Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Am I In Over My Head?


  • This topic is locked This topic is locked
12 replies to this topic

#1 deltaXkila

deltaXkila

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:02:49 AM

Posted 12 August 2014 - 05:58 PM

Hi. First off, I want to thank you for the tools and avice from this forum. I've been able to ward off and protect my computers from serious harm and damage from viruses!

However, one of my friends has given me her laptop to clean out, thinking some virus had attacked her computer. She claimed to witness pop-ups and spam constantly appearing while browsing the internet.

When scanning with Malwarebytes for the first time, it picked up 2,100+ detected objects. Attempting to save the log ended up with the application crashing. Using AdwCleaner to scan and repair the quarantined items. I thought it was very peculiar that the majority of it came from Firefox, and AVG was labeled as malware! after a restart, I witnessed (for the first time, mind you) a popup on start-up of Firefox, going to a New Tab instead of a home page. Something has to be wrong, and I didn't pick it up. Can anybody check my work?

 

MALWAREBYTES, first and second runs:

 

Something happened where the logs were not recorded properly, and concluded that nonesuch scans happened.

 

 

ADWCLEANER:

 

 

# AdwCleaner v3.304 - Report created 12/08/2014 at 17:54:17
# Updated 08/08/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Ow - OW-PC
# Running from : E:\adwcleaner_3.304.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : CltMngSvc
Service Deleted : vToolbarUpdater18.1.7
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\SearchProtect
Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\PC Optimizer Pro
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Optimizer Pro
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Free Offers from Freeze.com
Folder Deleted : C:\Program Files (x86)\Optimizer Pro
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Program Files (x86)\Searchqu Toolbar
Folder Deleted : C:\Program Files (x86)\Uniblue
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Folder Deleted : C:\windows\SysWOW64\SearchProtect
Folder Deleted : C:\Program Files\PC Optimizer Pro
Folder Deleted : C:\Users\Ow\AppData\Local\apn
Folder Deleted : C:\Users\Ow\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Ow\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Ow\AppData\Local\Conduit
Folder Deleted : C:\Users\Ow\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Ow\AppData\Local\PackageAware
Folder Deleted : C:\Users\Ow\AppData\Local\SearchProtect
Folder Deleted : C:\Users\Ow\AppData\LocalLOw\AskToolbar
Folder Deleted : C:\Users\Ow\AppData\LocalLOw\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Ow\AppData\LocalLOw\AVG Secure Search
Folder Deleted : C:\Users\Ow\AppData\LocalLOw\Conduit
Folder Deleted : C:\Users\Ow\AppData\LocalLOw\WhiteSmoke_B
Folder Deleted : C:\Users\Ow\AppData\Roaming\Optimizer Pro
Folder Deleted : C:\Users\Ow\AppData\Roaming\Mozilla\Firefox\Profiles\m32yyzw2.default\FCTB
Folder Deleted : C:\Users\Ow\AppData\Roaming\Mozilla\Firefox\Profiles\m32yyzw2.default\Searchqutoolbar
Folder Deleted : C:\Users\Ow\AppData\Roaming\Mozilla\Firefox\Profiles\m32yyzw2.default\Smartbar
Folder Deleted : C:\Users\Ow\AppData\Roaming\Mozilla\Firefox\Profiles\m32yyzw2.default\CT3279141
Folder Deleted : C:\Users\Ow\AppData\Roaming\Mozilla\Firefox\Profiles\m32yyzw2.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Deleted : C:\Users\Ow\AppData\Roaming\Mozilla\Firefox\Profiles\m32yyzw2.default\Extensions\{75623D5D-4683-402A-B610-AC4BAB767C86}
Folder Deleted : C:\Users\Ow\AppData\Roaming\Mozilla\Firefox\Profiles\m32yyzw2.default\Extensions\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Folder Deleted : C:\Users\Ow\AppData\Roaming\Mozilla\Firefox\Profiles\m32yyzw2.default\Extensions\{F0E59437-6148-4A98-B0A6-60D557EF57F4}
Folder Deleted : C:\Users\Ow\AppData\Roaming\Mozilla\Firefox\Profiles\m32yyzw2.default\Extensions\toolbar@ask.com
File Deleted : C:\Users\Ow\AppData\Roaming\Mozilla\Firefox\Profiles\m32yyzw2.default\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
File Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
File Deleted : C:\END
File Deleted : C:\Users\Ow\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PC Optimizer Pro.lnk
File Deleted : C:\Users\Ow\Desktop\Optimizer Pro.lnk
File Deleted : C:\Users\Ow\AppData\Roaming\Mozilla\Firefox\Profiles\m32yyzw2.default\searchplugins\Askcom.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\safeguard-secure-search.xml
File Deleted : C:\Users\Ow\AppData\Roaming\Mozilla\Firefox\Profiles\m32yyzw2.default\searchplugins\Search_Results.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Search_Results.xml
File Deleted : C:\Users\Ow\AppData\Roaming\Mozilla\Firefox\Profiles\m32yyzw2.default\user.js
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : Scheduled Update for Ask Toolbar
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_oovoo_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_oovoo_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F0E59437-6148-4A98-B0A6-60D557EF57F4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7ACC1F83-3627-41A9-B2B0-DB3381945903}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ADD51E70-0CB1-4D10-B68F-01C1E72952B0}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\pc optimizer pro
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\AppDataLow\AskToolbarInfo
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\WhiteSmoke_B
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\SearchquMediabarTb
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\Software\WhiteSmoke_B
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\pc optimizer pro
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17041
 
 
-\\ Mozilla Firefox v4.0.1 (en-US)
 
[ File : C:\Users\Ow\AppData\Roaming\Mozilla\Firefox\Profiles\m32yyzw2.default\prefs.js ]
 
