Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot start task manager, start up issues, internet issues


  • This topic is locked This topic is locked
46 replies to this topic

#1 katmat

katmat

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:27 AM

Posted 08 September 2014 - 08:56 AM

I currently have several issues with the computer:

1) When I hit ctrl + alt + delete the task manager will not start 

2) When i start up computer on the windows the timer just keeps circling and screen flashes, if I hit enter a few times it says I have entered wrong password (but I never put in one). It then allows me to put my password in to start up computer

3) When I try to open browser (I use google chrome) sometimes the  mouse arrow starts flashing and several windows open 

4) While on the web computer just starts running slow

 

I did a system restore and start up problem persists, I ran a virus scan with Emsisoft and minor vrus's were found and deleted problems still exist 

Hopefully I have explained correctly and you can help

 

Thank You,

Kathy


Edited by katmat, 08 September 2014 - 08:56 AM.


BC AdBot (Login to Remove)

 


m

#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,549 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:27 AM

Posted 13 September 2014 - 09:00 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/547344 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 katmat

katmat
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:27 AM

Posted 14 September 2014 - 10:41 AM

Still having issues

Did a system restore

I downloaded and ran Emsisoft several low alert virus found

The following are the issues:

1) Cannot access task manager

2) On start up the timer just keeps circling til I hit enter then says password invalid (I never put in a password) then it will start up when I log in

3) When I click on the Chrome it unpins from the task bar and I have to use the one on desktop and repin to task bar (only chrome does this)

4) When start internet windows just start opening up to 99+ had opened when i forced a shut down

 

I do not have a windows CD

 

Here is the log:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17280  BrowserJavaVersion: 10.51.2
Run by Kathy at 10:11:11 on 2014-09-14
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.5992.1833 [GMT -5:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Total Defense\Internet Security Suite\ccschedulersvc.exe
C:\Program Files (x86)\Coupons\CouponPrinterService.exe
C:\Program Files\CrashPlan\CrashPlanService.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe
C:\windows\system32\dmwu.exe
C:\windows\SysWOW64\cfgmig32.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Total Defense\Internet Security Suite\casc.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
C:\Program Files\CrashPlan\CrashPlanTray.exe
C:\Program Files\Total Defense\Internet Security Suite\ccprovsp.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\windows\system32\wuauclt.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://yahoo.com/
uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn9\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn9\yt.dll
BHO: Total Defense Anti-Phishing Toolbar Helper: {45011CF5-E4A9-4F13-9093-F30A784EB9B2} - C:\Program Files\Total Defense\Internet Security Suite\Anti-Phishing\x86\Toolbar\caIEToolbar.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Total Defense Anti-Phishing Toolbar: {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\Total Defense\Internet Security Suite\Anti-Phishing\x86\Toolbar\caIEToolbar.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn9\yt.dll
TB: Total Defense Anti-Phishing Toolbar: {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\Total Defense\Internet Security Suite\Anti-Phishing\x86\Toolbar\caIEToolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [CAHeadless] C:\Program Files (x86)\Adobe\Elements 11 Organizer\CAHeadless\ElementsAutoAnalyzer.exe
uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
uRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
uRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
mRun: [Lenovo Eye Distance System] C:\Program Files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe 1
mRun: [Lenovo Dynamic Brightness System] C:\Program Files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe 1
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: [BrowserPlugInHelper] C:\Program Files (x86)\Wondershare\Video Converter Ultimate\BrowserPlugInHelper.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRun: [SearchProtect] C:\windows\System32\config\systemprofile\AppData\Roaming\SearchProtect\bin\cltmng.exe
StartupFolder: C:\Users\Kathy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DING!.lnk - C:\Program Files (x86)\Southwest Airlines Ding\Ding\Ding.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CRASHP~1.LNK - C:\Program Files\CrashPlan\CrashPlanTray.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{35FEA2FF-196B-4271-BC0A-57E9EE1B3B9B} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{35FEA2FF-196B-4271-BC0A-57E9EE1B3B9B} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{35FEA2FF-196B-4271-BC0A-57E9EE1B3B9B}\6627565646F6D607F607D263734343 : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{35FEA2FF-196B-4271-BC0A-57E9EE1B3B9B}\6627565646F6D607F607D263734343 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{D32F1A80-B3A1-48D1-BCF3-34A17114EBFA} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{D32F1A80-B3A1-48D1-BCF3-34A17114EBFA} : DHCPNameServer = 75.75.75.75 75.75.76.76
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Notify: PFW - UmxWnp.Dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Total Defense Anti-Phishing Toolbar Helper: {45011CF5-E4A9-4F13-9093-F30A784EB9B2} - C:\Program Files\Total Defense\Internet Security Suite\Anti-Phishing\Toolbar\caIEToolbar.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - 
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - 
x64-TB: Total Defense Anti-Phishing Toolbar: {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\Total Defense\Internet Security Suite\Anti-Phishing\Toolbar\caIEToolbar.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [cctray] "C:\Program Files\Total Defense\Internet Security Suite\casc.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Notify: igfxcui - igfxdev.dll
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\r15i7la1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311875&CUI=UN49867184978989150&UM=2&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - SweetTunes Search
FF - prefs.js: browser.startup.homepage - hxxp://yahoo.com/
FF - prefs.js: keyword.URL - hxxp://trovi.com/ResultsExt.aspx?ctid=CT3311875&SearchSource=2&CUI=UN49867184978989150&UM=2&q=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll
FF - plugin: C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in 5.5\Firefox\np-vmware-vmrc.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\browser\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\VMware\Client Integration Plug-in 5.5\npVMwareClientSupportPlugin-5-5-0.dll
FF - plugin: C:\Users\Kathy\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: C:\Users\Kathy\AppData\Roaming\CATALI~1\npBcsKtTcHW.dll
FF - plugin: C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\r15i7la1.default\extensions\{5fec7248-515c-47be-ab0a-6bc547472dea}\plugins\np-mswmp.dll
FF - plugin: C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\r15i7la1.default\extensions\{5fec7248-515c-47be-ab0a-6bc547472dea}\plugins\npFirefoxPlugin.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.privitize.hpOld0 - 
FF - user.js: extensions.privitize.tlbrSrchUrl - hxxp://searchou.com/?id=ac8fccc0000000000000ac8112538b71&q=
FF - user.js: extensions.privitize.id - ac8fccc0000000000000ac8112538b71
FF - user.js: extensions.privitize.appId - {301966DF-A84B-4255-AAB9-574B5CE237E4}
FF - user.js: extensions.privitize.instlDay - 15812
FF - user.js: extensions.privitize.vrsn - 1.8.16.22
FF - user.js: extensions.privitize.vrsni - 1.8.16.22
FF - user.js: extensions.privitize.vrsnTs - 1.8.16.220:39:29
FF - user.js: extensions.privitize.prtnrId - privitize
FF - user.js: extensions.privitize.prdct - privitize
FF - user.js: extensions.privitize.aflt - orgnl
FF - user.js: extensions.privitize.smplGrp - none
FF - user.js: extensions.privitize.tlbrId - base
FF - user.js: extensions.privitize.instlRef - 
FF - user.js: extensions.privitize.dfltLng - 
FF - user.js: extensions.privitize.excTlbr - true
FF - user.js: extensions.privitize.ffxUnstlRst - false
FF - user.js: extensions.privitize.admin - false
FF - user.js: extensions.privitize.autoRvrt - false
FF - user.js: extensions.privitize.rvrt - false
FF - user.js: extensions.privitize.hmpg - true
FF - user.js: extensions.privitize.hmpgUrl - hxxp://searchou.com/?id=ac8fccc0000000000000ac8112538b71
FF - user.js: extensions.privitize.dfltSrch - true
FF - user.js: extensions.privitize.srchPrvdr - Search The Web (privitize)
FF - user.js: extensions.privitize.kw_url - hxxp://searchou.com/?q={searchTerms}&id=ac8fccc0000000000000ac8112538b71
FF - user.js: extensions.privitize.dnsErr - true
FF - user.js: extensions.privitize.newTab - true
FF - user.js: extensions.privitize.newTabUrl - hxxp://searchou.com/?id=ac8fccc0000000000000ac8112538b71
FF - user.js: extensions.delta.tlbrSrchUrl - 
FF - user.js: extensions.delta.id - ac8fccc0000000000000ac8112538b71
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15974
FF - user.js: extensions.delta.vrsn - 1.8.24.6
FF - user.js: extensions.delta.vrsni - 1.8.24.6
FF - user.js: extensions.delta.vrsnTs - 1.8.24.68:00:43
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - coupon2
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=119351&tt=250913_cpn2&tsp=5017
FF - user.js: extensions.delta_i.babExt - 
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
.
.
.
.
.
============= SERVICES / DRIVERS ===============
.
R0 fbfmon;fbfmon;C:\windows\System32\drivers\fbfmon.sys [2011-5-18 57952]
R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2013-6-2 56336]
R0 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver;C:\windows\System32\drivers\ddcdrv.sys [2011-5-18 20832]
R1 BPntDrv;BPntDrv;C:\windows\System32\drivers\BPntDrv.sys [2011-5-18 13408]
R1 KmxAgent;KmxAgent;C:\windows\System32\drivers\KmxAgent.sys [2011-10-26 113744]
R1 KmxCfg;KmxCfg;C:\windows\System32\drivers\KmxCfg.sys [2011-9-6 365136]
R2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [2012-9-17 171600]
R2 ccSchedulerSVC;CA Common Scheduler Service;C:\Program Files\Total Defense\Internet Security Suite\ccschedulersvc.exe [2013-10-8 288776]
R2 CouponPrinterService;Coupon Printer Service;C:\Program Files (x86)\Coupons\CouponPrinterService.exe [2014-2-13 177136]
R2 CrashPlanService;CrashPlan Backup Service;C:\Program Files\CrashPlan\CrashPlanService.exe [2013-4-8 222720]
R2 FreemakeVideoCapture;FreemakeVideoCapture;C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [2013-6-29 9216]
R2 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-11-8 250712]
R2 UmxEngine;TM Engine;C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe [2011-4-4 920656]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-5-18 2655768]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2013-8-16 899152]
R2 WebOptimizer;WebOptimizer;C:\windows\System32\dmwu.exe [2012-9-26 1259888]
R2 WinSvchostManagerSrv;WinSvchostManagerSrv;C:\Windows\SysWOW64\cfgmig32.exe [2013-10-8 265736]
R3 GeneStor;Genesys Logic Storage Driver;C:\windows\System32\drivers\GeneStor.sys [2011-5-18 57856]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-11-19 317440]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2011-5-18 947304]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-9-10 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2012-11-22 19456]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2012-11-22 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2012-11-22 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-11-21 1255736]
S3 wsvd;wsvd;C:\windows\System32\drivers\wsvd.sys [2009-7-21 121840]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
.
=============== Created Last 30 ================
.
2014-09-10 08:01:56 2777088 ----a-w- C:\windows\System32\msmpeg2vdec.dll
2014-09-10 08:01:56 2285056 ----a-w- C:\windows\SysWow64\msmpeg2vdec.dll
2014-09-10 07:39:25 1031168 ----a-w- C:\windows\System32\TSWorkspace.dll
2014-09-10 07:39:24 793600 ----a-w- C:\windows\SysWow64\TSWorkspace.dll
2014-09-10 07:39:14 2565120 ----a-w- C:\windows\System32\d3d10warp.dll
2014-09-10 07:39:14 1987584 ----a-w- C:\windows\SysWow64\d3d10warp.dll
2014-09-10 07:38:59 728064 ----a-w- C:\windows\System32\kerberos.dll
2014-09-10 07:38:58 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2014-09-10 07:38:58 550912 ----a-w- C:\windows\SysWow64\kerberos.dll
2014-09-10 07:38:58 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2014-09-10 07:38:58 1460736 ----a-w- C:\windows\System32\lsasrv.dll
2014-09-10 07:38:55 578048 ----a-w- C:\windows\System32\aepdu.dll
2014-09-10 07:38:54 424448 ----a-w- C:\windows\System32\aeinv.dll
2014-09-08 12:59:27 404480 ----a-w- C:\windows\System32\gdi32.dll
2014-09-08 12:59:27 3163648 ----a-w- C:\windows\System32\win32k.sys
2014-09-08 12:59:27 311808 ----a-w- C:\windows\SysWow64\gdi32.dll
2014-09-08 04:33:48 -------- d-----w- C:\ProgramData\Emsisoft
2014-09-08 02:34:45 -------- d-----w- C:\Program Files (x86)\Emsisoft Anti-Malware
2014-08-21 08:01:56 99480 ----a-w- C:\windows\SysWow64\infocardapi.dll
2014-08-21 08:01:56 619672 ----a-w- C:\windows\SysWow64\icardagt.exe
2014-08-21 08:01:56 171160 ----a-w- C:\windows\System32\infocardapi.dll
2014-08-21 08:01:56 1389208 ----a-w- C:\windows\System32\icardagt.exe
2014-08-21 08:01:55 8856 ----a-w- C:\windows\SysWow64\icardres.dll
2014-08-21 08:01:55 8856 ----a-w- C:\windows\System32\icardres.dll
2014-08-21 08:01:47 35480 ----a-w- C:\windows\SysWow64\TsWpfWrp.exe
2014-08-21 08:01:47 35480 ----a-w- C:\windows\System32\TsWpfWrp.exe
2014-08-21 04:56:13 2048 ----a-w- C:\windows\System32\tzres.dll
2014-08-21 04:56:02 3241984 ----a-w- C:\windows\System32\msi.dll
2014-08-21 04:56:02 2363392 ----a-w- C:\windows\SysWow64\msi.dll
2014-08-21 04:56:01 1941504 ----a-w- C:\windows\System32\authui.dll
2014-08-21 04:56:00 504320 ----a-w- C:\windows\System32\msihnd.dll
2014-08-21 04:56:00 337408 ----a-w- C:\windows\SysWow64\msihnd.dll
2014-08-21 04:56:00 1805824 ----a-w- C:\windows\SysWow64\authui.dll
2014-08-21 04:56:00 112064 ----a-w- C:\windows\System32\consent.exe
2014-08-21 04:55:54 985536 ----a-w- C:\windows\System32\drivers\dxgkrnl.sys
2014-08-21 04:53:46 664064 ----a-w- C:\windows\SysWow64\rpcrt4.dll
2014-08-21 04:53:46 1216000 ----a-w- C:\windows\System32\rpcrt4.dll
2014-08-21 04:19:00 -------- d-----w- C:\Users\Kathy\FrostWire
2014-08-21 04:19:00 -------- d-----w- C:\Users\Kathy\.frostwire5
2014-08-18 17:09:28 -------- d-----w- C:\Users\Kathy\Dropbox
2014-08-18 17:06:09 -------- d-----w- C:\Users\Kathy\AppData\Roaming\Dropbox
.
==================== Find3M  ====================
.
2014-08-18 22:29:49 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2014-08-18 22:29:35 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2014-08-18 22:19:53 5833728 ----a-w- C:\windows\System32\jscript9.dll
2014-08-18 22:15:34 547328 ----a-w- C:\windows\System32\vbscript.dll
2014-08-18 22:15:09 66048 ----a-w- C:\windows\System32\iesetup.dll
2014-08-18 22:14:38 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2014-08-18 22:14:10 83968 ----a-w- C:\windows\System32\MshtmlDac.dll
2014-08-18 22:08:55 4232704 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-08-18 22:03:47 139264 ----a-w- C:\windows\System32\ieUnatt.exe
2014-08-18 22:03:37 111616 ----a-w- C:\windows\System32\ieetwcollector.exe
2014-08-18 22:03:01 758272 ----a-w- C:\windows\System32\jscript9diag.dll
2014-08-18 21:57:44 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-08-18 21:56:17 940032 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2014-08-18 21:46:26 454656 ----a-w- C:\windows\SysWow64\vbscript.dll
2014-08-18 21:45:23 61952 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-08-18 21:45:12 72704 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll
2014-08-18 21:44:44 51200 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2014-08-18 21:44:09 61952 ----a-w- C:\windows\SysWow64\MshtmlDac.dll
2014-08-18 21:36:07 112128 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2014-08-18 21:35:24 597504 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2014-08-18 21:23:17 2104832 ----a-w- C:\windows\System32\inetcpl.cpl
2014-08-18 21:23:16 1249280 ----a-w- C:\windows\System32\mshtmlmedia.dll
2014-08-18 21:22:48 60416 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-08-18 21:15:13 2310656 ----a-w- C:\windows\System32\wininet.dll
2014-08-18 21:08:54 2014208 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-08-18 21:07:44 1068032 ----a-w- C:\windows\SysWow64\mshtmlmedia.dll
2014-08-18 20:46:48 1812992 ----a-w- C:\windows\SysWow64\wininet.dll
2014-07-25 07:35:46 875688 ----a-w- C:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-25 04:47:06 869544 ----a-w- C:\windows\System32\msvcr120_clr0400.dll
2014-07-16 02:46:02 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2014-07-08 19:08:05 71344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-08 19:08:05 699056 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-07-08 19:07:18 10603008 ----a-w- C:\windows\SysWow64\FlashPlayerInstaller.exe
2014-06-18 02:18:30 692736 ----a-w- C:\windows\System32\osk.exe
2014-06-18 01:51:32 646144 ----a-w- C:\windows\SysWow64\osk.exe
.
============= FINISH: 10:11:50.94 ===============


#4 katmat

katmat
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:27 AM

Posted 14 September 2014 - 10:49 AM

I am trying to add the zip file but can't seem to figure out how to attach !!!



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,565 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:27 AM

Posted 15 September 2014 - 07:58 AM

Greetings Kathy and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Although I will provide instructions on how to attach a file there is no need to attach anything just yet.

While I review our situation please run the below for me. If necessary try to run the program in Safe Mode or download it onto a USB device from a clean computer and transfer the file to the desktop of your infected computer.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

How to Attach a File to Your Reply

--------------------
  • If necessary click the More Reply Options button in the lower right hand corner of the Reply to this topic section of the Post
  • In the lower left hand corner you should see a Browse button under Attach Files
  • Click the Browse button and a new window will open
  • Navigate to and double click on the file you want to attach
  • Once the file path is entered into the box click Attach This File
  • If successful, you will see the file name appear above Attach Files with a green check mark to the left
  • When you are done with your message and hit Reply the file will automatically be attached to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Edited by Oh My!, 15 September 2014 - 08:01 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 katmat

katmat
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:27 AM

Posted 15 September 2014 - 10:21 AM

 
Thank you so much for your help and time
Here are the documents you requesred
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by Kathy (administrator) on KATHY-PC on 15-09-2014 10:04:07
Running from C:\Users\Kathy\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Total Defense, Inc.) C:\Program Files\Total Defense\Internet Security Suite\ccschedulersvc.exe
(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe
(CrashPlan) C:\Program Files\CrashPlan\CrashPlanService.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(CA) C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe
() C:\Windows\System32\dmwu.exe
() C:\Windows\SysWOW64\cfgmig32.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Total Defense, Inc.) C:\Program Files\Total Defense\Internet Security Suite\casc.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Code 42 Software, Inc.) C:\Program Files\CrashPlan\CrashPlanTray.exe
(Total Defense, Inc.) C:\Program Files\Total Defense\Internet Security Suite\ccprovsp.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Total Defense, Inc.) C:\Program Files\Total Defense\Internet Security Suite\ccevtmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM\...\Run: [cctray] => C:\Program Files\Total Defense\Internet Security Suite\casc.exe [2733576 2013-10-08] (Total Defense, Inc.)
HKLM-x32\...\Run: [Lenovo Eye Distance System] => C:\Program Files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe [265216 2010-09-09] (Lenovo)
HKLM-x32\...\Run: [Lenovo Dynamic Brightness System] => C:\Program Files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe [285696 2010-10-08] (Lenovo)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-04-23] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [BrowserPlugInHelper] => C:\Program Files (x86)\Wondershare\Video Converter Ultimate\BrowserPlugInHelper.exe
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\PFW-x32: UmxWnp.Dll [X]
HKU\.DEFAULT\...\Run: [SearchProtect] => C:\windows\system32\config\systemprofile\AppData\Roaming\SearchProtect\bin\cltmng.exe
HKU\S-1-5-21-3671395269-1973450857-935886706-1002\...\Run: [CAHeadless] => C:\Program Files (x86)\Adobe\Elements 11 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [840784 2012-09-17] (Adobe Systems Incorporated)
HKU\S-1-5-21-3671395269-1973450857-935886706-1002\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1561968 2013-04-23] (Samsung)
HKU\S-1-5-21-3671395269-1973450857-935886706-1002\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-3671395269-1973450857-935886706-1002\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844144 2013-04-23] (Samsung)
HKU\S-1-5-21-3671395269-1973450857-935886706-1002\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-05-18] (Google Inc.)
HKU\S-1-5-21-3671395269-1973450857-935886706-1002\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1095000 2013-11-08] (Garmin Ltd or its subsidiaries)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CrashPlan Tray.lnk
ShortcutTarget: CrashPlan Tray.lnk -> C:\Program Files\CrashPlan\CrashPlanTray.exe (Code 42 Software, Inc.)
Startup: C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DING!.lnk
ShortcutTarget: DING!.lnk -> C:\Program Files (x86)\Southwest Airlines Ding\Ding\Ding.exe (Southwest Airlines)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn9\yt.dll (Yahoo! Inc.)
SearchScopes: HKLM-x32 - DefaultScope {46916ACD-07BF-4E09-BD6B-4B11928D01DB} URL = 
SearchScopes: HKCU - DefaultScope {46916ACD-07BF-4E09-BD6B-4B11928D01DB} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3311875&CUI=UN37368725901168222&UM=2
SearchScopes: HKCU - {7CD31641-0BB2-4EE7-9019-B4A21FF10C78} URL = http://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
SearchScopes: HKCU - {E5ABAE9A-EA84-4B62-A1ED-4FFB0E985039} URL = http://searchou.com/?q={searchTerms}&id=ac8fccc0000000000000ac8112538b71&r=989
BHO: Total Defense Anti-Phishing Toolbar Helper -> {45011CF5-E4A9-4F13-9093-F30A784EB9B2} -> C:\Program Files\Total Defense\Internet Security Suite\Anti-Phishing\toolbar\caIEToolbar.dll (Total Defense, Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll No File
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn9\yt.dll (Yahoo! Inc.)
BHO-x32: Total Defense Anti-Phishing Toolbar Helper -> {45011CF5-E4A9-4F13-9093-F30A784EB9B2} -> C:\Program Files\Total Defense\Internet Security Suite\Anti-Phishing\x86\toolbar\caIEToolbar.dll (Total Defense, Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Total Defense Anti-Phishing Toolbar - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\Total Defense\Internet Security Suite\Anti-Phishing\toolbar\caIEToolbar.dll (Total Defense, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn9\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - Total Defense Anti-Phishing Toolbar - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\Total Defense\Internet Security Suite\Anti-Phishing\x86\toolbar\caIEToolbar.dll (Total Defense, Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} -  No File
Toolbar: HKCU - Total Defense Anti-Phishing Toolbar - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\Total Defense\Internet Security Suite\Anti-Phishing\toolbar\caIEToolbar.dll (Total Defense, Inc.)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{35FEA2FF-196B-4271-BC0A-57E9EE1B3B9B}: [NameServer] 8.26.56.26,156.154.70.22
Tcpip\..\Interfaces\{D32F1A80-B3A1-48D1-BCF3-34A17114EBFA}: [NameServer] 8.26.56.26,156.154.70.22
 
