R1].txt - [41368 octets] - [05/03/2014 04:40:04]
AdwCleaner[S0].txt - [40927 octets] - [05/03/2014 04:45:07]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [40988 octets] ##########


> Junkware Removal Tool

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Ultimate x64
Ran by Daddy on Wed 03/05/2014 at  4:55:41.64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] splashtopremoteservice
Successfully deleted: [Service] splashtopremoteservice
Successfully stopped: [Service] ssuservice
Successfully deleted: [Service] ssuservice



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-780973051-3223984240-3344064217-1000\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_bendometer-playing-system_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_bendometer-playing-system_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_windows-live-movie-maker_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_windows-live-movie-maker_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_bendometer-playing-system_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_bendometer-playing-system_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_windows-live-movie-maker_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_windows-live-movie-maker_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{7F65626E-40FC-457B-A50B-A0E7A42137C0}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Daddy\appdata\local\cre"
Successfully deleted: [Folder] "C:\Program Files (x86)\splashtop"
Successfully deleted: [Empty Folder] C:\Users\Daddy\appdata\local\{1016F3AE-5D31-4E29-AFFA-0C89DEBD889F}
Successfully deleted: [Empty Folder] C:\Users\Daddy\appdata\local\{19B322E2-8FB6-4BBF-96F4-B93FC795D666}
Successfully deleted: [Empty Folder] C:\Users\Daddy\appdata\local\{20789DFE-6642-46F4-AA8A-7A3F6B51BC9E}
Successfully deleted: [Empty Folder] C:\Users\Daddy\appdata\local\{27490431-4139-45FE-B942-13742729FADF}
Successfully deleted: [Empty Folder] C:\Users\Daddy\appdata\local\{375D2BB3-5988-4D9F-8786-2F8661F8A43C}
Successfully deleted: [Empty Folder] C:\Users\Daddy\appdata\local\{A7BC998F-FDDD-4B12-A465-90E570FD0AF0}
Successfully deleted: [Empty Folder] C:\Users\Daddy\appdata\local\{C520A53F-B3AE-4261-9BA6-A5C1F2CDA4A7}



~~~ FireFox

Emptied folder: C:\Users\Daddy\AppData\Roaming\mozilla\firefox\profiles\u5h7h9ly.default\minidumps [17 files]



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Daddy\appdata\local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 03/05/2014 at  5:05:19.42
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



> FRST

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-03-2014
Ran by Daddy (administrator) on DADDY-PC on 05-03-2014 05:06:57
Running from C:\Users\Daddy\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(McAfee, Inc.) C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Microsoft Corporation) C:\Windows\System32\tcpsvcs.exe
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(McAfee, Inc.) C:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Spotify Ltd) C:\Users\Daddy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
() C:\Users\Daddy\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(SanDisk Corporation) C:\Program Files (x86)\SanDisk\SanDisk Media Manager\SanDiskMediaManager-Launcher.EXE
(PIXELA CORPORATION) C:\Program Files (x86)\PIXELA\VideoBrowser\CameraMonitor.exe
(Dropbox, Inc.) C:\Users\Daddy\AppData\Roaming\Dropbox\bin\Dropbox.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.138.290\AsusWSPanel.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(Futuredial Inc.) C:\Program Files (x86)\ASUS\ASUS Sync\asusUPCTLoader.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\PSDrt.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
() C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.138.290\AsusWSService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
(Thisisu) C:\Users\Daddy\Desktop\JRT.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2174760 2010-06-04] (Synaptics Incorporated)
HKLM\...\Run: [acevents] - C:\Program Files\ActivIdentity\ActivClient\acevents.exe [196648 2009-06-03] (ActivIdentity)
HKLM\...\Run: [accrdsub] - C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [483880 2009-06-03] (ActivIdentity)
HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2010-04-05] (Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [489472 2010-09-08] (IDT, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [IFXSPMGT] - C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe [1107232 2009-10-02] (Infineon Technologies AG)
HKLM-x32\...\Run: [QlbCtrl.exe] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [111640 2010-03-03] ()
HKLM-x32\...\Run: [File Sanitizer] - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [11268096 2010-05-06] (Hewlett-Packard)
HKLM-x32\...\Run: [HPConnectionManager] - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [103992 2011-05-23] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NBAgent] - C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1406248 2011-04-08] (Nero AG)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [BingDesktop] - C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-20] (Microsoft Corp.)