Line Deleted : user_pref("CT3279141.1000082.isPlayDisplay", "true");
Line Deleted : user_pref("CT3279141.1000082.state", "{\"state\":\"stopped\",\"text\":\"1.FM (Cou...\",\"description\":\"1.FM (Country)\",\"url\":\"hxxp://1.fm/wm/energycountry32k.asx\"}");
Line Deleted : user_pref("CT3279141.130065275724112238.Affiliate_defaultGui", "%u0101%A8%ED%FB%EF%A8%C0%E1%E3%B2%A8%E7%E9%FA%EF%F5%F4%F9%A8%C0%E1%E3%u0103");
Line Deleted : user_pref("CT3279141.130065275724112238.Affiliate_settings", "%u0101%A8%EF%F4%EF%FA%DB%F8%F2%A8%C0%A8%E7%F6%EF%B4%F0%F5%F2%F2%FF%FD%E7%F2%F2%EB%FA%B4%E9%F5%F3%B5%E7%EC%EC%EF%F2%EF%E7%FA%EB%B5%EF%F4%EF[...]
Line Deleted : user_pref("CT3279141.130065275724112238.jw_token", "%EC%E7%B8%B7%E7%B6%EB%BD%B3%B6%B7%EC%B6%B3%B7%E9%BF%E7%B3%BC%B6%EC%B9%B3%EB%BF%EC%BD%EA%EC%EA%B6%BB%EB%EC%EA");
Line Deleted : user_pref("CT3279141.130065275724112238.key_list_id", "%B8%B6%B7%B8%B6%BE%B6%B8%B3%B6%B6%B6");
Line Deleted : user_pref("CT3279141.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3279141.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3279141.FF19Solved", "true");
Line Deleted : user_pref("CT3279141.FirstTime", "true");
Line Deleted : user_pref("CT3279141.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3279141.PG_ENABLE", "dHJ1ZQ==");
Line Deleted : user_pref("CT3279141.RestartDialogFirstTime", "false");
Line Deleted : user_pref("CT3279141.RestartDialogShouldDisplay", "false");
Line Deleted : user_pref("CT3279141.SF_JUST_INSTALLED", "%CC%C7%D2%D9%CB");
Line Deleted : user_pref("CT3279141.SF_JUST_INSTALLED.enc", "RkFMU0U=");
Line Deleted : user_pref("CT3279141.SF_STATUS", "%CB%D4%C7%C8%D2%CB%CA");
Line Deleted : user_pref("CT3279141.SF_STATUS.enc", "RU5BQkxFRA==");
Line Deleted : user_pref("CT3279141.SF_USER_ID", "%E9%EF%EA%E5%B7%B6%B8%B8%B6%B7%BA%B8%B8%B7%B6%B7%BD%BC%BC%BA%BB%BB%BF");
Line Deleted : user_pref("CT3279141.SF_USER_ID.enc", "Y2lkXzEwMjIwMTQyMjEwMTc2NjQ1NTk=");
Line Deleted : user_pref("CT3279141.UserID", "UN81864970297202100");
Line Deleted : user_pref("CT3279141._key_cl_active", "%EA%E9%B9%EB%B7%BF%B6%B6%B3%B9%B8%E8%BE%B3%BA%B8%B6%BF%B3%E7%BC%BC%BE%B3%EC%E7%EB%E9%BC%EB%B6%B9%B8%BA%B9%B8");
Line Deleted : user_pref("CT3279141._key_cl_active.enc", "ZGMzZTE5MDAtMzJiOC00MjA5LWE2NjgtZmFlYzZlMDMyNDMy");
Line Deleted : user_pref("CT3279141.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3279141.appOptions", "{\"price-gong\":{\"disabled\":false,\"render\":true}}");
Line Deleted : user_pref("CT3279141.autoDisableScopes", -1);
Line Deleted : user_pref("CT3279141.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3279141.cbfirsttime", "%D3%F5%F4%A6%CC%EB%E8%A6%B7%B6%A6%B8%B6%B7%BA%A6%B8%B8%C0%B7%B6%C0%B6%B9%A6%CD%D3%DA%B3%B6%BB%B6%B6%A6%AE%CB%E7%F9%FA%EB%F8%F4%A6%D9%FA%E7%F4%EA%E7%F8%EA%A6%DA%EF%F[...]
Line Deleted : user_pref("CT3279141.cbfirsttime.enc", "TW9uIEZlYiAxMCAyMDE0IDIyOjEwOjAzIEdNVC0wNTAwIChFYXN0ZXJuIFN0YW5kYXJkIFRpbWUp");
Line Deleted : user_pref("CT3279141.countryCode", "US");
Line Deleted : user_pref("CT3279141.defaultSearch", "true");
Line Deleted : user_pref("CT3279141.enableAlerts", "true");
Line Deleted : user_pref("CT3279141.enableFix404ByUser", "TRUE");
Line Deleted : user_pref("CT3279141.enableSearchFromAddressBar", "true");
Line Deleted : user_pref("CT3279141.enlargeSearchBox", "{\"enabled\":true,\"maxWidth\":1000,\"minWidth\":250,\"width\":500}");
Line Deleted : user_pref("CT3279141.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT3279141.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT3279141.fixPageNotFoundErrorByUser", "true");
Line Deleted : user_pref("CT3279141.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3279141.fixUrls", true);
Line Deleted : user_pref("CT3279141.fullUserID", "UN81864970297202100.UP.20140210220906");
Line Deleted : user_pref("CT3279141.hxxp___api28_starwebnet_com.pid2.enc", "MjgwMTYwZmZhMWZlZjg0Yw==");
Line Deleted : user_pref("CT3279141.hxxp___api29_starwebnet_com.pid2.enc", "MzNkYmFlMTVjZGM1MGVmNg==");
Line Deleted : user_pref("CT3279141.hxxp___api30_starwebnet_com.pid2.enc", "MzNkYmFlMTVjZGM1MGVmNg==");
Line Deleted : user_pref("CT3279141.hxxp___api31_starwebnet_com.pid2.enc", "MjQyMDliY2NlOTI2YTEyZQ==");
Line Deleted : user_pref("CT3279141.hxxp___api32_starwebnet_com.pid2.enc", "MjQyMDliY2NlOTI2YTEyZQ==");
Line Deleted : user_pref("CT3279141.hxxp___toolbar_jollywallet_com_tlb_2.Affiliate_defaultGui.enc", "eyJndWkiOltdLCJhY3Rpb25zIjpbXX0=");
Line Deleted : user_pref("CT3279141.hxxp___toolbar_jollywallet_com_tlb_2.Affiliate_settings.enc", "eyJpbml0VXJsIjoiYXBpLmpvbGx5d2FsbGV0LmNvbS9hZmZpbGlhdGUvaW5pdCIsInF1ZXJ5VXJsIjoiYXBpLmpvbGx5d2FsbGV0LmNvbS9hZmZpbGlh[...]
Line Deleted : user_pref("CT3279141.hxxp___toolbar_jollywallet_com_tlb_2.jw_token.enc", "ZmEyMWEwZTctMDFmMC0xYzlhLTYwZjMtZTlmN2RmZDA1ZWZk");
Line Deleted : user_pref("CT3279141.hxxp___toolbar_jollywallet_com_tlb_2.key_list_id.enc", "MjAxMjA4MDItMDAw");
Line Deleted : user_pref("CT3279141.installId", "9818");
Line Deleted : user_pref("CT3279141.installType", "conduitnsisintegration");
Line Deleted : user_pref("CT3279141.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3279141.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3279141.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3279141.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3279141.keyword", "true");
Line Deleted : user_pref("CT3279141.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?gd=&ctid=CT3279141&octid=CT3279141&ISID=ISID_ID&SearchSource=15&CUI=UN81864970297202100&Lay=1&[...]
Line Deleted : user_pref("CT3279141.lastVersion", "10.29.0.520");
Line Deleted : user_pref("CT3279141.mam_gk_appStateReportTime", "%B7%B9%BF%B8%B6%BE%BE%B7%BE%BE%B8%BA%BD");
Line Deleted : user_pref("CT3279141.mam_gk_appStateReportTime.enc", "MTM5MjA4ODE4ODI0Nw==");
Line Deleted : user_pref("CT3279141.mam_gk_appState_Clarity_Active", "%F5%F4");
Line Deleted : user_pref("CT3279141.mam_gk_appState_Clarity_Active.enc", "b24=");
Line Deleted : user_pref("CT3279141.mam_gk_appState_CouponBuddy", "%F5%F4");
Line Deleted : user_pref("CT3279141.mam_gk_appState_CouponBuddy.enc", "b24=");
Line Deleted : user_pref("CT3279141.mam_gk_appState_Discover_Apps", "%F5%F4");
Line Deleted : user_pref("CT3279141.mam_gk_appState_Discover_Apps.enc", "b24=");
Line Deleted : user_pref("CT3279141.mam_gk_appState_Easytobook", "%F5%F4");
Line Deleted : user_pref("CT3279141.mam_gk_appState_Easytobook.enc", "b24=");
Line Deleted : user_pref("CT3279141.mam_gk_appState_Easytobook_targeted", "%F5%F4");
Line Deleted : user_pref("CT3279141.mam_gk_appState_Easytobook_targeted.enc", "b24=");
Line Deleted : user_pref("CT3279141.mam_gk_appState_Find-a-Pro", "%F5%F4");
Line Deleted : user_pref("CT3279141.mam_gk_appState_Find-a-Pro.enc", "b24=");
Line Deleted : user_pref("CT3279141.mam_gk_appState_JobsMiner", "%F5%F4");
Line Deleted : user_pref("CT3279141.mam_gk_appState_JobsMiner.enc", "b24=");
Line Deleted : user_pref("CT3279141.mam_gk_appState_PriceGong", "%F5%F4");
Line Deleted : user_pref("CT3279141.mam_gk_appState_PriceGong.enc", "b24=");
Line Deleted : user_pref("CT3279141.mam_gk_appState_WindowShopper", "%F5%F4");
Line Deleted : user_pref("CT3279141.mam_gk_appState_WindowShopper.enc", "b24=");
Line Deleted : user_pref("CT3279141.mam_gk_appsConfig.enc", "eyJBcHBzQ29uZmlndXJhdGlvbiI6W3siaWQiOiJDbGFyaXR5X0FjdGl2ZSIsInVybCI6Imh0dHA6Ly9zdG9yYWdlLmNvbmR1aXQuY29tL21hbS8zcmRwYXJ0eWFwcHMvY2xhcml0eVJheS9jcl9hY3Rpdm[...]
Line Deleted : user_pref("CT3279141.mam_gk_appsDefaultEnabled", "%F4%FB%F2%F2");
Line Deleted : user_pref("CT3279141.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Line Deleted : user_pref("CT3279141.mam_gk_calledSetupService", "%B7");
Line Deleted : user_pref("CT3279141.mam_gk_calledSetupService.enc", "MQ==");
Line Deleted : user_pref("CT3279141.mam_gk_currentVersion", "%B7%B4%B7%B9%B4%B6%B4%B7%BD");
Line Deleted : user_pref("CT3279141.mam_gk_currentVersion.enc", "MS4xMy4wLjE3");
Line Deleted : user_pref("CT3279141.mam_gk_existingUsersRecoveryDone", "%B7");
Line Deleted : user_pref("CT3279141.mam_gk_existingUsersRecoveryDone.enc", "MQ==");
Line Deleted : user_pref("CT3279141.mam_gk_first_time", "%B7");
Line Deleted : user_pref("CT3279141.mam_gk_first_time.enc", "MQ==");
Line Deleted : user_pref("CT3279141.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3279141.mam_gk_lastLoginTime", "%B7%B9%BF%B8%B6%BE%BE%B7%BE%BE%BA%BD%B8");
Line Deleted : user_pref("CT3279141.mam_gk_lastLoginTime.enc", "MTM5MjA4ODE4ODQ3Mg==");
Line Deleted : user_pref("CT3279141.mam_gk_localization.enc", "eyJkaWFsb2dPSyI6eyJUZXh0IjoiT0sifSwiZG1ib3gxIjp7IlRleHQiOiJEZWFsXHUwMDBkXHUwMDBhb2YgdGhlIGRheSJ9LCJkbWJveDIiOnsiVGV4dCI6IkZyZWVcdTAwMGRcdTAwMGFTaGlwbWVu[...]
Line Deleted : user_pref("CT3279141.mam_gk_mamEnabled", "%FA%F8%FB%EB");
Line Deleted : user_pref("CT3279141.mam_gk_mamEnabled.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3279141.mam_gk_new_welcome_experience", "%B7");
Line Deleted : user_pref("CT3279141.mam_gk_new_welcome_experience.enc", "MQ==");
Line Deleted : user_pref("CT3279141.mam_gk_pgUnloadedOnce", "%FA%F8%FB%EB");
Line Deleted : user_pref("CT3279141.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3279141.mam_gk_settings1.13.0.17", "%u0101%A8%D9%FA%E7%FA%FB%F9%A8%C0%A8%F9%FB%E9%E9%EB%EB%EA%EB%EA%A8%B2%A8%CA%E7%FA%E7%A8%C0%u0101%A8%E9%FB%F8%F8%EB%F4%FA%CA%E7%FA%EB%A8%C0%A8%B8%B6%B7%[...]
Line Deleted : user_pref("CT3279141.mam_gk_settings1.13.0.17.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImN1cnJlbnREYXRlIjoiMjAxNDAyMTEiLCJpbnRlcnZhbCI6MjQwLCJzdGFtcCI6IjEwNDNfMCIsIlJUSyI6Ikg0c0lBQUFBQUFBRUFPeTl[...]
Line Deleted : user_pref("CT3279141.mam_gk_showWelcomeGadget", "%EC%E7%F2%F9%EB");
Line Deleted : user_pref("CT3279141.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3279141.mam_gk_stamp", "%B7%B6%BA%B9%E5%B6");
Line Deleted : user_pref("CT3279141.mam_gk_stamp.enc", "MTA0M18w");
Line Deleted : user_pref("CT3279141.mam_gk_userBornDate", "%D4%B5%C7");
Line Deleted : user_pref("CT3279141.mam_gk_userBornDate.enc", "Ti9B");
Line Deleted : user_pref("CT3279141.mam_gk_userId", "%BE%E8%EB%EA%B9%BB%E7%BF%B3%EB%B7%B8%EC%B3%BA%B8%E9%BE%B3%BE%BD%B8%BF%B3%B9%BE%EA%EC%BD%EC%B9%EC%BE%BE%B6%BD");
Line Deleted : user_pref("CT3279141.mam_gk_userId.enc", "OGJlZDM1YTktZTEyZi00MmM4LTg3MjktMzhkZjdmM2Y4ODA3");
Line Deleted : user_pref("CT3279141.mam_gk_user_approval_interacted", "%B7");
Line Deleted : user_pref("CT3279141.mam_gk_user_approval_interacted.enc", "MQ==");
Line Deleted : user_pref("CT3279141.mam_gk_welcomeDialogMode", "%B7");
Line Deleted : user_pref("CT3279141.mam_gk_welcomeDialogMode.enc", "MQ==");
Line Deleted : user_pref("CT3279141.migrateAppsAndComponents", true);
Line Deleted : user_pref("CT3279141.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_SEARCH_TERM\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://WhiteSmokeB.OurToolbar.com/\",\"EB_TOO[...]
Line Deleted : user_pref("CT3279141.openThankYouPage", "false");
Line Deleted : user_pref("CT3279141.openUninstallPage", "true");
Line Deleted : user_pref("CT3279141.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3279141&SearchSource=2&CUI=UN81864970297202100&UM=2&q=");
Line Deleted : user_pref("CT3279141.originalSearchEngine", "Conduit Search");
Line Deleted : user_pref("CT3279141.originalSearchEngineName", "WhiteSmoke B Customized Web Search");
Line Deleted : user_pref("CT3279141.performedDomainChangesMigration", "true");
Line Deleted : user_pref("CT3279141.price-gong.isManagedApp", "true");
Line Deleted : user_pref("CT3279141.rematchGround.upstairs", "%u0101%A8%EE%FA%FA%F6%C0%B5%B5%EC%E7%F9%FA%E9%F5%F4%FA%EB%F4%FA%B4%E9%F5%F4%EA%FB%EF%FA%B4%E9%F5%F3%B5%EA%F5%FD%F4%F2%F5%E7%EA%E5%F5%EC%EC%EB%F8%F9%B4%EE[...]
Line Deleted : user_pref("CT3279141.rematchGround.upstairs.enc", "eyJodHRwOi8vZmFzdGNvbnRlbnQuY29uZHVpdC5jb20vZG93bmxvYWRfb2ZmZXJzLmh0bWw/Y3RpZD1DVDMyNzkxNDF+YjEwNDN+YzAmaXNtYW5hZ2VkPXRydWUiOjEzOTIwODgyMDE2OTh9");
Line Deleted : user_pref("CT3279141.rematchagent-matkot-user-id", "%A8%B7%B9%BF%B8%B6%BE%BE%B7%BE%B9%BD%BB%BA%BC%BE%B8%B9%BA%BB%BC%A8");
Line Deleted : user_pref("CT3279141.rematchagent-matkot-user-id.enc", "IjEzOTIwODgxODM3NTQ2ODIzNDU2Ig==");
Line Deleted : user_pref("CT3279141.rematchagent-periodic-reports", "%u0101%A8%F6%EF%F4%ED%E5%B6%A8%C0%E1%B7%B9%BF%B8%B6%BE%BE%B7%BF%BD%BE%BF%BA%B2%B7%BA%BA%B6%B6%B6%B6%B6%E3%u0103");
Line Deleted : user_pref("CT3279141.rematchagent-periodic-reports.enc", "eyJwaW5nXzAiOlsxMzkyMDg4MTk3ODk0LDE0NDAwMDAwXX0=");
Line Deleted : user_pref("CT3279141.revertSettingsEnabled", "true");
Line Deleted : user_pref("CT3279141.search.searchAppId", "130028020976478709");
Line Deleted : user_pref("CT3279141.search.searchCount", "0");
Line Deleted : user_pref("CT3279141.searchFromAddressBarEnabledByUser", "true");
Line Deleted : user_pref("CT3279141.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT3279141.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT3279141.searchSuggestEnabledByUser", "true");
Line Deleted : user_pref("CT3279141.searchUserMode", "2");
Line Deleted : user_pref("CT3279141.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3279141.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3279141.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT3279141.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3279141\"}");
Line Deleted : user_pref("CT3279141.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://WhiteSmokeB.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT3279141.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"WhiteSmoke B \"}");
Line Deleted : user_pref("CT3279141.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3279141.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT3279141.serviceLayer_services_Configuration_lastUpdate", "1398380052328");
Line Deleted : user_pref("CT3279141.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1407874984583");
Line Deleted : user_pref("CT3279141.serviceLayer_services_appsMetadata_lastUpdate", "1407874984534");
Line Deleted : user_pref("CT3279141.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1407874984471");
Line Deleted : user_pref("CT3279141.serviceLayer_services_location_lastUpdate", "1369618946762");
Line Deleted : user_pref("CT3279141.serviceLayer_services_login_10.23.0.822_lastUpdate", "1392088168833");
Line Deleted : user_pref("CT3279141.serviceLayer_services_login_10.29.0.520_lastUpdate", "1407874984227");
Line Deleted : user_pref("CT3279141.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1407874984541");
Line Deleted : user_pref("CT3279141.serviceLayer_services_searchAPI_lastUpdate", "1398380051907");
Line Deleted : user_pref("CT3279141.serviceLayer_services_serviceMap_lastUpdate", "1398380025959");
Line Deleted : user_pref("CT3279141.serviceLayer_services_setupAPI_lastUpdate", "1369618946927");
Line Deleted : user_pref("CT3279141.serviceLayer_services_toolbarContextMenu_lastUpdate", "1407874984430");
Line Deleted : user_pref("CT3279141.serviceLayer_services_toolbarSettings_lastUpdate", "1398380028141");
Line Deleted : user_pref("CT3279141.serviceLayer_services_translation_lastUpdate", "1407874984589");
Line Deleted : user_pref("CT3279141.settingsINI", true);
Line Deleted : user_pref("CT3279141.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT3279141.showToolbarPermission", "false");
Line Deleted : user_pref("CT3279141.smartbar.CTID", "CT3279141");