FireFox:
========
FF ProfilePath: C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\r15i7la1.default
FF NewTab: hxxp://search.conduit.com/Results.aspx?ctid=CT3315039&searchsource=69&UM=2&
FF DefaultSearchEngine: SweetTunes Search
FF SelectedSearchEngine: SweetTunes Search
FF Homepage: hxxp://yahoo.com/
FF Keyword.URL: hxxp://trovi.com/ResultsExt.aspx?ctid=CT3311875&SearchSource=2&CUI=UN49867184978989150&UM=2&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @vmware.com/vmrc,version=5.5.0.00000 -> C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in 5.5\Firefox\np-vmware-vmrc.dll (VMware, Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: vmware.com/client-support-plugin -> C:\Program Files (x86)\VMware\Client Integration Plug-in 5.5\npVMwareClientSupportPlugin-5-5-0.dll (VMware, Inc.)
FF Plugin HKCU: @yahoo.com/BrowserPlus,version=2.9.8 -> C:\Users\Kathy\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
FF Plugin HKCU: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Kathy\AppData\Roaming\CATALI~1\NPBCSK~1.DLL (Catalina Marketing Corporation)
FF user.js: detected! => C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\r15i7la1.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF SearchPlugin: C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\r15i7la1.default\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF Extension: Privitize.com - C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\r15i7la1.default\Extensions\ffxtlbr@privitize.com [2013-04-17]
FF Extension: SweetTunes  - C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\r15i7la1.default\Extensions\{5fec7248-515c-47be-ab0a-6bc547472dea} [2014-07-24]
FF Extension: ClickCutter AutoCopy - C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\r15i7la1.default\Extensions\ClickCutterFFAutoCopy@clickcutter.com.xpi [2012-11-23]
FF Extension: Adblock Plus - C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\r15i7la1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-11-23]
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\Web Assistant\Firefox
FF HKLM\...\Firefox\Extensions: [{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\fmdownloader@gmail.com
FF Extension: Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\fmdownloader@gmail.com [2013-06-29]
FF HKLM-x32\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\ytfmdownloader@gmail.com
FF Extension: Freemake Youtube Download Button - C:\Program Files (x86)\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\ytfmdownloader@gmail.com [2013-06-29]
FF HKLM-x32\...\Firefox\Extensions: [caaphishtoolbar@ca.com] - C:\Program Files\Total Defense\Internet Security Suite\Anti-Phishing\x86\Toolbar\Firefox
FF Extension: Total Defense Anti-Phishing Toolbar - C:\Program Files\Total Defense\Internet Security Suite\Anti-Phishing\x86\Toolbar\Firefox [2013-09-18]
FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox
FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox [2013-11-11]
 
Chrome: 
=======
CHR HomePage: Default -> https://mysearch.avg.com?cid={1C0B717E-C6CD-4990-9600-72A44D0D02CA}&mid=522c5e4ef6e94f348b8c70208b77d610-5c557d67ed0264e3ed9d8bf9eb4f60d5aff285a5&lang=en&ds=oc011&coid=avgtbdisoc&cmpid=&pr=sa&d=2014-08-20 23:18:12&v=18.1.9.786&pid=safeguard&sg=&sap=hp
CHR StartupUrls: Default -> "https://www.yahoo.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-15]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-15]
CHR Extension: (Freemake Video Downloader) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf [2013-07-02]
CHR Extension: (Freemake Youtube Download Button) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh [2013-07-02]
CHR Extension: (Total Defense Anti-Phishing Toolbar) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpdpkkpdlooddakbebmkeeegehfjdnih [2013-09-18]
CHR Extension: (Freemake Video Converter) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj [2013-11-11]
CHR Extension: (MyFunCards) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kilnchfgclednmeoljcnnpjbhahobggo [2014-05-11]
CHR Extension: (Google Wallet) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
CHR HKCU\...\Chrome\Extension: [blklojfklgnogjaijkibhfjepakiocng] - C:\Users\Kathy\AppData\Local\CRE\blklojfklgnogjaijkibhfjepakiocng.crx []
CHR HKLM-x32\...\Chrome\Extension: [blklojfklgnogjaijkibhfjepakiocng] - C:\Users\Kathy\AppData\Local\CRE\blklojfklgnogjaijkibhfjepakiocng.crx []
CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - C:\Program Files (x86)\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2013-06-29]
CHR HKLM-x32\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - C:\Program Files (x86)\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Chrome\ChromeYoutubePlugin.crx [2013-06-29]
CHR HKLM-x32\...\Chrome\Extension: [hpdpkkpdlooddakbebmkeeegehfjdnih] - C:\Program Files\Total Defense\Internet Security Suite\Anti-Phishing\x86\Toolbar\GoogleChrome\td_aphish_toolbar.crx [2013-10-08]
CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [kilnchfgclednmeoljcnnpjbhahobggo] - C:\Program Files (x86)\MyFunCards_5m Chrome Extension\bar\MyFunCards@mindspark.com.gen1 [2014-05-11]
CHR HKLM-x32\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx [2013-04-21]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated)
S3 AdobeFlashPlayerUpdateSvc; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [257712 2014-05-14] () [File not signed]
R3 CaCCProvSP; C:\Program Files\Total Defense\Internet Security Suite\ccprovsp.exe [367112 2013-10-08] (Total Defense, Inc.)
R2 ccSchedulerSVC; C:\Program Files\Total Defense\Internet Security Suite\ccschedulersvc.exe [288776 2013-10-08] (Total Defense, Inc.)
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [177136 2014-04-28] (Coupons.com Inc.)
R2 CrashPlanService; C:\Program Files\CrashPlan\CrashPlanService.exe [222720 2013-04-08] (CrashPlan) [File not signed]
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-06-28] (Ellora Assets Corp.) [File not signed]
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250712 2013-11-08] (Garmin Ltd or its subsidiaries)
R2 UmxEngine; C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe [920656 2011-04-04] (CA)
R2 WebOptimizer; C:\Windows\system32\dmwu.exe [1259888 2012-09-13] ()
R2 WinSvchostManagerSrv; C:\windows\SysWOW64\cfgmig32.exe [265736 2013-10-08] ()
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 GeneStor; C:\Windows\System32\DRIVERS\GeneStor.sys [57856 2010-12-16] (GenesysLogic)
R1 KmxAgent; C:\Windows\System32\DRIVERS\kmxagent.sys [113744 2011-10-26] (CA)
R1 KmxCfg; C:\Windows\System32\DRIVERS\kmxcfg.sys [365136 2011-09-06] (CA)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
R0 WinI2C-DDC; C:\Windows\System32\drivers\DDCDrv.sys [20832 2008-04-08] (Nicomsoft Ltd.)
R0 WinI2C-DDC; C:\Windows\SysWOW64\drivers\DDCDrv.sys [15712 2010-03-22] (Nicomsoft Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 KmxFilter; system32\DRIVERS\KmxFilter.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-15 10:04 - 2014-09-15 10:04 - 00025449 _____ () C:\Users\Kathy\Downloads\FRST.txt
2014-09-15 10:03 - 2014-09-15 10:04 - 00000000 ____D () C:\FRST
2014-09-15 10:03 - 2014-09-15 10:03 - 00415232 _____ (Farbar) C:\Users\Kathy\Downloads\FSS.exe
2014-09-15 10:02 - 2014-09-15 10:03 - 02105856 _____ (Farbar) C:\Users\Kathy\Downloads\FRST64.exe
2014-09-15 09:42 - 2014-09-15 09:42 - 00000000 ____D () C:\Program Files (x86)\PackageTracer_69EI
2014-09-14 10:47 - 2014-09-14 10:47 - 00010314 _____ () C:\Users\Kathy\Documents\UNLESS SPECIFICALLY INSTRUCTED.zip
2014-09-14 10:40 - 2014-09-14 10:40 - 00111829 _____ () C:\Users\Kathy\Downloads\CannotstarttaskmanagerstartupissuesinternetissuespageNumber-VirusTrojanSpywareandMalwareRemovalLogs.html
2014-09-14 10:39 - 2014-09-14 10:38 - 00010314 _____ () C:\Users\Kathy\Documents\NewZip.zip
2014-09-14 10:37 - 2014-09-14 10:38 - 00000000 ____D () C:\Users\Kathy\Documents\My WinZip Files
2014-09-14 10:11 - 2014-09-14 10:11 - 00688992 ____R (Swearware) C:\Users\Kathy\Downloads\dds (1).com
2014-09-14 09:39 - 2014-09-14 09:39 - 00831384 _____ () C:\Users\Kathy\Downloads\winzip180.exe
2014-09-13 23:52 - 2014-09-13 23:52 - 00873680 _____ ( ) C:\Users\Kathy\Downloads\winzip18.exe
2014-09-13 10:22 - 2014-09-14 09:18 - 00013162 _____ () C:\Users\Kathy\Documents\dds file.txt
2014-09-13 10:17 - 2014-09-14 10:11 - 00025902 _____ () C:\Users\Kathy\Desktop\dds.txt
2014-09-13 10:17 - 2014-09-14 10:11 - 00011554 _____ () C:\Users\Kathy\Desktop\attach.txt
2014-09-13 10:16 - 2014-09-13 10:16 - 00688992 ____R (Swearware) C:\Users\Kathy\Downloads\dds.com
2014-09-10 03:04 - 2014-08-19 13:05 - 00374968 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-09-10 03:04 - 2014-08-19 12:39 - 00327872 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-09-10 03:04 - 2014-08-18 18:01 - 23591424 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-09-10 03:04 - 2014-08-18 17:29 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-09-10 03:04 - 2014-08-18 17:29 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-09-10 03:04 - 2014-08-18 17:26 - 17455104 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-09-10 03:04 - 2014-08-18 17:20 - 02793984 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-09-10 03:04 - 2014-08-18 17:19 - 05833728 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-09-10 03:04 - 2014-08-18 17:15 - 00547328 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-09-10 03:04 - 2014-08-18 17:15 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-09-10 03:04 - 2014-08-18 17:14 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-09-10 03:04 - 2014-08-18 17:14 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-09-10 03:04 - 2014-08-18 17:08 - 04232704 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-09-10 03:04 - 2014-08-18 17:08 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-09-10 03:04 - 2014-08-18 17:08 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-09-10 03:04 - 2014-08-18 17:05 - 00596480 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-09-10 03:04 - 2014-08-18 17:03 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-09-10 03:04 - 2014-08-18 17:03 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-09-10 03:04 - 2014-08-18 17:03 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-09-10 03:04 - 2014-08-18 16:57 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-09-10 03:04 - 2014-08-18 16:56 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-09-10 03:04 - 2014-08-18 16:51 - 00446464 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-09-10 03:04 - 2014-08-18 16:46 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-09-10 03:04 - 2014-08-18 16:45 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 03:04 - 2014-08-18 16:45 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-09-10 03:04 - 2014-08-18 16:44 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-09-10 03:04 - 2014-08-18 16:44 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-09-10 03:04 - 2014-08-18 16:42 - 02185728 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-09-10 03:04 - 2014-08-18 16:40 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-09-10 03:04 - 2014-08-18 16:39 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-09-10 03:04 - 2014-08-18 16:39 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-09-10 03:04 - 2014-08-18 16:39 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-09-10 03:04 - 2014-08-18 16:38 - 00289280 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-09-10 03:04 - 2014-08-18 16:37 - 00440320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-09-10 03:04 - 2014-08-18 16:36 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-09-10 03:04 - 2014-08-18 16:35 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-09-10 03:04 - 2014-08-18 16:27 - 00365056 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-09-10 03:04 - 2014-08-18 16:25 - 00727040 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-09-10 03:04 - 2014-08-18 16:25 - 00707072 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-09-10 03:04 - 2014-08-18 16:23 - 02104832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-09-10 03:04 - 2014-08-18 16:23 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-09-10 03:04 - 2014-08-18 16:22 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-10 03:04 - 2014-08-18 16:19 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-09-10 03:04 - 2014-08-18 16:17 - 00243200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-09-10 03:04 - 2014-08-18 16:17 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-09-10 03:04 - 2014-08-18 16:16 - 13588480 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-09-10 03:04 - 2014-08-18 16:15 - 11769856 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-09-10 03:04 - 2014-08-18 16:15 - 02310656 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-09-10 03:04 - 2014-08-18 16:09 - 00603136 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-09-10 03:04 - 2014-08-18 16:08 - 02014208 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-09-10 03:04 - 2014-08-18 16:07 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-09-10 03:04 - 2014-08-18 15:55 - 01447424 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-09-10 03:04 - 2014-08-18 15:46 - 01812992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-09-10 03:04 - 2014-08-18 15:38 - 01190400 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-09-10 03:04 - 2014-08-18 15:38 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-09-10 03:04 - 2014-08-18 15:36 - 00678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-09-10 03:01 - 2014-06-26 21:08 - 02777088 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll
2014-09-10 03:01 - 2014-06-26 20:45 - 02285056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2vdec.dll
2014-09-10 02:39 - 2014-08-01 06:53 - 01031168 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll
2014-09-10 02:39 - 2014-08-01 06:35 - 00793600 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSWorkspace.dll
2014-09-10 02:39 - 2014-06-23 22:29 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-09-10 02:39 - 2014-06-23 21:59 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-09-10 02:38 - 2014-09-04 21:10 - 00578048 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-09-10 02:38 - 2014-09-04 21:05 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-09-10 02:38 - 2014-07-06 21:06 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-09-10 02:38 - 2014-07-06 21:06 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-09-10 02:38 - 2014-07-06 20:40 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-09-10 02:38 - 2014-07-06 20:40 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-09-10 02:38 - 2014-07-06 20:39 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-09-08 07:59 - 2014-08-22 21:07 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-09-08 07:59 - 2014-08-22 20:45 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-09-08 07:59 - 2014-08-22 19:59 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-09-07 23:36 - 2014-09-07 23:36 - 00001528 _____ () C:\EamClean.log
2014-09-07 23:33 - 2014-09-07 23:33 - 00000000 ____D () C:\ProgramData\Emsisoft
2014-09-07 21:34 - 2014-09-08 07:49 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-09-07 12:52 - 2014-09-07 13:11 - 00000000 ____D () C:\Users\Kathy\Desktop\New folder (9)
2014-09-07 12:51 - 2014-09-07 13:43 - 00000000 ____D () C:\Users\Kathy\Desktop\Joes baby
2014-09-07 09:47 - 2014-09-07 13:04 - 00000000 ____D () C:\Users\Kathy\Desktop\mar
2014-09-04 21:46 - 2014-09-04 21:46 - 00000000 ____D () C:\Users\Public\Documents\CrashDump
2014-08-25 10:20 - 2014-08-25 10:20 - 02027336 _____ (Coupons.com Incorporated) C:\Users\Kathy\Downloads\CouponPrinterCPS.exe
2014-08-25 10:20 - 2014-08-25 10:20 - 02027336 _____ (Coupons.com Incorporated) C:\Users\Kathy\Downloads\CouponPrinterCPS (1).exe
2014-08-25 10:06 - 2014-08-25 10:06 - 03834608 _____ (Catalina Marketing Corp) C:\Users\Kathy\Downloads\CatalinaSavingsPrinter.exe
2014-08-21 03:01 - 2014-06-30 17:24 - 00008856 _____ (Microsoft Corporation) C:\windows\system32\icardres.dll
2014-08-21 03:01 - 2014-06-30 17:14 - 00008856 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardres.dll
2014-08-21 03:01 - 2014-06-06 01:16 - 00035480 _____ (Microsoft Corporation) C:\windows\SysWOW64\TsWpfWrp.exe
2014-08-21 03:01 - 2014-06-06 01:12 - 00035480 _____ (Microsoft Corporation) C:\windows\system32\TsWpfWrp.exe
2014-08-21 03:01 - 2014-03-09 16:48 - 01389208 _____ (Microsoft Corporation) C:\windows\system32\icardagt.exe
2014-08-21 03:01 - 2014-03-09 16:48 - 00171160 _____ (Microsoft Corporation) C:\windows\system32\infocardapi.dll
2014-08-21 03:01 - 2014-03-09 16:47 - 00619672 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardagt.exe
2014-08-21 03:01 - 2014-03-09 16:47 - 00099480 _____ (Microsoft Corporation) C:\windows\SysWOW64\infocardapi.dll
2014-08-20 23:56 - 2014-07-15 22:23 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-08-20 23:56 - 2014-06-03 05:02 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-08-20 23:56 - 2014-06-03 05:02 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2014-08-20 23:56 - 2014-06-03 05:02 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2014-08-20 23:56 - 2014-06-03 05:02 - 00112064 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2014-08-20 23:56 - 2014-06-03 04:29 - 02363392 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-08-20 23:56 - 2014-06-03 04:29 - 01805824 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2014-08-20 23:56 - 2014-06-03 04:29 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2014-08-20 23:55 - 2014-06-24 21:05 - 14175744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-08-20 23:55 - 2014-06-24 20:41 - 12874240 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-08-20 23:55 - 2014-06-15 21:10 - 00985536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2014-08-20 23:53 - 2014-07-13 21:02 - 01216000 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2014-08-20 23:53 - 2014-07-13 20:40 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2014-08-20 23:19 - 2014-08-20 23:19 - 00000000 ____D () C:\Users\Kathy\FrostWire
2014-08-20 23:19 - 2014-08-20 23:19 - 00000000 ____D () C:\Users\Kathy\.frostwire5
2014-08-20 23:17 - 2014-08-20 23:17 - 00000000 ____D () C:\Users\Kathy\Documents\DVDVideoSoft
2014-08-20 22:48 - 2014-08-20 22:48 - 18004657 _____ () C:\Users\Kathy\Downloads\20140820_215314 (2).mp4
2014-08-20 22:46 - 2014-08-20 22:47 - 18004657 _____ () C:\Users\Kathy\Downloads\20140820_215314 (1).mp4
2014-08-20 22:45 - 2014-08-20 22:45 - 18004657 _____ () C:\Users\Kathy\Downloads\20140820_215314.mp4
2014-08-18 12:09 - 2014-08-20 23:42 - 00000000 ____D () C:\Users\Kathy\Dropbox
2014-08-18 12:08 - 2014-08-20 23:42 - 00000000 ____D () C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-18 12:06 - 2014-08-18 12:09 - 00000000 ____D () C:\Users\Kathy\AppData\Roaming\Dropbox
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-15 10:04 - 2014-09-15 10:04 - 00025449 _____ () C:\Users\Kathy\Downloads\FRST.txt
2014-09-15 10:04 - 2014-09-15 10:03 - 00000000 ____D () C:\FRST
2014-09-15 10:03 - 2014-09-15 10:03 - 00415232 _____ (Farbar) C:\Users\Kathy\Downloads\FSS.exe
2014-09-15 10:03 - 2014-09-15 10:02 - 02105856 _____ (Farbar) C:\Users\Kathy\Downloads\FRST64.exe
2014-09-15 09:42 - 2014-09-15 09:42 - 00000000 ____D () C:\Program Files (x86)\PackageTracer_69EI
2014-09-15 09:42 - 2012-11-22 00:52 - 00000892 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore1cdc875899bf979.job
2014-09-15 09:33 - 2011-05-18 18:53 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-15 09:32 - 2011-05-18 18:42 - 01540691 _____ () C:\windows\WindowsUpdate.log
2014-09-15 09:31 - 2012-04-04 18:35 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-09-14 21:13 - 2011-05-18 18:53 - 01272703 _____ () C:\windows\system32\fastboot.set
2014-09-14 14:10 - 2009-07-13 23:45 - 00028336 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-14 14:10 - 2009-07-13 23:45 - 00028336 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-14 10:47 - 2014-09-14 10:47 - 00010314 _____ () C:\Users\Kathy\Documents\UNLESS SPECIFICALLY INSTRUCTED.zip
2014-09-14 10:40 - 2014-09-14 10:40 - 00111829 _____ () C:\Users\Kathy\Downloads\CannotstarttaskmanagerstartupissuesinternetissuespageNumber-VirusTrojanSpywareandMalwareRemovalLogs.html
2014-09-14 10:38 - 2014-09-14 10:39 - 00010314 _____ () C:\Users\Kathy\Documents\NewZip.zip
2014-09-14 10:38 - 2014-09-14 10:37 - 00000000 ____D () C:\Users\Kathy\Documents\My WinZip Files
2014-09-14 10:11 - 2014-09-14 10:11 - 00688992 ____R (Swearware) C:\Users\Kathy\Downloads\dds (1).com
2014-09-14 10:11 - 2014-09-13 10:17 - 00025902 _____ () C:\Users\Kathy\Desktop\dds.txt
2014-09-14 10:11 - 2014-09-13 10:17 - 00011554 _____ () C:\Users\Kathy\Desktop\attach.txt
2014-09-14 09:39 - 2014-09-14 09:39 - 00831384 _____ () C:\Users\Kathy\Downloads\winzip180.exe
2014-09-14 09:18 - 2014-09-13 10:22 - 00013162 _____ () C:\Users\Kathy\Documents\dds file.txt
2014-09-14 00:01 - 2013-04-16 00:24 - 00000000 ____D () C:\ProgramData\WinZip
2014-09-13 23:52 - 2014-09-13 23:52 - 00873680 _____ ( ) C:\Users\Kathy\Downloads\winzip18.exe
2014-09-13 15:06 - 2014-05-12 12:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-13 10:16 - 2014-09-13 10:16 - 00688992 ____R (Swearware) C:\Users\Kathy\Downloads\dds.com
2014-09-12 22:15 - 2009-07-14 00:13 - 00782510 _____ () C:\windows\system32\PerfStringBackup.INI
2014-09-12 22:11 - 2013-05-27 15:19 - 00000352 _____ () C:\windows\Tasks\AVG-Secure-Search-Update_MAY2013_TB_rel.job
2014-09-12 22:09 - 2013-09-26 08:04 - 00190597 _____ () C:\windows\system32\Drivers\kmxcfg.u2k0
2014-09-12 22:09 - 2013-09-26 08:04 - 00084684 _____ () C:\windows\system32\Drivers\KmxAgent.asc
2014-09-12 22:09 - 2013-09-26 08:04 - 00000085 _____ () C:\windows\system32\Drivers\kmxcfg.u2k7
2014-09-12 22:09 - 2013-09-26 08:04 - 00000085 _____ () C:\windows\system32\Drivers\kmxcfg.u2k6
2014-09-12 22:09 - 2013-09-26 08:04 - 00000085 _____ () C:\windows\system32\Drivers\kmxcfg.u2k5
2014-09-12 22:09 - 2013-09-26 08:04 - 00000085 _____ () C:\windows\system32\Drivers\kmxcfg.u2k4
2014-09-12 22:09 - 2013-09-26 08:04 - 00000085 _____ () C:\windows\system32\Drivers\kmxcfg.u2k3
2014-09-12 22:09 - 2013-09-26 08:04 - 00000085 _____ () C:\windows\system32\Drivers\kmxcfg.u2k2
2014-09-12 22:09 - 2013-09-26 08:04 - 00000085 _____ () C:\windows\system32\Drivers\kmxcfg.u2k1
2014-09-12 22:09 - 2013-09-26 08:04 - 00000049 _____ () C:\windows\system32\Drivers\kmxzone.u2k7
2014-09-12 22:09 - 2013-09-26 08:04 - 00000049 _____ () C:\windows\system32\Drivers\kmxzone.u2k6
2014-09-12 22:09 - 2013-09-26 08:04 - 00000049 _____ () C:\windows\system32\Drivers\kmxzone.u2k5
2014-09-12 22:09 - 2013-09-26 08:04 - 00000049 _____ () C:\windows\system32\Drivers\kmxzone.u2k4
2014-09-12 22:09 - 2013-09-26 08:04 - 00000049 _____ () C:\windows\system32\Drivers\kmxzone.u2k3
2014-09-12 22:09 - 2013-09-26 08:04 - 00000049 _____ () C:\windows\system32\Drivers\kmxzone.u2k2
2014-09-12 22:09 - 2013-09-26 08:04 - 00000049 _____ () C:\windows\system32\Drivers\kmxzone.u2k1
2014-09-12 22:09 - 2013-09-26 08:04 - 00000049 _____ () C:\windows\system32\Drivers\kmxzone.u2k0
2014-09-12 22:09 - 2012-10-08 22:53 - 00018080 _____ () C:\windows\setupact.log
2014-09-12 22:09 - 2012-02-17 17:10 - 07368380 _____ () C:\windows\system32\PsBoot.log
2014-09-12 22:09 - 2012-02-17 17:10 - 00000000 _____ () C:\windows\system32\defragLog.log
2014-09-12 22:09 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-09-10 12:30 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\rescache
2014-09-10 03:04 - 2012-01-01 12:02 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-10 03:03 - 2014-02-26 04:04 - 00774632 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-09-10 03:01 - 2014-05-07 03:00 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-09-09 05:28 - 2011-05-18 18:53 - 00002102 _____ () C:\Users\Public\Desktop\Internet Browser.lnk
2014-09-09 03:17 - 2009-07-13 23:45 - 00610880 _____ () C:\windows\system32\FNTCACHE.DAT
2014-09-08 07:55 - 2011-11-04 09:51 - 00000000 ____D () C:\Users\Kathy
2014-09-08 07:50 - 2013-09-26 08:00 - 00000000 ____D () C:\Program Files (x86)\File Type Helper
2014-09-08 07:49 - 2014-09-07 21:34 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-09-08 07:49 - 2014-05-30 13:58 - 00000000 ____D () C:\Users\Kathy2
2014-09-08 07:49 - 2013-09-26 08:00 - 00000000 ____D () C:\Users\Kathy\AppData\Local\TopArcadeHits
2014-09-08 07:49 - 2013-09-26 07:59 - 00000000 ____D () C:\Program Files (x86)\WebConnect
2014-09-08 07:49 - 2013-09-26 07:59 - 00000000 ____D () C:\Program Files (x86)\Fast Free Converter
2014-09-08 07:49 - 2013-08-12 10:50 - 00000000 ____D () C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina – Print Savings
2014-09-08 07:49 - 2013-08-12 10:50 - 00000000 ____D () C:\Users\Kathy\AppData\Roaming\Catalina – Print Savings
2014-09-08 07:49 - 2013-04-23 15:18 - 00000000 ____D () C:\Users\Kathy\AppData\Local\Conduit
2014-09-08 07:49 - 2013-04-23 15:18 - 00000000 ____D () C:\Program Files (x86)\Conduit
2014-09-08 07:49 - 2013-01-10 17:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
2014-09-08 07:49 - 2013-01-10 17:51 - 00000000 ____D () C:\Program Files (x86)\Coupons
2014-09-08 07:49 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\registration
2014-09-08 07:48 - 2012-04-02 21:13 - 00000000 __RHD () C:\MSOCache
2014-09-07 23:36 - 2014-09-07 23:36 - 00001528 _____ () C:\EamClean.log
2014-09-07 23:33 - 2014-09-07 23:33 - 00000000 ____D () C:\ProgramData\Emsisoft
2014-09-07 13:43 - 2014-09-07 12:51 - 00000000 ____D () C:\Users\Kathy\Desktop\Joes baby
2014-09-07 13:11 - 2014-09-07 12:52 - 00000000 ____D () C:\Users\Kathy\Desktop\New folder (9)
2014-09-07 13:04 - 2014-09-07 09:47 - 00000000 ____D () C:\Users\Kathy\Desktop\mar
2014-09-07 10:21 - 2013-04-18 06:27 - 00000000 ____D () C:\Users\Kathy\Desktop\Florida 2011
2014-09-05 11:50 - 2013-02-28 11:35 - 00000000 ____D () C:\Users\Kathy\Desktop\from office
2014-09-04 21:46 - 2014-09-04 21:46 - 00000000 ____D () C:\Users\Public\Documents\CrashDump
2014-09-04 21:10 - 2014-09-10 02:38 - 00578048 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-09-04 21:05 - 2014-09-10 02:38 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-08-25 10:20 - 2014-08-25 10:20 - 02027336 _____ (Coupons.com Incorporated) C:\Users\Kathy\Downloads\CouponPrinterCPS.exe
2014-08-25 10:20 - 2014-08-25 10:20 - 02027336 _____ (Coupons.com Incorporated) C:\Users\Kathy\Downloads\CouponPrinterCPS (1).exe
2014-08-25 10:06 - 2014-08-25 10:06 - 03834608 _____ (Catalina Marketing Corp) C:\Users\Kathy\Downloads\CatalinaSavingsPrinter.exe
2014-08-22 21:07 - 2014-09-08 07:59 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-22 20:45 - 2014-09-08 07:59 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-08-22 19:59 - 2014-09-08 07:59 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-22 11:31 - 2012-07-20 12:43 - 00000000 ____D () C:\Users\Kathy\AppData\Local\CrashDumps
2014-08-21 03:29 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-08-20 23:42 - 2014-08-18 12:09 - 00000000 ____D () C:\Users\Kathy\Dropbox
2014-08-20 23:42 - 2014-08-18 12:08 - 00000000 ____D () C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-20 23:42 - 2012-07-20 06:34 - 00000000 ____D () C:\Users\Public\Documents\Pinnacle
2014-08-20 23:42 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\servicing
2014-08-20 23:42 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\AppCompat
2014-08-20 23:42 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-08-20 23:38 - 2013-11-21 11:47 - 00000000 ____D () C:\ProgramData\Garmin
2014-08-20 23:19 - 2014-08-20 23:19 - 00000000 ____D () C:\Users\Kathy\FrostWire
2014-08-20 23:19 - 2014-08-20 23:19 - 00000000 ____D () C:\Users\Kathy\.frostwire5
2014-08-20 23:17 - 2014-08-20 23:17 - 00000000 ____D () C:\Users\Kathy\Documents\DVDVideoSoft
2014-08-20 22:51 - 2012-09-26 10:15 - 00000000 ____D () C:\Users\Kathy\AppData\Local\Apple Computer
2014-08-20 22:48 - 2014-08-20 22:48 - 18004657 _____ () C:\Users\Kathy\Downloads\20140820_215314 (2).mp4
2014-08-20 22:47 - 2014-08-20 22:46 - 18004657 _____ () C:\Users\Kathy\Downloads\20140820_215314 (1).mp4
2014-08-20 22:45 - 2014-08-20 22:45 - 18004657 _____ () C:\Users\Kathy\Downloads\20140820_215314.mp4
2014-08-20 10:55 - 2013-06-08 05:53 - 00000000 ____D () C:\Users\Kathy\Documents\samsung
2014-08-19 13:05 - 2014-09-10 03:04 - 00374968 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-08-19 12:39 - 2014-09-10 03:04 - 00327872 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-08-18 18:01 - 2014-09-10 03:04 - 23591424 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-08-18 17:29 - 2014-09-10 03:04 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-08-18 17:29 - 2014-09-10 03:04 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-08-18 17:26 - 2014-09-10 03:04 - 17455104 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-08-18 17:20 - 2014-09-10 03:04 - 02793984 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-08-18 17:19 - 2014-09-10 03:04 - 05833728 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-08-18 17:15 - 2014-09-10 03:04 - 00547328 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-08-18 17:15 - 2014-09-10 03:04 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-08-18 17:14 - 2014-09-10 03:04 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-08-18 17:14 - 2014-09-10 03:04 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-08-18 17:08 - 2014-09-10 03:04 - 04232704 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-08-18 17:08 - 2014-09-10 03:04 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-08-18 17:08 - 2014-09-10 03:04 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-08-18 17:05 - 2014-09-10 03:04 - 00596480 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-08-18 17:03 - 2014-09-10 03:04 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-08-18 17:03 - 2014-09-10 03:04 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-08-18 17:03 - 2014-09-10 03:04 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-08-18 16:57 - 2014-09-10 03:04 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-08-18 16:56 - 2014-09-10 03:04 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-08-18 16:51 - 2014-09-10 03:04 - 00446464 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-08-18 16:46 - 2014-09-10 03:04 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-08-18 16:45 - 2014-09-10 03:04 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 16:45 - 2014-09-10 03:04 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-08-18 16:44 - 2014-09-10 03:04 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-08-18 16:44 - 2014-09-10 03:04 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-08-18 16:42 - 2014-09-10 03:04 - 02185728 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-08-18 16:40 - 2014-09-10 03:04 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-08-18 16:39 - 2014-09-10 03:04 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-08-18 16:39 - 2014-09-10 03:04 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-08-18 16:39 - 2014-09-10 03:04 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-08-18 16:38 - 2014-09-10 03:04 - 00289280 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-08-18 16:37 - 2014-09-10 03:04 - 00440320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-08-18 16:36 - 2014-09-10 03:04 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-08-18 16:35 - 2014-09-10 03:04 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-08-18 16:27 - 2014-09-10 03:04 - 00365056 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-08-18 16:25 - 2014-09-10 03:04 - 00727040 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-08-18 16:25 - 2014-09-10 03:04 - 00707072 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-08-18 16:23 - 2014-09-10 03:04 - 02104832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-08-18 16:23 - 2014-09-10 03:04 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-08-18 16:22 - 2014-09-10 03:04 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-18 16:19 - 2014-09-10 03:04 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-08-18 16:17 - 2014-09-10 03:04 - 00243200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-08-18 16:17 - 2014-09-10 03:04 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-08-18 16:16 - 2014-09-10 03:04 - 13588480 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-08-18 16:15 - 2014-09-10 03:04 - 11769856 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-08-18 16:15 - 2014-09-10 03:04 - 02310656 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-08-18 16:09 - 2014-09-10 03:04 - 00603136 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-08-18 16:08 - 2014-09-10 03:04 - 02014208 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-08-18 16:07 - 2014-09-10 03:04 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-08-18 15:55 - 2014-09-10 03:04 - 01447424 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-08-18 15:46 - 2014-09-10 03:04 - 01812992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-08-18 15:38 - 2014-09-10 03:04 - 01190400 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-08-18 15:38 - 2014-09-10 03:04 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-08-18 15:36 - 2014-09-10 03:04 - 00678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-08-18 12:09 - 2014-08-18 12:06 - 00000000 ____D () C:\Users\Kathy\AppData\Roaming\Dropbox
 