HKLM-x32\...\Run: [ASUSWebStorage] - C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.138.290\AsusWSPanel.exe [740704 2012-03-14] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-09-10] (DivX, LLC)
HKLM-x32\...\Run: [Monitor] - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [298616 2013-02-16] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [ASUS Sync Loader] - C:\Program Files (x86)\ASUS\ASUS Sync\asusUPCTLoader.exe [638976 2013-03-01] (Futuredial Inc.)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4962320 2014-01-22] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Runonce: [B Register C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll] - "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll",DllRegisterServer [X]
HKLM-x32\...\Runonce: [B Register C:\Program Files (x86)\DivX\DivX Transcode Engine\plugins\mc_demux_mp2_ds.ax] - "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Transcode Engine\plugins\mc_demux_mp2_ds.ax",DllRegisterServer [X]
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\.DEFAULT\...\Run: [SearchProtect] - \SearchProtect\bin\cltmng.exe
HKU\S-1-5-21-780973051-3223984240-3344064217-1000\...\Run: [DAEMON Tools Pro Agent] - C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [842048 2011-03-17] (DT Soft Ltd)
HKU\S-1-5-21-780973051-3223984240-3344064217-1000\...\Run: [Xvid] - C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\S-1-5-21-780973051-3223984240-3344064217-1000\...\Run: [Spotify Web Helper] - C:\Users\Daddy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-15] (Spotify Ltd)
HKU\S-1-5-21-780973051-3223984240-3344064217-1000\...\Run: [Amazon Cloud Player] - C:\Users\Daddy\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3109376 2013-07-21] ()
HKU\S-1-5-21-780973051-3223984240-3344064217-1000\...\Run: [Spybot-S&D Cleaning] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)
HKU\S-1-5-21-780973051-3223984240-3344064217-1000\...\MountPoints2: {94a54c40-0330-11e1-a64f-806e6f6e6963} - E:\/files/openindex.exe index.hta
HKU\S-1-5-21-780973051-3223984240-3344064217-1000\...\MountPoints2: {d95820d0-9d63-11e3-9299-70f3957daf41} - G:\VZW_Software_upgrade_assistant.exe
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Daddy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7DA640AFC91DCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
BHO: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
BHO-x32: File Sanitizer for HP ProtectTools - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO-x32: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
Toolbar: HKCU - No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Daddy\AppData\Roaming\Mozilla\Firefox\Profiles\u5h7h9ly.default
FF Homepage: hxxp://www.google.com
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.0\\npsitesafety.dll No File
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Daddy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Users\Daddy\AppData\Roaming\Mozilla\Firefox\Profiles\u5h7h9ly.default\searchplugins\mixidj-v37-customized-web-search.xml
FF Extension: Adblock Plus - C:\Users\Daddy\AppData\Roaming\Mozilla\Firefox\Profiles\u5h7h9ly.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-04]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ []
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: Adobe Contribute Toolbar - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011-10-23]

Chrome:
=======
CHR RestoreOnStartup: "translate_blocked_languages": [ "en" ],
   "translate_whitelists"
CHR Extension: (Google Docs) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-29]
CHR Extension: (Google Drive) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-29]
CHR Extension: (YouTube) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-21]
CHR Extension: (Google Search) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-21]
CHR Extension: (Google Wallet) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-21]
CHR HKLM-x32\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome-newtab-search.crx [2011-12-21]

==================== Services (Whitelisted) =================

R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-03] (ActivIdentity)
R2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1358944 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3788816 2014-01-22] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-20] (Microsoft Corp.)
R3 DEBridge; C:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [704512 2009-11-11] (McAfee, Inc.)
R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [462160 2010-07-16] (DigitalPersona, Inc.)
S3 FLCDLOCK; C:\Windows\SysWOW64\flcdlock.exe [362040 2009-11-17] (Hewlett-Packard Ltd)
S2 HP ProtectTools Service; C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [32768 2010-10-19] (Hewlett-Packard Development Company, L.P)
R2 HpFkCryptService; C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [277096 2009-11-11] (McAfee, Inc.)
R2 IFXSpMgtSrv; C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe [1107232 2009-10-02] (Infineon Technologies AG)
R2 IFXTCS; C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe [988448 2009-10-02] (Infineon Technologies AG)
R2 iprip; C:\Windows\System32\iprip.dll [35328 2009-07-13] (Microsoft Corporation)
R2 PersonalSecureDriveService; C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe [214304 2009-10-02] (Infineon Technologies AG)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-20] (Microsoft Corporation)
R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2010-11-20] (Microsoft Corporation)
S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [81920 2009-07-13] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
S2 vToolbarUpdater18.0.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe [X]

==================== Drivers (Whitelisted) ====================

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [243480 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [196376 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-03-03] (AVG Technologies)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [40760 2009-10-21] (Hewlett-Packard Development Company L.P.)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R1 PersonalSecureDrive; C:\Windows\System32\drivers\psd.sys [44576 2009-10-02] (Infineon Technologies AG)
S3 RICOH SmartCard Reader; C:\Windows\System32\DRIVERS\rismcx64.sys [59008 2009-07-20] (RICOH Company, Ltd.)
R3 rismcx64; C:\Windows\System32\DRIVERS\rismcx64.sys [59008 2009-07-20] (RICOH Company, Ltd.)
R1 RsvLock; C:\Windows\System32\Drivers\RsvLock.sys [58184 2009-11-11] (McAfee, Inc.)
R1 RsvLock; C:\Windows\SysWow64\Drivers\RsvLock.sys [40088 2009-11-11] (McAfee, Inc.)
R0 SafeBoot; C:\Windows\System32\Drivers\SafeBoot.sys [56648 2009-11-11] ()
R0 SafeBoot; C:\Windows\SysWow64\Drivers\SafeBoot.sys [110520 2009-11-11] (McAfee, Inc.)