Line Deleted : user_pref("CT3279141.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3279141.smartbar.homepage", true);
Line Deleted : user_pref("CT3279141.smartbar.toolbarName", "WhiteSmoke B ");
Line Deleted : user_pref("CT3279141.startPage", "true");
Line Deleted : user_pref("CT3279141.toolbarBornServerTime", "27-5-2013");
Line Deleted : user_pref("CT3279141.toolbarCurrentServerTime", "12-8-2014");
Line Deleted : user_pref("CT3279141.toolbarLoginClientTime", "Thu Jan 30 2014 21:52:45 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT3279141_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1407874910665,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3279141&octid=CT3279141&SearchSource=61&CUI=UN81864970297202100&UM=UM_ID&UP=SPE39F59AD-CD0E-4AA0-9D87-D3D2A52D6FA2");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "Conduit Search");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com&CUI=UN81864970297202100");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://dts.search-results.com/sr?src=ffb&appid=394&systemid=406&sr=0&q=");
Line Deleted : user_pref("Smartbar.TBHomepagesList", "hxxp://search.conduit.com/?ctid=CT3279141&octid=CT3279141&SearchSource=61&CUI=UN81864970297202100&UM=UM_ID&UP=SPE39F59AD-CD0E-4AA0-9D87-D3D2A52D6FA2");
Line Deleted : user_pref("Smartbar.TBSearchEngineList", "Conduit Search");
Line Deleted : user_pref("Smartbar.TBSearchUrlList", "hxxp://search.conduit.com&CUI=UN81864970297202100");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3279141");
Line Deleted : user_pref("browser.search.defaultenginename", "WhiteSmoke B Customized Web Search");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "WhiteSmoke B Customized Web Search");
Line Deleted : user_pref("browser.search.order.1", "Search Results");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://isearch.avg.com?cid={494C7FF5-6C85-425C-B22A-42E2CB0A4C66}&mid=22d617a4942d47d08d906939b2ec7992-53b46319a0fe3dd870d92838696f9a983ff24ba6&lang=en&ds=AVG&co[...]
Line Deleted : user_pref("extensions.asktb.cbid", "FM");
Line Deleted : user_pref("extensions.asktb.crumb", "2012.07.21+15.26.09-toolbar005iad-US-RnQgTXllcnMsRkwsVW5pdGVkIFN0YXRlcw%3D%3D");
Line Deleted : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&l={l}&qsrc={qsrc}");
Line Deleted : user_pref("extensions.asktb.dtid", "TES002UVUS");
Line Deleted : user_pref("extensions.asktb.first-launch-url", "hxxp://www.nsta.org/join");
Line Deleted : user_pref("extensions.asktb.first-restart-after-config-update", true);
Line Deleted : user_pref("extensions.asktb.l", "dis");
Line Deleted : user_pref("extensions.asktb.last-config-req", "1345401007023");
Line Deleted : user_pref("extensions.asktb.locale", "en_US");
Line Deleted : user_pref("extensions.asktb.o", "14193");
Line Deleted : user_pref("extensions.asktb.qsrc", "2871");
Line Deleted : user_pref("extensions.asktb.search-suggestions-enabled", true);
Line Deleted : user_pref("extensions.crossrider.bic", "13cd1800aa329de9757be79b22efa74c");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_blocklist.value", "%22facebook.com%2Cnonexistantdomain.com%22");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_parent_zoneid.value", "%2214019%22");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.internaldb.Resources_lastVersion.value", "1");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.setnewtab", false);
Line Deleted : user_pref("extensions.defaulttab.config", "{\"status\": \"ok\", \"config\": {\"dns_error_handling\": \"Scenario_1,Scenario_2\", \"set_default_search\": \"Search Here|Search Here\", \"window_content\":[...]
Line Deleted : user_pref("extensions.enabledAddons", "{1266764D-FC4F-4FA7-B63B-884D53B1680F}:3.6.5,smartlinks@getsmartlinks.com:1.0.35,{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24,plugin@yontoo.com:1.20.02,{91118b3[...]
Line Deleted : user_pref("extensions.toolbar@ask.com.install-event-fired", true);
Line Deleted : user_pref("extensions.wajam.affiliate_id", "3220");
Line Deleted : user_pref("extensions.wajam.firstrun", "false");
Line Deleted : user_pref("extensions.wajam.log_send_info", "false");
Line Deleted : user_pref("extensions.wajam.mappingListJsonString", "{\"version\":\"0.21084\",\"supported_sites\":{\"google\":{\"patterns\":[\"^hxxp\\\\:\\/\\/www\\\\.google\\\\..{2,3}(|\\\\\\/ig|\\\\\\/firefox)\",\"[...]
Line Deleted : user_pref("extensions.wajam.no_trace", "false");
Line Deleted : user_pref("extensions.wajam.server_current_mapping_version", "0.21084");
Line Deleted : user_pref("extensions.wajam.trace_log", "1360724490322 - processInstallationUpgrade - version set to : 1.26\n1360724490323 - processBrowserLoad - Bad mappingListJsonString: null\n1360724493344 - onFla[...]
Line Deleted : user_pref("extensions.wajam.unique_id", "8CB481D41E755227C42ED9D98EB8C4AC");
Line Deleted : user_pref("extensions.wajam.user_current_mapping_version", "0");
Line Deleted : user_pref("extensions.wajam.version", "1.26");
Line Deleted : user_pref("extentions.y2layers.installId", "d824fbc6-7001-4f49-a6cf-a8e38f79a0d0");
Line Deleted : user_pref("extentions.y2layers.lastDnsTest", 371207);
Line Deleted : user_pref("freecause34f16eca579095e41d09264e2f59518e.AutoSearchEventData", "auto%20search");
Line Deleted : user_pref("freecause34f16eca579095e41d09264e2f59518e.ClearCacheDate", 12);
Line Deleted : user_pref("freecause34f16eca579095e41d09264e2f59518e.DNSCatch", false);
Line Deleted : user_pref("freecause34f16eca579095e41d09264e2f59518e.DisplayEULA", true);
Line Deleted : user_pref("freecause34f16eca579095e41d09264e2f59518e.DnsCatchEventData", "dns%20catch");
Line Deleted : user_pref("freecause34f16eca579095e41d09264e2f59518e.EBOMode", true);
Line Deleted : user_pref("freecause34f16eca579095e41d09264e2f59518e.FirstLaunchShown", true);
Line Deleted : user_pref("freecause34f16eca579095e41d09264e2f59518e.LoadLayoutDate.100377", 12);
Line Deleted : user_pref("freecause34f16eca579095e41d09264e2f59518e.NewTabSearchEventData", "tab%20search");
Line Deleted : user_pref("freecause34f16eca579095e41d09264e2f59518e.ShowRecommendedOptions", true);
Line Deleted : user_pref("freecause34f16eca579095e41d09264e2f59518e.StateReportDate", "1407874912826");
Line Deleted : user_pref("freecause34f16eca579095e41d09264e2f59518e.TopRightSearchEventData", "top%20right%20search");
Line Deleted : user_pref("freecause34f16eca579095e41d09264e2f59518e.customNewTab", false);
Line Deleted : user_pref("freecause34f16eca579095e41d09264e2f59518e.helpUsImprove", true);
Line Deleted : user_pref("freecause34f16eca579095e41d09264e2f59518e.hideOthers", true);
Line Deleted : user_pref("freecause34f16eca579095e41d09264e2f59518e.partnerauth", false);
Line Deleted : user_pref("freecause34f16eca579095e41d09264e2f59518e.processAddrBar", false);
Line Deleted : user_pref("freecause34f16eca579095e41d09264e2f59518e.remove_search", true);
Line Deleted : user_pref("freecause34f16eca579095e41d09264e2f59518e.restoreSearch", false);
Line Deleted : user_pref("freecause34f16eca579095e41d09264e2f59518e.searchHistory", true);
Line Deleted : user_pref("freecause34f16eca579095e41d09264e2f59518e.session", "098CBB39616EB95DC40C78F5942B4949810DE5507AA59F6F26428A3DA58F84A3276B393ACEA522CF7F5A924A8A9CD24282E081E02B45954372FF680EA4A54A50122C1189[...]
Line Deleted : user_pref("freecause34f16eca579095e41d09264e2f59518e.showFirstLaunchOptions", false);
Line Deleted : user_pref("freecause34f16eca579095e41d09264e2f59518e.tb_lang", "en");
Line Deleted : user_pref("freecause34f16eca579095e41d09264e2f59518e.tool_id", "100377");
Line Deleted : user_pref("freecause34f16eca579095e41d09264e2f59518e.user_id", "102774788");
Line Deleted : user_pref("freecause34f16eca579095e41d09264e2f59518e.user_key", "ac528478210439f2e75f24181fa4f2d1b49e5161");
Line Deleted : user_pref("freecause34f16eca579095e41d09264e2f59518e.user_layouts", "100377");
Line Deleted : user_pref("freecause34f16eca579095e41d09264e2f59518e.user_lnames", "Relief%20Network%20LP4");
Line Deleted : user_pref("freecause34f16eca579095e41d09264e2f59518e.xml_service_url", "6bb94bbf55fe2f255901a560824a6ebe");
Line Deleted : user_pref("freecause34f16eca579095e41d09264e2f59518e.yahooSearch", false);
Line Deleted : user_pref("freecause91118b389ee37604d5e134a1f15c0e7a.AutoSearchEventData", "auto%20search");
Line Deleted : user_pref("freecause91118b389ee37604d5e134a1f15c0e7a.ClearCacheDate", 12);
Line Deleted : user_pref("freecause91118b389ee37604d5e134a1f15c0e7a.DNSCatch", true);
Line Deleted : user_pref("freecause91118b389ee37604d5e134a1f15c0e7a.DisplayEULA", true);
Line Deleted : user_pref("freecause91118b389ee37604d5e134a1f15c0e7a.DnsCatchEventData", "dns%20catch");
Line Deleted : user_pref("freecause91118b389ee37604d5e134a1f15c0e7a.EBOMode", true);
Line Deleted : user_pref("freecause91118b389ee37604d5e134a1f15c0e7a.FirstLaunchShown", true);
Line Deleted : user_pref("freecause91118b389ee37604d5e134a1f15c0e7a.LoadLayoutDate.100313", 12);
Line Deleted : user_pref("freecause91118b389ee37604d5e134a1f15c0e7a.NewTabSearchEventData", "tab%20search");
Line Deleted : user_pref("freecause91118b389ee37604d5e134a1f15c0e7a.ShowRecommendedOptions", true);
Line Deleted : user_pref("freecause91118b389ee37604d5e134a1f15c0e7a.StateReportDate", "1407874912816");
Line Deleted : user_pref("freecause91118b389ee37604d5e134a1f15c0e7a.TopRightSearchEventData", "top%20right%20search");
Line Deleted : user_pref("freecause91118b389ee37604d5e134a1f15c0e7a.customNewTab", true);
Line Deleted : user_pref("freecause91118b389ee37604d5e134a1f15c0e7a.helpUsImprove", true);
Line Deleted : user_pref("freecause91118b389ee37604d5e134a1f15c0e7a.hideOthers", true);
Line Deleted : user_pref("freecause91118b389ee37604d5e134a1f15c0e7a.partnerauth", false);
Line Deleted : user_pref("freecause91118b389ee37604d5e134a1f15c0e7a.processAddrBar", true);
Line Deleted : user_pref("freecause91118b389ee37604d5e134a1f15c0e7a.restoreSearch", false);
Line Deleted : user_pref("freecause91118b389ee37604d5e134a1f15c0e7a.searchHistory", true);
Line Deleted : user_pref("freecause91118b389ee37604d5e134a1f15c0e7a.session", "098CBB39616EB95DC40C78F5942B4949810DE5507AA59F6F26428A3DA58F84A33E57144507139AF7476209B419C0764A46289455D2226486F32584C9E08F1B87BFE6E5CE[...]
Line Deleted : user_pref("freecause91118b389ee37604d5e134a1f15c0e7a.showFirstLaunchOptions", false);
Line Deleted : user_pref("freecause91118b389ee37604d5e134a1f15c0e7a.tb_lang", "en");
Line Deleted : user_pref("freecause91118b389ee37604d5e134a1f15c0e7a.tool_id", "100313");
Line Deleted : user_pref("freecause91118b389ee37604d5e134a1f15c0e7a.user_id", "100445166");
Line Deleted : user_pref("freecause91118b389ee37604d5e134a1f15c0e7a.user_key", "8bf1c9136c17fc2c41487239fb24fe17b4b65e24");
Line Deleted : user_pref("freecause91118b389ee37604d5e134a1f15c0e7a.user_layouts", "100313");
Line Deleted : user_pref("freecause91118b389ee37604d5e134a1f15c0e7a.user_lnames", "Relief%20Network%20LP");
Line Deleted : user_pref("freecause91118b389ee37604d5e134a1f15c0e7a.xml_service_url", "6bb94bbf55fe2f255901a560824a6ebe");
Line Deleted : user_pref("freecause91118b389ee37604d5e134a1f15c0e7a.yahooSearch", true);
Line Deleted : user_pref("freecauseb9dbe2c0031f4cad911af4a7381d79c0.DNSCatch", false);
Line Deleted : user_pref("freecauseb9dbe2c0031f4cad911af4a7381d79c0.FirstLaunchShown", true);
Line Deleted : user_pref("freecauseb9dbe2c0031f4cad911af4a7381d79c0.LastDate", 12);
Line Deleted : user_pref("freecauseb9dbe2c0031f4cad911af4a7381d79c0.customNewTab", false);
Line Deleted : user_pref("freecauseb9dbe2c0031f4cad911af4a7381d79c0.processAddrBar", false);
Line Deleted : user_pref("freecauseb9dbe2c0031f4cad911af4a7381d79c0.tb_lang", "en");
Line Deleted : user_pref("freecauseb9dbe2c0031f4cad911af4a7381d79c0.user_id", "36824267");
Line Deleted : user_pref("freecauseb9dbe2c0031f4cad911af4a7381d79c0.vars.disablecuidinject", "1");
Line Deleted : user_pref("freecauseb9dbe2c0031f4cad911af4a7381d79c0.vars.lastcheck", "Fri%20Jun%2029%202012%2023%3A27%3A10%20GMT-0400%20%28Eastern%20Daylight%20Time%29");
Line Deleted : user_pref("freecauseb9dbe2c0031f4cad911af4a7381d79c0.yahooSearch", false);
Line Deleted : user_pref("plugin.state.npconduitfirefoxplugin", 2);
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3279141");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3279141&octid=CT3279141&SearchSource=61&CUI=SB_CUI&UM=UM_ID&UP=SPE39F59AD-CD0E-4AA0-9D87-D3D2A52D6FA2,hxxp://search.conduit[...]
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3279141&SearchSource=2&CUI=UN81864970297202100&UM=UM_ID&q=,hxxp://search.conduit.com/ResultsExt.aspx[...]
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3279141");
Line Deleted : user_pref("smartbar.homepageList", "hxxp://search.conduit.com/?ctid=CT3279141&octid=CT3279141&SearchSource=61&CUI=SB_CUI&UM=UM_ID&UP=SPE39F59AD-CD0E-4AA0-9D87-D3D2A52D6FA2,hxxp://search.conduit.com/?c[...]
Line Deleted : user_pref("smartbar.machineId", "VU9ZMWZMMLWFLCK1QBJBEE6UQ5XYNXG0QOYIE2EZMECEUWLSZKIHOO4FNFNKBXWZVQPVJUPRLQWHADWLMXGKFW");
Line Deleted : user_pref("smartbar.originalHomepage", "hxxp://www.searchnu.com/406");
Line Deleted : user_pref("smartbar.originalSearchAddressUrl", "hxxp://dts.search-results.com/sr?src=ffb&appid=394&systemid=406&sr=0&q=");
Line Deleted : user_pref("smartbar.originalSearchEngine", "Search Results");
Line Deleted : user_pref("smartbar.searchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3279141&SearchSource=2&CUI=UN81864970297202100&UM=UM_ID&q=,hxxp://search.conduit.com/ResultsExt.aspx?ctid=C[...]
Line Deleted : user_pref("surfcanyon.daily_code", "scIsOnSearchEngineDomain = function() {\nreturn contains(scCurrentPageDomain, '.surfcanyon.') || contains(scCurrentPageDomain, '.chummo.') || contains(scCurrentPage[...]
Line Deleted : user_pref("surfcanyon.daily_code_timestamp", "1333423409397");
Line Deleted : user_pref("surfcanyon.display_similar_product_images", true);
Line Deleted : user_pref("surfcanyon.display_similar_product_images_enabled", true);
Line Deleted : user_pref("surfcanyon.hourly_code", "scHourlyCodeRevision = '337r';\nscGetDocument = function() {\nreturn scIsFF ? content.document : document;\n};\n\nscExtractUrlFromSpanTag = function(spanTag) {\nva[...]
Line Deleted : user_pref("surfcanyon.hourly_code2", "scEnableGoogle_hourly = function() {\nvar args = window.location.search;\nvar path = window.location.pathname;\nvar isGoogleSearchDomain = (contains(scCurrentPage[...]
Line Deleted : user_pref("surfcanyon.hourly_code_timestamp", "1344953955817");
Line Deleted : user_pref("surfcanyon.initialized_display_similar_product_images", true);
Line Deleted : user_pref("surfcanyon.initialized_roaming_suggestions", true);
Line Deleted : user_pref("surfcanyon.initialized_search_bar", true);
Line Deleted : user_pref("surfcanyon.initialized_search_links", true);
Line Deleted : user_pref("surfcanyon.initialized_similar_product_images", true);
Line Deleted : user_pref("surfcanyon.inst_id", "73533810916905252914601273368296");
Line Deleted : user_pref("surfcanyon.inst_timestamp", "1313022256916");
Line Deleted : user_pref("surfcanyon.last_seen_splash", "338");
Line Deleted : user_pref("surfcanyon.num_searches", "2");
Line Deleted : user_pref("surfcanyon.partner_code", "WTIFFUSB");
Line Deleted : user_pref("surfcanyon.refinements_cache", "^aeris/aeris:eagle:aerie house:design:island");
Line Deleted : user_pref("surfcanyon.roaming_suggestions_enabled", true);
Line Deleted : user_pref("surfcanyon.search_links_enabled", true);
 