ZeroAccess:
C:\Windows\Installer\{23637f7a-81e0-f604-67ef-989e173ce9d8}
 
Files to move or delete:
====================
C:\ProgramData\flashax10.exe
C:\Users\Kathy\.csp_ovftool_settings.js
 
 
Some content of TEMP:
====================
C:\Users\Kathy\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Kathy\AppData\Local\Temp\_is3F51.exe
C:\Users\Kathy\AppData\Local\Temp\_is4E2F.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-09 10:37
 
==================== End Of Log ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014
Ran by Kathy at 2014-09-15 10:04:50
Running from C:\Users\Kathy\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip (HKLM-x32\...\7-Zip 9.2.0) (Version: 9.2.0 - 7-Zip)
7-Zip (Version: 9.2.0 - 7-Zip) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version:  - )
ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Elements 11 (HKLM\...\PremElem110) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 11 (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
APH placeholder (Version:  - ) Hidden
Apple Application Support (HKLM-x32\...\{63EC2120-1742-4625-AA47-C6A8AEC9C64C}) (Version: 2.2.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}) (Version: 6.0.0.59 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio 2012 v.10.0.15 (HKLM-x32\...\Ashampoo Burning Studio 2012_is1) (Version: 10.0.15 - Ashampoo GmbH & Co. KG)
Ashampoo Burning Studio 2013 v.11.0.5 (HKLM-x32\...\Ashampoo Burning Studio 2013_is1) (Version: 11.0.5 - Ashampoo GmbH & Co. KG)
Ashampoo Music Studio 2012 v.1.0.0 (HKLM-x32\...\Ashampoo Music Studio 2012_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Commander 8 v.8.5.0 (HKLM-x32\...\Ashampoo Photo Commander 8_is1) (Version: 8.5.0 - Ashampoo GmbH & Co. KG)
Audacity 1.2.6 (HKLM-x32\...\Audacity_is1) (Version:  - )
AVS Image Converter 3.1.1.275 (HKLM-x32\...\AVS Image Converter_is1) (Version: 3.1.1.275 - Online Media Technologies Ltd.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalina Savings Printer (HKLM-x32\...\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}) (Version: 1.0.0 - Catalina Marketing Corp) <==== ATTENTION
CCleaner (HKLM\...\CCleaner) (Version: 3.23 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Contents (x32 Version: 1.00.0005 - Corel Corporation) Hidden
Corel PaintShop Pro X4 (HKLM-x32\...\_{00580795-581C-4587-B9F2-37320D7AB37F}) (Version: 14.2.0.1 - Corel Corporation)
Corel VideoStudio Express (HKLM-x32\...\_{CBC7FF57-42A3-414E-B8EA-D971C986BA40}) (Version: 1.5.0.265 - Corel Corporation)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.9) (Version: 5.0.0.9 - Coupons.com Incorporated)
CrashPlan (HKLM\...\{FCE35118-DD2F-4DB8-A5B6-D857F95669E0}) (Version: 3.5.3 - CrashPlan)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version:  - Microsoft)
DeviceIO (x32 Version: 1.00.0005 - Corel Corporation) Hidden
DING! (HKLM-x32\...\{84031A18-BA9A-4156-A74F-E05B52DDFCE2}) (Version: 1.05.005 - Southwest Airlines)
DNAMigrator (x32 Version: 14.2.0.39 - Total Defense, Inc.) Hidden
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)
Elements 11 Organizer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Elevated Installer (x32 Version: 2.3.16.0 - Garmin Ltd or its subsidiaries) Hidden
Epson Copy Utility 3.5 (HKLM-x32\...\{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}) (Version: 3.5.0.0 - )
Epson Event Manager (HKLM-x32\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.30.01 - SEIKO EPSON Corporation)
EPSON Perfection V600 Photo Scanner Driver Update (HKLM-x32\...\{EBBE3D90-9344-43A7-A548-91BA02B3B7CD}) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
Freemake Video Converter version 4.1.0 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.0 - Ellora Assets Corporation)
Freemake Youtube Mp3 Converter (HKLM-x32\...\Freemake Youtube Mp3 Converter_is1) (Version: 3.5.2 - Ellora Assets Corporation)
Garmin Communicator Plugin (HKLM-x32\...\{032A13FF-D26D-4844-9597-7EF698627985}) (Version: 4.1.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{AFA301E1-B410-4F1B-B1C0-2E92FDCD94AD}) (Version: 4.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{6f60b921-2ae3-43fe-a6fb-ad849bd91451}) (Version: 2.3.16.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 2.3.16.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 2.3.16.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.0.1.1 - Genesys Logic)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.103 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
ICA (x32 Version: 1.5.0.265 - Corel Corporation) Hidden
ICA (x32 Version: 14.2.0.1 - Corel Corporation) Hidden
iFunbox (v1.99.958.697), iFunbox DevTeam (HKLM-x32\...\iFunbox_is1) (Version: v1.99.958.697 - )
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 15.4 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2246 - Intel Corporation)
IPM_PSP_COM (x32 Version: 14.2.0.1 - Corel Corporation) Hidden
IPM_V (x32 Version: 1.52 - Corel Corporation) Hidden
iTunes (HKLM\...\{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}) (Version: 10.7.0.21 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden
Knoll Light Factory EZ Studio 15 (HKLM-x32\...\Knoll Light Factory EZ Studio 15) (Version:  - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Lenovo Driver and Application Installation (HKLM-x32\...\{45970CD1-D599-47D4-938F-3E9800D54ED1}) (Version: 5.10.1809 - Lenovo)
Lenovo Dynamic Brightness System (HKLM-x32\...\{D9ED6D06-6002-495E-A7BC-46E6AE386996}) (Version: 4.0.00.22080 - Lenovo)
Lenovo EE Boot Optimizer (HKLM\...\Lenovo EE Boot Optimizer) (Version: 0.0.1.6 - Lenovo)
Lenovo Eye Distance System (HKLM-x32\...\{5183D7AB-D09B-411F-A74E-BBAEA61C6505}) (Version: 4.0.00.21090 - Lenovo)
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.4827a - CyberLink Corp.)
Lenovo Power2Go (x32 Version: 6.0.4827a - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 3.0.1409 - CyberLink Corp.)
Lenovo Rescue System (Version: 3.0.1409 - CyberLink Corp.) Hidden
LVT (HKLM-x32\...\{D3063097-EC84-4D21-84A4-9D852E974355}) (Version: 4.1.2.0919 - Lenovo)
LXH-JME2207FN Hotkey Driver (HKLM-x32\...\{42B21298-C850-4272-AFD9-636CBC005421}) (Version: 5.1.0804 - Lenovo)
Magic Bullet Looks Studio 15 (HKLM-x32\...\Magic Bullet Looks Studio 15) (Version:  - )
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MLE (x32 Version: 1.00.0005 - Corel Corporation) Hidden
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version:  - )
MyFunCards Toolbar Chrome Extension (HKLM-x32\...\MyFunCards_5m Chrome Extension Uninstall) (Version:  - Mindspark Interactive Network) <==== ATTENTION
Perfect Uninstaller v6.3.3.9 (HKLM\...\Perfect Uninstaller_is1) (Version:  - www.PerfectUninstaller.com)
Pinnacle Studio 15 (HKLM-x32\...\{1362E602-9625-42D3-B57F-CDA9D26F9DA8}) (Version: 15.0.0.7593 - Pinnacle Systems)
Pinnacle Studio 15 Ultimate Collection Plugins (HKLM-x32\...\{BC7BED89-618B-4E89-8ADF-75D47F276223}) (Version: 15.0.0.7593 - Pinnacle Systems)
Pinnacle Studio Bonus Content (HKLM-x32\...\{FC030CB5-46A6-4229-AD6E-0AC869F509C8}) (Version: 15.0.0.51 - Pinnacle Systems)
PRE11 STI 64Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PSE11 STI Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PSPPHelp (x32 Version: 14.2.0.1 - Corel Corporation) Hidden
PSPPro64 (Version: 14.2.0.1 - Corel Corporation) Hidden
PureHD (x32 Version: 1.00.0005 - Corel Corporation) Hidden
QuickTime (HKLM-x32\...\{8DC42D05-680B-41B0-8878-6C14D24602DB}) (Version: 7.55.90.70 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6230 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.0159 - )
Red Giant ToonIt Studio 15 (HKLM-x32\...\Red Giant ToonIt Studio 15) (Version:  - )
Revo Uninstaller 1.94 (HKLM-x32\...\Revo Uninstaller) (Version: 1.94 - VS Revo Group)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.23.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Setup (x32 Version: 1.5.0.265 - Corel Corporation) Hidden
Share (x32 Version: 1.00.0005 - Corel Corporation) Hidden
Share64 (Version: 1.00.0005 - Corel Corporation) Hidden
Total Defense Internet Security Suite (HKLM\...\eTrust Suite Personal) (Version: 9.0.0.26 - Total Defense, Inc.)
Trapcode Particular Studio (HKLM-x32\...\Trapcode Particular Studio) (Version:  - )
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VDS10 (x32 Version: 1.00.0005 - Corel Corporation) Hidden
VideoFileDownload (HKLM-x32\...\vfd-ob) (Version: 1.0 - VideoFileDownload)
VIO (x32 Version: 1.00.0005 - Corel Corporation) Hidden
VMware Client Integration Plug-in 5.5.0 (HKLM-x32\...\{125A168E-F217-4AE8-9376-FB65E4DAC2A4}) (Version: 5.5.0.1280491 - VMware, Inc.)
Web Optimizer (HKLM\...\WNLT) (Version: 2.0.0.2 - )
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
Windows Media Encoder 9 Series (x32 Version: 9.00.2980 - Microsoft Corporation) Hidden
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinZip 17.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240D9}) (Version: 17.0.10381 - WinZip Computing, S.L. )
Yahoo! BrowserPlus 2.9.8 (HKCU\...\Yahoo! BrowserPlus) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3671395269-1973450857-935886706-1002_Classes\CLSID\{3560575F-7C2D-48AE-AB45-DAD430A95EBE}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll ()
 
==================== Restore Points  =========================
 
21-07-2014 16:38:53 Scheduled Checkpoint
25-07-2014 08:00:22 Windows Update
26-07-2014 08:00:24 Windows Update
01-08-2014 19:04:29 Windows Update
02-08-2014 15:00:01 Installed 7-Zip 9.20 (x64 edition)
10-08-2014 21:33:00 Scheduled Checkpoint
15-08-2014 08:00:28 Windows Update
21-08-2014 04:35:12 Restore Operation
21-08-2014 08:00:44 Windows Update
29-08-2014 08:00:24 Windows Update
08-09-2014 12:42:10 Restore Operation
09-09-2014 08:00:30 Windows Update
10-09-2014 08:00:20 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2012-11-27 20:35 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {1E988224-CB3E-44F9-BB5E-0A381835668C} - System32\Tasks\Your File Updater => C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe <==== ATTENTION
Task: {345ABA97-D8B2-4BEB-ADB5-2AF35A3232A7} - System32\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82} => C:\Users\Kathy\AppData\Local\Temp\cisBF48.exe <==== ATTENTION
Task: {463A3281-0900-493E-A8A7-045244D185A9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-18] (Google Inc.)
Task: {491E6F44-C5B3-423B-B8E5-CFC595257B5A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-18] (Google Inc.)
Task: {4BB58A05-740E-436C-AC6F-7FD0062B8F3E} - System32\Tasks\AdobeAAMUpdater-1.0-Kathy-PC-Kathy => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-06-16] (Adobe Systems Incorporated)
Task: {5BA5242F-6AE3-4AB5-BA9D-2B32E0719505} - System32\Tasks\YourFile Update => C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe <==== ATTENTION
Task: {64FE731E-79E9-4F85-B1D1-0DC5A2523B44} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] ()
Task: {836B700D-687E-4470-B042-BA75CD30AF81} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A70D7C40-D13B-43CB-8971-D2557478D95A} - System32\Tasks\GoogleUpdateTaskMachineCore1cdc875899bf979 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-18] (Google Inc.)
Task: {C03D06D4-451A-4FDE-B666-2AFC1692D672} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-09-24] (Piriform Ltd)
Task: {CC63E085-4BF6-40D1-87A2-DF5A9FD7E799} - System32\Tasks\AVG-Secure-Search-Update_MAY2013_TB_rel => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_MAY2013_TB.exe
Task: {CC7A9508-7928-4ADF-89B0-715A3559DDAC} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {DAF3D3E2-8566-4F05-812D-1662BE044561} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\AVG-Secure-Search-Update_MAY2013_TB_rel.job => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_MAY2013_TB.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore1cdc875899bf979.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-10-08 20:45 - 2013-10-08 20:44 - 01128448 _____ () C:\Program Files\Total Defense\Internet Security Suite\log4cplusU.dll
2013-04-08 18:35 - 2013-04-08 18:35 - 00014848 _____ () C:\Program Files\CrashPlan\md564.dll
2014-02-26 10:50 - 2014-02-26 10:50 - 00230400 _____ () C:\Program Files\CrashPlan\cpnative64.dll
2011-02-24 14:36 - 2011-02-24 14:36 - 01041488 _____ () C:\Program Files\CA\SharedComponents\TMEngine\KnownApps.dll
2011-03-14 15:41 - 2011-03-14 15:41 - 00845392 _____ () C:\Program Files\CA\SharedComponents\TMEngine\WindowsUserIdentity.dll
2012-09-26 12:19 - 2012-09-13 08:26 - 01259888 _____ () C:\windows\system32\dmwu.exe
2013-10-08 20:46 - 2013-10-08 20:44 - 00265736 _____ () C:\windows\SysWOW64\cfgmig32.exe
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-09-09 05:28 - 2014-08-29 21:49 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\libglesv2.dll
2014-09-09 05:28 - 2014-08-29 21:49 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\libegl.dll
2014-09-09 05:28 - 2014-08-29 21:49 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\pdf.dll
2014-09-09 05:28 - 2014-08-29 21:49 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll
2014-09-09 05:28 - 2014-08-29 21:49 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\windows\system32\igfxtray.exe
MSCONFIG\startupreg: jmekey => C:\Program Files (x86)\jmesoft\hotkey.exe
MSCONFIG\startupreg: Lenovo EE Boot Optimizer => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe
MSCONFIG\startupreg: mcui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: Persistence => C:\windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: Standby => "C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe" -START
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: UMonit => C:\windows\SysWOW64\UMonit.exe
MSCONFIG\startupreg: UpdateP2GoShortCut => "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
MSCONFIG\startupreg: UpdatePRCShortCut => "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
 
==================== Faulty Device Manager Devices =============
 
Name: HIPS Core Filter Driver
Description: HIPS Core Filter Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: KmxFilter
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/15/2014 00:52:25 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.
 