R0 SbAlg; C:\Windows\System32\Drivers\SbAlg.sys [60160 2009-06-04] (McAfee, Inc.)
R0 SbAlg; C:\Windows\SysWow64\Drivers\SbAlg.sys [51800 2009-11-11] (McAfee, Inc.)
R0 SbFsLock; C:\Windows\System32\Drivers\SbFsLock.sys [15688 2009-11-11] (McAfee, Inc.)
R0 SbFsLock; C:\Windows\SysWow64\Drivers\SbFsLock.sys [13256 2009-11-11] (McAfee, Inc.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1803904 2010-06-03] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [526392 2011-10-30] ()
U3 arldmnyu; C:\Windows\System32\Drivers\arldmnyu.sys [0 ] (Intel Corporation)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-05 05:05 - 2014-03-05 05:05 - 00004180 _____ () C:\Users\Daddy\Desktop\JRT.txt
2014-03-05 04:55 - 2014-03-05 04:55 - 00000000 ____D () C:\Windows\ERUNT
2014-03-05 04:51 - 2014-03-05 04:51 - 01037734 _____ (Thisisu) C:\Users\Daddy\Desktop\JRT.exe
2014-03-05 04:40 - 2014-03-05 04:44 - 01037734 _____ (Thisisu) C:\Users\Daddy\Downloads\JRT.exe
2014-03-03 13:37 - 2014-03-05 04:45 - 00000000 ____D () C:\AdwCleaner
2014-03-03 13:36 - 2014-03-03 13:37 - 01244192 _____ () C:\Users\Daddy\Desktop\AdwCleaner.exe
2014-03-03 13:06 - 2014-03-03 13:38 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-03 13:06 - 2014-03-03 13:06 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-03 13:04 - 2014-03-03 13:38 - 00000000 ____D () C:\Users\Daddy\Desktop\mbar
2014-03-03 13:04 - 2014-03-03 13:04 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-03 13:03 - 2014-03-03 13:03 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Daddy\Desktop\mbar-1.07.0.1009.exe
2014-03-03 12:15 - 2014-03-03 12:16 - 00000000 ____D () C:\Users\Daddy\Desktop\PC  Repair
2014-03-03 12:14 - 2014-03-03 12:17 - 00050490 _____ () C:\Users\Daddy\Desktop\Addition.txt
2014-03-03 12:13 - 2014-03-05 05:06 - 00028193 _____ () C:\Users\Daddy\Desktop\FRST.txt
2014-03-03 12:13 - 2014-03-05 05:06 - 00000000 ____D () C:\FRST
2014-03-03 12:12 - 2014-03-03 12:12 - 02156544 _____ (Farbar) C:\Users\Daddy\Desktop\FRST64.exe
2014-03-03 12:10 - 2014-03-03 12:10 - 00020489 _____ () C:\Users\Daddy\Desktop\RzFZFaIK.htm
2014-03-03 11:00 - 2014-03-03 11:00 - 00987425 _____ () C:\Users\Daddy\Desktop\SecurityCheck.exe
2014-03-03 10:59 - 2014-03-03 10:59 - 00987425 _____ () C:\Users\Daddy\Downloads\SecurityCheck.exe
2014-03-03 01:52 - 2014-03-03 01:52 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\systemcplx64.dll
2014-03-03 01:52 - 2014-03-03 01:52 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\slwga.dll
2014-03-03 01:52 - 2014-03-03 01:52 - 00013824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\slwga.dll
2014-03-03 01:52 - 2014-03-03 01:52 - 00000000 ____D () C:\aws
2014-03-03 01:28 - 2014-03-03 01:29 - 00000000 ____D () C:\Users\Daddy\Downloads\New Windows 7 Activator [2010] [blaze69]
2014-03-02 23:58 - 2014-03-02 23:58 - 00021063 _____ () C:\Users\Daddy\Desktop\hijackthis.log
2014-03-01 11:28 - 2014-03-01 11:28 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-01 11:27 - 2014-03-01 11:28 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-01 11:27 - 2014-03-01 11:28 - 00000000 ____D () C:\Program Files\iTunes
2014-03-01 11:27 - 2014-03-01 11:28 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-01 11:27 - 2014-03-01 11:27 - 00000000 ____D () C:\Program Files\iPod
2014-03-01 11:20 - 2014-03-01 11:20 - 00001845 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-03-01 11:20 - 2014-03-01 11:20 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-02-26 03:02 - 2014-01-08 20:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-02-26 03:02 - 2014-01-03 16:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-02-25 10:47 - 2014-02-25 10:47 - 00000000 ____D () C:\Users\Daddy\Documents\Important Personal Docs
2014-02-21 00:42 - 2014-02-21 00:42 - 00000000 ____D () C:\Users\Daddy\Desktop\GS4 Pics
2014-02-21 00:27 - 2014-02-21 01:14 - 17858952 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-02-18 23:08 - 2013-10-01 20:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-02-18 23:08 - 2013-10-01 20:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-02-18 23:08 - 2013-10-01 20:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-02-18 23:08 - 2013-10-01 19:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-02-18 23:08 - 2013-10-01 19:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-02-18 23:08 - 2013-10-01 19:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-02-18 23:08 - 2013-10-01 19:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-02-18 23:08 - 2013-10-01 18:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-02-18 23:08 - 2013-10-01 18:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-02-18 23:08 - 2013-10-01 18:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-02-18 23:08 - 2013-10-01 18:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-02-18 23:08 - 2013-10-01 18:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-02-18 23:08 - 2013-10-01 17:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-02-18 23:08 - 2013-10-01 17:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-02-18 23:08 - 2013-10-01 17:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-02-18 23:08 - 2013-10-01 16:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-02-18 23:06 - 2013-09-24 20:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-02-18 23:06 - 2013-09-24 19:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-02-15 21:49 - 2014-03-05 04:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-15 19:29 - 2014-02-15 19:29 - 00000032 _____ () C:\Users\Daddy\Desktop\Sprint Ticket #.txt