-\\ Google Chrome v
 
[ File : C:\Users\Ow\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://dts.search-results.com/sr?src=crb&appid=394&systemid=406&sr=0&q={searchTerms}
Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&cui=&ctid=CT3279141
Deleted [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo
Deleted [Extension] : fbmimoidopbghbcmdmpkjaffffmcbmbg
Deleted [Extension] : hphibigbodkkohoglgfkddblldpfohjl
Deleted [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
Deleted [Extension] : kincjchfokkeneeofpeefomkikfkiedl
Deleted [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpc
Deleted [Extension] : niapdbllcanepiiimjjndipklodoedlc
Deleted [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc
 
*************************
 
AdwCleaner[R0].txt - [47996 octets] - [12/08/2014 17:51:37]
AdwCleaner[S0].txt - [48055 octets] - [12/08/2014 17:54:17]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [48116 octets] ##########
 
 

 

 

MALWAREBYTES, third run:

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 8/12/2014
Scan Time: 6:19:50 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.08.12.11
Rootkit Database: v2014.08.04.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Ow
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 310877
Time Elapsed: 24 min, 36 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 6
PUP.Optional.FreeCauseTB.A, C:\Users\Ow\AppData\Roaming\Mozilla\Firefox\Profiles\m32yyzw2.default\FCTB\{34f16eca-5790-95e4-1d09-264e2f59518e}, , [3d7ea322d6a525110a90b5051ce635cb], 
PUP.Optional.FreeCauseTB.A, C:\Users\Ow\AppData\Roaming\Mozilla\Firefox\Profiles\m32yyzw2.default\FCTB\{34f16eca-5790-95e4-1d09-264e2f59518e}\100377, , [3d7ea322d6a525110a90b5051ce635cb], 
PUP.Optional.FreeCauseTB.A, C:\Users\Ow\AppData\Roaming\Mozilla\Firefox\Profiles\m32yyzw2.default\FCTB\{91118b38-9ee3-7604-d5e1-34a1f15c0e7a}, , [2695fbca80fb38fe54461f9bb64c4ab6], 
PUP.Optional.FreeCauseTB.A, C:\Users\Ow\AppData\Roaming\Mozilla\Firefox\Profiles\m32yyzw2.default\FCTB\{91118b38-9ee3-7604-d5e1-34a1f15c0e7a}\100313, , [2695fbca80fb38fe54461f9bb64c4ab6], 
PUP.Optional.FreeCauseTB.A, C:\Users\Ow\AppData\Roaming\Mozilla\Firefox\Profiles\m32yyzw2.default\FCTB\{b9dbe2c0-031f-4cad-911a-f4a7381d79c0}, , [9d1e3d884239c96d1981b109ad55629e], 
PUP.Optional.FreeCauseTB.A, C:\Users\Ow\AppData\Roaming\Mozilla\Firefox\Profiles\m32yyzw2.default\FCTB\{b9dbe2c0-031f-4cad-911a-f4a7381d79c0}\63441, , [9d1e3d884239c96d1981b109ad55629e], 
 
Files: 22
PUP.Optional.CrossRider.A, C:\Users\Ow\AppData\Roaming\Mozilla\Firefox\Profiles\m32yyzw2.default\searchplugins\search-the-web.xml, , [ebd06a5b1b600135114b10edaa58b947], 
PUP.Optional.FreeCauseTB.A, C:\Users\Ow\AppData\Roaming\Mozilla\Firefox\Profiles\m32yyzw2.default\FCTB\{34f16eca-5790-95e4-1d09-264e2f59518e}\100377\17b4aface1dbab68189a2f273b68bf56, , [3d7ea322d6a525110a90b5051ce635cb], 
PUP.Optional.FreeCauseTB.A, C:\Users\Ow\AppData\Roaming\Mozilla\Firefox\Profiles\m32yyzw2.default\FCTB\{34f16eca-5790-95e4-1d09-264e2f59518e}\100377\9bed42c44f1b65fdb6031544f0a89a1b, , [3d7ea322d6a525110a90b5051ce635cb], 
PUP.Optional.FreeCauseTB.A, C:\Users\Ow\AppData\Roaming\Mozilla\Firefox\Profiles\m32yyzw2.default\FCTB\{34f16eca-5790-95e4-1d09-264e2f59518e}\100377\tb.xml, , [3d7ea322d6a525110a90b5051ce635cb], 
PUP.Optional.FreeCauseTB.A, C:\Users\Ow\AppData\Roaming\Mozilla\Firefox\Profiles\m32yyzw2.default\FCTB\{91118b38-9ee3-7604-d5e1-34a1f15c0e7a}\100313\4333600a680f4bf23e530732d2d4cf4a, , [2695fbca80fb38fe54461f9bb64c4ab6], 
PUP.Optional.FreeCauseTB.A, C:\Users\Ow\AppData\Roaming\Mozilla\Firefox\Profiles\m32yyzw2.default\FCTB\{91118b38-9ee3-7604-d5e1-34a1f15c0e7a}\100313\b70c539aa3601c1da3539ac2f6ef9954, , [2695fbca80fb38fe54461f9bb64c4ab6], 
PUP.Optional.FreeCauseTB.A, C:\Users\Ow\AppData\Roaming\Mozilla\Firefox\Profiles\m32yyzw2.default\FCTB\{91118b38-9ee3-7604-d5e1-34a1f15c0e7a}\100313\e2ad819ba035c332c1ae07295e36dc1c, , [2695fbca80fb38fe54461f9bb64c4ab6], 
PUP.Optional.FreeCauseTB.A, C:\Users\Ow\AppData\Roaming\Mozilla\Firefox\Profiles\m32yyzw2.default\FCTB\{91118b38-9ee3-7604-d5e1-34a1f15c0e7a}\100313\tb.xml, , [2695fbca80fb38fe54461f9bb64c4ab6], 
PUP.Optional.FreeCauseTB.A, C:\Users\Ow\AppData\Roaming\Mozilla\Firefox\Profiles\m32yyzw2.default\FCTB\{b9dbe2c0-031f-4cad-911a-f4a7381d79c0}\63441\03dc1e50b634438b2b3439535f16e4ef, , [9d1e3d884239c96d1981b109ad55629e], 
PUP.Optional.FreeCauseTB.A, C:\Users\Ow\AppData\Roaming\Mozilla\Firefox\Profiles\m32yyzw2.default\FCTB\{b9dbe2c0-031f-4cad-911a-f4a7381d79c0}\63441\04938c177ebb9cb453d87b2b2e61f6f5, , [9d1e3d884239c96d1981b109ad55629e], 
PUP.Optional.FreeCauseTB.A, C:\Users\Ow\AppData\Roaming\Mozilla\Firefox\Profiles\m32yyzw2.default\FCTB\{b9dbe2c0-031f-4cad-911a-f4a7381d79c0}\63441\20133249a4819b59eedc890d3ecbea3b, , [9d1e3d884239c96d1981b109ad55629e], 
PUP.Optional.FreeCauseTB.A, C:\Users\Ow\AppData\Roaming\Mozilla\Firefox\Profiles\m32yyzw2.default\FCTB\{b9dbe2c0-031f-4cad-911a-f4a7381d79c0}\63441\355c13830b2b10319e09666596b903c3, , [9d1e3d884239c96d1981b109ad55629e], 
PUP.Optional.FreeCauseTB.A, C:\Users\Ow\AppData\Roaming\Mozilla\Firefox\Profiles\m32yyzw2.default\FCTB\{b9dbe2c0-031f-4cad-911a-f4a7381d79c0}\63441\426b4b9598c615fb353feb01b068498d, , [9d1e3d884239c96d1981b109ad55629e], 
PUP.Optional.FreeCauseTB.A, C:\Users\Ow\AppData\Roaming\Mozilla\Firefox\Profiles\m32yyzw2.default\FCTB\{b9dbe2c0-031f-4cad-911a-f4a7381d79c0}\63441\4975fea9f6ac679b3b23754cd30d3159, , [9d1e3d884239c96d1981b109ad55629e], 
PUP.Optional.FreeCauseTB.A, C:\Users\Ow\AppData\Roaming\Mozilla\Firefox\Profiles\m32yyzw2.default\FCTB\{b9dbe2c0-031f-4cad-911a-f4a7381d79c0}\63441\4c535d174e60724e5459e1c8694467bc, , [9d1e3d884239c96d1981b109ad55629e], 
PUP.Optional.FreeCauseTB.A, C:\Users\Ow\AppData\Roaming\Mozilla\Firefox\Profiles\m32yyzw2.default\FCTB\{b9dbe2c0-031f-4cad-911a-f4a7381d79c0}\63441\56104db0c4deb1778d8ab81fa5c0ca93, , [9d1e3d884239c96d1981b109ad55629e], 
PUP.Optional.FreeCauseTB.A, C:\Users\Ow\AppData\Roaming\Mozilla\Firefox\Profiles\m32yyzw2.default\FCTB\{b9dbe2c0-031f-4cad-911a-f4a7381d79c0}\63441\77026d28284a86e297fd0909fb8210e3, , [9d1e3d884239c96d1981b109ad55629e], 
PUP.Optional.FreeCauseTB.A, C:\Users\Ow\AppData\Roaming\Mozilla\Firefox\Profiles\m32yyzw2.default\FCTB\{b9dbe2c0-031f-4cad-911a-f4a7381d79c0}\63441\8546b02629f6906abe4dab3c43626548, , [9d1e3d884239c96d1981b109ad55629e], 
PUP.Optional.FreeCauseTB.A, C:\Users\Ow\AppData\Roaming\Mozilla\Firefox\Profiles\m32yyzw2.default\FCTB\{b9dbe2c0-031f-4cad-911a-f4a7381d79c0}\63441\9d3c1dea253fc011ee75ec848618774f, , [9d1e3d884239c96d1981b109ad55629e], 
PUP.Optional.FreeCauseTB.A, C:\Users\Ow\AppData\Roaming\Mozilla\Firefox\Profiles\m32yyzw2.default\FCTB\{b9dbe2c0-031f-4cad-911a-f4a7381d79c0}\63441\c3a43239291502e5ee7043e339659ba5, , [9d1e3d884239c96d1981b109ad55629e], 
PUP.Optional.FreeCauseTB.A, C:\Users\Ow\AppData\Roaming\Mozilla\Firefox\Profiles\m32yyzw2.default\FCTB\{b9dbe2c0-031f-4cad-911a-f4a7381d79c0}\63441\cc94cdb252e9dd2338a096e332f4635b, , [9d1e3d884239c96d1981b109ad55629e], 
PUP.Optional.FreeCauseTB.A, C:\Users\Ow\AppData\Roaming\Mozilla\Firefox\Profiles\m32yyzw2.default\FCTB\{b9dbe2c0-031f-4cad-911a-f4a7381d79c0}\63441\eac5556352c27a7245384e50c443f51e, , [9d1e3d884239c96d1981b109ad55629e], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,741 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:49 AM

Posted 17 August 2014 - 06:00 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/544241 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 deltaXkila

deltaXkila
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:02:49 AM

Posted 17 August 2014 - 07:50 PM

I still need help!