Error: (09/14/2014 07:34:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2028
 
Error: (09/14/2014 07:34:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2028
 
Error: (09/14/2014 07:34:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/14/2014 07:34:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1029
 
Error: (09/14/2014 07:34:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1029
 
Error: (09/14/2014 07:34:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/14/2014 07:03:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing:   16 Kathy-PC.local. AAAA FE80:0000:0000:0000:A03D:F0CC:D6B5:1222
 
Error: (09/14/2014 07:03:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.109:5353    4 Kathy-PC.local. Addr 192.168.1.109
 
Error: (09/14/2014 07:03:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing:    4 Kathy-PC.local. Addr 192.168.1.110
 
 
System errors:
=============
Error: (09/14/2014 09:23:01 AM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{D32F1A80-B3A1-48D1-BCF3-34A17114EBFA} because another computer on the network has the same name.  The server could not start.
 
Error: (09/14/2014 09:22:48 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Garmin Core Update Service service.
 
Error: (09/13/2014 08:12:24 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Garmin Core Update Service service.
 
Error: (09/12/2014 10:10:05 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
KmxFilter
 
Error: (09/10/2014 09:35:51 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (09/10/2014 09:35:49 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (09/10/2014 03:24:37 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
KmxFilter
 
Error: (09/09/2014 03:18:36 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
KmxFilter
 
Error: (09/08/2014 05:31:44 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer MATT-HP
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{D32F1A80-B3A1-48D1-BCF3-34A17114EBFA}.
The master browser is stopping or an election is being forced.
 
Error: (09/08/2014 01:54:50 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
 
 
Microsoft Office Sessions:
=========================
Error: (09/15/2014 00:52:25 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: C:\Program Files\WinZip\adxloader.dll.ManifestC:\Program Files\WinZip\adxloader.dll.Manifest2
 
Error: (09/14/2014 07:34:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2028
 
Error: (09/14/2014 07:34:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2028
 
Error: (09/14/2014 07:34:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/14/2014 07:34:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1029
 
Error: (09/14/2014 07:34:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1029
 
Error: (09/14/2014 07:34:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/14/2014 07:03:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing:   16 Kathy-PC.local. AAAA FE80:0000:0000:0000:A03D:F0CC:D6B5:1222
 
Error: (09/14/2014 07:03:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.109:5353    4 Kathy-PC.local. Addr 192.168.1.109
 
Error: (09/14/2014 07:03:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing:    4 Kathy-PC.local. Addr 192.168.1.110
 
 
CodeIntegrity Errors:
===================================
  Date: 2012-11-27 19:35:08.892
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-11-27 19:35:08.876
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-09-23 23:57:40.584
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-09-23 23:57:40.568
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-2100 CPU @ 3.10GHz
Percentage of memory in use: 30%
Total physical RAM: 5992.43 MB
Available physical RAM: 4138.09 MB
Total Pagefile: 11983.03 MB
Available Pagefile: 9617.02 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:1372.09 GB) (Free:1086.27 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: 90764280)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1372.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=25.1 GB) - (Type=12)
 
==================== End Of Log ============================
 
After saving the summary when sending to zip file received error message as follows:
(but when I rechecked I found it so hope it worked
 
winzip:
Action: Add (and replace) files 
Include subfolders: yes 
Save full path: no
Could not open for reading: "C:\Users\Kathy\Documents\Summary.nfo".
Total bytes=0, Compressed=0 -> 0 percent savings.
 
 

 

Attached Files



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,565 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:27 AM

Posted 15 September 2014 - 12:10 PM

Greetings Kathy,

Thank you for the information.

Please copy and paste the FRST program from your Downloads folder to your desktop.

Running from C:\Users\Kathy\Downloads


I have some things I would like you to consider and complete but I must first advise you of the following.

===================================================

BACKDOOR WARNING!

--------------------

One or more of the identified infections is a Backdoor Trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable. Please let me know if you have already noticed evidences of financial institution irregularities. Those accounts should be monitored from this point forward.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall
 

Here are some thoughts I have put together for people who ask what they should do in light of the infection. Ultimately each user must decide for themselves what to do and the below are things you might want to consider.

It is necessary for us to at least make you aware of the worse case scenario. This is because of the potential Backdoor Trojans bring with them, but it is not a determination on our part that your situation currently falls within this worse case scenario.

Ultimately it is a personal decision whether to reformat or not. What decision should you make to let you sleep well at night? It is different for different people. I will say whether rightly or wrongly most people decide to clean and not reformat, at least initially.

The only insight I can offer is how I evaluate the issue personally even though I have never had a Backdoor Trojan on my computer. One of the primary purposes for malicious software is to somehow separate you from your money. It seems reasonable to assume that a thief trying to take your money via a Backdoor Trojan will hit you hard, and quickly. Once your computer starts to act up and you become suspicious you have the opportunity to eliminate access to your computer and change the information taken, namely account and password information. The key to this, in my opinion, is whether or not you have noticed any irregularities in your banking or other financial institutions, or things like email and social network accounts (i.e. Facebook). If you have not seen any evidence of that then you may question whether your information has truly been stolen. If it seems it hasn't, and your critical information has been changed, it is reasonable to be more confident you are safe but you must stop short of claiming an absolute guarantee.

If, after careful consideration you decide not to reformat your computer it would be wise to continue monitoring your sensitive data and don't wait to address future symptoms on your computer which seem to be malware related.

The bottom line, the only way to be absolutely sure to be rid of a Backdoor Trojan is to reformat. The decision is yours.

Oh My


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have evidence of P2P downloads. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
Winlogon\Notify\PFW-x32: UmxWnp.Dll [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 KmxFilter; system32\DRIVERS\KmxFilter.sys [X]
C:\ProgramData\flashax10.exe
C:\Users\Kathy\.csp_ovftool_settings.js
C:\Windows\Installer\{23637f7a-81e0-f604-67ef-989e173ce9d8}
C:\Users\Kathy\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Kathy\AppData\Local\Temp\_is3F51.exe
C:\Users\Kathy\AppData\Local\Temp\_is4E2F.exe
C:\Users\Kathy\AppData\Local\Temp
Task: {1E988224-CB3E-44F9-BB5E-0A381835668C} - System32\Tasks\Your File Updater => C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe <==== ATTENTION
Task: {345ABA97-D8B2-4BEB-ADB5-2AF35A3232A7} - System32\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82} => C:\Users\Kathy\AppData\Local\Temp\cisBF48.exe <==== ATTENTION
Task: {5BA5242F-6AE3-4AB5-BA9D-2B32E0719505} - System32\Tasks\YourFile Update => C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe <==== ATTENTION
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on Delete
  • Confirm each time with OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • AdwCleaner log
  • Junkware lot
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 katmat

katmat
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:27 AM

Posted 15 September 2014 - 09:26 PM

I would like to do the reformat and reinstall but I do not have a copy of Windows 7 to reinstall. At this point if I make back up discs from the computer (thats what they used to have us do) to reinstall won't these disc also be infected?

 

I do access bank accounts from this computer but never allow the computer to remember passwords so far no unusual activity has been noticed

 

Can you tell me what programs I might have that are P2P, the only gaming I do is on facebook: candy crush, rummy, bingo, ... just silly games

 

I do allow crash plan access to backup the computer because the external hard drive fried and I lost all backed up info when the previous computer crashed ( I don't trust the external hard drive for back up info)

 

I just got a new modem / router combination from my internet provider ....... so will this provide new security (correct) 


Edited by katmat, 16 September 2014 - 07:31 AM.


#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,565 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:27 AM

Posted 16 September 2014 - 08:12 AM

Greetings Kathy,

I would like to do the reformat and reinstall but I do not have a copy of Windows 7 to reinstall. At this point if I make back up discs from the computer (thats what they used to have us do) to reinstall won't these disc also be infected?

You should be able to reinstall the operating system without having to create the discs. You can certainly create them if you want to. If you create the discs they will not be infected. See page 15 and following in this PDF document to review the available options.

----------
 

Can you tell me what programs I might have that are P2P, the only gaming I do is on facebook: candy crush, rummy, bingo, ... just silly games

I am unable to tell you which, if any, programs were downloaded via Peer to Peer. The only thing I can say for certain is that Frostwire is on your computer, it is a Peer to Peer program, and is designed to download files from unverified sources. These files/sources are notorious for spreading infections.

----------
 

I just got a new modem / router combination from my internet provider ....... so will this provide new security (correct)

I guess in a sense it will provide "new" security but your security depends on settings in your modem/router/computer.

----------

So here is my suggested plan of attack.

First check to see if you have an available Recovery Partition (see the PDF document)

If so, I would suggest you transfer all of your data files (documents, pictures, music, etc.) onto an external hard drive which we can then scan to make sure none of those saved files are infected. We can then safely reinsert these data files back onto your clean computer.

Make sure you have discs or downloads for any third party software/programs which did not come installed on your computer from the factory (like Microsoft Office, Pinnacle, etc.).

Do a system recovery to bring your computer back to its factory state.

Reinstall all the programs and data and set the computer up the way you want (desktop icons, browsers, etc.)

----------

Let me know what you think about all of this. Of course I would be happy to leave the Topic open to be of assistance if necessary.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 katmat

katmat
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:27 AM

Posted 16 September 2014 - 11:19 PM

I've decide to try and clean the computer first

Also saw Total defense in prev list this is not a working viral computer program (Just haven't deleted it yet)

 

FRST log:

 

  Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-09-2014

Ran by Kathy at 2014-09-16 22:41:13 Run:1
Running from C:\Users\Kathy\Downloads
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Winlogon\Notify\PFW-x32: UmxWnp.Dll [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 KmxFilter; system32\DRIVERS\KmxFilter.sys [X]
C:\ProgramData\flashax10.exe
C:\Users\Kathy\.csp_ovftool_settings.js
C:\Windows\Installer\{23637f7a-81e0-f604-67ef-989e173ce9d8}
C:\Users\Kathy\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Kathy\AppData\Local\Temp\_is3F51.exe
C:\Users\Kathy\AppData\Local\Temp\_is4E2F.exe
C:\Users\Kathy\AppData\Local\Temp
Task: {1E988224-CB3E-44F9-BB5E-0A381835668C} - System32\Tasks\Your File Updater => C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe <==== ATTENTION
Task: {345ABA97-D8B2-4BEB-ADB5-2AF35A3232A7} - System32\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82} => C:\Users\Kathy\AppData\Local\Temp\cisBF48.exe <==== ATTENTION
Task: {5BA5242F-6AE3-4AB5-BA9D-2B32E0719505} - System32\Tasks\YourFile Update => C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe <==== ATTENTION
*****************
 
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PFW" => Key deleted successfully.
catchme => Service deleted successfully.
KmxFilter => Service deleted successfully.
C:\ProgramData\flashax10.exe => Moved successfully.
C:\Users\Kathy\.csp_ovftool_settings.js => Moved successfully.
C:\Windows\Installer\{23637f7a-81e0-f604-67ef-989e173ce9d8} => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\InstallFlashPlayer.exe => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\_is3F51.exe => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\_is4E2F.exe => Moved successfully.
 
"C:\Users\Kathy\AppData\Local\Temp" directory move:
 