2014-02-14 22:52 - 2014-02-14 22:52 - 00002975 _____ () C:\Users\Daddy\Desktop\HiJackThis.lnk
2014-02-14 22:52 - 2014-02-14 22:52 - 00000000 ____D () C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-02-14 22:52 - 2014-02-14 22:52 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-02-14 22:49 - 2014-02-14 22:49 - 00000000 ____D () C:\Users\Daddy\AppData\Roaming\Unity
2014-02-14 22:49 - 2014-02-14 22:49 - 00000000 ____D () C:\Users\Daddy\AppData\Local\Unity
2014-02-14 22:48 - 2014-02-14 22:48 - 01050624 _____ (Unity Technologies ApS) C:\Users\Daddy\Downloads\UnityWebPlayer(1).exe
2014-02-14 22:47 - 2014-02-14 22:47 - 01050624 _____ (Unity Technologies ApS) C:\Users\Daddy\Downloads\UnityWebPlayer.exe
2014-02-14 22:46 - 2014-02-14 22:46 - 01402880 _____ () C:\Users\Daddy\Downloads\HijackThis.msi
2014-02-14 22:37 - 2014-03-05 04:47 - 00249374 _____ () C:\Windows\PFRO.log
2014-02-14 20:19 - 2014-02-14 22:11 - 00008332 _____ () C:\Users\Daddy\Desktop\avgrep.txt
2014-02-12 03:01 - 2013-12-21 03:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 03:01 - 2013-12-21 02:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-12 03:00 - 2014-02-06 06:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 03:00 - 2014-02-06 05:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 03:00 - 2014-02-06 05:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-12 03:00 - 2014-02-06 05:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 03:00 - 2014-02-06 05:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-12 03:00 - 2014-02-06 05:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-12 03:00 - 2014-02-06 04:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 03:00 - 2014-02-06 04:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-12 03:00 - 2014-02-06 04:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 03:00 - 2014-02-06 04:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 03:00 - 2014-02-06 04:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-12 03:00 - 2014-02-06 04:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-12 03:00 - 2014-02-06 04:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-12 03:00 - 2014-02-06 04:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-12 03:00 - 2014-02-06 04:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-12 03:00 - 2014-02-06 04:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-12 03:00 - 2014-02-06 04:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 03:00 - 2014-02-06 04:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-12 03:00 - 2014-02-06 04:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-12 03:00 - 2014-02-06 03:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-12 03:00 - 2014-02-06 03:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 03:00 - 2014-02-06 03:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-12 03:00 - 2014-02-06 03:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-12 03:00 - 2014-02-06 03:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 03:00 - 2014-02-06 03:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-12 03:00 - 2014-02-06 03:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-12 03:00 - 2014-02-06 03:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-12 03:00 - 2014-02-06 03:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-12 03:00 - 2014-02-06 03:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-12 03:00 - 2014-02-06 03:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 03:00 - 2014-02-06 03:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 03:00 - 2014-02-06 03:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-12 03:00 - 2014-02-06 03:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-12 03:00 - 2014-02-06 03:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-12 03:00 - 2014-02-06 02:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 03:00 - 2014-02-06 02:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-12 03:00 - 2014-02-06 02:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-12 03:00 - 2014-02-06 02:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-12 03:00 - 2014-02-06 02:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-12 01:22 - 2013-12-31 17:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-12 01:22 - 2013-12-31 17:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-12 01:21 - 2013-12-05 20:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 01:21 - 2013-12-05 20:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 01:21 - 2013-12-05 20:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-12 01:21 - 2013-12-05 20:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-12 01:21 - 2013-12-03 20:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-12 01:21 - 2013-12-03 20:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-12 01:21 - 2013-12-03 20:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 01:21 - 2013-12-03 20:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-12 01:21 - 2013-12-03 20:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-12 01:21 - 2013-12-03 20:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-12 01:21 - 2013-12-03 20:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-12 01:21 - 2013-12-03 20:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 01:21 - 2013-12-03 20:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 01:21 - 2013-12-03 20:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-12 01:21 - 2013-12-03 20:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-12 01:21 - 2013-12-03 20:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-12 01:21 - 2013-12-03 20:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-12 01:21 - 2013-12-03 20:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-12 01:21 - 2013-12-03 19:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-12 01:21 - 2013-12-03 19:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-12 01:21 - 2013-12-03 19:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-12 01:21 - 2013-12-03 19:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-12 01:20 - 2013-12-24 17:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 01:20 - 2013-12-24 16:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 01:20 - 2013-11-26 02:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-12 01:20 - 2013-11-22 16:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-11 01:08 - 2014-02-11 01:08 - 00588672 _____ ( ) C:\Users\Daddy\Downloads\Setup (6).exe
2014-02-07 09:43 - 2014-03-05 04:47 - 00001592 _____ () C:\Windows\setupact.log
2014-02-07 09:43 - 2014-02-07 09:43 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-06 02:52 - 2014-02-06 02:52 - 00000000 ____D () C:\Users\Daddy\AppData\Roaming\Malwarebytes
2014-02-06 02:51 - 2014-02-06 02:51 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-06 02:45 - 2014-02-06 02:45 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Daddy\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-05 01:20 - 2014-02-05 01:20 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-02-05 01:20 - 2014-02-05 01:20 - 00000000 ____D () C:\Program Files\CCleaner
2014-02-04 01:52 - 2014-02-04 01:52 - 00003704 _____ () C:\Windows\System32\Tasks\Java Update Scheduler
2014-02-03 23:42 - 2014-02-03 23:44 - 78353832 _____ (AVG) C:\Users\Daddy\Downloads\avg_tuh_stf_all_2014_295_24c4.exe
2014-02-03 19:27 - 2014-02-03 19:27 - 00000000 ____D () C:\Users\Daddy\AppData\Roaming\AVG2014
2014-02-03 19:26 - 2014-02-13 07:48 - 00000965 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-02-03 19:26 - 2014-02-03 19:27 - 00000000 ____D () C:\ProgramData\AVG2014
2014-02-03 19:26 - 2014-02-03 19:26 - 00000000 ___HD () C:\$AVG
2014-02-03 19:25 - 2014-03-05 04:55 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-02-03 19:21 - 2014-02-03 23:43 - 00000000 ____D () C:\Users\Daddy\AppData\Local\Avg2014
2014-02-03 10:31 - 2014-02-03 10:32 - 04436944 _____ (AVG Technologies) C:\Users\Daddy\Desktop\avg_free_stb_all_2014_4259_cnet.exe

==================== One Month Modified Files and Folders =======

2014-03-05 05:07 - 2014-03-03 12:13 - 00028193 _____ () C:\Users\Daddy\Desktop\FRST.txt
2014-03-05 05:06 - 2014-03-03 12:13 - 00000000 ____D () C:\FRST
2014-03-05 05:05 - 2014-03-05 05:05 - 00004180 _____ () C:\Users\Daddy\Desktop\JRT.txt
2014-03-05 04:55 - 2014-03-05 04:55 - 00000000 ____D () C:\Windows\ERUNT
2014-03-05 04:55 - 2014-02-03 19:25 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-03-05 04:52 - 2009-07-13 22:45 - 00023600 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-05 04:52 - 2009-07-13 22:45 - 00023600 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-05 04:51 - 2014-03-05 04:51 - 01037734 _____ (Thisisu) C:\Users\Daddy\Desktop\JRT.exe
2014-03-05 04:49 - 2013-10-08 09:55 - 00001818 _____ () C:\Users\Daddy\Desktop\MySyncFolder.lnk
2014-03-05 04:49 - 2013-07-09 12:03 - 00000000 ___RD () C:\Users\Daddy\Dropbox
2014-03-05 04:49 - 2013-07-09 11:56 - 00000000 ____D () C:\Users\Daddy\AppData\Roaming\Dropbox
2014-03-05 04:49 - 2012-05-01 07:36 - 00000000 ____D () C:\Users\Daddy\AppData\Roaming\ASUS WebStorage
2014-03-05 04:48 - 2013-06-14 11:17 - 00000352 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_MAY2013_TB_rel.job
2014-03-05 04:48 - 2011-10-22 23:19 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-05 04:47 - 2014-02-14 22:37 - 00249374 _____ () C:\Windows\PFRO.log
2014-03-05 04:47 - 2014-02-07 09:43 - 00001592 _____ () C:\Windows\setupact.log
2014-03-05 04:47 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-05 04:46 - 2011-10-20 23:04 - 01677816 _____ () C:\Windows\WindowsUpdate.log
2014-03-05 04:45 - 2014-03-03 13:37 - 00000000 ____D () C:\AdwCleaner
2014-03-05 04:45 - 2014-02-15 21:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-05 04:44 - 2014-03-05 04:40 - 01037734 _____ (Thisisu) C:\Users\Daddy\Downloads\JRT.exe
2014-03-05 04:42 - 2011-10-23 01:10 - 00000000 ____D () C:\ProgramData\MFAData
2014-03-05 04:41 - 2011-10-22 23:19 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-05 04:37 - 2011-10-22 23:53 - 00000000 ____D () C:\Users\Daddy\AppData\Local\Adobe
2014-03-05 04:36 - 2012-03-29 11:23 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-03 13:38 - 2014-03-03 13:06 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-03 13:38 - 2014-03-03 13:04 - 00000000 ____D () C:\Users\Daddy\Desktop\mbar
2014-03-03 13:37 - 2014-03-03 13:36 - 01244192 _____ () C:\Users\Daddy\Desktop\AdwCleaner.exe