As described, this is a friend's laptop (running Windows 7, 32-bit). She complained of multiple popups during internet browser usage, slow respond times, and overall performance. Upon scanning, I saw Conduit (and fellow toolbars) but I also thought I saw a M32.Backdoor and Trojan files during search. Trying to use Malwarebytes and AdwCleaner to clear it out, the 2100+ infected files were reported but crashed any recording of logs.

She has backed up all of her pictures, music, documents, etc. onto an external hard drive, and I feel like I should scan that just in case. Popups still persist during internet broswing including on startup of Firefox and Chrome on what appears to be a new tab (not a home page).

The friend does not know if she has the Windows 7 Installation CD/DVD (if it even came with the laptop is unknown).

 

DDS Log:

 

 
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17207  BrowserJavaVersion: 1.6.0_24
Run by Ow at 20:34:05 on 2014-08-17
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2811.773 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\servicing\TrustedInstaller.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\spool\DRIVERS\x64\3\lxdnserv.exe
C:\windows\system32\lxdncoms.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\atieclxx.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe
C:\Program Files (x86)\Lexmark 2600 Series\ezprint.exe
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
C:\Users\Ow\AppData\Local\Facebook\Update\FacebookUpdate.exe
C:\Users\Ow\AppData\Local\Akamai\netsession_win.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Ow\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\system32\wuauclt.exe
C:\windows\System32\svchost.exe -k swprv
C:\windows\system32\taskeng.exe
C:\windows\System32\svchost.exe -k WerSvcGroup
C:\windows\system32\taskeng.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\RunDll32.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = www.google.com
uProxyOverride = 127.0.0.1:9421;<local>;*.local
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Startw3i] C:\Program Files (x86)\PC Speed Maximizer\Startw3i.exe
uRun: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1
uRun: [Facebook Update] "C:\Users\Ow\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Akamai NetSession Interface] "C:\Users\Ow\AppData\Local\Akamai\netsession_win.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [VeriFaceManager] "C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe"
mRun: [UCam_Menu] "C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
mRun: [YouCam Mirror Tray icon] "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s
mRun: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
dRunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{780E07F0-CC28-42D4-8337-180FF02B80CA} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{7B19B77D-3DCD-4CF3-8B9B-F8717D6EF3D9} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{7B19B77D-3DCD-4CF3-8B9B-F8717D6EF3D9}\84F4D454D244935423 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{7B19B77D-3DCD-4CF3-8B9B-F8717D6EF3D9}\84F4D454D254645423 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{7B19B77D-3DCD-4CF3-8B9B-F8717D6EF3D9}\D414454584547535 : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - 
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [RtHDVCpl] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
x64-Run: [RtHDVBg] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE3 
x64-Run: [ETDWare] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [OnekeyStudio] "C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe"
x64-Run: [EnergyUtility] "C:\Program Files (x86)\Lenovo\Energy Management\utility.exe"
x64-Run: [Energy Management] "C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe"
x64-Run: [lxdnmon.exe] "C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe"
x64-Run: [EzPrint] "C:\Program Files (x86)\Lexmark 2600 Series\ezprint.exe"
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - 
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Ow\AppData\Roaming\Mozilla\Firefox\Profiles\m32yyzw2.default\
FF - prefs.js: browser.search.selectedEngine - Search the Web
FF - prefs.js: keyword.URL - hxxp://serp.freecause.com/?ourmark=3&sid=100313&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
FF - plugin: C:\Users\Ow\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Ow\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
.
============= SERVICES / DRIVERS ===============
.
R0 LHDmgr;LHDmgr;C:\windows\System32\drivers\LhdX64.sys [2011-3-25 39008]
R1 avgtp;avgtp;C:\windows\System32\drivers\avgtpx64.sys [2014-4-18 50464]
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2011-3-25 203264]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 lxdn_device;lxdn_device;C:\windows\System32\lxdncoms.exe -service --> C:\windows\System32\lxdncoms.exe -service [?]
R2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;C:\windows\System32\spool\drivers\x64\3\lxdnserv.exe [2009-4-28 29184]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\System32\drivers\AcpiVpc.sys [2011-3-25 28176]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\windows\System32\drivers\AtihdW76.sys [2011-3-25 116240]
R3 ETD;ELAN PS/2 Port Input Device;C:\windows\System32\drivers\ETD.sys [2011-3-25 162304]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2011-3-25 75304]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 wdmirror;wdmirror;C:\windows\System32\drivers\WDMirror.sys [2011-3-25 11280]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 Bridge0;Bridge0;C:\windows\System32\drivers\WDBridge.sys [2011-3-25 79376]
S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2011-7-5 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-7-29 111616]
S3 IGRS;IGRS;C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe [2009-7-14 38152]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\windows\System32\drivers\k57nd60a.sys [2009-6-10 270848]
S3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [2011-3-25 509192]
S3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [2011-3-25 579400]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-3-25 242720]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2011-5-16 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 wsvd;wsvd;C:\windows\System32\drivers\wsvd.sys [2009-7-21 121840]
.
=============== Created Last 30 ================
.
2014-08-18 00:28:56 10924376 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A03C442C-2DF5-412D-A570-09BC4358ED6C}\mpengine.dll
2014-08-12 21:52:40 536576 ----a-w- C:\windows\SysWow64\sqlite3.dll
2014-08-12 21:49:27 -------- d-----w- C:\AdwCleaner
2014-08-12 20:31:11 122584 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
2014-08-12 20:30:19 91352 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2014-08-12 20:30:19 63704 ----a-w- C:\windows\System32\drivers\mwac.sys
2014-08-12 20:30:19 25816 ----a-w- C:\windows\System32\drivers\mbam.sys
2014-08-12 20:30:17 -------- d-----w- C:\ProgramData\Malwarebytes
2014-08-12 20:30:17 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-12 20:29:38 -------- d-----w- C:\Users\Ow\AppData\Local\Programs
2014-07-30 00:17:09 1719296 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2014-07-30 00:17:09 1380864 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2014-07-30 00:17:08 1354240 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2014-07-30 00:17:07 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2014-07-30 00:17:07 1389568 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2014-07-30 00:17:01 519168 ----a-w- C:\windows\System32\aepdu.dll
2014-07-30 00:17:00 424448 ----a-w- C:\windows\System32\aeinv.dll
2014-07-30 00:15:38 1247232 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\tipskins.dll
2014-07-30 00:14:03 801280 ----a-w- C:\windows\System32\usp10.dll
2014-07-30 00:14:02 626688 ----a-w- C:\windows\SysWow64\usp10.dll
2014-07-30 00:11:37 288192 ----a-w- C:\windows\System32\drivers\FWPKCLNT.SYS
2014-07-30 00:11:37 1903552 ----a-w- C:\windows\System32\drivers\tcpip.sys
2014-07-30 00:07:30 1460736 ----a-w- C:\windows\System32\lsasrv.dll
2014-07-30 00:07:27 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2014-07-30 00:07:27 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2014-07-29 23:33:25 2002432 ----a-w- C:\windows\System32\msxml6.dll
2014-07-29 23:33:25 1882112 ----a-w- C:\windows\System32\msxml3.dll
2014-07-29 23:33:23 1389056 ----a-w- C:\windows\SysWow64\msxml6.dll
2014-07-29 23:33:23 1237504 ----a-w- C:\windows\SysWow64\msxml3.dll
2014-07-29 23:33:22 2048 ----a-w- C:\windows\SysWow64\msxml6r.dll
2014-07-29 23:33:22 2048 ----a-w- C:\windows\SysWow64\msxml3r.dll
2014-07-29 23:33:22 2048 ----a-w- C:\windows\System32\msxml6r.dll
2014-07-29 23:33:22 2048 ----a-w- C:\windows\System32\msxml3r.dll
.
==================== Find3M  ====================
.
2014-08-05 13:20:00 270496 ------w- C:\windows\System32\MpSigStub.exe
2014-07-29 23:38:00 71344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-29 23:38:00 699056 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-07-07 22:44:50 50464 ----a-w- C:\windows\System32\drivers\avgtpx64.sys
2014-06-19 01:06:55 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2014-06-19 01:06:24 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2014-06-19 00:42:57 548352 ----a-w- C:\windows\System32\vbscript.dll
2014-06-19 00:42:49 66048 ----a-w- C:\windows\System32\iesetup.dll
2014-06-19 00:41:52 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2014-06-19 00:41:16 83968 ----a-w- C:\windows\System32\MshtmlDac.dll
2014-06-19 00:24:30 139264 ----a-w- C:\windows\System32\ieUnatt.exe
2014-06-19 00:24:12 111616 ----a-w- C:\windows\System32\ieetwcollector.exe
2014-06-19 00:23:53 752640 ----a-w- C:\windows\System32\jscript9diag.dll
2014-06-19 00:14:28 940032 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2014-06-18 23:59:04 38400 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll
2014-06-18 23:56:37 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-06-18 23:51:38 5721088 ----a-w- C:\windows\System32\jscript9.dll
2014-06-18 23:38:40 455168 ----a-w- C:\windows\SysWow64\vbscript.dll
2014-06-18 23:37:23 61952 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-06-18 23:36:35 51200 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2014-06-18 23:35:55 62464 ----a-w- C:\windows\SysWow64\MshtmlDac.dll
2014-06-18 23:27:45 1249280 ----a-w- C:\windows\System32\mshtmlmedia.dll
2014-06-18 23:27:07 2040832 ----a-w- C:\windows\System32\inetcpl.cpl
2014-06-18 23:23:27 112128 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2014-06-18 23:22:40 592896 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2014-06-18 23:06:10 32256 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-06-18 22:58:27 2266112 ----a-w- C:\windows\System32\wininet.dll
2014-06-18 22:52:18 4254720 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-06-18 22:46:23 1068032 ----a-w- C:\windows\SysWow64\mshtmlmedia.dll
2014-06-18 22:45:59 1964544 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-06-18 22:13:59 1791488 ----a-w- C:\windows\SysWow64\wininet.dll
2014-06-18 02:18:30 692736 ----a-w- C:\windows\System32\osk.exe
2014-06-18 01:51:32 646144 ----a-w- C:\windows\SysWow64\osk.exe
2014-06-18 01:10:36 3157504 ----a-w- C:\windows\System32\win32k.sys
2014-06-06 10:10:34 624128 ----a-w- C:\windows\System32\qedit.dll
2014-06-06 09:44:17 509440 ----a-w- C:\windows\SysWow64\qedit.dll
2014-05-30 08:08:52 210944 ----a-w- C:\windows\System32\wdigest.dll
2014-05-30 08:08:49 86528 ----a-w- C:\windows\System32\TSpkg.dll
2014-05-30 08:08:47 340992 ----a-w- C:\windows\System32\schannel.dll
2014-05-30 08:08:41 314880 ----a-w- C:\windows\System32\msv1_0.dll
2014-05-30 08:08:41 307200 ----a-w- C:\windows\System32\ncrypt.dll
2014-05-30 08:08:36 728064 ----a-w- C:\windows\System32\kerberos.dll
2014-05-30 08:08:31 22016 ----a-w- C:\windows\System32\credssp.dll
2014-05-30 07:52:51 172032 ----a-w- C:\windows\SysWow64\wdigest.dll
2014-05-30 07:52:49 65536 ----a-w- C:\windows\SysWow64\TSpkg.dll
2014-05-30 07:52:45 247808 ----a-w- C:\windows\SysWow64\schannel.dll
2014-05-30 07:52:41 220160 ----a-w- C:\windows\SysWow64\ncrypt.dll
2014-05-30 07:52:40 259584 ----a-w- C:\windows\SysWow64\msv1_0.dll
2014-05-30 07:52:36 550912 ----a-w- C:\windows\SysWow64\kerberos.dll
2014-05-30 07:52:30 17408 ----a-w- C:\windows\SysWow64\credssp.dll
2014-05-30 06:45:52 497152 ----a-w- C:\windows\System32\drivers\afd.sys
2013-07-06 20:18:37 4249600 ----a-w- C:\Program Files (x86)\GUT1F30.tmp
.
============= FINISH: 20:37:43.91 ===============
 


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,737 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:49 PM