C:\Users\Kathy\AppData\Local\Temp\6CAA.tmp => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\762C.tmp => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\AbbyyMsiLog.txt => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\AdobeARM.log => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\AdobeARM_NotLocked.log => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\amt3.log => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\assignment2.docx => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\Attach.txt => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\au-descriptor-1.7.0_67-b01.xml => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\AUCHECK_PARSER.txt => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\AvgRep.xml => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\b5x9DF1.tmp => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\configuration.xml => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\Couponscom.exe.zip => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\cpnprt2win32.cid => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\CVR2C27.tmp => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\CVR2D11.tmp.cvr => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\CVR8502.tmp.cvr => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\CVR8DAB.tmp => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\CVRBF91.tmp.cvr => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\CVRD41C.tmp.cvr => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\CVRE929.tmp.cvr => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\DDS.txt => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\dkdlqmdlrkqt => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\E43D.tmp => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\etilqs_2fRDdRzlKeh9UB1 => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\etilqs_9UbPpOJ2kbbTOpK => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\etilqs_d45ombdPf6uk9h1 => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\etilqs_eSidbIti6D20jPv => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\etilqs_qJD1iUXoodIvEgE => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\etilqs_Rh3dI30cQXxt87I => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\etilqs_xA96OXw1YOcnXg3 => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\etilqs_y69AP9QJ69U1mBr => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\etilqs_zxcGZux1AsW13aV => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\Exclusions.txt => Moved successfully.
Could not move "C:\Users\Kathy\AppData\Local\Temp\FXSAPIDebugLogFile.txt" => Scheduled to move on reboot.
C:\Users\Kathy\AppData\Local\Temp\ichcop => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\JAUReg.log => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\JavaDeployReg.log => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\java_install_reg.log => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\jinstall.cfg => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\jusched.log => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\LastScan.txt => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\MSI24011.LOG => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\MSIad604.LOG => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\PDApp.log => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\result.txt => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\Setup Log 2014-08-20 #001.txt => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\toolbar_log.txt => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\TUInstallLogLP_2014-08-21_04-19-15.log => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\TUM4F94.tmp => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\TUM50BD.tmp => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\tuneupmsi.7z => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\TWAIN.LOG => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\Twain001.Mtx => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\Twunk001.MTX => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\Twunk002.MTX => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\wmplog00.sqm => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\wmplog01.sqm => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\wmplog02.sqm => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\wmplog03.sqm => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\wmplog04.sqm => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\wmplog05.sqm => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\wmplog06.sqm => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\wmplog07.sqm => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\wmplog08.sqm => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\wmplog09.sqm => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\wmplog10.sqm => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\wmplog11.sqm => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\wmplog12.sqm => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\wmplog13.sqm => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\wmsetup.log => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\zlrkqt => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\_iu14D2N.tmp => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\~DF0193692D3B4B8819.TMP => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\~DF05192FB79E9D2AEE.TMP => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\~DF0D21B0B0B0EEDF8F.TMP => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\~DF0E7B6C417F008977.TMP => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\~DF1B1D78A225629B77.TMP => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\~DF1CD19C1F38694ED1.TMP => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\~DF1DED3A856008982E.TMP => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\~DF1E992BF615416736.TMP => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\~DF26C5B647FBD127A7.TMP => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\~DF3B6309ECDE03FB03.TMP => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\~DF4FB410D2E9365988.TMP => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\~DF53D1BF5D6C9E3ECD.TMP => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\~DF5CDD09E3AB1B16C8.TMP => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\~DF5F6CB4BD55B5EF83.TMP => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\~DF73EB682B2855CC45.TMP => Moved successfully.
Could not move "C:\Users\Kathy\AppData\Local\Temp\~DF7D238BD4F612032A.TMP" => Scheduled to move on reboot.
C:\Users\Kathy\AppData\Local\Temp\~DF7F2ECE07E3C03A33.TMP => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\~DF8C355F9D91135697.TMP => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\~DF8C3E8EABA66D4E5D.TMP => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\~DF8D6ECA0ED43F5E91.TMP => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\~DF904459CE9E280911.TMP => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\~DF96D74633EC2B31DD.TMP => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\~DF9B3D57A4704E6074.TMP => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\~DF9C8C3CBA9C4B182E.TMP => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\~DFA0576F3F6DA9D97C.TMP => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\~DFA7DFEF31FC92CD5C.TMP => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\~DFB56A6AC24A342C62.TMP => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\~DFBD3D488A72961D4C.TMP => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\~DFBE4FC4DCA27628D8.TMP => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\~DFC057CA5711D31388.TMP => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\~DFCB90C5E15074B0A2.TMP => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\~DFCE819CBBFC661658.TMP => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\~DFD00CF795A2F21201.TMP => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\~DFD4155761BC167EA7.TMP => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\~DFD5F643A4200B879F.TMP => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\~DFDAFCF2C97B100452.TMP => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\~DFDC3DDE18DE26A434.TMP => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\~DFDDCF68A5A92559D6.TMP => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\~DFF61B1EB58E545776.TMP => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\~DFF75B196CF92A8E4E.TMP => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\~DFF8B0F10DC17A6BCD.TMP => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\~DFFE841598702D6A35.TMP => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\~nsu.tmp\Au_.exe => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\{CE8F4C38-F844-4F54-B52C-2D9FFE854DDA}\ISSetup.dll => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\{CE8F4C38-F844-4F54-B52C-2D9FFE854DDA}\_Setup.dll => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\{49ECEB8A-1F49-4A41-A27D-E30657B6167F}\fpb.tmp => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\{31C6682C-1DF4-45D9-8D8D-5FB4F993AB76}\ISSetup.dll => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\{31C6682C-1DF4-45D9-8D8D-5FB4F993AB76}\_Setup.dll => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\_ir_sf_temp_3\npCouponPrinter.xpt => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\_ir_sf_temp_2\npCouponPrinter.xpt => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\_ir_sf_temp_1\npCouponPrinter.xpt => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\_ir_sf_temp_0\CouponPrinterServiceWin32.exe => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\_ir_sf_temp_0\CouponPrinterServicex64.exe => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\_ir_sf_temp_0\npCouponPrinter.dll => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\_ir_sf_temp_0\npCouponPrinter.xpt => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\_ir_sf_temp_0\npMozCouponPrinter.dll => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\Word8.0\MSForms.exd => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\UninstallRes\ClientPackage\uninstall_cp.css => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\UninstallRes\ClientPackage\Uninstall_cp.html => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\UninstallRes\ClientPackage\Uninstall_cp_step2.html => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\UninstallRes\ClientPackage\Images\uninstall\cp-bg.png => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\UninstallRes\ClientPackage\Images\uninstall\cp_logo.png => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\UninstallRes\ClientPackage\Images\uninstall\downBtn.png => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\UninstallRes\ClientPackage\Images\uninstall\loader.gif => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\UninstallRes\ClientPackage\Images\uninstall\uninstall-bg.png => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\UninstallRes\ClientPackage\Images\uninstall\upBtn.png => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\tmp0000411a\tmp00000000 => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\tmp00003f5e\tmp00000000 => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\Temporary Internet Files\Content.IE5\desktop.ini => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\Temporary Internet Files\Content.IE5\WTG8ICRX\desktop.ini => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\Temporary Internet Files\Content.IE5\PFU8SP7W\desktop.ini => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\Temporary Internet Files\Content.IE5\FGC680HS\desktop.ini => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\Temporary Internet Files\Content.IE5\BNJM0IT9\desktop.ini => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\TCDE9C.tmp\CleanGradient.thmx => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\TCDDFDE.tmp\CleanGradient.thmx => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\TCD6E5.tmp\CleanGradient.thmx => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\TCD654D.tmp\CleanGradient.thmx => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\TCD4921.tmp\CleanGradient.thmx => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\scoped_dir7092_21403\output.0.emf => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\scoped_dir6884_29586\Cookies => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\scoped_dir6884_29586\Cookies-journal => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\scoped_dir23916_13054\output.0.emf => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\scoped_dir23916_13054\output.1.emf => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\outlook logging\firstrun.log => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\msohtmlclip1\01\clip_colorschememapping.xml => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\msohtmlclip1\01\clip_themedata.thmx => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\MozUpdater\bgupdate-2\updater.exe => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\MozUpdater\bgupdate-2\updater.ini => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\MozUpdater\bgupdate-1\updater.exe => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\MozUpdater\bgupdate-1\updater.ini => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\MozUpdater\bgupdate\updater.exe => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\MozUpdater\bgupdate\updater.ini => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\MarkAny\ContentSafer\MaAgent.exe => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\MarkAny\ContentSafer\MAAuthProc.dll => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\MarkAny\ContentSafer\MACLICX13.dll => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\MarkAny\ContentSafer\MACLicX15.dll => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\MarkAny\ContentSafer\MACSMANAGER.dll => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\MarkAny\ContentSafer\MaCSMgr.exe => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\MarkAny\ContentSafer\MaCSProHook.dll => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\MarkAny\ContentSafer\mapshapi.dll => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\MarkAny\ContentSafer\mapwij10.dll => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\MarkAny\ContentSafer\MaSyncP.dll => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\MarkAny\ContentSafer\MaWAMP.dll => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\MarkAny\ContentSafer\MAWebControl.exe => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\MarkAny\ContentSafer\MaWMP.dll => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\MarkAny\ContentSafer\MPXBox.exe => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\MarkAny\ContentSafer\MtpAccess.dll => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\MarkAny\ContentSafer\UserShare.dll => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\MarkAny\ContentSafer\XSYNCClt.dll => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\MarkAny\ContentSafer\UpdateClient\MAFileUpdate.dll => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\MarkAny\ContentSafer\UpdateClient\MAUpdate.exe => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\MarkAny\ContentSafer\UpdateClient\MAUpdateBoot.exe => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\MarkAny\ContentSafer\UpdateClient\MaUpdateClient.exe => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\Low\JavaDeployReg.log => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\Low\~DF077E09BD7D9C2860.TMP => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\Low\~DF07CC9980411D15AE.TMP => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\Low\~DF18A08F1C99F26C6B.TMP => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\Low\~DF5930EBB100C451EE.TMP => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\Low\~DF7E492799BBBE197C.TMP => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\Low\~DF828360D5F33B0C35.TMP => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\Low\~DFDDA1CD482E6BA06F.TMP => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\Low\~DFE96CFE9F479963D8.TMP => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\Low\~DFEE0D2C4A92C2A892.TMP => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\Low\~DFF8E610A56D1EA08A.TMP => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\Low\~DFF97F738CE55AB693.TMP => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\KiesTemporary\avrt.dll => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\KiesTemporary\InstallSetting.cfg => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\KiesTemporary\wlanapi.dll => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\KiesLiveupdateTemp\PluginHost.xml => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\is838815544\127854346_stp.MSI => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\is838815544\127854346_stp.MSI.part => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\is838815544\127854363_stp.CIS => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\is838815544\127854363_stp.CIS.part => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\is360511915\7A332796_stp.MSI => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\is360511915\7A332796_stp.MSI.part => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\History\History.IE5\desktop.ini => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\History\History.IE5\index.dat => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\FFToolbar_Cache\8f1259020975400a22c4d337ddf149e8 => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\Cookies\index.dat => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\bsTempPath\ACD1215.tmp => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\Installer.7z => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\{95B7759C-8C7F-4BF1-B163-73684A933233} => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgFiles\AVG SafeGuard toolbar\about.gif => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgFiles\AVG SafeGuard toolbar\active-threats18.gif => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgFiles\AVG SafeGuard toolbar\AVG SafeGuard toolbar => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgFiles\AVG SafeGuard toolbar\CleanHistory.gif => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgFiles\AVG SafeGuard toolbar\configuration.xml => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgFiles\AVG SafeGuard toolbar\crash.avgdx => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgFiles\AVG SafeGuard toolbar\current.gif => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgFiles\AVG SafeGuard toolbar\currently-safe18.gif => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgFiles\AVG SafeGuard toolbar\data.zip => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgFiles\AVG SafeGuard toolbar\EULA.gif => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgFiles\AVG SafeGuard toolbar\Facebook.gif => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgFiles\AVG SafeGuard toolbar\feedback.gif => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgFiles\AVG SafeGuard toolbar\FireFoxSearchXml.tmp => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgFiles\AVG SafeGuard toolbar\help.gif => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgFiles\AVG SafeGuard toolbar\icon18.gif => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgFiles\AVG SafeGuard toolbar\labs.gif => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgFiles\AVG SafeGuard toolbar\privacy.gif => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgFiles\AVG SafeGuard toolbar\remote_configuration.xml => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgFiles\AVG SafeGuard toolbar\search.gif => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgFiles\AVG SafeGuard toolbar\setup.bmp => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgFiles\AVG SafeGuard toolbar\surf-with-caution18.gif => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgFiles\AVG SafeGuard toolbar\uninstall.gif => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgFiles\AVG SafeGuard toolbar\updating18.gif => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgFiles\AVG SafeGuard toolbar\UninstallRes\ClientPackage\uninstall_cp.css => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgFiles\AVG SafeGuard toolbar\UninstallRes\ClientPackage\Uninstall_cp.html => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgFiles\AVG SafeGuard toolbar\UninstallRes\ClientPackage\Uninstall_cp_step2.html => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgFiles\AVG SafeGuard toolbar\UninstallRes\ClientPackage\Images\uninstall\cp-bg.png => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgFiles\AVG SafeGuard toolbar\UninstallRes\ClientPackage\Images\uninstall\cp_logo.png => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgFiles\AVG SafeGuard toolbar\UninstallRes\ClientPackage\Images\uninstall\downBtn.png => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgFiles\AVG SafeGuard toolbar\UninstallRes\ClientPackage\Images\uninstall\loader.gif => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgFiles\AVG SafeGuard toolbar\UninstallRes\ClientPackage\Images\uninstall\uninstall-bg.png => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgFiles\AVG SafeGuard toolbar\UninstallRes\ClientPackage\Images\uninstall\upBtn.png => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgFiles\AVG SafeGuard toolbar\Licenses\CPOL license.txt => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgFiles\AVG SafeGuard toolbar\Licenses\Encoding_decoding_base64.txt => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgFiles\AVG SafeGuard toolbar\Licenses\hmac.txt => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgFiles\AVG SafeGuard toolbar\Licenses\LICENSE-bsdiff.txt => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgFiles\AVG SafeGuard toolbar\Licenses\LICENSE-bzip.txt => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgFiles\AVG SafeGuard toolbar\Licenses\LICENSE-JasonCpp.txt => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgFiles\AVG SafeGuard toolbar\Licenses\LICENSE-MPL-NPAPI.txt => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgFiles\AVG SafeGuard toolbar\Licenses\LICENSE-sparsehash.txt => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgFiles\AVG SafeGuard toolbar\Licenses\Log4CPlus.txt => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgFiles\AVG SafeGuard toolbar\Licenses\PassthruApp.txt => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgFiles\AVG SafeGuard toolbar\IeDspHelperRes\ie_dsp1.css => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgFiles\AVG SafeGuard toolbar\IeDspHelperRes\ie_dsp2.css => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgFiles\AVG SafeGuard toolbar\IeDspHelperRes\ie_dsp_step1.html => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgFiles\AVG SafeGuard toolbar\IeDspHelperRes\ie_dsp_step2.html => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgFiles\AVG SafeGuard toolbar\IeDspHelperRes\Images\arrow-up.png => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgFiles\AVG SafeGuard toolbar\IeDspHelperRes\Images\arrow.png => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgFiles\AVG SafeGuard toolbar\IeDspHelperRes\Images\avg_logo.png => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgFiles\AVG SafeGuard toolbar\IeDspHelperRes\Images\box-bottom-small.png => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgFiles\AVG SafeGuard toolbar\IeDspHelperRes\Images\box-bottom.png => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgFiles\AVG SafeGuard toolbar\IeDspHelperRes\Images\box-middle.png => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgFiles\AVG SafeGuard toolbar\IeDspHelperRes\Images\box-top-small.png => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgFiles\AVG SafeGuard toolbar\IeDspHelperRes\Images\box-top.png => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgFiles\AVG SafeGuard toolbar\EnableHelperRes\EEImageHandler.html => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgFiles\AVG SafeGuard toolbar\EnableHelperRes\Images\box_ie.png => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgFiles\AVG SafeGuard toolbar\EnableHelperRes\Images\Thumbs.db => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgFiles\AVG SafeGuard toolbar\DSPDlg_IE\all.css => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgFiles\AVG SafeGuard toolbar\DSPDlg_IE\btn-ok2.gif => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgFiles\AVG SafeGuard toolbar\DSPDlg_IE\downBtn.png => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgFiles\AVG SafeGuard toolbar\DSPDlg_IE\DSPDlg_IE.html => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgFiles\AVG SafeGuard toolbar\DSPDlg_IE\logo2.png => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgFiles\AVG SafeGuard toolbar\DSPDlg_IE\Thumbs.db => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgFiles\AVG SafeGuard toolbar\DSPDlg_IE\upBtn.png => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgFiles\AVG SafeGuard toolbar\ChromeRes\nt.html => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgFiles\AVG SafeGuard toolbar\ChromeRes\AVG Secure Search\nt28_2.html => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgFiles\AVG SafeGuard toolbar\ChromeRes\AVG SafeGuard toolbar\nt28_2.html => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgFiles\AVG SafeGuard toolbar\ChromeRes\AVG Nation toolbar\nt28_2.html => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgFiles\AVG SafeGuard toolbar\ChromeGuardRes\avg_logo_medium.png => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgFiles\AVG SafeGuard toolbar\ChromeGuardRes\cg.css => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgFiles\AVG SafeGuard toolbar\ChromeGuardRes\ChromeGuadDsp.html => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgFiles\AVG SafeGuard toolbar\Chrome\content\icons\bg_close.gif => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgFiles\AVG SafeGuard toolbar\Chrome\content\icons\bg_expand.gif => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgFiles\AVG SafeGuard toolbar\Chrome\content\icons\bg_tooltip.gif => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgFiles\AVG SafeGuard toolbar\Chrome\content\icons\bg_tracking.gif => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgFiles\AVG SafeGuard toolbar\Chrome\content\icons\bull4x4.gif => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgFiles\AVG SafeGuard toolbar\Chrome\content\icons\divider.gif => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgFiles\AVG SafeGuard toolbar\Chrome\content\icons\innerBG_gradient.gif => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgFiles\AVG SafeGuard toolbar\Chrome\content\icons\loader.gif => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgFiles\AVG SafeGuard toolbar\BundleInstall\_._ => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgData\FireFoxSearchXml.tmp => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.786\icon.png => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.786\install.rdf => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.786\modules\avg.xml => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.786\modules\avg.xul => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.786\modules\Bindings.xml => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.786\modules\configuration_0.css => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.786\modules\skin\about.png => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.786\modules\skin\active-threats18.png => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.786\modules\skin\ajax-loader.gif => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.786\modules\skin\CleanHistory.png => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.786\modules\skin\close.png => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.786\modules\skin\current.png => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.786\modules\skin\currently-safe18.png => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.786\modules\skin\dnt.png => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.786\modules\skin\EULA.png => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.786\modules\skin\Facebook.gif => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.786\modules\skin\feedback.png => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.786\modules\skin\feedicon.png => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.786\modules\skin\help.png => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.786\modules\skin\icon18.png => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.786\modules\skin\icon_search.png => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.786\modules\skin\information-24.png => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.786\modules\skin\labs.png => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.786\modules\skin\loader.gif => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.786\modules\skin\privacy.png => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.786\modules\skin\questionmarkIcon.png => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.786\modules\skin\search.png => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.786\modules\skin\surf-with-caution18.png => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.786\modules\skin\uninstall.png => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.786\modules\skin\updating18.png => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.786\modules\skin\window-close.png => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.786\modules\locale\zh-tw\global.dtd => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.786\modules\locale\zh-cn\global.dtd => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.786\modules\locale\tr\global.dtd => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.786\modules\locale\th\global.dtd => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.786\modules\locale\sv\global.dtd => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.786\modules\locale\sr\global.dtd => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.786\modules\locale\sk\global.dtd => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.786\modules\locale\ru\global.dtd => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.786\modules\locale\ro\global.dtd => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.786\modules\locale\pt-br\global.dtd => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.786\modules\locale\pt\global.dtd => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.786\modules\locale\pl\global.dtd => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.786\modules\locale\nl\global.dtd => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.786\modules\locale\nb\global.dtd => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.786\modules\locale\ms\global.dtd => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.786\modules\locale\ko\global.dtd => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.786\modules\locale\ja\global.dtd => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.786\modules\locale\it\global.dtd => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.786\modules\locale\id\global.dtd => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.786\modules\locale\hu\global.dtd => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.786\modules\locale\hi\global.dtd => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.786\modules\locale\fr\global.dtd => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.786\modules\locale\fi\global.dtd => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.786\modules\locale\es-es\global.dtd => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.786\modules\locale\es\global.dtd => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.786\modules\locale\en\global.dtd => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.786\modules\locale\el\global.dtd => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.786\modules\locale\de\global.dtd => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.786\modules\locale\da\global.dtd => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.786\modules\locale\cs\global.dtd => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.786\modules\locale\af\global.dtd => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.786\locale\en-US\global.dtd => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.786\chrome\avg.jar => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgData\AVG SafeGuard toolbar\ChromeExt\18.1.9.786\avg.crx => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\ProgData\AVG SafeGuard toolbar\ChromeExt\18.1.9.786\ExtensionTemplate.txt => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\CommonFiles\AVG SafeGuard toolbar\manifest.json => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\CommonFiles\AVG SafeGuard toolbar\updater.xml => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a09588\CommonFiles\AVG SafeGuard toolbar\Chrome\manifest.json => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\Installer.7z => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\{95B7759C-8C7F-4BF1-B163-73684A933233} => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgFiles\AVG SafeGuard toolbar\about.gif => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgFiles\AVG SafeGuard toolbar\active-threats18.gif => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgFiles\AVG SafeGuard toolbar\AVG SafeGuard toolbar => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgFiles\AVG SafeGuard toolbar\CleanHistory.gif => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgFiles\AVG SafeGuard toolbar\configuration.xml => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgFiles\AVG SafeGuard toolbar\current.gif => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgFiles\AVG SafeGuard toolbar\currently-safe18.gif => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgFiles\AVG SafeGuard toolbar\Eula.txt => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgFiles\AVG SafeGuard toolbar\Facebook.gif => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgFiles\AVG SafeGuard toolbar\feedback.gif => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgFiles\AVG SafeGuard toolbar\FireFoxSearchXml.tmp => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgFiles\AVG SafeGuard toolbar\help.gif => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgFiles\AVG SafeGuard toolbar\icon18.gif => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgFiles\AVG SafeGuard toolbar\labs.gif => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgFiles\AVG SafeGuard toolbar\performanceIcon.gif => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgFiles\AVG SafeGuard toolbar\remote_configuration.xml => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgFiles\AVG SafeGuard toolbar\search.gif => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgFiles\AVG SafeGuard toolbar\setup.bmp => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgFiles\AVG SafeGuard toolbar\surf-with-caution18.gif => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgFiles\AVG SafeGuard toolbar\uninstall.gif => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgFiles\AVG SafeGuard toolbar\updating18.gif => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgFiles\AVG SafeGuard toolbar\UninstallRes\ClientPackage\uninstall_cp.css => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgFiles\AVG SafeGuard toolbar\UninstallRes\ClientPackage\Uninstall_cp.html => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgFiles\AVG SafeGuard toolbar\UninstallRes\ClientPackage\Images\uninstall\cp-bg.png => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgFiles\AVG SafeGuard toolbar\UninstallRes\ClientPackage\Images\uninstall\cp_logo.png => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgFiles\AVG SafeGuard toolbar\UninstallRes\ClientPackage\Images\uninstall\downBtn.png => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgFiles\AVG SafeGuard toolbar\UninstallRes\ClientPackage\Images\uninstall\loader.gif => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgFiles\AVG SafeGuard toolbar\UninstallRes\ClientPackage\Images\uninstall\uninstall-bg.png => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgFiles\AVG SafeGuard toolbar\UninstallRes\ClientPackage\Images\uninstall\upBtn.png => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgFiles\AVG SafeGuard toolbar\Licenses\Encoding_decoding_base64.txt => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgFiles\AVG SafeGuard toolbar\Licenses\hmac.txt => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgFiles\AVG SafeGuard toolbar\Licenses\LICENSE-bsdiff.txt => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgFiles\AVG SafeGuard toolbar\Licenses\LICENSE-bzip.txt => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgFiles\AVG SafeGuard toolbar\Licenses\LICENSE-JasonCpp.txt => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgFiles\AVG SafeGuard toolbar\Licenses\LICENSE-MPL-NPAPI.txt => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgFiles\AVG SafeGuard toolbar\Licenses\LICENSE-sparsehash.txt => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgFiles\AVG SafeGuard toolbar\Licenses\PassthruApp.txt => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgFiles\AVG SafeGuard toolbar\EnableHelperRes\EEImageHandler.html => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgFiles\AVG SafeGuard toolbar\EnableHelperRes\Images\box_ie.png => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgFiles\AVG SafeGuard toolbar\DSPDlg_IE\all.css => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgFiles\AVG SafeGuard toolbar\DSPDlg_IE\btn-ok2.gif => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgFiles\AVG SafeGuard toolbar\DSPDlg_IE\downBtn.png => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgFiles\AVG SafeGuard toolbar\DSPDlg_IE\DSPDlg_IE.html => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgFiles\AVG SafeGuard toolbar\DSPDlg_IE\logo2.png => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgFiles\AVG SafeGuard toolbar\DSPDlg_IE\upBtn.png => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgFiles\AVG SafeGuard toolbar\Chrome\content\icons\bg_close.gif => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgFiles\AVG SafeGuard toolbar\Chrome\content\icons\bg_expand.gif => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgFiles\AVG SafeGuard toolbar\Chrome\content\icons\bg_tooltip.gif => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgFiles\AVG SafeGuard toolbar\Chrome\content\icons\bg_tracking.gif => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgFiles\AVG SafeGuard toolbar\Chrome\content\icons\bull4x4.gif => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgFiles\AVG SafeGuard toolbar\Chrome\content\icons\divider.gif => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgFiles\AVG SafeGuard toolbar\Chrome\content\icons\innerBG_gradient.gif => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgData\FireFoxSearchXml.tmp => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.12\icon.png => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.12\install.rdf => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.12\modules\avg.xml => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.12\modules\Bindings.xml => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.12\modules\configuration_0.css => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.12\modules\configuration_0.xul => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.12\modules\skin\about.png => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.12\modules\skin\active-threats18.png => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.12\modules\skin\ajax-loader.gif => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.12\modules\skin\CleanHistory.png => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.12\modules\skin\close.png => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.12\modules\skin\current.png => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.12\modules\skin\currently-safe18.png => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.12\modules\skin\dnt.png => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.12\modules\skin\Facebook.gif => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.12\modules\skin\feedback.png => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.12\modules\skin\feedicon.png => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.12\modules\skin\help.png => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.12\modules\skin\icon-1G.png => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.12\modules\skin\icon-1R.png => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.12\modules\skin\icon18.png => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.12\modules\skin\icon_search.png => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.12\modules\skin\information-24.png => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.12\modules\skin\labs.png => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.12\modules\skin\loader.gif => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.12\modules\skin\performanceIcon.png => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.12\modules\skin\questionmarkIcon.png => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.12\modules\skin\search.png => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.12\modules\skin\surf-with-caution18.png => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.12\modules\skin\uninstall.png => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.12\modules\skin\updating18.png => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.12\modules\skin\window-close.png => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.12\modules\locale\zh-tw\global.dtd => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.12\modules\locale\zh-cn\global.dtd => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.12\modules\locale\tr\global.dtd => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.12\modules\locale\th\global.dtd => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.12\modules\locale\sv\global.dtd => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.12\modules\locale\sr\global.dtd => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.12\modules\locale\sk\global.dtd => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.12\modules\locale\ru\global.dtd => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.12\modules\locale\ro\global.dtd => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.12\modules\locale\pt-br\global.dtd => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.12\modules\locale\pt\global.dtd => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.12\modules\locale\pl\global.dtd => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.12\modules\locale\nl\global.dtd => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.12\modules\locale\nb\global.dtd => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.12\modules\locale\ms\global.dtd => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.12\modules\locale\ko\global.dtd => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.12\modules\locale\ja\global.dtd => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.12\modules\locale\it\global.dtd => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.12\modules\locale\id\global.dtd => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.12\modules\locale\hu\global.dtd => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.12\modules\locale\hi\global.dtd => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.12\modules\locale\fr\global.dtd => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.12\modules\locale\fi\global.dtd => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.12\modules\locale\es-es\global.dtd => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.12\modules\locale\es\global.dtd => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.12\modules\locale\en\global.dtd => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.12\modules\locale\el\global.dtd => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.12\modules\locale\de\global.dtd => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.12\modules\locale\da\global.dtd => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.12\modules\locale\cs\global.dtd => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.12\modules\locale\af\global.dtd => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.12\locale\en-US\global.dtd => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.12\chrome\avg.jar => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\avg_a07056\ProgData\AVG SafeGuard toolbar\ChromeExt\14.0.0.12\avg.crx => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\audacity_1_2_temp\b00000.au => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\audacity_1_2_temp\b00001.au => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\audacity_1_2_temp\b00002.au => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\audacity_1_2_temp\b00003.au => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\audacity_1_2_temp\b00004.au => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\audacity_1_2_temp\b00005.au => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\audacity_1_2_temp\b00006.au => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\audacity_1_2_temp\b00007.au => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\audacity_1_2_temp\b00008.au => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\audacity_1_2_temp\b00009.au => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\audacity_1_2_temp\b00010.au => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\audacity_1_2_temp\b00011.au => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\audacity_1_2_temp\b00012.au => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\audacity_1_2_temp\b00013.au => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\audacity_1_2_temp\b00014.au => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\audacity_1_2_temp\b00015.au => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\audacity_1_2_temp\b00016.au => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\audacity_1_2_temp\b00017.au => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\audacity_1_2_temp\b00018.au => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\audacity_1_2_temp\b00019.au => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\audacity_1_2_temp\b00020.au => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\audacity_1_2_temp\b00021.au => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\audacity_1_2_temp\b00022.au => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\audacity_1_2_temp\b00023.au => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\audacity_1_2_temp\b00024.au => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\audacity_1_2_temp\b00025.au => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\audacity_1_2_temp\b00026.au => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\audacity_1_2_temp\b00027.au => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\audacity_1_2_temp\b00028.au => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\audacity_1_2_temp\b00029.au => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\audacity_1_2_temp\b00030.au => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\audacity_1_2_temp\b00031.au => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\audacity_1_2_temp\b00032.au => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\audacity_1_2_temp\b00033.au => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\audacity_1_2_temp\b00034.au => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\audacity_1_2_temp\b00035.au => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\audacity_1_2_temp\b00036.au => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\audacity_1_2_temp\b00037.au => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\audacity_1_2_temp\b00038.au => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\audacity_1_2_temp\b00039.au => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\audacity_1_2_temp\b00040.au => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\audacity_1_2_temp\b00041.au => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\audacity_1_2_temp\b00042.au => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\audacity_1_2_temp\b00043.au => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\audacity_1_2_temp\b00044.au => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\audacity_1_2_temp\b00045.au => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\audacity_1_2_temp\b00046.au => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\audacity_1_2_temp\b00047.au => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\audacity_1_2_temp\b00048.au => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\audacity_1_2_temp\b00049.au => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\audacity_1_2_temp\b00050.au => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\audacity_1_2_temp\b00051.au => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\audacity_1_2_temp\b00052.au => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\audacity_1_2_temp\b00053.au => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\audacity_1_2_temp\b00054.au => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\audacity_1_2_temp\b00055.au => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\audacity_1_2_temp\b00056.au => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\audacity_1_2_temp\b00057.au => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\audacity_1_2_temp\b00058.au => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\audacity_1_2_temp\b00059.au => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\audacity_1_2_temp\b00060.au => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\audacity_1_2_temp\b00061.au => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\audacity_1_2_temp\b00062.au => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\audacity_1_2_temp\b00063.au => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\audacity_1_2_temp\b00064.au => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\audacity_1_2_temp\b00065.au => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\audacity_1_2_temp\b00066.au => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\audacity_1_2_temp\b00067.au => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\audacity_1_2_temp\b00068.au => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\audacity_1_2_temp\b00069.au => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\audacity_1_2_temp\b00070.au => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\audacity_1_2_temp\b00071.au => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\audacity_1_2_temp\b00072.au => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\audacity_1_2_temp\b00073.au => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\audacity_1_2_temp\b00074.au => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\audacity_1_2_temp\b00075.au => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\audacity_1_2_temp\b00076.au => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\audacity_1_2_temp\b00077.au => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\audacity_1_2_temp\b00078.au => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\audacity_1_2_temp\b00079.au => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\audacity_1_2_temp\b00080.au => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\audacity_1_2_temp\b00081.au => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\543677228.Uninstall\uninstaller.exe => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\19720_28097\crl-set => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\19720_28097\manifest.fingerprint => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\19720_28097\manifest.json => Moved successfully.
Could not move "C:\Users\Kathy\AppData\Local\Temp" directory. => Scheduled to move on reboot.
 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1E988224-CB3E-44F9-BB5E-0A381835668C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1E988224-CB3E-44F9-BB5E-0A381835668C}" => Key deleted successfully.
C:\Windows\System32\Tasks\Your File Updater => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Your File Updater" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{345ABA97-D8B2-4BEB-ADB5-2AF35A3232A7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{345ABA97-D8B2-4BEB-ADB5-2AF35A3232A7}" => Key deleted successfully.
C:\Windows\System32\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5BA5242F-6AE3-4AB5-BA9D-2B32E0719505}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5BA5242F-6AE3-4AB5-BA9D-2B32E0719505}" => Key deleted successfully.
C:\Windows\System32\Tasks\YourFile Update => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YourFile Update" => Key deleted successfully.
 
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-09-16 22:45:00)<=
 
C:\Users\Kathy\AppData\Local\Temp\FXSAPIDebugLogFile.txt => Is moved successfully.
C:\Users\Kathy\AppData\Local\Temp\~DF7D238BD4F612032A.TMP => Is moved successfully.
C:\Users\Kathy\AppData\Local\Temp => Moved successfully.
 