2014-03-03 13:06 - 2014-03-03 13:06 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-03 13:04 - 2014-03-03 13:04 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-03 13:03 - 2014-03-03 13:03 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Daddy\Desktop\mbar-1.07.0.1009.exe
2014-03-03 12:17 - 2014-03-03 12:14 - 00050490 _____ () C:\Users\Daddy\Desktop\Addition.txt
2014-03-03 12:16 - 2014-03-03 12:15 - 00000000 ____D () C:\Users\Daddy\Desktop\PC  Repair
2014-03-03 12:12 - 2014-03-03 12:12 - 02156544 _____ (Farbar) C:\Users\Daddy\Desktop\FRST64.exe
2014-03-03 12:10 - 2014-03-03 12:10 - 00020489 _____ () C:\Users\Daddy\Desktop\RzFZFaIK.htm
2014-03-03 11:00 - 2014-03-03 11:00 - 00987425 _____ () C:\Users\Daddy\Desktop\SecurityCheck.exe
2014-03-03 10:59 - 2014-03-03 10:59 - 00987425 _____ () C:\Users\Daddy\Downloads\SecurityCheck.exe
2014-03-03 03:50 - 2014-01-08 17:59 - 00003728 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2014-03-03 03:50 - 2013-05-03 12:35 - 00050976 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2014-03-03 01:53 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-03-03 01:52 - 2014-03-03 01:52 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\systemcplx64.dll
2014-03-03 01:52 - 2014-03-03 01:52 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\slwga.dll
2014-03-03 01:52 - 2014-03-03 01:52 - 00013824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\slwga.dll
2014-03-03 01:52 - 2014-03-03 01:52 - 00000000 ____D () C:\aws
2014-03-03 01:43 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\oobe
2014-03-03 01:30 - 2011-10-22 23:15 - 00000000 ____D () C:\Users\Daddy\AppData\Roaming\uTorrent
2014-03-03 01:29 - 2014-03-03 01:28 - 00000000 ____D () C:\Users\Daddy\Downloads\New Windows 7 Activator [2010] [blaze69]
2014-03-02 23:58 - 2014-03-02 23:58 - 00021063 _____ () C:\Users\Daddy\Desktop\hijackthis.log
2014-03-01 11:28 - 2014-03-01 11:28 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-01 11:28 - 2014-03-01 11:27 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-01 11:28 - 2014-03-01 11:27 - 00000000 ____D () C:\Program Files\iTunes
2014-03-01 11:28 - 2014-03-01 11:27 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-01 11:27 - 2014-03-01 11:27 - 00000000 ____D () C:\Program Files\iPod
2014-03-01 11:23 - 2011-10-22 20:34 - 00000000 ____D () C:\ProgramData\Apple
2014-03-01 11:20 - 2014-03-01 11:20 - 00001845 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-03-01 11:20 - 2014-03-01 11:20 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-03-01 11:15 - 2009-07-13 23:13 - 00819142 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-26 05:45 - 2012-05-14 02:59 - 00000000 ____D () C:\Users\Daddy\AppData\Roaming\Media Player Classic
2014-02-25 10:47 - 2014-02-25 10:47 - 00000000 ____D () C:\Users\Daddy\Documents\Important Personal Docs
2014-02-23 02:31 - 2009-07-13 23:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-02-22 01:25 - 2011-10-31 19:48 - 00000000 ____D () C:\Users\Daddy\Documents\Outlook Files
2014-02-21 01:14 - 2014-02-21 00:27 - 17858952 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-02-21 01:14 - 2012-03-29 11:23 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-21 01:14 - 2012-03-29 11:23 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-21 01:14 - 2011-10-22 23:53 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-21 00:42 - 2014-02-21 00:42 - 00000000 ____D () C:\Users\Daddy\Desktop\GS4 Pics
2014-02-19 23:16 - 2012-04-13 01:58 - 00811756 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-19 09:48 - 2009-07-13 23:08 - 00032568 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-18 23:00 - 2012-06-30 17:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-18 22:47 - 2013-10-20 14:14 - 00007598 _____ () C:\Users\Daddy\AppData\Local\Resmon.ResmonCfg
2014-02-18 15:56 - 2013-12-24 21:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak
2014-02-15 20:49 - 2013-07-12 12:25 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-15 20:46 - 2011-10-22 20:10 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-15 19:29 - 2014-02-15 19:29 - 00000032 _____ () C:\Users\Daddy\Desktop\Sprint Ticket #.txt
2014-02-14 22:55 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-14 22:52 - 2014-02-14 22:52 - 00002975 _____ () C:\Users\Daddy\Desktop\HiJackThis.lnk
2014-02-14 22:52 - 2014-02-14 22:52 - 00000000 ____D () C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-02-14 22:52 - 2014-02-14 22:52 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-02-14 22:49 - 2014-02-14 22:49 - 00000000 ____D () C:\Users\Daddy\AppData\Roaming\Unity
2014-02-14 22:49 - 2014-02-14 22:49 - 00000000 ____D () C:\Users\Daddy\AppData\Local\Unity
2014-02-14 22:48 - 2014-02-14 22:48 - 01050624 _____ (Unity Technologies ApS) C:\Users\Daddy\Downloads\UnityWebPlayer(1).exe
2014-02-14 22:47 - 2014-02-14 22:47 - 01050624 _____ (Unity Technologies ApS) C:\Users\Daddy\Downloads\UnityWebPlayer.exe
2014-02-14 22:46 - 2014-02-14 22:46 - 01402880 _____ () C:\Users\Daddy\Downloads\HijackThis.msi
2014-02-14 22:35 - 2012-04-11 15:01 - 00000000 ____D () C:\Users\Daddy\Downloads\Android Apps_eBooks
2014-02-14 22:11 - 2014-02-14 20:19 - 00008332 _____ () C:\Users\Daddy\Desktop\avgrep.txt