Posted 19 August 2014 - 10:27 AM

Greetings deltaXkila and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review our situation please run the below for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Edited by Oh My!, 19 August 2014 - 08:14 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 deltaXkila

deltaXkila
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:02:49 AM

Posted 22 August 2014 - 03:53 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-08-2014
Ran by Ow (administrator) on OW-PC on 22-08-2014 07:37:05
Running from C:\Users\Ow\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Lexmark International, Inc.) C:\Windows\System32\spool\drivers\x64\3\lxdnserv.exe
( ) C:\Windows\System32\lxdncoms.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
() C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe
(Lexmark International Inc.) C:\Program Files (x86)\Lexmark 2600 Series\ezprint.exe
() C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
(Facebook Inc.) C:\Users\Ow\AppData\Local\Facebook\Update\FacebookUpdate.exe
(Akamai Technologies, Inc.) C:\Users\Ow\AppData\Local\Akamai\netsession_win.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Akamai Technologies, Inc.) C:\Users\Ow\AppData\Local\Akamai\netsession_win.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Users\Ow\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ow\AppData\Local\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11448424 2010-08-20] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2120808 2010-08-20] (Realtek Semiconductor)
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [2598280 2010-03-29] (ELAN Microelectronics Corp.)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [776608 2009-12-18] (Lenovo)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [4462496 2010-04-12] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [7056800 2010-03-18] (Lenovo (Beijing) Limited)
HKLM\...\Run: [lxdnmon.exe] => C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe [660136 2008-03-27] ()
HKLM\...\Run: [EzPrint] => C:\Program Files (x86)\Lexmark 2600 Series\ezprint.exe [107176 2008-03-27] (Lexmark International Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-07-29] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-07-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35184 2008-12-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [3122528 2011-03-25] (Lenovo)
HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirror Tray icon] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [171104 2010-03-02] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [249064 2010-10-29] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
HKU\S-1-5-21-2607536411-3615945164-3465826159-1000\...\Run: [Startw3i] => C:\Program Files (x86)\PC Speed Maximizer\Startw3i.exe
HKU\S-1-5-21-2607536411-3615945164-3465826159-1000\...\Run: [Weather] => C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1
HKU\S-1-5-21-2607536411-3615945164-3465826159-1000\...\Run: [Facebook Update] => C:\Users\Ow\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-15] (Facebook Inc.)
HKU\S-1-5-21-2607536411-3615945164-3465826159-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Ow\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2607536411-3615945164-3465826159-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
AppInit_DLLs:  C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll => C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found
AppInit_DLLs-x32:  C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll => "C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll" File Not Found
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
ShellIconOverlayIdentifiers: VeriFace Enc -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\windows\system32\IcnOvrly.dll ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://lenovo.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 
FireFox:
========
FF ProfilePath: C:\Users\Ow\AppData\Roaming\Mozilla\Firefox\Profiles\m32yyzw2.default
FF SearchEngineOrder.user_pref("browser.search.order.2", "");: user_pref("browser.search.order.2", "");
FF SelectedSearchEngine: Search the Web
FF Keyword.URL: hxxp://serp.freecause.com/?ourmark=3&sid=100313&q=
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Ow\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @tools.google.com/Google Update;version=8 -> C:\Users\Ow\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)
FF SearchPlugin: C:\Users\Ow\AppData\Roaming\Mozilla\Firefox\Profiles\m32yyzw2.default\searchplugins\bing-zugo.xml
FF SearchPlugin: C:\Users\Ow\AppData\Roaming\Mozilla\Firefox\Profiles\m32yyzw2.default\searchplugins\search-the-web.xml
FF Extension: BetterLinks - C:\Users\Ow\AppData\Roaming\Mozilla\Firefox\Profiles\m32yyzw2.default\Extensions\smartlinks@getsmartlinks.com [2011-07-06]
FF Extension: ShopToWin13 - C:\Users\Ow\AppData\Roaming\Mozilla\Firefox\Profiles\m32yyzw2.default\Extensions\{b9dbe2c0-031f-4cad-911a-f4a7381d79c0} [2013-05-26]
FF Extension: Relief Network LP4 - C:\Users\Ow\AppData\Roaming\Mozilla\Firefox\Profiles\m32yyzw2.default\Extensions\{34f16eca-5790-95e4-1d09-264e2f59518e}.xpi [2011-08-31]
FF Extension: Relief Network LP - C:\Users\Ow\AppData\Roaming\Mozilla\Firefox\Profiles\m32yyzw2.default\Extensions\{91118b38-9ee3-7604-d5e1-34a1f15c0e7a}.xpi [2011-07-06]
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak [2011-08-10]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011-08-10]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\linkfilter@kaspersky.ru
FF HKCU\...\Firefox\Extensions: [{1266764D-FC4F-4FA7-B63B-884D53B1680F}] - C:\Users\Ow\AppData\Roaming\NetAssistant
FF Extension: Freeze.com NetAssistant - C:\Users\Ow\AppData\Roaming\NetAssistant [2011-06-21]
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://search.conduit.com/?CUI=&ctid=CT3279141&SearchSource=48"
CHR DefaultSearchKeyword: r
CHR DefaultSearchProvider: Search Results
CHR DefaultSuggestURL: 
CHR Extension: (AT_JackSpadeV2) - C:\Users\Ow\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmfhcemponaaoollhcoebkpajgdamieo [2011-05-26]
CHR Extension: (Cuevana Stream) - C:\Users\Ow\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfdckejfnkaemompfjhecfmhjgnchmjg [2012-09-27]
CHR StartMenuInternet: Google Chrome - C:\Users\Ow\AppData\Local\Google\Chrome\Application\chrome.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 IGRS; C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe [38152 2009-07-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm AppSvc; C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [509192 2009-08-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm ConnSvc; C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [579400 2009-09-22] (Lenovo Group Limited)
R2 lxdnCATSCustConnectService; C:\windows\system32\spool\DRIVERS\x64\3\\lxdnserv.exe [29184 2009-04-28] (Lexmark International, Inc.)
R2 lxdn_device; C:\windows\system32\lxdncoms.exe [1044648 2008-02-27] ( )
R2 lxdn_device; C:\windows\SysWOW64\lxdncoms.exe [594600 2008-02-27] ( )
S3 PS_MDP; C:\Program Files (x86)\Lenovo\ReadyComm\PS_MDP.dll [276296 2009-07-15] (Lenovo Group Limited)
S2 ReadyComm.DirectRouter; C:\Program Files (x86)\Lenovo\ReadyComm\common\router.dll [103688 2009-07-14] (Lenovo Group Limited)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [50464 2014-07-07] (AVG Technologies)
S3 Bridge0; C:\Windows\System32\drivers\WDBridge.sys [79376 2009-07-15] (Lenovo)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
R3 wdmirror; C:\Windows\System32\DRIVERS\WDMirror.sys [11280 2009-07-16] (Lenovo)
U3 BcmSqlStartupSvc; 
U2 IAStorDataMgrSvc; 
U2 IviRegMgr; 
U2 RichVideo; 
U3 SQLWriter; 
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-22 07:37 - 2014-08-22 07:38 - 00019287 _____ () C:\Users\Ow\Desktop\FRST.txt
2014-08-22 07:36 - 2014-08-22 07:37 - 00000000 ____D () C:\FRST
2014-08-22 07:36 - 2014-08-22 07:33 - 02101760 _____ (Farbar) C:\Users\Ow\Desktop\FRST64.exe
2014-08-17 20:48 - 2014-08-17 20:48 - 00000000 ____D () C:\Users\Ow\Documents\New folder
2014-08-17 20:38 - 2014-08-17 20:38 - 00011090 _____ () C:\Users\Ow\Desktop\attach.txt
2014-08-17 20:38 - 2014-08-17 20:37 - 00021975 _____ () C:\Users\Ow\Desktop\dds.txt
2014-08-12 17:52 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll
2014-08-12 17:49 - 2014-08-12 17:55 - 00000000 ____D () C:\AdwCleaner
2014-08-12 16:31 - 2014-08-12 18:07 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-12 16:30 - 2014-08-12 16:30 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-12 16:30 - 2014-08-12 16:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-12 16:30 - 2014-08-12 16:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-12 16:30 - 2014-08-12 16:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-12 16:30 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-08-12 16:30 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-08-12 16:30 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-07-29 20:17 - 2014-06-29 22:09 - 00519168 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-07-29 20:17 - 2014-06-29 22:04 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-07-29 20:16 - 2014-06-20 16:14 - 00266424 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-07-29 20:16 - 2014-06-20 15:39 - 00240824 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-07-29 20:16 - 2014-06-18 21:39 - 23464448 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-07-29 20:16 - 2014-06-18 21:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-07-29 20:16 - 2014-06-18 21:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-07-29 20:16 - 2014-06-18 20:48 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-07-29 20:16 - 2014-06-18 20:42 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-07-29 20:16 - 2014-06-18 20:42 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-07-29 20:16 - 2014-06-18 20:41 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-07-29 20:16 - 2014-06-18 20:41 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-07-29 20:16 - 2014-06-18 20:32 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-07-29 20:16 - 2014-06-18 20:31 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-07-29 20:16 - 2014-06-18 20:26 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-07-29 20:16 - 2014-06-18 20:24 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-07-29 20:16 - 2014-06-18 20:24 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-07-29 20:16 - 2014-06-18 20:23 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-07-29 20:16 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-07-29 20:16 - 2014-06-18 20:14 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-07-29 20:16 - 2014-06-18 20:09 - 00452608 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-07-29 20:16 - 2014-06-18 19:59 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-07-29 20:16 - 2014-06-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-07-29 20:16 - 2014-06-18 19:53 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-07-29 20:16 - 2014-06-18 19:51 - 05721088 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-07-29 20:16 - 2014-06-18 19:50 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-07-29 20:16 - 2014-06-18 19:48 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-07-29 20:16 - 2014-06-18 19:39 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-07-29 20:16 - 2014-06-18 19:38 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-07-29 20:16 - 2014-06-18 19:37 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-07-29 20:16 - 2014-06-18 19:36 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-07-29 20:16 - 2014-06-18 19:35 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-07-29 20:16 - 2014-06-18 19:33 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-07-29 20:16 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-07-29 20:16 - 2014-06-18 19:28 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-07-29 20:16 - 2014-06-18 19:28 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-07-29 20:16 - 2014-06-18 19:27 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-07-29 20:16 - 2014-06-18 19:27 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-07-29 20:16 - 2014-06-18 19:25 - 00442368 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-07-29 20:16 - 2014-06-18 19:23 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-07-29 20:16 - 2014-06-18 19:22 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-07-29 20:16 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-07-29 20:16 - 2014-06-18 19:06 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-29 20:16 - 2014-06-18 19:01 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-07-29 20:16 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-07-29 20:16 - 2014-06-18 18:58 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-07-29 20:16 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-07-29 20:16 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-07-29 20:16 - 2014-06-18 18:51 - 13527040 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-07-29 20:16 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-07-29 20:16 - 2014-06-18 18:46 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-07-29 20:16 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-07-29 20:16 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-07-29 20:16 - 2014-06-18 18:34 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-07-29 20:16 - 2014-06-18 18:15 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-07-29 20:16 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-07-29 20:16 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-07-29 20:16 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-07-29 20:15 - 2014-06-17 22:18 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-07-29 20:15 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe
2014-07-29 20:15 - 2014-06-17 21:10 - 03157504 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-07-29 20:15 - 2014-06-06 06:10 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-07-29 20:15 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-07-29 20:15 - 2014-05-30 04:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-07-29 20:15 - 2014-05-30 04:08 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-07-29 20:15 - 2014-05-30 04:08 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-07-29 20:15 - 2014-05-30 04:08 - 00307200 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-07-29 20:15 - 2014-05-30 04:08 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-07-29 20:15 - 2014-05-30 04:08 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-07-29 20:15 - 2014-05-30 04:08 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-07-29 20:15 - 2014-05-30 03:52 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-07-29 20:15 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-07-29 20:15 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-07-29 20:15 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2014-07-29 20:15 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-07-29 20:15 - 2014-05-30 03:52 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-07-29 20:15 - 2014-05-30 03:52 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-07-29 20:15 - 2014-05-30 02:45 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2014-07-29 20:14 - 2014-04-24 22:34 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll
2014-07-29 20:14 - 2014-04-24 22:06 - 00626688 _____ (Microsoft Corporation) C:\windows\SysWOW64\usp10.dll
2014-07-29 20:11 - 2014-04-04 22:47 - 01903552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2014-07-29 20:11 - 2014-04-04 22:47 - 00288192 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
2014-07-29 20:07 - 2014-06-05 10:45 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-07-29 20:07 - 2014-06-05 10:26 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-07-29 20:07 - 2014-06-05 10:25 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-07-29 19:33 - 2014-03-26 10:44 - 02002432 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2014-07-29 19:33 - 2014-03-26 10:44 - 01882112 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-07-29 19:33 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml6r.dll
2014-07-29 19:33 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-07-29 19:33 - 2014-03-26 10:27 - 01389056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll
2014-07-29 19:33 - 2014-03-26 10:27 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-07-29 19:33 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6r.dll
2014-07-29 19:33 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-22 07:38 - 2014-08-22 07:37 - 00019287 _____ () C:\Users\Ow\Desktop\FRST.txt
2014-08-22 07:38 - 2011-03-25 06:25 - 01676864 _____ () C:\windows\WindowsUpdate.log
2014-08-22 07:37 - 2014-08-22 07:36 - 00000000 ____D () C:\FRST
2014-08-22 07:33 - 2014-08-22 07:36 - 02101760 _____ (Farbar) C:\Users\Ow\Desktop\FRST64.exe
2014-08-22 07:33 - 2012-07-02 22:43 - 00000890 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-22 07:33 - 2012-06-29 23:25 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-08-22 07:32 - 2011-05-16 01:55 - 18292940 _____ () C:\FaceProv.log
2014-08-22 07:32 - 2011-03-25 07:22 - 00000000 ____D () C:\ProgramData\VeriFace
2014-08-22 07:31 - 2012-07-02 22:43 - 00000886 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-17 20:48 - 2014-08-17 20:48 - 00000000 ____D () C:\Users\Ow\Documents\New folder
2014-08-17 20:38 - 2014-08-17 20:38 - 00011090 _____ () C:\Users\Ow\Desktop\attach.txt
2014-08-17 20:37 - 2014-08-17 20:38 - 00021975 _____ () C:\Users\Ow\Desktop\dds.txt
2014-08-17 20:29 - 2009-07-14 01:13 - 00783400 _____ () C:\windows\system32\PerfStringBackup.INI
2014-08-17 20:29 - 2009-07-14 00:45 - 00013632 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-17 20:29 - 2009-07-14 00:45 - 00013632 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-17 20:20 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-08-17 20:20 - 2009-07-14 00:51 - 00051209 _____ () C:\windows\setupact.log
2014-08-17 20:18 - 2009-07-29 03:23 - 00000000 ____D () C:\Program Files\Windows Journal
2014-08-14 16:07 - 2011-05-16 05:36 - 00998692 _____ () C:\windows\PFRO.log
2014-08-12 18:19 - 2012-05-19 20:49 - 00000000 ____D () C:\ProgramData\MFAData
2014-08-12 18:17 - 2013-05-26 22:18 - 00000000 ____D () C:\ProgramData\AVG2013
2014-08-12 18:17 - 2012-05-20 09:44 - 00000000 ___HD () C:\$AVG
2014-08-12 18:07 - 2014-08-12 16:31 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-12 18:02 - 2009-07-14 00:45 - 00433528 _____ () C:\windows\system32\FNTCACHE.DAT
2014-08-12 18:01 - 2012-05-21 09:52 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-12 18:01 - 2012-05-21 09:52 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-08-12 17:59 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\LiveKernelReports
2014-08-12 17:56 - 2014-05-29 00:03 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-08-12 17:56 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
2014-08-12 17:56 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\Dism
2014-08-12 17:55 - 2014-08-12 17:49 - 00000000 ____D () C:\AdwCleaner
2014-08-12 16:32 - 2011-05-27 00:13 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-12 16:30 - 2014-08-12 16:30 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-12 16:30 - 2014-08-12 16:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-12 16:30 - 2014-08-12 16:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-12 16:30 - 2014-08-12 16:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-12 16:15 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-08-09 22:18 - 2013-07-17 21:26 - 00000000 ____D () C:\windows\system32\MRT
2014-08-09 22:00 - 2012-05-21 09:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-08-05 09:20 - 2011-05-16 03:30 - 00270496 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-07-29 19:38 - 2012-06-29 23:25 - 00699056 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-07-29 19:38 - 2012-06-29 23:25 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-07-29 19:38 - 2011-07-06 14:20 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
 