==== End of Fixlog ====
 
 
ADW cleaner log:
 
# AdwCleaner v3.310 - Report created 16/09/2014 at 23:03:42
# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Kathy - KATHY-PC
# Running from : C:\Users\Kathy\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : WebOptimizer
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Fast Free Converter
Folder Deleted : C:\Program Files (x86)\File Type Helper
Folder Deleted : C:\Program Files (x86)\WebConnect
Folder Deleted : C:\windows\System32\ARFC
Folder Deleted : C:\Users\Kathy\AppData\Local\Conduit
Folder Deleted : C:\Users\Kathy\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\Kathy\AppData\Local\WhiteListing
Folder Deleted : C:\Users\Kathy\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Kathy\AppData\LocalLow\DataMngr
Folder Deleted : C:\Users\Kathy\AppData\LocalLow\Delta
Folder Deleted : C:\Users\Kathy\AppData\LocalLow\Fast Free Converter
Folder Deleted : C:\Users\Kathy\AppData\LocalLow\iac
Folder Deleted : C:\Users\Kathy\AppData\LocalLow\Industriya
Folder Deleted : C:\Users\Kathy\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\Kathy\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\Kathy\AppData\Roaming\UpdaterEX
Folder Deleted : C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\r15i7la1.default\Smartbar
Folder Deleted : C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\r15i7la1.default\SweetPacksToolbarData
Folder Deleted : C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\r15i7la1.default\ValueApps
Folder Deleted : C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\r15i7la1.default\CT3311875
Folder Deleted : C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\r15i7la1.default\Extensions\ffxtlbr@privitize.com
Folder Deleted : C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\r15i7la1.default\Extensions\{5fec7248-515c-47be-ab0a-6bc547472dea}
Folder Deleted : C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf
Folder Deleted : C:\Users\Kathy2\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf
Folder Deleted : C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh
Folder Deleted : C:\Users\Kathy2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh
Folder Deleted : C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
Folder Deleted : C:\Users\Kathy2\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
File Deleted : C:\END
File Deleted : C:\windows\System32\dmwu.exe
File Deleted : C:\windows\System32\ImhxxpComm.dll
File Deleted : C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\r15i7la1.default\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
File Deleted : C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\r15i7la1.default\user.js
File Deleted : C:\Program Files (x86)\Mozilla Firefox\user.js
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\mconduitinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\mconduitinstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_1_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_1_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\prompt_installer-conduit_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\prompt_installer-conduit_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateWebConnect_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateWebConnect_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFile_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFile_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFileUpdater_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFileUpdater_RASMANCS
Key Deleted : HKCU\Software\a55d68fe76fbf41
Key Deleted : HKLM\SOFTWARE\a55d68fe76fbf41
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3281675
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3311875
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_ifunbox_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_ifunbox_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A86782D8-7B41-452F-A217-1854F72DBA54}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CF6E4B1C-DBDE-457E-9CEF-AB8ECAC8A5E8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{17B10E59-09E1-4C39-A738-6774D7AB7778}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD2049E-E483-4425-8555-8E0775ACB631}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D73F2D0-2FAB-458E-977D-2F9050E0ED60}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9083CE-8758-4704-BA57-3C891D7452BD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE26843-9171-4F23-A8E5-5421701276A4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3E9469AF-E866-4476-B767-810630F1F6E7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{47700C35-9E3E-4DAD-934C-0CE28A87237C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{716E443D-7CAA-44F1-866B-F45D00E712CC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{72063D77-7590-4DA9-A7F8-F5ECAF3632C4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7FC87AC5-FA93-476E-A32C-A941229DED0B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKCU\Software\BABSOLUTION
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKCU\Software\PrivitizeVPNInstallDates
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKCU\Software\UpdaterEX
Key Deleted : HKCU\Software\usyndication.com
Key Deleted : HKCU\Software\WNLT
Key Deleted : HKCU\Software\YourFileDownloader
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\DataMngr
Key Deleted : HKLM\SOFTWARE\Delta
Key Deleted : HKLM\SOFTWARE\Myfree Codec
Key Deleted : HKLM\SOFTWARE\WebConnect
Key Deleted : HKLM\SOFTWARE\YourFileDownloader
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.9
Key Deleted : [x64] HKLM\SOFTWARE\Updater By Sweetpacks
Key Deleted : [x64] HKLM\SOFTWARE\WNLT
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17280
 
 
-\\ Mozilla Firefox v32.0.1 (x86 en-US)
 
[ File : C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\r15i7la1.default\prefs.js ]
 