2014-02-13 07:48 - 2014-02-03 19:26 - 00000965 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-02-11 12:13 - 2011-10-22 23:19 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-11 12:13 - 2011-10-22 23:19 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-11 01:08 - 2014-02-11 01:08 - 00588672 _____ ( ) C:\Users\Daddy\Downloads\Setup (6).exe
2014-02-07 09:43 - 2014-02-07 09:43 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-06 06:16 - 2014-02-12 03:00 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 05:30 - 2014-02-12 03:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 05:30 - 2014-02-12 03:00 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 05:12 - 2014-02-12 03:00 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 05:07 - 2014-02-12 03:00 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 05:06 - 2014-02-12 03:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 04:57 - 2014-02-12 03:00 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 04:56 - 2014-02-12 03:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 04:52 - 2014-02-12 03:00 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 04:49 - 2014-02-12 03:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 04:48 - 2014-02-12 03:00 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 04:48 - 2014-02-12 03:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 04:38 - 2014-02-12 03:00 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 04:32 - 2014-02-12 03:00 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 04:20 - 2014-02-12 03:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 04:17 - 2014-02-12 03:00 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 04:11 - 2014-02-12 03:00 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 04:01 - 2014-02-12 03:00 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 04:00 - 2014-02-12 03:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 03:57 - 2014-02-12 03:00 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 03:57 - 2014-02-12 03:00 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 03:52 - 2014-02-12 03:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 03:52 - 2014-02-12 03:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 03:50 - 2014-02-12 03:00 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 03:49 - 2014-02-12 03:00 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 03:47 - 2014-02-12 03:00 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 03:46 - 2014-02-12 03:00 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 03:25 - 2014-02-12 03:00 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 03:25 - 2014-02-12 03:00 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 03:24 - 2014-02-12 03:00 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 03:22 - 2014-02-12 03:00 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 03:13 - 2014-02-12 03:00 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 03:09 - 2014-02-12 03:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 03:03 - 2014-02-12 03:00 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 02:55 - 2014-02-12 03:00 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 02:52 - 2014-02-06 02:52 - 00000000 ____D () C:\Users\Daddy\AppData\Roaming\Malwarebytes
2014-02-06 02:51 - 2014-02-06 02:51 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-06 02:45 - 2014-02-06 02:45 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Daddy\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-06 02:41 - 2014-02-12 03:00 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 02:40 - 2014-02-12 03:00 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 02:36 - 2014-02-12 03:00 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 02:34 - 2014-02-12 03:00 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-05 01:30 - 2011-10-30 13:14 - 00000000 ____D () C:\Users\Daddy\AppData\Roaming\DAEMON Tools Pro
2014-02-05 01:22 - 2011-11-02 23:16 - 00000000 ____D () C:\Windows\Minidump
2014-02-05 01:22 - 2011-10-21 01:24 - 00000000 ____D () C:\Windows\Panther
2014-02-05 01:20 - 2014-02-05 01:20 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-02-05 01:20 - 2014-02-05 01:20 - 00000000 ____D () C:\Program Files\CCleaner
2014-02-04 01:52 - 2014-02-04 01:52 - 00003704 _____ () C:\Windows\System32\Tasks\Java Update Scheduler
2014-02-04 01:52 - 2012-12-12 23:33 - 00003694 _____ () C:\Windows\System32\Tasks\Adobe online update program
2014-02-04 01:38 - 2013-11-28 11:49 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-02-04 01:38 - 2012-12-12 23:28 - 00000000 __SHD () C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2014-02-04 01:38 - 2012-02-29 10:42 - 00000000 ____D () C:\Users\Daddy\AppData\Local\Downloaded Installations
2014-02-04 01:38 - 2011-11-10 19:57 - 00000000 ____D () C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2014-02-04 01:38 - 2011-10-30 13:57 - 00000000 ____D () C:\Users\Daddy\AppData\Local\Microsoft Help
2014-02-04 01:38 - 2011-10-22 20:40 - 00000000 ____D () C:\Users\Daddy\AppData\Roaming\hpqLog
2014-02-04 01:35 - 2011-10-22 20:09 - 00000000 ____D () C:\Intel
2014-02-04 00:14 - 2012-12-12 23:28 - 00000000 ____D () C:\ProgramData\AVG
2014-02-03 23:54 - 2012-12-12 23:28 - 00000000 ____D () C:\Users\Daddy\AppData\Roaming\AVG
2014-02-03 23:44 - 2014-02-03 23:42 - 78353832 _____ (AVG) C:\Users\Daddy\Downloads\avg_tuh_stf_all_2014_295_24c4.exe