Some content of TEMP:
====================
C:\Users\Ow\AppData\Local\Temp\oi_{F98B63D7-339C-48A2-8F6E-9EFE1C885422}.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-04-18 18:25
 
==================== End Of Log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-08-2014
Ran by Ow at 2014-08-22 07:39:24
Running from C:\Users\Ow\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Acrobat.com (HKLM-x32\...\{77DCDCE3-2DED-62F3-8154-05E745472D07}) (Version: 1.1.377 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.3.9130 - Adobe Systems Inc.) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.2.1.650 - Adobe Systems Incorporated)
Adobe Community Help (x32 Version: 3.2.1 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Photoshop.com Inspiration Browser (HKLM-x32\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 3.07 - Adobe Systems Incorporated)
Adobe Photoshop.com Inspiration Browser (x32 Version: 3.07 - Adobe Systems Incorporated) Hidden
Adobe Reader 9.0.1 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A90100000001}) (Version: 9.0.1 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.0.626 - Adobe Systems, Inc.)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Amazing Adventures Around the World (HKLM-x32\...\Amazing Adventures Around the World) (Version:  - PopCap Games)
Amazing Adventures The Caribbean Secret (HKLM-x32\...\Amazing Adventures The Caribbean Secret) (Version:  - PopCap Games)
Amazing Adventures The Lost Tomb (HKLM-x32\...\Amazing Adventures The Lost Tomb) (Version:  - PopCap Games)
Apple Application Support (HKLM-x32\...\{63EC2120-1742-4625-AA47-C6A8AEC9C64C}) (Version: 2.2.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}) (Version: 6.0.0.59 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.26 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{6CADC615-64C7-7366-A49A-342E8B7D3C9B}) (Version: 3.0.786.0 - ATI Technologies, Inc.)
Best Buy pc app (HKCU\...\48e4cff94f039634) (Version: 3.2.420.5 - Best Buy)
Best Buy pc app (Version: 3.1.1.0 - Best Buy) Hidden
Best Buy pc app (x32 Version: 3.1.1.0 - Best Buy) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Wireless Driver (HKLM-x32\...\{8991E763-21F5-4DEA-A938-5D9D77DCB488}) (Version: 1.0.0.0 - )
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0719.1349.22889 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0719.1349.22889 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0719.1349.22889 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
CCC Help English (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
CCC Help French (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
CCC Help German (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0719.1349.22889 - ATI) Hidden
ccc-utility64 (Version: 2010.0719.1349.22889 - ATI) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2626 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.0.2626 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5C78021E-3C8E-4EDF-97EA-E9B8D808FD6D}) (Version:  - Microsoft)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Elements 9 Organizer (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Elements STI Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Energy Management (HKLM-x32\...\{0CE226F3-EB27-4ECD-BBF5-F088716779FD}) (Version: 5.4.1.9 - Lenovo)
ETDWare PS/2-x64 7.0.4.17_WHQL (HKLM\...\Elantech) (Version: 7.0.4.17 - ELAN Microelectronics Corp.)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Family Feud (HKLM-x32\...\Family Feud) (Version:  - )
Google Chrome (HKCU\...\Google Chrome) (Version: 12.0.742.122 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}) (Version: 10.7.0.21 - Apple Inc.)
Java Auto Updater (x32 Version: 2.0.3.1 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 24 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216024FF}) (Version: 6.0.240 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo DirectShare (HKLM-x32\...\InstallShield_{B2164CCB-C002-4B80-8550-7535D80DF237}) (Version: 1.0.1.38 - ArcSoft)
Lenovo DirectShare (x32 Version: 1.0.1.38 - ArcSoft) Hidden
Lenovo EasyCamera (HKLM-x32\...\{4BB1DCED-84D3-47F9-B718-5947E904593E}) (Version: 6.96.2018.21 - Lenovo EasyCamera)
Lenovo Games Console (HKLM-x32\...\Lenovo Games Console) (Version: 0.38.389.2 - Oberon Media Inc.)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1230 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.1230 - CyberLink Corp.) Hidden
Lenovo ReadyComm 5 (HKLM-x32\...\{17542DBF-E17C-4562-BC4D-FA3EF3076C45}) (Version: 5.1.1.20 - Lenovo)
Lenovo ReadyComm 5.0 Service (HKLM-x32\...\{76C66170-C538-4E77-B54D-48E136B5B533}) (Version: 5.0.0.1 - Lenovo Group Limited)
Lenovo_Wireless_Driver (HKLM-x32\...\{28ABE740-47F3-441B-9437-852F6A64EFF8}) (Version: 1.02.01 - Lenovo)
Lexmark 2600 Series (HKLM\...\Lexmark 2600 Series) (Version:  - Lexmark International, Inc.)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 4.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 4.0.1 (x86 en-US)) (Version: 4.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Mysterious City: Vegas (remove only) (HKLM-x32\...\Mysterious City: Vegas) (Version:  - )
Mystery P.I. - The Lottery Ticket 1.0.0.5 (HKLM-x32\...\Mystery P.I. - The Lottery Ticket 1.0.0.5) (Version: 1.0.0.5 - PopCap Games)
Mystery P.I. - The New York Fortune (HKLM-x32\...\Mystery P.I. - The New York Fortune) (Version:  - PopCap Games)
Mystery P.I. - The Vegas Heist 1.0.0.3 (HKLM-x32\...\Mystery P.I. - The Vegas Heist 1.0.0.3) (Version: 1.0.0.3 - PopCap Games)
NetAssistant (x32 Version: 3.6.5 - Freeze.com) Hidden
NetAssistant for Firefox (HKCU\...\NetAssistant) (Version: 3.6.5 - Freeze.com)
Norton Security Scan (HKLM-x32\...\NSS) (Version: 3.1.3.6 - Symantec Corporation)
Onekey Theater (HKLM-x32\...\{DFB19121-0609-49C1-92B1-546E5A940FE8}) (Version: 2.0.1.7 - Lenovo)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.0 - Frank Heindörfer, Philip Chinery)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.4809d4 - CyberLink Corp.)
PowerXpressHybrid (x32 Version: 1.00.0000 - ATI) Hidden
QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6184 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30116 - Realtek Semiconductor Corp.)
REA's TESTware for the FTCE Prof. Ed. (HKLM-x32\...\{D071B937-A008-4A72-8883-807C4BF10EEC}) (Version: 1.5.2 - REA, Inc. )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SLOW-PCfighter (HKLM\...\SLOW-PCfighter) (Version: 1.4.68 - SPAMfighter ApS.)
SLOW-PCfighter (Version: 1.4.68 - SPAMfighter ApS) Hidden
The Weather Channel Desktop 6 (HKLM-x32\...\The Weather Channel Desktop 6) (Version:  - )
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{C0BDC1DE-C35E-422B-8CBD-C1D555468720}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
VeriFace (HKLM-x32\...\VeriFace) (Version: 3.6.1.0226 - Lenovo)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Windows Driver Package - Lenovo (ACPIVPC) System  (10/19/2009 5.4.0.1) (HKLM\...\0A4175B489A1B4A6E07E11B063A6263480C51D71) (Version: 10/19/2009 5.4.0.1 - Lenovo)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
WinSCP 4.3.3 (HKLM-x32\...\winscp3_is1) (Version: 4.3.3 - Martin Prikryl)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
24-04-2014 22:49:15 Windows Update
29-04-2014 00:37:28 Windows Update
11-05-2014 18:01:54 Windows Update
29-05-2014 04:01:07 Windows Update
08-06-2014 15:46:13 Windows Update
11-06-2014 04:22:38 Windows Update
10-08-2014 01:40:16 Windows Update
12-08-2014 22:10:30 Removed AVG 2013
12-08-2014 22:18:06 Removed AVG 2013
13-08-2014 14:24:49 Windows Modules Installer
13-08-2014 14:26:00 Windows Modules Installer
18-08-2014 00:16:58 Windows Modules Installer
18-08-2014 00:26:59 Windows Update
22-08-2014 11:31:56 Windows Modules Installer
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2011-07-21 23:08 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0BAF0057-0BD5-4450-A309-1167A86569B6} - \Updater21802.exe No Task File <==== ATTENTION
Task: {21F17016-F5A1-43EF-8C1C-598237217452} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-02] (Google Inc.)
Task: {27DADD86-20A6-470A-832B-2F3841DCC5EC} - System32\Tasks\Norton Security Scan for Ow => C:\Program Files (x86)\Norton Security Scan\Engine\3.1.3.6\Nss.exe [2011-11-13] (Symantec Corporation)
Task: {646B8ACB-C0DD-4DB1-8BCD-24D003EAAED5} - System32\Tasks\RunAsStdUser Task => C:\Program Files (x86)\iWin Games\iWinGames.exe
Task: {7DC0DB00-BB9E-42AA-A6B8-29C4A2E77A4B} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] ()
Task: {8FB30879-DDBA-48B0-92C4-AA17820A9BE6} - System32\Tasks\{EE4E5089-3475-451A-AEF6-F007AF94F56F} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {989D752E-73E2-46F5-A885-3197F8DC9E44} - System32\Tasks\AdobeAAMUpdater-1.0-Ow-PC-Ow => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-07-29] (Adobe Systems Incorporated)
Task: {AE50FEC2-C7E5-4A2E-B119-CBB9386CA645} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2607536411-3615945164-3465826159-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {B1156308-4578-401A-A429-C7D554AF76A4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B37972BD-C9F5-445E-A7F7-5665B478E727} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-29] (Adobe Systems Incorporated)
Task: {CEFE48A1-1C6C-466C-9205-1424DD32E5BD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-02] (Google Inc.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2607536411-3615945164-3465826159-1000Core.job => C:\Users\Ow\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2607536411-3615945164-3465826159-1000Core1cd62a876a2b152.job => C:\Users\Ow\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2607536411-3615945164-3465826159-1000Core.job => C:\Users\Ow\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\Norton Security Scan for Ow.job => C:\PROGRA~2\NORTON~2\Engine\313~1.6\Nss.exe
Task: C:\windows\Tasks\PC Optimizer Pro64 startups.job => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: C:\windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe
Task: C:\windows\Tasks\SLOW-PCfighter64-Ow-Startup.job => C:\Program Files\Fighters\SLOW-PCfighter\SLOW-PCfighter64.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-02-12 22:59 - 2005-03-12 01:07 - 00087040 _____ () C:\windows\System32\pdfcmnnt.dll
2011-06-07 22:17 - 2009-08-13 12:06 - 00177152 _____ () C:\windows\system32\spool\PRTPROCS\x64\lxdndrpp.dll
2011-03-25 07:19 - 2009-12-18 22:52 - 00201120 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect64.dll
2011-03-25 07:19 - 2009-12-18 22:53 - 00156576 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll64.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2011-03-25 07:22 - 2011-03-25 07:22 - 01502720 _____ () C:\windows\system32\IcnOvrly.dll
2011-03-25 07:42 - 2009-07-15 11:55 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2011-03-25 07:42 - 2009-07-15 11:55 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2011-06-07 22:20 - 2008-03-27 11:13 - 00660136 _____ () C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe
2011-03-25 07:19 - 2009-12-18 22:52 - 00100256 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
2010-07-19 09:48 - 2010-07-19 09:48 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-06-07 22:20 - 2008-03-15 01:33 - 00380928 _____ () C:\Program Files (x86)\Lexmark 2600 Series\lxdnscw.dll
2011-06-07 22:19 - 2007-05-29 11:39 - 00589824 _____ () C:\Program Files (x86)\Lexmark 2600 Series\lxdndatr.dll
2011-06-07 22:19 - 2007-03-26 11:39 - 00073728 _____ () C:\Program Files (x86)\Lexmark 2600 Series\lxdncats.dll
2011-06-07 22:20 - 2008-03-15 01:34 - 00782336 _____ () C:\Program Files (x86)\Lexmark 2600 Series\lxdnDRS.dll
2011-06-07 22:20 - 2007-11-20 19:44 - 00081920 _____ () C:\Program Files (x86)\Lexmark 2600 Series\lxdncaps.dll
2011-06-07 22:20 - 2007-10-02 18:51 - 00069632 _____ () C:\Program Files (x86)\Lexmark 2600 Series\lxdncnv4.dll
2011-03-25 07:19 - 2009-12-18 22:50 - 00161696 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll
2011-03-25 07:19 - 2009-12-18 22:51 - 00133024 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll
2011-06-07 22:20 - 2007-10-12 22:24 - 00364544 _____ () C:\Program Files (x86)\Lexmark 2600 Series\iptk.dll
2011-03-25 07:22 - 2011-03-25 07:22 - 00492896 _____ () C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2011-07-15 00:13 - 2011-07-09 00:51 - 03649592 _____ () C:\Users\Ow\AppData\Local\Google\Chrome\Application\12.0.742.122\pdf.dll
2011-07-15 00:13 - 2011-07-09 00:51 - 00329272 _____ () C:\Users\Ow\AppData\Local\Google\Chrome\Application\12.0.742.122\ppGoogleNaClPluginChrome.dll
2011-07-15 00:13 - 2011-07-09 00:49 - 01846344 _____ () C:\Users\Ow\AppData\Local\Google\Chrome\Application\12.0.742.122\avcodec-52.dll
2011-07-15 00:13 - 2011-07-09 00:49 - 00104520 _____ () C:\Users\Ow\AppData\Local\Google\Chrome\Application\12.0.742.122\avutil-50.dll
2011-07-15 00:13 - 2011-07-09 00:49 - 00203848 _____ () C:\Users\Ow\AppData\Local\Google\Chrome\Application\12.0.742.122\avformat-52.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:373E1720
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/22/2014 07:31:46 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x81000101).
 