Line Deleted : user_pref("CT3311875.1000082.isPlayDisplay", "true");
Line Deleted : user_pref("CT3311875.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock - Rock\",\"url\":\"hxxp://www.feedlive.net/california.asx\"}");
Line Deleted : user_pref("CT3311875.1000234.TWC_TMP_city", "CHICAGO");
Line Deleted : user_pref("CT3311875.1000234.TWC_TMP_country", "US");
Line Deleted : user_pref("CT3311875.1000234.TWC_country", "UNITED STATES");
Line Deleted : user_pref("CT3311875.1000234.TWC_locId", "USIL0225");
Line Deleted : user_pref("CT3311875.1000234.TWC_location", "Chicago, IL");
Line Deleted : user_pref("CT3311875.1000234.TWC_region", "US");
Line Deleted : user_pref("CT3311875.1000234.TWC_temp_dis", "f");
Line Deleted : user_pref("CT3311875.1000234.TWC_wind_dis", "mph");
Line Deleted : user_pref("CT3311875.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3311875.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3311875.FF19Solved", "true");
Line Deleted : user_pref("CT3311875.FirstTime", "true");
Line Deleted : user_pref("CT3311875.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3311875.PG_ENABLE", "dHJ1ZQ==");
Line Deleted : user_pref("CT3311875.RestartDialogFirstTime", "false");
Line Deleted : user_pref("CT3311875.RestartDialogShouldDisplay", "false");
Line Deleted : user_pref("CT3311875.SF_JUST_INSTALLED", "%CC%C7%D2%D9%CB");
Line Deleted : user_pref("CT3311875.SF_JUST_INSTALLED.enc", "RkFMU0U=");
Line Deleted : user_pref("CT3311875.SF_STATUS", "%CB%D4%C7%C8%D2%CB%CA");
Line Deleted : user_pref("CT3311875.SF_STATUS.enc", "RU5BQkxFRA==");
Line Deleted : user_pref("CT3311875.SF_USER_ID", "%E9%EF%EA%E5%B7%B7%B7%B7%B8%B6%B7%B9%B6%B8%B8%BF%B8%B7%BC%BD%BE%B8");
Line Deleted : user_pref("CT3311875.SF_USER_ID.enc", "Y2lkXzExMTEyMDEzMDIyOTIxNjc4Mg==");
Line Deleted : user_pref("CT3311875.SearchAppState.enc", "Mg==");
Line Deleted : user_pref("CT3311875.SearchAppTracking.enc", "MQ==");
Line Deleted : user_pref("CT3311875.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311875&SearchSource=2&CUI=UN49867184978989150&UM=2&q=");
Line Deleted : user_pref("CT3311875.UserID", "UN49867184978989150");
Line Deleted : user_pref("CT3311875._key_cl_active", "%B8%E8%B7%EA%B6%E7%BC%E9%B3%BD%BB%EB%EC%B3%BA%B6%EB%BA%B3%E7%BD%BA%EB%B3%BA%B7%BD%E8%B7%B6%E7%EC%BB%B7%E9%E7");
Line Deleted : user_pref("CT3311875._key_cl_active.enc", "MmIxZDBhNmMtNzVlZi00MGU0LWE3NGUtNDE3YjEwYWY1MWNh");
Line Deleted : user_pref("CT3311875.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3311875.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3311875.cb_experience_000", "%B8%B9");
Line Deleted : user_pref("CT3311875.cb_experience_000.enc", "MjM=");
Line Deleted : user_pref("CT3311875.cb_firstuse0100", "%B7");
Line Deleted : user_pref("CT3311875.cb_firstuse0100.enc", "MQ==");
Line Deleted : user_pref("CT3311875.cb_user_id_000", "%C9%C8%B8%BD%B8%BE%BB%B7%BF%BA%BA%B6%B8%B9%E5%B7%B9%BE%BA%B7%BF%B8%BD%B7%BE%B6%B6%BA%E5%CC%EF%F8%EB%EC%F5%FE");
Line Deleted : user_pref("CT3311875.cb_user_id_000.enc", "Q0IyNzI4NTE5NDQwMjNfMTM4NDE5MjcxODAwNF9GaXJlZm94");
Line Deleted : user_pref("CT3311875.cbfirsttime", "%D3%F5%F4%A6%D4%F5%FC%A6%B7%B7%A6%B8%B6%B7%B9%A6%B6%B6%C0%B8%B8%C0%B7%B7%A6%CD%D3%DA%B3%B6%BC%B6%B6%A6%AE%C9%EB%F4%FA%F8%E7%F2%A6%D9%FA%E7%F4%EA%E7%F8%EA%A6%DA%EF%F[...]
Line Deleted : user_pref("CT3311875.cbfirsttime.enc", "TW9uIE5vdiAxMSAyMDEzIDAwOjIyOjExIEdNVC0wNjAwIChDZW50cmFsIFN0YW5kYXJkIFRpbWUp");
Line Deleted : user_pref("CT3311875.countryCode", "US");
Line Deleted : user_pref("CT3311875.defaultSearch", "true");
Line Deleted : user_pref("CT3311875.discover-experiments-photopop", "%u0101%A8%F4%E7%F3%EB%A8%C0%A8%F6%EE%F5%FA%F5%F6%F5%F6%B7%A8%B2%A8%FC%EB%F8%F9%EF%F5%F4%A8%C0%B7%B6%u0103");
Line Deleted : user_pref("CT3311875.discover-experiments-photopop.enc", "eyJuYW1lIjoicGhvdG9wb3AxIiwidmVyc2lvbiI6MTB9");
Line Deleted : user_pref("CT3311875.discover-periodic-reports", "%u0101%A8%F6%EF%F4%ED%E5%B6%A8%C0%E1%B7%B9%BE%BB%B6%BB%B8%B8%BF%BA%BD%B8%BB%B2%B7%BA%BA%B6%B6%B6%B6%B6%E3%u0103");
Line Deleted : user_pref("CT3311875.discover-periodic-reports.enc", "eyJwaW5nXzAiOlsxMzg1MDUyMjk0NzI1LDE0NDAwMDAwXX0=");
Line Deleted : user_pref("CT3311875.discover-user-id", "%A8%EC%BB%EC%EC%E9%B8%EA%EB%B3%BB%BD%B9%B7%B3%BA%BB%E7%BD%B3%E7%EC%EC%B6%B3%BE%EC%BB%EA%BA%BF%B7%E8%BA%E7%BC%BD%A8");
Line Deleted : user_pref("CT3311875.discover-user-id.enc", "ImY1ZmZjMmRlLTU3MzEtNDVhNy1hZmYwLThmNWQ0OTFiNGE2NyI=");
Line Deleted : user_pref("CT3311875.embeddedsData", "[{\"appId\":\"130209861233481410\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Deleted : user_pref("CT3311875.enableAlerts", "true");
Line Deleted : user_pref("CT3311875.enableSearchFromAddressBar", "true");
Line Deleted : user_pref("CT3311875.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT3311875.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT3311875.fixPageNotFoundErrorByUser", "true");
Line Deleted : user_pref("CT3311875.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3311875.fullUserID", "UN49867184978989150.IN.20131111002134");
Line Deleted : user_pref("CT3311875.ground-country-code", "%A8%DB%D9%A8");
Line Deleted : user_pref("CT3311875.ground-country-code.enc", "IlVTIg==");
Line Deleted : user_pref("CT3311875.homepageuserchanged", true);
Line Deleted : user_pref("CT3311875.impression_session_counter", "%B6");
Line Deleted : user_pref("CT3311875.impression_session_counter.enc", "MA==");
Line Deleted : user_pref("CT3311875.impression_session_id", "%A8%BE%BB%E8%B6%E8%EB%BA%EB%B3%BB%BB%BF%B9%B3%BA%E7%BD%BA%B3%E8%BA%BC%B9%B3%E8%EA%EA%EC%EB%B9%E7%E8%B9%B7%B9%BE%A8");
Line Deleted : user_pref("CT3311875.impression_session_id.enc", "Ijg1YjBiZTRlLTU1OTMtNGE3NC1iNDYzLWJkZGZlM2FiMzEzOCI=");
Line Deleted : user_pref("CT3311875.impression_session_last_active", "%B7%B9%BE%BB%B6%BB%B8%B9%B6%BF%BA%BC%BE");
Line Deleted : user_pref("CT3311875.impression_session_last_active.enc", "MTM4NTA1MjMwOTQ2OA==");
Line Deleted : user_pref("CT3311875.installDate", "11/11/2013 00:21:40");
Line Deleted : user_pref("CT3311875.installId", "cidoc");
Line Deleted : user_pref("CT3311875.installSessionId", "{62A7C2F8-B2D9-4460-AD39-5440DB730048}");
Line Deleted : user_pref("CT3311875.installSp", "TRUE");
Line Deleted : user_pref("CT3311875.installType", "conduitnsisintegration");
Line Deleted : user_pref("CT3311875.installUsage", "2013-11-11T09:21:31.1359341+03:00");
Line Deleted : user_pref("CT3311875.installUsageEarly", "2013-11-11T09:21:28.6046679+03:00");
Line Deleted : user_pref("CT3311875.installerVersion", "1.8.0.14");
Line Deleted : user_pref("CT3311875.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3311875.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3311875.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3311875.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3311875.keyword", true);
Line Deleted : user_pref("CT3311875.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?gd=&ctid=CT3311875&octid=CT3311875&ISID=ISID_ID&SearchSource=15&CUI=UN49867184978989150&Lay=1&[...]
Line Deleted : user_pref("CT3311875.lastVersion", "10.33.0.517");
Line Deleted : user_pref("CT3311875.mam_gk_appStateReportTime", "%B7%B9%BE%BB%B6%BB%B8%B8%BE%BF%BA%B8%B8");
Line Deleted : user_pref("CT3311875.mam_gk_appStateReportTime.enc", "MTM4NTA1MjI4OTQyMg==");
Line Deleted : user_pref("CT3311875.mam_gk_appState_Clarity_Active", "%F5%F4");
Line Deleted : user_pref("CT3311875.mam_gk_appState_Clarity_Active.enc", "b24=");
Line Deleted : user_pref("CT3311875.mam_gk_appState_CouponBuddy", "%F5%F4");
Line Deleted : user_pref("CT3311875.mam_gk_appState_CouponBuddy.enc", "b24=");
Line Deleted : user_pref("CT3311875.mam_gk_appState_Discover", "%F5%F4");
Line Deleted : user_pref("CT3311875.mam_gk_appState_Discover.enc", "b24=");
Line Deleted : user_pref("CT3311875.mam_gk_appState_Easytobook", "%F5%F4");
Line Deleted : user_pref("CT3311875.mam_gk_appState_Easytobook.enc", "b24=");
Line Deleted : user_pref("CT3311875.mam_gk_appState_Easytobook_targeted", "%F5%F4");
Line Deleted : user_pref("CT3311875.mam_gk_appState_Easytobook_targeted.enc", "b24=");
Line Deleted : user_pref("CT3311875.mam_gk_appState_Easytobookcars", "%F5%F4");
Line Deleted : user_pref("CT3311875.mam_gk_appState_Easytobookcars.enc", "b24=");
Line Deleted : user_pref("CT3311875.mam_gk_appState_Find-a-Pro", "%F5%F4");
Line Deleted : user_pref("CT3311875.mam_gk_appState_Find-a-Pro.enc", "b24=");
Line Deleted : user_pref("CT3311875.mam_gk_appState_JobsMiner", "%F5%F4");
Line Deleted : user_pref("CT3311875.mam_gk_appState_JobsMiner.enc", "b24=");
Line Deleted : user_pref("CT3311875.mam_gk_appState_PriceGong", "%F5%F4");
Line Deleted : user_pref("CT3311875.mam_gk_appState_PriceGong.enc", "b24=");
Line Deleted : user_pref("CT3311875.mam_gk_appState_WindowShopper", "%F5%F4");
Line Deleted : user_pref("CT3311875.mam_gk_appState_WindowShopper.enc", "b24=");
Line Deleted : user_pref("CT3311875.mam_gk_appsConfig.enc", "eyJBcHBzQ29uZmlndXJhdGlvbiI6W3siaWQiOiJDbGFyaXR5X0FjdGl2ZSIsInVybCI6Imh0dHA6Ly9zdG9yYWdlLmNvbmR1aXQuY29tL21hbS8zcmRwYXJ0eWFwcHMvY2xhcml0eVJheS9jcl9hY3Rpdm[...]
Line Deleted : user_pref("CT3311875.mam_gk_appsDefaultEnabled", "%F4%FB%F2%F2");
Line Deleted : user_pref("CT3311875.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Line Deleted : user_pref("CT3311875.mam_gk_calledSetupService", "%B7");
Line Deleted : user_pref("CT3311875.mam_gk_calledSetupService.enc", "MQ==");
Line Deleted : user_pref("CT3311875.mam_gk_currentVersion", "%B7%B4%B7%B7%B4%BA%B4%B8");
Line Deleted : user_pref("CT3311875.mam_gk_currentVersion.enc", "MS4xMS40LjI=");
Line Deleted : user_pref("CT3311875.mam_gk_existingUsersRecoveryDone", "%B7");
Line Deleted : user_pref("CT3311875.mam_gk_existingUsersRecoveryDone.enc", "MQ==");
Line Deleted : user_pref("CT3311875.mam_gk_first_time", "%B7");
Line Deleted : user_pref("CT3311875.mam_gk_first_time.enc", "MQ==");
Line Deleted : user_pref("CT3311875.mam_gk_globalKeysMigratedToLocalStorage", "%B7");
Line Deleted : user_pref("CT3311875.mam_gk_globalKeysMigratedToLocalStorage.enc", "MQ==");
Line Deleted : user_pref("CT3311875.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3311875.mam_gk_lastLoginTime", "%B7%B9%BE%BB%B6%BB%B8%B8%BF%B7%B6%BD%BB");
Line Deleted : user_pref("CT3311875.mam_gk_lastLoginTime.enc", "MTM4NTA1MjI5MTA3NQ==");
Line Deleted : user_pref("CT3311875.mam_gk_localization.enc", "eyJkaWFsb2dPSyI6eyJUZXh0IjoiT0sifSwiZG1ib3gxIjp7IlRleHQiOiJEZWFsXHJcbm9mIHRoZSBkYXkifSwiZG1ib3gyIjp7IlRleHQiOiJGcmVlXHJcblNoaXBtZW50In0sImRtYnVsbGV0MSI6[...]
Line Deleted : user_pref("CT3311875.mam_gk_mamEnabled", "%FA%F8%FB%EB");
Line Deleted : user_pref("CT3311875.mam_gk_mamEnabled.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3311875.mam_gk_new_welcome_experience", "%B7");
Line Deleted : user_pref("CT3311875.mam_gk_new_welcome_experience.enc", "MQ==");
Line Deleted : user_pref("CT3311875.mam_gk_pgUnloadedOnce", "%FA%F8%FB%EB");
Line Deleted : user_pref("CT3311875.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3311875.mam_gk_settings1.11.4.2", "%u0101%A8%D9%FA%E7%FA%FB%F9%A8%C0%A8%F9%FB%E9%E9%EB%EB%EA%EB%EA%A8%B2%A8%CA%E7%FA%E7%A8%C0%u0101%A8%E9%FB%F8%F8%EB%F4%FA%CA%E7%FA%EB%A8%C0%A8%B8%B6%B7%B[...]
Line Deleted : user_pref("CT3311875.mam_gk_settings1.11.4.2.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImN1cnJlbnREYXRlIjoiMjAxMzExMjEiLCJpbnRlcnZhbCI6MjQwLCJzdGFtcCI6IjEwNDNfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50[...]
Line Deleted : user_pref("CT3311875.mam_gk_showWelcomeGadget", "%EC%E7%F2%F9%EB");
Line Deleted : user_pref("CT3311875.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3311875.mam_gk_stamp", "%B7%B6%BA%B9%E5%B6");
Line Deleted : user_pref("CT3311875.mam_gk_stamp.enc", "MTA0M18w");
Line Deleted : user_pref("CT3311875.mam_gk_userId", "%B8%E9%BF%BE%B7%B9%B6%B7%B3%E8%BD%B6%E9%B3%BA%EA%BD%BB%B3%BF%BF%B8%B6%B3%E8%BE%BE%BE%EA%BF%E7%BC%BA%B7%EC%EB");
Line Deleted : user_pref("CT3311875.mam_gk_userId.enc", "MmM5ODEzMDEtYjcwYy00ZDc1LTk5MjAtYjg4OGQ5YTY0MWZl");
Line Deleted : user_pref("CT3311875.mam_gk_user_approval_interacted", "%B7");
Line Deleted : user_pref("CT3311875.mam_gk_user_approval_interacted.enc", "MQ==");
Line Deleted : user_pref("CT3311875.mam_gk_welcomeDialogMode", "%B7");
Line Deleted : user_pref("CT3311875.mam_gk_welcomeDialogMode.enc", "MQ==");
Line Deleted : user_pref("CT3311875.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"kathy915\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Findex.php%3Fapp%3Dcore%26module%3Dglobal%26secti[...]
Line Deleted : user_pref("CT3311875.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3311875.openThankYouPage", "false");
Line Deleted : user_pref("CT3311875.openUninstallPage", "true");
Line Deleted : user_pref("CT3311875.originalHomepage", "hxxp://www1.delta-search.com/?affID=121232&babsrc=HP_ss&mntrId=AC8FAC8112538B71");
Line Deleted : user_pref("CT3311875.originalSearchAddressUrl", "");
Line Deleted : user_pref("CT3311875.originalSearchEngine", "Google");
Line Deleted : user_pref("CT3311875.originalSearchEngineName", "");
Line Deleted : user_pref("CT3311875.performedDomainChangesMigration", "true");
Line Deleted : user_pref("CT3311875.price-gong.isManagedApp", "true");
Line Deleted : user_pref("CT3311875.revertSettingsEnabled", "false");
Line Deleted : user_pref("CT3311875.search.searchAppId", "130209861233481410");
Line Deleted : user_pref("CT3311875.search.searchCount", "2");
Line Deleted : user_pref("CT3311875.searchFromAddressBarEnabledByUser", "true");
Line Deleted : user_pref("CT3311875.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT3311875.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT3311875.searchRevert", "false");
Line Deleted : user_pref("CT3311875.searchSuggestEnabledByUser", "true");
Line Deleted : user_pref("CT3311875.searchUserMode", "2");
Line Deleted : user_pref("CT3311875.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3311875.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3311875.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT3311875.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3311875\"}");
Line Deleted : user_pref("CT3311875.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://SweetTunesToolbar.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT3311875.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"SweetTunes \"}");
Line Deleted : user_pref("CT3311875.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3311875.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT3311875.serviceLayer_services_Configuration_lastUpdate", "1410925846888");
Line Deleted : user_pref("CT3311875.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1410585446129");
Line Deleted : user_pref("CT3311875.serviceLayer_services_appTracking_lastUpdate", "1385052284040");
Line Deleted : user_pref("CT3311875.serviceLayer_services_appsMetadata_lastUpdate", "1410925844361");
Line Deleted : user_pref("CT3311875.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1410585446240");
Line Deleted : user_pref("CT3311875.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1384150916335");
Line Deleted : user_pref("CT3311875.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1384150919537");
Line Deleted : user_pref("CT3311875.serviceLayer_services_login_10.21.1.7_lastUpdate", "1385052283885");
Line Deleted : user_pref("CT3311875.serviceLayer_services_login_10.22.5.510_lastUpdate", "1387031503978");
Line Deleted : user_pref("CT3311875.serviceLayer_services_login_10.23.0.822_lastUpdate", "1405995102767");
Line Deleted : user_pref("CT3311875.serviceLayer_services_login_10.33.0.505_lastUpdate", "1407682595614");
Line Deleted : user_pref("CT3311875.serviceLayer_services_login_10.33.0.517_lastUpdate", "1410925844711");
Line Deleted : user_pref("CT3311875.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1410585446210");
Line Deleted : user_pref("CT3311875.serviceLayer_services_searchAPI_lastUpdate", "1410925846591");
Line Deleted : user_pref("CT3311875.serviceLayer_services_serviceMap_lastUpdate", "1410925844701");
Line Deleted : user_pref("CT3311875.serviceLayer_services_toolbarContextMenu_lastUpdate", "1410925844786");
Line Deleted : user_pref("CT3311875.serviceLayer_services_toolbarSettings_lastUpdate", "1410925844768");
Line Deleted : user_pref("CT3311875.serviceLayer_services_translation_lastUpdate", "1410925844690");
Line Deleted : user_pref("CT3311875.settingsINI", true);
Line Deleted : user_pref("CT3311875.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT3311875.showToolbarPermission", "false");
Line Deleted : user_pref("CT3311875.smartbar.CTID", "CT3311875");
Line Deleted : user_pref("CT3311875.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3311875.smartbar.homepage", "true");
Line Deleted : user_pref("CT3311875.smartbar.toolbarName", "SweetTunes ");
Line Deleted : user_pref("CT3311875.startPage", "true");
Line Deleted : user_pref("CT3311875.toolbarBornServerTime", "11-11-2013");
Line Deleted : user_pref("CT3311875.toolbarCurrentServerTime", "17-9-2014");
Line Deleted : user_pref("CT3311875.toolbarInstallDate", "11-11-2013 00:21:34");
Line Deleted : user_pref("CT3311875.toolbarLoginClientTime", "Mon Nov 11 2013 00:21:59 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("CT3311875.twitter_v1.8.0_twitter_app_open_t_f.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3311875.url_history0001", "%EE%FA%FA%F6%C0%B5%B5%FD%FD%FD%BE%B4%ED%E7%F8%F3%EF%F4%B4%E9%F5%F3%B5%F6%F8%F5%EA%FB%E9%FA%F9%B5%FD%EB%E8%FB%F6%EA%E7%FA%EB%F8%B5%EE%F5%FD%FA%F5%EF%F4%F9%FA%E7%[...]
Line Deleted : user_pref("CT3311875.url_history0001.enc", "aHR0cDovL3d3dzguZ2FybWluLmNvbS9wcm9kdWN0cy93ZWJ1cGRhdGVyL2hvd3RvaW5zdGFsbC5qc3A6OjpjbGlja2hhbmRsZXI6OjoxMzg1MDYxMTEyOTQ3LCwsaHR0cDovL3d3dzguZ2FybWluLmNvbS9w[...]
Line Deleted : user_pref("CT3311875.versionFromInstaller", "10.21.1.7");
Line Deleted : user_pref("CT3311875.xpeMode", "0");
Line Deleted : user_pref("CT3311875_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1410925839544,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/Results.aspx?CUI=UN49867184978989150&ctid=CT3315039&searchsource=55&UM=2&&UP=SP897E6316-43C7-4E00-A6B5-477CAB2F0E64");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "SweetTunes Search");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/&CUI=UN49867184978989150");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("Smartbar.TBHomepagesList", "hxxp://search.conduit.com/Results.aspx?CUI=UN49867184978989150&ctid=CT3315039&searchsource=55&UM=2&&UP=SP897E6316-43C7-4E00-A6B5-477CAB2F0E64");
Line Deleted : user_pref("Smartbar.TBSearchEngineList", "SweetTunes Search");
Line Deleted : user_pref("Smartbar.TBSearchUrlList", "hxxp://search.conduit.com/&CUI=UN49867184978989150");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3311875");
Line Deleted : user_pref("browser.newtab.url", "hxxp://search.conduit.com/Results.aspx?ctid=CT3315039&searchsource=69&UM=2&");
Line Deleted : user_pref("browser.search.defaultenginename", "SweetTunes Search");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "SweetTunes Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311875&CUI=UN49867184978989150&UM=2&SearchSource=3&q={searchTerms}");
Line Deleted : user_pref("browser.search.selectedEngine", "SweetTunes Search");
Line Deleted : user_pref("extensions.delta.admin", false);
Line Deleted : user_pref("extensions.delta.aflt", "babsst");
Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Deleted : user_pref("extensions.delta.autoRvrt", "false");
Line Deleted : user_pref("extensions.delta.dfltLng", "en");
Line Deleted : user_pref("extensions.delta.excTlbr", false);
Line Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
Line Deleted : user_pref("extensions.delta.id", "ac8fccc0000000000000ac8112538b71");
Line Deleted : user_pref("extensions.delta.instlDay", "15974");
Line Deleted : user_pref("extensions.delta.instlRef", "sst");
Line Deleted : user_pref("extensions.delta.newTab", false);
Line Deleted : user_pref("extensions.delta.prdct", "delta");
Line Deleted : user_pref("extensions.delta.prtnrId", "delta");
Line Deleted : user_pref("extensions.delta.rvrt", "false");
Line Deleted : user_pref("extensions.delta.smplGrp", "none");
Line Deleted : user_pref("extensions.delta.tlbrId", "coupon2");
Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.delta.vrsn", "1.8.24.6");
Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.24.68:00:43");
Line Deleted : user_pref("extensions.delta.vrsni", "1.8.24.6");
Line Deleted : user_pref("extensions.delta_i.babExt", "");
Line Deleted : user_pref("extensions.delta_i.babTrack", "affID=119351&tt=250913_cpn2&tsp=5017");
Line Deleted : user_pref("extensions.delta_i.srcExt", "ss");
Line Deleted : user_pref("extensions.privitize.hpFFXOld", "hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={D3B389FF-AA9B-11E2-984D-C89CDC233C74}");
Line Deleted : user_pref("extensions.privitize.srchPrvdr", "Search The Web (privitize)");
Line Deleted : user_pref("keyword.URL", "hxxp://trovi.com/ResultsExt.aspx?ctid=CT3311875&SearchSource=2&CUI=UN49867184978989150&UM=2&q=");
Line Deleted : user_pref("plugin.state.npconduitfirefoxplugin", 2);
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3311875");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3311875&CUI=UN49867184978989150&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3311875&octid=CT3311875&SearchSource[...]
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311875&SearchSource=2&CUI=UN49867184978989150&UM=2&q=,hxxp://trovi.com/ResultsExt.aspx?ctid=CT33118[...]
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3311875");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3311875");
Line Deleted : user_pref("smartbar.homepageList", "hxxp://search.conduit.com/?ctid=CT3311875&CUI=UN49867184978989150&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3311875&octid=CT3311875&SearchSource=61&CUI[...]
Line Deleted : user_pref("smartbar.machineId", "F0CZUITKOBXQIN9EXH/NECHSSHA/HKH6GCAVL0RLLQSHBVEVEJSO9PTR8ZF4DMCFYBTOE036F0MKRYVO3SSP2A");
Line Deleted : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3311875&CUI=UN49867184978989150&UM=2&SearchSource=13");
Line Deleted : user_pref("smartbar.searchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311875&SearchSource=2&CUI=UN49867184978989150&UM=2&q=,hxxp://trovi.com/ResultsExt.aspx?ctid=CT3311875&Sear[...]
Line Deleted : user_pref("sweetim.toolbar.RevertDialog.enable", "false");
Line Deleted : user_pref("sweetim.toolbar.SearchBoxLogo", "bing.png");
Line Deleted : user_pref("sweetim.toolbar.SearchBoxText", "Search with Bing");
Line Deleted : user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true");
Line Deleted : user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "0");
Line Deleted : user_pref("sweetim.toolbar.Visibility.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.Visibility.intervaldays", "7");
Line Deleted : user_pref("sweetim.toolbar.cargo", "3.5000006.10042");
Line Deleted : user_pref("sweetim.toolbar.cda.DisableOveride.enable", "false");
Line Deleted : user_pref("sweetim.toolbar.cda.HideOveride.enable", "false");
Line Deleted : user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "false");
Line Deleted : user_pref("sweetim.toolbar.defaultProvider", "bng");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-handler.js");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.height", "335");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.asp?lang=$locale_id;&toolbar_version=$ITEM_VERSION;&crg=$cargo;");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.width", "761");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-handler.js");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.height", "300");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.width", "500");
Line Deleted : user_pref("sweetim.toolbar.dialogs.2.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handler.js");
Line Deleted : user_pref("sweetim.toolbar.dialogs.2.height", "150");
Line Deleted : user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");
Line Deleted : user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");
Line Deleted : user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");
Line Deleted : user_pref("sweetim.toolbar.dialogs.2.width", "530");
Line Deleted : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.google.com/.*|.*.google.co.in/.*|.*.google.com.br/.*|.*.google.es/.*|.*.youtube.com/.*|.*.yahoo.com/.*|.[...]
Line Deleted : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Line Deleted : user_pref("sweetim.toolbar.keywordUrlGuard.enable", "false");
Line Deleted : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Line Deleted : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Line Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Line Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Line Deleted : user_pref("sweetim.toolbar.mode.debug", "false");
Line Deleted : user_pref("sweetim.toolbar.newtab.created", "true");
Line Deleted : user_pref("sweetim.toolbar.newtab.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.newtab.url", "hxxp://start.sweetpacks.com/?src=97&barid=$toolbar_id;&crg=$cargo;");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Line Deleted : user_pref("sweetim.toolbar.rc.url", "hxxp://www.sweetim.com/simffbar/rc.html?toolbar_version=$ITEM_VERSION;&crg=$cargo;&flavour=$flavr;");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.enable", "false");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.callback", "simVerification");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "hxxps://(www.|apps.)?facebook\\.com.*");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.enable", "false");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_hxxpS");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.callback", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..*|.*.yahoo..*|.*.youtube.com.*|.*ask.com.*|.*.sweetim.com.*");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.enable", "false");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?si=3104&tid=chff1");
Line Deleted : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"hxxp://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://search.yahoo.com/*\" param=\"[...]
Line Deleted : user_pref("sweetim.toolbar.search.history", "dowagiac%20zip%20code,Ste.Genevieve,tsa,air%20tran,booking%20buddy");
Line Deleted : user_pref("sweetim.toolbar.search.history.capacity", "10");
Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "false");
Line Deleted : user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");
Line Deleted : user_pref("sweetim.toolbar.simapp_id", "{D3B389FF-AA9B-11E2-984D-C89CDC233C74}");
Line Deleted : user_pref("sweetim.toolbar.urls.afteruninstall", "hxxp://toolbar.sweetpacks.com/uninstallbar.asp?barid=$toolbar_id;&flavour=$flavr;");
Line Deleted : user_pref("sweetim.toolbar.urls.contactus", "hxxp://www.perion.com/contact-us");
Line Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={D3B389FF-AA9B-11E2-984D-C89CDC233C74}");
Line Deleted : user_pref("sweetim.toolbar.urls.privacy", "hxxp://www.perion.com/privacy-policy");
Line Deleted : user_pref("sweetim.toolbar.urls.searchpage", "hxxp://start.sweetpacks.com/?barid=$toolbar_id;");
Line Deleted : user_pref("sweetim.toolbar.urls.uninstall", "hxxp://toolbar.sweetpacks.com/uninstall");
Line Deleted : user_pref("sweetim.toolbar.version", "1.12.0.0");
Line Deleted : user_pref("valueApps.CT3311875./9B+7E+x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3311875./9B+7E,x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3311875./9B+7E-x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3311875./9B+7E.:2z527", "2423");
Line Deleted : user_pref("valueApps.CT3311875./9B+7E.:2z527.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3311875./9B+7E.x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3311875./9B+7E/x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3311875./9B+7E06CG5EL8:", "6E6C70726E6C70726F77");
Line Deleted : user_pref("valueApps.CT3311875./9B+7E06CG5EL8:.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311875./9B+7E06CG5EL;8I:K", "247E2D2F226A7472767874727678757D242F4B49474F42357D5D5C3D");
Line Deleted : user_pref("valueApps.CT3311875./9B+7E06CG5EL;8I:K.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311875./9B+7E0x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3311875./9B+7E1x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3311875./9B+7E2x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3311875./9B+7E31;CJ69=7E\"MBE.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3311875./9B+7E31;CJ7FK;KG#8QKEF)TIL.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3311875./9B+7E31;CJ7FK;KG#NCEP@MC+VKN.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3311875./9B+7E31;CJ?<DA;\"MBE.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3311875./9B+7E31;CJEIK4!LAD.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3311875./9B+7E31;CJG9KDG<DH??'FDP.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3311875./9B+7E3x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3311875./9B+7E4x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3311875./9B+7E5x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3311875./9B+7E6x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3311875./9B+7E7x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3311875./9B+7E8x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3311875./9B+7E9x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3311875./9B+7E:x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3311875./9B+7E;x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3311875./9B+7E<x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3311875./9B+7E=x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3311875./9B+7E>x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3311875./9B+7E?x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3311875./9B+7E@x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3311875./9B+7EAx305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3311875./9B+7EBE3G=;D9N9=D", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D334B57");
Line Deleted : user_pref("valueApps.CT3311875./9B+7EBE3G=;D9N9=D.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311875./9B+7EBx305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3311875./9B+7ECx305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3311875./9B+7EDx305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3311875./9B+7Etx305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3311875./9B-0?3G>D", "6A6E406D6B6B42437A774372782075487B21257A4E24262A27232A29595B2E5B5C296061");
Line Deleted : user_pref("valueApps.CT3311875./9B-0?3G>D.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311875./9B-0?3G@6:5;", "");
Line Deleted : user_pref("valueApps.CT3311875./9B-0?3G@6:5;.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311875./9B-0?3GFA7EF", "2B2E2C3D");
Line Deleted : user_pref("valueApps.CT3311875./9B-0?3GFA7EF.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311875./9B-3=3ECCJA=F>", "247E333D2C452F4135276F292A212C393D44307832332A354448584C3A23282E2E3132333435363B466068576C5E6857705A6C60606B6668563F73796F697861");
Line Deleted : user_pref("valueApps.CT3311875./9B-3=3ECCJA=F>.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311875./9B/>01=9A6K6<IM;KRIE@PDAWM", "6A696B7273747576");
Line Deleted : user_pref("valueApps.CT3311875./9B/>01=9A6K6<IM;KRIE@PDAWM.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311875./9B3=>@44I48?", "372C2D3269757633423633414847203E3D474E4D4C45474F2A554A4D2D5858585E4B554E366352564F");
Line Deleted : user_pref("valueApps.CT3311875./9B3=>@44I48?.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311875./9B5BA==9CJAG", "6F683D3E6E6B40437A7872447B7C4A777E794C507C");
Line Deleted : user_pref("valueApps.CT3311875./9B5BA==9CJAG.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311875./9B6B11G4C56B>F;P;ANR@P", "6E6C70726E6C7072727572717A");
Line Deleted : user_pref("valueApps.CT3311875./9B6B11G4C56B>F;P;ANR@P.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311875./9B90E@.3C;7B=?OFB>>RHIQS", "393F352F3E");
Line Deleted : user_pref("valueApps.CT3311875./9B90E@.3C;7B=?OFB>>RHIQS.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311875./9B9643G3/9E", "6A");
Line Deleted : user_pref("valueApps.CT3311875./9B9643G3/9E.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311875./9B;45>:BI9I7IE", "2B2E2C3D");
Line Deleted : user_pref("valueApps.CT3311875./9B;45>:BI9I7IE.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311875./9B<:222H64<", "393F352F3E");
Line Deleted : user_pref("valueApps.CT3311875./9B<:222H64<.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311875./9B<:222H64<L8DAJ", "6D70706F7673737977772A7A7B727D79757C7C");
Line Deleted : user_pref("valueApps.CT3311875./9B<:222H64<L8DAJ.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311875./9B=+03EH8H8J?:", "4443");
Line Deleted : user_pref("valueApps.CT3311875./9B=+03EH8H8J?:.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311875./9B?+E2A52D8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52");
Line Deleted : user_pref("valueApps.CT3311875./9B?+E2A52D8.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311875./9B?B0D:8AJ62<H", "6D");
Line Deleted : user_pref("valueApps.CT3311875./9B?B0D:8AJ62<H.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311875./9BA@0<0BI6A7GN:6@L?", "6C");
Line Deleted : user_pref("valueApps.CT3311875./9BA@0<0BI6A7GN:6@L?.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311875.PG_ENABLE", "74727565");
Line Deleted : user_pref("valueApps.CT3311875.PG_ENABLE.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311875.SF_JUST_INSTALLED", "46414C5345");
Line Deleted : user_pref("valueApps.CT3311875.SF_JUST_INSTALLED.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311875.SF_USER_ID", "6369645F313131313230313330323239323136373832");
Line Deleted : user_pref("valueApps.CT3311875.SF_USER_ID.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311875._key_cl_active", "32623164306136632D373565662D343065342D613734652D343137623130616635316361");
Line Deleted : user_pref("valueApps.CT3311875._key_cl_active.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311875.cb_experience_000", "333835");
Line Deleted : user_pref("valueApps.CT3311875.cb_experience_000.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311875.cb_firstuse0100", "31");
Line Deleted : user_pref("valueApps.CT3311875.cb_firstuse0100.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311875.cb_user_id_000", "43423237323835313934343032335F313338343139323731383030345F46697265666F78");
Line Deleted : user_pref("valueApps.CT3311875.cb_user_id_000.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311875.cbfirsttime", "4D6F6E204E6F7620313120323031332030303A32323A313120474D542D30363030202843656E7472616C205374616E646172642054696D6529");
Line Deleted : user_pref("valueApps.CT3311875.cbfirsttime.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311875.impression_session_counter", "3335");
Line Deleted : user_pref("valueApps.CT3311875.impression_session_counter.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311875.impression_session_id", "2235633934316137372D633337332D346232362D396631332D64633031666465306332336222");
Line Deleted : user_pref("valueApps.CT3311875.impression_session_id.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311875.impression_session_last_active", "31343033303538343538393439");
Line Deleted : user_pref("valueApps.CT3311875.impression_session_last_active.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311875.mam_gk_appStateReportTime", "31343130393235383530303335");
Line Deleted : user_pref("valueApps.CT3311875.mam_gk_appStateReportTime.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311875.mam_gk_appState_Clarity_Active", "6F6E");
Line Deleted : user_pref("valueApps.CT3311875.mam_gk_appState_Clarity_Active.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311875.mam_gk_appState_CouponBuddy", "6F6E");
Line Deleted : user_pref("valueApps.CT3311875.mam_gk_appState_CouponBuddy.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311875.mam_gk_appState_Discover", "6F6E");
Line Deleted : user_pref("valueApps.CT3311875.mam_gk_appState_Discover.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311875.mam_gk_appState_Easytobook", "6F6E");
Line Deleted : user_pref("valueApps.CT3311875.mam_gk_appState_Easytobook.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311875.mam_gk_appState_Easytobook_targeted", "6F6E");
Line Deleted : user_pref("valueApps.CT3311875.mam_gk_appState_Easytobook_targeted.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311875.mam_gk_appState_Easytobookcars", "6F6E");
Line Deleted : user_pref("valueApps.CT3311875.mam_gk_appState_Easytobookcars.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311875.mam_gk_appState_Find-a-Pro", "6F6E");
Line Deleted : user_pref("valueApps.CT3311875.mam_gk_appState_Find-a-Pro.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311875.mam_gk_appState_JobsMiner", "6F6E");
Line Deleted : user_pref("valueApps.CT3311875.mam_gk_appState_JobsMiner.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311875.mam_gk_appState_PriceGong", "6F6E");
Line Deleted : user_pref("valueApps.CT3311875.mam_gk_appState_PriceGong.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311875.mam_gk_appState_WindowShopper", "6F6E");
Line Deleted : user_pref("valueApps.CT3311875.mam_gk_appState_WindowShopper.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311875.mam_gk_appsConfig.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3311875.mam_gk_appsDefaultEnabled", "6E756C6C");
Line Deleted : user_pref("valueApps.CT3311875.mam_gk_appsDefaultEnabled.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311875.mam_gk_calledSetupService", "31");
Line Deleted : user_pref("valueApps.CT3311875.mam_gk_calledSetupService.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311875.mam_gk_currentBadgeValue", "31");
Line Deleted : user_pref("valueApps.CT3311875.mam_gk_currentBadgeValue.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311875.mam_gk_currentVersion", "312E31332E302E3137");
Line Deleted : user_pref("valueApps.CT3311875.mam_gk_currentVersion.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311875.mam_gk_existingUsersRecoveryDone", "31");
Line Deleted : user_pref("valueApps.CT3311875.mam_gk_existingUsersRecoveryDone.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311875.mam_gk_first_time", "31");
Line Deleted : user_pref("valueApps.CT3311875.mam_gk_first_time.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311875.mam_gk_globalKeysMigratedToLocalStorage", "31");
Line Deleted : user_pref("valueApps.CT3311875.mam_gk_globalKeysMigratedToLocalStorage.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311875.mam_gk_installer_preapproved", "66616C7365");
Line Deleted : user_pref("valueApps.CT3311875.mam_gk_installer_preapproved.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311875.mam_gk_lastLoginTime", "31343130393235383530333632");
Line Deleted : user_pref("valueApps.CT3311875.mam_gk_lastLoginTime.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311875.mam_gk_localization.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3311875.mam_gk_mamEnabled", "74727565");
Line Deleted : user_pref("valueApps.CT3311875.mam_gk_mamEnabled.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311875.mam_gk_migrated_from_ls", "31");
Line Deleted : user_pref("valueApps.CT3311875.mam_gk_migrated_from_ls.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311875.mam_gk_newApps", "5B5D");
Line Deleted : user_pref("valueApps.CT3311875.mam_gk_newApps.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311875.mam_gk_new_welcome_experience", "31");
Line Deleted : user_pref("valueApps.CT3311875.mam_gk_new_welcome_experience.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311875.mam_gk_pgUnloadedOnce", "74727565");
Line Deleted : user_pref("valueApps.CT3311875.mam_gk_pgUnloadedOnce.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311875.mam_gk_settings1.11.4.2.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3311875.mam_gk_settings1.11.5.1.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3311875.mam_gk_settings1.12.0.5.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3311875.mam_gk_settings1.13.0.17.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3311875.mam_gk_showWelcomeGadget", "66616C7365");
Line Deleted : user_pref("valueApps.CT3311875.mam_gk_showWelcomeGadget.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311875.mam_gk_stamp", "313034335F30");
Line Deleted : user_pref("valueApps.CT3311875.mam_gk_stamp.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311875.mam_gk_userBornDate", "4E2F41");
Line Deleted : user_pref("valueApps.CT3311875.mam_gk_userBornDate.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311875.mam_gk_userId", "32633938313330312D623730632D346437352D393932302D623838386439613634316665");
Line Deleted : user_pref("valueApps.CT3311875.mam_gk_userId.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311875.mam_gk_user_approval_interacted", "31");
Line Deleted : user_pref("valueApps.CT3311875.mam_gk_user_approval_interacted.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311875.mam_gk_welcomeDialogMode", "31");
Line Deleted : user_pref("valueApps.CT3311875.mam_gk_welcomeDialogMode.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311875.netseer_ext_vid", "73686536303330393133313134313131333031313836363132313539313134383131");
Line Deleted : user_pref("valueApps.CT3311875.netseer_ext_vid.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311875.refferer_site", "687474703A2F2F7777772E6B6F686C732E636F6D2F636865636B6F75742F76322F636865636B6F75742E6A7370");
Line Deleted : user_pref("valueApps.CT3311875.refferer_site.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311875.rematchGround-city", "224348494341474F22");
Line Deleted : user_pref("valueApps.CT3311875.rematchGround-city.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311875.rematchGround-country-code", "22555322");
Line Deleted : user_pref("valueApps.CT3311875.rematchGround-country-code.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311875.rematchGround-region", "22494C4C494E4F495322");
Line Deleted : user_pref("valueApps.CT3311875.rematchGround-region.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311875.rematchGround.upstairs", "7B22687474703A2F2F66617374636F6E74656E742E636F6E647569742E636F6D2F646F776E6C6F61645F6F66666572732E68746D6C3F637469643D4354333331313837357E62313[...]
Line Deleted : user_pref("valueApps.CT3311875.rematchGround.upstairs.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311875.rematchagent-is-test-user", "66616C7365");
Line Deleted : user_pref("valueApps.CT3311875.rematchagent-is-test-user.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311875.rematchagent-matkot-user-id", "22313339323236313739343039333531323334353622");
Line Deleted : user_pref("valueApps.CT3311875.rematchagent-matkot-user-id.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311875.rematchagent-periodic-reports", "7B2270696E675F30223A5B313430343236373538343439362C31343430303030305D7D");
Line Deleted : user_pref("valueApps.CT3311875.rematchagent-periodic-reports.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311875.rematchagent-user-id", "2234396230316333622D386534662D346263302D386561642D38303162653630303461643922");
Line Deleted : user_pref("valueApps.CT3311875.rematchagent-user-id.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311875.url_history0001.storedInFile", true);
Line Deleted : user_pref("{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}.ScriptData_WSG_blackList", "form=CONTLB|babsrc=toolbar|babsrc=tb_ss|invocationType=tb50-ie-aolsoftonic-tbsbox-en-us|invocationType=tb50-ff-aolsoftonic[...]
Line Deleted : user_pref("{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}.ScriptData_WSG_whiteList", "{\"search.babylon.com\":\"q\",\"search.imesh.net\":\"q\",\"www.search-results.com\":\"q\",\"home.mywebsearch.com\":\"searc[...]
Line Deleted : user_pref("{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}.ScriptData_product_name", "Updater By SweetPacks");
 