2014-02-03 23:43 - 2014-02-03 19:21 - 00000000 ____D () C:\Users\Daddy\AppData\Local\Avg2014
2014-02-03 23:39 - 2012-02-29 14:10 - 00000000 ____D () C:\Android
2014-02-03 19:27 - 2014-02-03 19:27 - 00000000 ____D () C:\Users\Daddy\AppData\Roaming\AVG2014
2014-02-03 19:27 - 2014-02-03 19:26 - 00000000 ____D () C:\ProgramData\AVG2014
2014-02-03 19:26 - 2014-02-03 19:26 - 00000000 ___HD () C:\$AVG
2014-02-03 10:32 - 2014-02-03 10:31 - 04436944 _____ (AVG Technologies) C:\Users\Daddy\Desktop\avg_free_stb_all_2014_4259_cnet.exe
2014-02-03 10:24 - 2013-11-28 11:32 - 00000000 ____D () C:\Program Files (x86)\Lavasoft

Some content of TEMP:
====================
C:\Users\Daddy\AppData\Local\Temp\Quarantine.exe
C:\Users\Daddy\AppData\Local\Temp\TUUUninstallHelper.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-28 07:21

==================== End Of Log ============================



#8 Jo*

Jo*

  • Malware Response Team
  • 3,400 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:59 AM

Posted 05 March 2014 - 08:49 AM

Hi MrRip,

1. Java
1.1Find here instructions how to clear the java cache.
Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)
Under Temporary Internet Files, click the Delete Files button.
There are options in the window to clear the cache - Leave ALL Checked
  • Applications and Applets
  • Trace and log files
Click OK on Delete Temporary Files Window
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE. Click OK to leave the Java Control Panel.

 

***


2. Malwarebytes' Anti-Malware
If this program is already installed: Skip the installation and run only the scan!
Download the free version of Malwarebytes' Anti-Malware and save it to your desktop.
Double-click mbam-setup****.exe and follow the prompts to install the program.
Note to Vista | Windows 7/8 users, please right-click and select Run as Administrator.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware.
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply.
Note 1: The log can also be found via the Logs tab when Malwarebytes' Anti-Malware is started.
Note 2: If you receive a notice that some of the items couldn't be removed and they have been added to the delete on reboot list, please reboot.


***


3. ESET Online Scanner

Connect any existing external hard drives and / or other removable media.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



If this program is already installed: Skip the installation and run only the scan!
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as MyEsetScan. Alternatively, look for report in C:\Program Files\ESET\ESET Online Scanner\log.txt. Include the contents of this report in your next reply.
  • Push the Back button.
  • Select Uninstall application on close check box and push esetFinish.png

***



How the computer is running now?



***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#9 Jo*

Jo*

  • Malware Response Team
  • 3,400 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:59 AM

Posted 07 March 2014 - 04:41 AM

Hello,

it has been several days since I sent my last set of instructions to help with your computer problem.

Please let me know if you are having problems and still need help.

Note: Threads will be closed if no response after 3 days.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#10 MrRip

MrRip
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:59 AM

Posted 08 March 2014 - 06:12 AM

My apologies. Have been busy the past few days. I am currently running Malware Bytes full scan while downloading ESET Online Scanner. I will publish results when complete. Thanks.



#11 MrRip

MrRip
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:59 AM

Posted 11 March 2014 - 02:05 AM

Here is the Malware Bytes log requested. The ESET Online Scanner scan is almost complete. Will post when done. Thank you. FYI, I no longer experience any pop-ups. Extreme progress thus far. I cannot express my appreciation enough!

 

> Malware Bytes Anti-Malware Log

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.08.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Daddy :: DADDY-PC [administrator]

3/9/2014 5:48:10 PM
MBAM-log-2014-03-11 (00-53-37).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 568980
Time elapsed: 2 hour(s), 5 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Daddy\Downloads\Setup (6).exe (PUP.Optional.BundleInstaller.A) -> No action taken.

(end)

 



#12 Jo*

Jo*

  • Malware Response Team
  • 3,400 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:59 AM

Posted 13 March 2014 - 03:34 AM

The ESET Online Scanner scan is almost complete.

 

Please post the log.


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#13 Jo*

Jo*

  • Malware Response Team
  • 3,400 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:59 AM

Posted 16 March 2014 - 04:33 AM


Hi,

it has been several days since I sent my last set of instructions to help with your computer problem.

Please let me know if you are having problems and still need help.

Note: Threads will be closed if no response after 3 days.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#14 Jo*

Jo*

  • Malware Response Team
  • 3,400 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:59 AM

Posted 25 March 2014 - 03:50 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users