Error: (08/18/2014 03:07:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14336
 
Error: (08/18/2014 03:07:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14336
 
Error: (08/18/2014 03:07:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/18/2014 03:07:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13338
 
Error: (08/18/2014 03:07:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13338
 
Error: (08/18/2014 03:07:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/18/2014 03:07:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12340
 
Error: (08/18/2014 03:07:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12340
 
Error: (08/18/2014 03:07:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (08/17/2014 08:23:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ReadyComm.DirectRouter service failed to start due to the following error: 
%%2
 
Error: (08/14/2014 07:40:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ReadyComm.DirectRouter service failed to start due to the following error: 
%%2
 
Error: (08/14/2014 04:11:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ReadyComm.DirectRouter service failed to start due to the following error: 
%%2
 
Error: (08/12/2014 06:05:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ReadyComm.DirectRouter service failed to start due to the following error: 
%%2
 
Error: (08/12/2014 06:03:00 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5
 
Error: (08/12/2014 06:02:54 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5
 
Error: (08/12/2014 05:58:57 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The AVGIDSAgent service did not shut down properly after receiving a preshutdown control.
 
Error: (08/12/2014 05:58:17 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5
 
Error: (08/12/2014 05:58:05 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Modules Installer service did not shut down properly after receiving a preshutdown control.
 
Error: (08/12/2014 04:44:49 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 for x64-based Systems (KB2971850).
 
 
Microsoft Office Sessions:
=========================
Error: (08/22/2014 07:31:46 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\windows\system32\svchost.exe -k netsvcsWindows Update0x81000101
 
Error: (08/18/2014 03:07:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14336
 
Error: (08/18/2014 03:07:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14336
 
Error: (08/18/2014 03:07:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/18/2014 03:07:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13338
 
Error: (08/18/2014 03:07:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13338
 
Error: (08/18/2014 03:07:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/18/2014 03:07:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12340
 
Error: (08/18/2014 03:07:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12340
 
Error: (08/18/2014 03:07:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
==================== Memory info =========================== 
 
Processor: AMD Phenom™ II N660 Dual-Core Processor
Percentage of memory in use: 60%
Total physical RAM: 2810.9 MB
Available physical RAM: 1107.65 MB
Total Pagefile: 5619.98 MB
Available Pagefile: 3753.62 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:254.14 GB) (Free:191.6 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:28.03 GB) NTFS
Drive e: (Seagate Expansion Drive) (Fixed) (Total:931.51 GB) (Free:660.66 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: C6EBFD3D)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=254.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12)
 
========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 0C2D24DC)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,737 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:49 PM

Posted 22 August 2014 - 04:04 PM

Greetings,

Thank you for the information. Please run this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
HKU\S-1-5-21-2607536411-3615945164-3465826159-1000\...\Run: [Startw3i] => C:\Program Files (x86)\PC Speed Maximizer\Startw3i.exe
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
AppInit_DLLs:  C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll => C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found
AppInit_DLLs-x32:  C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll => "C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll" File Not Found
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
U3 BcmSqlStartupSvc; 
U2 IAStorDataMgrSvc; 
U2 IviRegMgr; 
U2 RichVideo; 
U3 SQLWriter; 
C:\Users\Ow\AppData\Local\Temp\oi_{F98B63D7-339C-48A2-8F6E-9EFE1C885422}.exe
Task: {0BAF0057-0BD5-4450-A309-1167A86569B6} - \Updater21802.exe No Task File <==== ATTENTION
Task: C:\windows\Tasks\PC Optimizer Pro64 startups.job => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
C:\Program Files\PC Optimizer Pro
AlternateDataStreams: C:\ProgramData\Temp:373E1720
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Are you experiencing any issues?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 deltaXkila

deltaXkila
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:02:49 AM

Posted 22 August 2014 - 04:12 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-08-2014
Ran by Ow at 2014-08-22 17:11:58 Run:1
Running from C:\Users\Ow\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
HKU\S-1-5-21-2607536411-3615945164-3465826159-1000\...\Run: [Startw3i] => C:\Program Files (x86)\PC Speed Maximizer\Startw3i.exe
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
AppInit_DLLs:  C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll => C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found
AppInit_DLLs-x32:  C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll => "C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll" File Not Found
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
U3 BcmSqlStartupSvc; 
U2 IAStorDataMgrSvc; 
U2 IviRegMgr; 
U2 RichVideo; 
U3 SQLWriter; 
C:\Users\Ow\AppData\Local\Temp\oi_{F98B63D7-339C-48A2-8F6E-9EFE1C885422}.exe
Task: {0BAF0057-0BD5-4450-A309-1167A86569B6} - \Updater21802.exe No Task File <==== ATTENTION
Task: C:\windows\Tasks\PC Optimizer Pro64 startups.job => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
C:\Program Files\PC Optimizer Pro
AlternateDataStreams: C:\ProgramData\Temp:373E1720
*****************
 
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect" => Value not found.
HKU\S-1-5-21-2607536411-3615945164-3465826159-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Startw3i => value deleted successfully.
"C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll" => Value Data removed successfully.
" C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll" => Value Data removed successfully.
"C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" => Value Data removed successfully.
" C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll" => Value Data removed successfully.
"HKCR\PROTOCOLS\Handler\linkscanner" => Key deleted successfully.
"HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}" => Key deleted successfully.
"HKCR\Wow6432Node\PROTOCOLS\Handler\linkscanner" => Key not found.
"HKCR\Wow6432Node\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}" => Key deleted successfully.
BcmSqlStartupSvc => Service deleted successfully.
IAStorDataMgrSvc => Service deleted successfully.
IviRegMgr => Service deleted successfully.
RichVideo => Service deleted successfully.
SQLWriter => Service deleted successfully.
C:\Users\Ow\AppData\Local\Temp\oi_{F98B63D7-339C-48A2-8F6E-9EFE1C885422}.exe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0BAF0057-0BD5-4450-A309-1167A86569B6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0BAF0057-0BD5-4450-A309-1167A86569B6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Updater21802.exe" => Key deleted successfully.
C:\windows\Tasks\PC Optimizer Pro64 startups.job => Moved successfully.
"C:\Program Files\PC Optimizer Pro" => File/Directory not found.
C:\ProgramData\Temp => ":373E1720" ADS removed successfully.
 
==== End of Fixlog ====
 
 
I don't notice any popups anymore.


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,737 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:49 PM

Posted 22 August 2014 - 04:14 PM

Excellent, please do this.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click Run ESET Online Scanner.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Click Enable detection of potentially unwanted applications
  • Accept any security warnings from your browser.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not get a log.
  • Click the Back button.
  • Check Uninstall application on close and Delete quarantined files
  • Click the Finish button.
  • Close the ESET window and reboot your computer
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message attempt to run the program in Safe Mode
  • Press any key to start the program
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • ESET log
  • Security Check log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 deltaXkila

deltaXkila
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:02:49 AM

Posted 23 August 2014 - 10:16 AM

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptimizerPro.exe.vir Win32/SpeedingUpMyPC.O application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe.vir a variant of Win32/Adware.SpeedingUpMyPC.C application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Ow\AppData\Local\Conduit\CT3279141\WhiteSmoke_BAutoUpdateHelper.exe.vir Win32/Toolbar.Conduit.Q potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Ow\AppData\LocalLOw\WhiteSmoke_B\ldrtbWhit.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Ow\AppData\LocalLOw\WhiteSmoke_B\tbWhit.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Ow\AppData\Roaming\Mozilla\Firefox\Profiles\m32yyzw2.default\Extensions\{F0E59437-6148-4A98-B0A6-60D557EF57F4}\Plugins\npFirefoxPlugin.dll.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application deleted - quarantined
C:\Users\Ow\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00012e a variant of Win32/InstallCore.PP potentially unwanted application deleted - quarantined
C:\Users\Ow\AppData\Local\Temp\YontooLayers\background.html JS/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\Users\Ow\Downloads\winzip18-home.exe a variant of Win32/InstallCore.PP potentially unwanted application deleted - quarantined
C:\Windows\Temp\OptimizerPro.exe multiple threats cleaned by deleting - quarantined
E:\Eddie\Old PC\Downloads\Downloads\Bumblefoot_-_Abnormal.exe Win32/Adware.1ClickDownload.G application cleaned by deleting - quarantined
 
 
 

 Results of screen317's Security Check version 0.99.87  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java™ 6 Update 24  
 Java version out of Date! 
 Adobe Flash Player 14.0.0.145  
 Adobe Reader 9 Adobe Reader out of Date! 
 Mozilla Firefox (4.0.1) 
 Google Chrome 12.0.742.112  
 Google Chrome 12.0.742.122  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 8% 
````````````````````End of Log`````````````````````` 
 


#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,737 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:49 PM

Posted 23 August 2014 - 01:21 PM

Greetings,

Nothing of real concern in the ESET log. Looks good. Please do this.

===================================================

Update Java

-------------------

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

Please follow these steps to update Java and remove any existing older versions:
  • Click here to evaluate your current version of Java
  • Click Free Java Download
  • Click the Agree and Start Free Download
  • Save jxpiinstall.exe to your desktop
  • Double click the icon then click Run
  • Click Install
  • Uncheck any Ask Toolbar offers
  • Click Next
  • You should be notified You have successfully installed Java
Go to StartBtn.gif > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • In addition, check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
===================================================

Update Adobe Reader

--------------------

Your Adobe Reader is out of date and a security concern. Here is some excellent information and a video which explains the importance of minimizing the risk of infection through compromised PDF files.

Adobe Reader Update
  • Please download Adobe Reader
  • After installing the latest Adobe Reader, uninstall all previous versions through Add/Remove Programs.
  • If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed Uncheck the box which says Also Download Adobe Photoshop® Album Starter Edition
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did the updates install properly?
  • Are you experiencing any issues?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 deltaXkila

deltaXkila
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:02:49 AM

Posted 24 August 2014 - 10:39 AM

Everything installed just fine, uninstalled just fine as well. So far, no problems that I can witness right now.



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,737 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:49 PM

Posted 24 August 2014 - 01:17 PM

Greetings,

Then it looks like we are done.

Now that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

All Clean!

--------------

Your machine appears to be clean and you may delete any programs or logs on your computer as a result of our efforts. Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :thumbsup:

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:I will leave this topic open for just a day or so in case you have any further issues then it will be closed shortly thereafter.

Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. OhMy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,737 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:49 PM

Posted 25 August 2014 - 10:12 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users