-\\ Google Chrome v37.0.2062.103
 
[ File : C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://www1.delta-search.com/?q={searchTerms}&affID=121232&babsrc=SP_ss&mntrId=AC8FAC8112538B71
Deleted [Search Provider] : hxxp://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10042&barid={D3B389FF-AA9B-11E2-984D-C89CDC233C74}
Deleted [Search Provider] : hxxp://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss&mntrId=AC8FAC8112538B71&affID=119351&tt=250913_cpn2&tsp=5017
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN34962961187569292&ctid=CT3311875&UM=2
Deleted [Extension] : bpegkgagfojjbcpkihigfmkojdmmimdf
Deleted [Extension] : ehgldbbpchgpcfagfpfjgoomddhccfgh
Deleted [Extension] : jbolfgndggfhhpbnkgnpjkfhinclbigj
Deleted [Extension] : ogccgbmabaphcakpiclgcnmcnimhokcj
 
[ File : C:\Users\Kathy2\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [64318 octets] - [16/09/2014 23:02:09]
AdwCleaner[S0].txt - [64741 octets] - [16/09/2014 23:03:42]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [64802 octets] ##########
 
)will add last log )
 


#11 katmat

katmat
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:27 AM

Posted 16 September 2014 - 11:48 PM

Here is the Junkware removal log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.5 (09.16.2014:1)
OS: Windows 7 Home Premium x64
Ran by Kathy on Tue 09/16/2014 at 23:25:08.93
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\browserpluginhelper
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3671395269-1973450857-935886706-1002\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4623A8C4-150D-4983-8982-68C01E7D6541}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{46916ACD-07BF-4E09-BD6B-4B11928D01DB}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E5ABAE9A-EA84-4B62-A1ED-4FFB0E985039}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\Kathy\appdata\locallow\blekkotb_sa5"
Failed to delete: [Folder] "C:\Program Files (x86)\coupons"
Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec"
 
 
 
~~~ FireFox
 
Successfully deleted the following from C:\Users\Kathy\AppData\Roaming\mozilla\firefox\profiles\r15i7la1.default\prefs.js
 
user_pref("extensions.privitize.admin", false);
user_pref("extensions.privitize.aflt", "orgnl");
user_pref("extensions.privitize.appId", "{301966DF-A84B-4255-AAB9-574B5CE237E4}");
user_pref("extensions.privitize.autoRvrt", "false");
user_pref("extensions.privitize.dfltLng", "");
user_pref("extensions.privitize.dfltSrch", true);
user_pref("extensions.privitize.dnsErr", true);
user_pref("extensions.privitize.dspFFXOld", "Bing");
user_pref("extensions.privitize.excTlbr", true);
user_pref("extensions.privitize.ffxUnstlRst", false);
user_pref("extensions.privitize.hmpg", true);
user_pref("extensions.privitize.hmpgUrl", "hxxp://searchou.com/?id=ac8fccc0000000000000ac8112538b71");
user_pref("extensions.privitize.hpOld0", "");
user_pref("extensions.privitize.id", "ac8fccc0000000000000ac8112538b71");
user_pref("extensions.privitize.instlDay", "15812");
user_pref("extensions.privitize.instlRef", "");
user_pref("extensions.privitize.kw_url", "hxxp://searchou.com/?q={searchTerms}&id=ac8fccc0000000000000ac8112538b71");
user_pref("extensions.privitize.lastB", "hxxp://searchou.com/?id=ac8fccc0000000000000ac8112538b71");
user_pref("extensions.privitize.lastVrsnTs", "1.8.16.220:39:29");
user_pref("extensions.privitize.newTab", true);
user_pref("extensions.privitize.newTabUrl", "hxxp://searchou.com/?id=ac8fccc0000000000000ac8112538b71");
user_pref("extensions.privitize.prdct", "privitize");
user_pref("extensions.privitize.prtnrId", "privitize");
user_pref("extensions.privitize.rvrt", "false");
user_pref("extensions.privitize.smplGrp", "none");
user_pref("extensions.privitize.tlbrId", "base");
user_pref("extensions.privitize.tlbrSrchUrl", "hxxp://searchou.com/?id=ac8fccc0000000000000ac8112538b71&q=");
user_pref("extensions.privitize.vrsn", "1.8.16.22");
user_pref("extensions.privitize.vrsnTs", "1.8.16.220:39:29");
user_pref("extensions.privitize.vrsni", "1.8.16.22");
user_pref("{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}.ScriptData_WSG_referrer", "hxxp://mysearch.avg.com/tab?pid=safeguard&sg=0&cid=%7B024976ca-d5cb-4823-942a-216d8f84395e%7D&mid=
user_pref("{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}.ScriptData_WSG_temp_referer", "hxxp://mysearch.avg.com/tab?pid=safeguard&sg=0&cid=%7B024976ca-d5cb-4823-942a-216d8f84395e%7D&
Emptied folder: C:\Users\Kathy\AppData\Roaming\mozilla\firefox\profiles\r15i7la1.default\minidumps [149 files]
 
 
 
~~~ Chrome
 
Dumping contents of C:\Users\Kathy\appdata\local\Google\Chrome\User Data\Default\Default
 
Successfully deleted: [Folder] C:\Users\Kathy\appdata\local\Google\Chrome\User Data\Default\Default [Default Extension 1.0]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 09/16/2014 at 23:46:23.29
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
After these scans my issues persist:
 
When I wake the computer up and try to access the internet - multiple windows open and clicking on the start button takes multiple tries so I can restrt
Once I restart, when blue screen opens it flashes several times and the circle just keeps spinning until I hit enter a couple of times then it says wrong password entered
  although I never entered password. Once I enter my password I can log in.
Still cannot access task manager

Edited by katmat, 17 September 2014 - 07:26 AM.


#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,565 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:27 AM

Posted 17 September 2014 - 08:34 AM

Hi Kathy,

We can certainly try to bring your computer back to health. I am up for the challenge. :thumbsup2:

Please do this. If you need to use a clean computer to download any files/programs and transfer them over please do so.

===================================================

Rkill

-------------------
  • Please download Rkill by Grinler from one of the 4 links below (if one of them does not work try another...) and save it to your desktop:

Link 1
Link 2
Link 3
Link 4

  • In order for Rkill to run properly you must disable your anti-malware software. Please refer to this page if you are not sure how.
  • Double-click on Rkill. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • Note: You may have to run Rkill a few times before it is successful. You may also have to download Rkill from a different link which will save it as a different file name.
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • An Rkill.log will appear. Please copy and paste the contents in your reply (file also located at c:\rkill.log)
  • Do not reboot your computer after running Rkill as the malware programs will start again. If your computer reboots, run Rkill again before continuing on to the next step.
  • If nothing happens or if the tool does not run, please let me know in your next reply.
===================================================

Run Combofix in Vista/7

--------------------

Combofix is a very powerful tool and special attention must be taken to allow it to work properly. Please pay careful attention to the following instructions.

sUBs, the author of Combofix, recommends you to uninstall AVG or CA Internet Security before running the program. If you have either of these programs on your computer please uninstall them using AppRemover which can be downloaded here. We will be sure to reinstall the Antivirus program once we are finished using Combofix.
  • Please download ComboFix from one of these locations:

BleepingComputer
ForoSpyware

  • Save Combofix.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts. It is important you do not mouseclick while the program is running or it may stall.
Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.
  • Check your computer clock. If it is still running then so is ComboFix
  • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
  • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running
Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue

If Combofix fails to run properly using the above instructions please attempt the following:
  • Right click on the Combofix icon on your desktop and select Delete
  • Download a new copy but rename it to freshcopy.exe first, then save it to your desktop
  • Now download RKill.exe (or RKill renamed as iExplore.exe if the first one doesn't work properly) and save it to your desktop
  • Restart your computer in Safe Mode
  • Right click on RKill (or iExplore) and select Run as Administrator. If you are using Windows XP simply double click the icon
  • A black DOS screen should flash and disappear. If not, try to launch the program with the second file. If neither works please stop and let me know
  • When RKill is finished running you will be presented with a text file and a copy will be saved on your desktop. Copy and paste the contents of this report in your reply
  • Do not reboot your computer
  • Double click the freshcopy.exe icon (renamed Combofix file)
  • When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply
  • If you disabled your antivirus please enable it again. If you uninstalled it please wait for instructions to reinstall it
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Rkill log
  • Combofix log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 katmat

katmat
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:27 AM

Posted 17 September 2014 - 09:53 PM

Here are the two logs

 

Rkill 2.6.8 by Lawrence Abrams (Grinler)
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 09/17/2014 09:29:46 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
  * HKLM\Software\Classes\exefile\shell\open\command\\IsolatedCommand was changed. It was reset to "%1" %*!
 
  * HKLM\Software\Classes\exefile\shell\runas\command\\IsolatedCommand was changed. It was reset to "%1" %*!
 
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
Checking Windows Service Integrity: 
 
 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1       localhost
 
Program finished at: 09/17/2014 09:30:16 PM
Execution time: 0 hours(s), 0 minute(s), and 29 seconds(s)
 
 
______________________
 
 
ComboFix 14-09-16.01 - Kathy 09/17/2014  21:34:31.4.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.5992.1285 [GMT -5:00]
Running from: c:\users\Kathy\Downloads\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Kathy\AppData\Local\TopArcadeHits
c:\users\Kathy\AppData\Local\TopArcadeHits\Toparcadehits.dll
c:\users\Kathy\AppData\Roaming\Microsoft\Windows\Recent\DVDCreator_Help.url
c:\users\Kathy\AppData\Roaming\Microsoft\Windows\Recent\DVDCreator_Homepage.url
c:\users\Kathy\AppData\Roaming\Microsoft\Windows\Recent\DVDCreator_Order.url
c:\users\Kathy\Documents\~WRL0001.tmp
c:\windows\SysWow64\Cache
c:\windows\SysWow64\Cache\075884af680ff6dc.fb
c:\windows\SysWow64\Cache\227113dfa1ca894d.fb
c:\windows\SysWow64\Cache\359817734c398c1d.fb
c:\windows\SysWow64\Cache\395dc2b2d8ea1662.fb
c:\windows\SysWow64\Cache\49fbbc5a8678d502.fb
c:\windows\SysWow64\Cache\4c6868b1b166747e.fb
c:\windows\SysWow64\Cache\5c54eb1a1655b076.fb
c:\windows\SysWow64\Cache\613e8ce7ab7106af.fb
c:\windows\SysWow64\Cache\633a76311867bd11.fb
c:\windows\SysWow64\Cache\691f14230153a9e1.fb
c:\windows\SysWow64\Cache\6cb409d7ac73d9f1.fb
c:\windows\SysWow64\Cache\7614bd6cfa99e546.fb
c:\windows\SysWow64\Cache\77664b6ccc36be9f.fb
c:\windows\SysWow64\Cache\881b3593316772f0.fb
c:\windows\SysWow64\Cache\98657d0579ae1930.fb
c:\windows\SysWow64\Cache\b638de5965d4f95d.fb
c:\windows\SysWow64\Cache\c3043f38896808f5.fb
c:\windows\SysWow64\Cache\c4e10d1be905349b.fb
c:\windows\SysWow64\Cache\d5c0f4e7bbe35bf3.fb
c:\windows\SysWow64\Cache\d9ca663388d21ec0.fb
c:\windows\SysWow64\Cache\ddf58e679d45c054.fb
c:\windows\SysWow64\Cache\de02f89aafda9946.fb
c:\windows\SysWow64\Cache\f2cda51fd108941f.fb
c:\windows\SysWow64\Cache\f34d8db84131d925.fb
c:\windows\SysWow64\Cache\f63a9e415df473ac.fb
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
c:\windows\TEMP\jna5850397285303042077.dll
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
(((((((((((((((((((((((((   Files Created from 2014-08-18 to 2014-09-18  )))))))))))))))))))))))))))))))
.
.
2014-09-18 02:40 . 2014-09-18 02:40 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2014-09-18 02:40 . 2014-09-18 02:40 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-09-18 02:40 . 2014-09-18 02:40 -------- d-----w- c:\users\Kathy2\AppData\Local\temp
2014-09-18 02:40 . 2014-09-18 02:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-09-17 12:36 . 2014-09-17 12:36 0 ----a-w- c:\windows\SysWow64\REN7964.tmp
2014-09-17 12:36 . 2014-09-17 12:36 0 ----a-w- c:\windows\SysWow64\REN7954.tmp
2014-09-17 04:25 . 2014-09-17 04:25 -------- d-----w- c:\windows\ERUNT
2014-09-17 04:02 . 2010-08-30 13:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-09-17 04:01 . 2014-09-17 04:04 -------- d-----w- C:\AdwCleaner
2014-09-17 03:50 . 2014-09-18 02:43 -------- d-----w- c:\users\Kathy\AppData\Local\Temp
2014-09-15 15:03 . 2014-09-17 03:45 -------- d-----w- C:\FRST
2014-09-10 08:01 . 2014-06-27 02:08 2777088 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-09-10 08:01 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2014-09-10 07:39 . 2014-08-01 11:53 1031168 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-09-10 07:39 . 2014-08-01 11:35 793600 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
2014-09-10 07:39 . 2014-06-24 03:29 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2014-09-10 07:39 . 2014-06-24 02:59 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2014-09-10 07:38 . 2014-07-07 02:06 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-09-10 07:38 . 2014-07-07 02:06 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-09-10 07:38 . 2014-07-07 01:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-09-10 07:38 . 2014-07-07 01:40 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-09-10 07:38 . 2014-07-07 01:39 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-09-10 07:38 . 2014-09-05 02:10 578048 ----a-w- c:\windows\system32\aepdu.dll
2014-09-10 07:38 . 2014-09-05 02:05 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-09-08 12:59 . 2014-08-23 02:07 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-09-08 12:59 . 2014-08-23 01:45 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-09-08 12:59 . 2014-08-23 00:59 3163648 ----a-w- c:\windows\system32\win32k.sys
2014-09-08 04:33 . 2014-09-08 04:33 -------- d-----w- c:\programdata\Emsisoft
2014-09-08 02:34 . 2014-09-08 12:49 -------- d-----w- c:\program files (x86)\Emsisoft Anti-Malware
2014-08-21 08:01 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-21 08:01 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2014-08-21 08:01 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2014-08-21 08:01 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2014-08-21 08:01 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-21 08:01 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-08-21 08:01 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-08-21 08:01 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-21 04:56 . 2014-07-16 03:23 2048 ----a-w- c:\windows\system32\tzres.dll
2014-08-21 04:56 . 2014-06-03 10:02 3241984 ----a-w- c:\windows\system32\msi.dll
2014-08-21 04:56 . 2014-06-03 09:29 2363392 ----a-w- c:\windows\SysWow64\msi.dll
2014-08-21 04:56 . 2014-06-03 10:02 1941504 ----a-w- c:\windows\system32\authui.dll
2014-08-21 04:56 . 2014-06-03 10:02 112064 ----a-w- c:\windows\system32\consent.exe
2014-08-21 04:56 . 2014-06-03 10:02 504320 ----a-w- c:\windows\system32\msihnd.dll
2014-08-21 04:56 . 2014-06-03 09:29 337408 ----a-w- c:\windows\SysWow64\msihnd.dll
2014-08-21 04:56 . 2014-06-03 09:29 1805824 ----a-w- c:\windows\SysWow64\authui.dll
2014-08-21 04:55 . 2014-06-16 02:10 985536 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2014-08-21 04:55 . 2014-06-25 02:05 14175744 ----a-w- c:\windows\system32\shell32.dll
2014-08-21 04:53 . 2014-07-14 02:02 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2014-08-21 04:53 . 2014-07-14 01:40 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2014-08-21 04:19 . 2014-08-21 04:19 -------- d-----w- c:\users\Kathy\FrostWire
2014-08-21 04:19 . 2014-08-21 04:19 -------- d-----w- c:\users\Kathy\.frostwire5
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-25 07:35 . 2014-07-25 07:35 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-25 04:47 . 2014-07-25 04:47 869544 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2014-07-16 02:46 . 2014-08-15 06:05 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-07-08 19:08 . 2012-04-04 23:35 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-08 19:08 . 2011-11-20 13:14 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-08 19:07 . 2014-07-08 19:07 10603008 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn9\yt.dll" [2014-07-29 1584408]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CAHeadless"="c:\program files (x86)\Adobe\Elements 11 Organizer\CAHeadless\ElementsAutoAnalyzer.exe" [2012-09-17 840784]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2013-04-23 1561968]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-05-18 39408]
"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2013-11-08 1095000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Lenovo Eye Distance System"="c:\program files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe" [2010-09-09 265216]
"Lenovo Dynamic Brightness System"="c:\program files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe" [2010-10-08 285696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2013-04-23 311152]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-05-07 256896]
.
c:\users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DING!.lnk - c:\program files (x86)\Southwest Airlines Ding\Ding\Ding.exe [2006-6-22 462848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CrashPlan Tray.lnk - c:\program files\CrashPlan\CrashPlanTray.exe [2013-4-8 209920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys;c:\windows\SYSNATIVE\drivers\fbfmon.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver;c:\windows\system32\drivers\DDCDrv.sys;c:\windows\SYSNATIVE\drivers\DDCDrv.sys [x]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys;c:\windows\SYSNATIVE\drivers\BPntDrv.sys [x]
S2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;c:\program files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [x]
S2 CouponPrinterService;Coupon Printer Service;c:\program files (x86)\Coupons\CouponPrinterService.exe;c:\program files (x86)\Coupons\CouponPrinterService.exe [x]
S2 CrashPlanService;CrashPlan Backup Service;c:\program files\CrashPlan\CrashPlanService.exe;c:\program files\CrashPlan\CrashPlanService.exe [x]
S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [x]
S2 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
S3 GeneStor;Genesys Logic Storage Driver;c:\windows\system32\DRIVERS\GeneStor.sys;c:\windows\SYSNATIVE\DRIVERS\GeneStor.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-17 05:28 1096520 ----a-w- c:\program files (x86)\Google\Chrome\Application\37.0.2062.120\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-09-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 15:31]
.
2014-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cdc875899bf979.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-18 23:53]
.
2014-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-18 23:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{35FEA2FF-196B-4271-BC0A-57E9EE1B3B9B}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{35FEA2FF-196B-4271-BC0A-57E9EE1B3B9B}\6627565646F6D607F607D263734343: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{D32F1A80-B3A1-48D1-BCF3-34A17114EBFA}: NameServer = 8.26.56.26,156.154.70.22
FF - ProfilePath - c:\users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\r15i7la1.default\
FF - prefs.js: browser.startup.homepage - hxxp://yahoo.com/
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-KiesAirMessage - c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe
Wow6432Node-HKLM-Run-Wondershare Helper Compact.exe - c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-MyFunCards_5m Chrome Extension Uninstall - c:\program files (x86)\MyFunCards_5m Chrome Extension\bar\MyFunCardsCrxSetup.64E06839-9740-4E10-9B70-BF36C7FD508E.exe
AddRemove-vfd-ob - c:\program files (x86)\OApps\vfd-ob_uninstall.exe
AddRemove-MyFreeCodec - c:\program files (x86)\MyFree Codec\1.0b beta\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2014-09-17  21:47:58 - machine was rebooted
ComboFix-quarantined-files.txt  2014-09-18 02:47
.
Pre-Run: 1,164,350,644,224 bytes free
Post-Run: 1,165,124,861,952 bytes free
.
- - End Of File - - 04CBFBE783A802FD4F6E49BB36426821
A36C5E4F47E84449FF07ED3517B43A31
 
 


#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,565 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:27 AM

Posted 17 September 2014 - 10:51 PM

Greetings Kathy,

Please run this then give me an update on the status of your computer issues.

===================================================

Running Combofix Script

-------------------
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open Notepad and copy/paste the text below into the Notepad document
File::
c:\windows\SysWow64\REN7964.tmp
c:\windows\SysWow64\REN7954.tmp
Folder::
c:\program files (x86)\Coupons
Driver::
CouponPrinterService
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"=-
[-HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[-HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[-HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[-HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
  • Save this on your desktop as CFScript.txt

CFScriptB-4.gif

  • Referring to the picture above, drag CFScript.txt into ComboFix.exe
  • When finished, it will create a log for you at C:\ComboFix.txt. Please copy/paste the information in your next reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Combofix log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 katmat

katmat
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:27 AM

Posted 18 September 2014 - 01:04 AM

While combofix was running this error message came on the screen:
contents of folder c:windows\erdnt\Hiv-backup could not be completely deleted I hit OK and combofix continued
 
still cannot access task manager
 
when computer starts blue screen flashes several time
 
Can't tell if multiple windows open in browser (this usually happens when I wake up the computer
 
 
 
 
 
 
ComboFix 14-09-16.01 - Kathy 09/18/2014   0:36.5.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.5992.2226 [GMT -5:00]
Running from: c:\users\Kathy\Downloads\ComboFix.exe
Command switches used :: c:\users\Kathy\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\SysWow64\REN7954.tmp"
"c:\windows\SysWow64\REN7964.tmp"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Coupons
c:\program files (x86)\Coupons\CouponPrinterService.exe
c:\windows\SysWow64\REN7954.tmp
c:\windows\SysWow64\REN7964.tmp
c:\windows\TEMP\jna5326883179938178153.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_CouponPrinterService
.
.
(((((((((((((((((((((((((   Files Created from 2014-08-18 to 2014-09-18  )))))))))))))))))))))))))))))))
.
.
2014-09-18 05:41 . 2014-09-18 05:41 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2014-09-18 05:41 . 2014-09-18 05:41 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-09-18 05:41 . 2014-09-18 05:41 -------- d-----w- c:\users\Kathy2\AppData\Local\temp
2014-09-18 05:41 . 2014-09-18 05:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-09-17 04:25 . 2014-09-17 04:25 -------- d-----w- c:\windows\ERUNT
2014-09-17 04:02 . 2010-08-30 13:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-09-17 04:01 . 2014-09-17 04:04 -------- d-----w- C:\AdwCleaner
2014-09-17 03:50 . 2014-09-18 05:43 -------- d-----w- c:\users\Kathy\AppData\Local\Temp
2014-09-15 15:03 . 2014-09-17 03:45 -------- d-----w- C:\FRST
2014-09-10 08:01 . 2014-06-27 02:08 2777088 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-09-10 08:01 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2014-09-10 07:39 . 2014-08-01 11:53 1031168 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-09-10 07:39 . 2014-08-01 11:35 793600 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
2014-09-10 07:39 . 2014-06-24 03:29 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2014-09-10 07:39 . 2014-06-24 02:59 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2014-09-10 07:38 . 2014-07-07 02:06 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-09-10 07:38 . 2014-07-07 02:06 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-09-10 07:38 . 2014-07-07 01:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-09-10 07:38 . 2014-07-07 01:40 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-09-10 07:38 . 2014-07-07 01:39 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-09-10 07:38 . 2014-09-05 02:10 578048 ----a-w- c:\windows\system32\aepdu.dll
2014-09-10 07:38 . 2014-09-05 02:05 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-09-08 12:59 . 2014-08-23 02:07 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-09-08 12:59 . 2014-08-23 01:45 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-09-08 12:59 . 2014-08-23 00:59 3163648 ----a-w- c:\windows\system32\win32k.sys
2014-09-08 04:33 . 2014-09-08 04:33 -------- d-----w- c:\programdata\Emsisoft
2014-09-08 02:34 . 2014-09-08 12:49 -------- d-----w- c:\program files (x86)\Emsisoft Anti-Malware
2014-08-21 08:01 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-21 08:01 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2014-08-21 08:01 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2014-08-21 08:01 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2014-08-21 08:01 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-21 08:01 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-08-21 08:01 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-08-21 08:01 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-21 04:56 . 2014-07-16 03:23 2048 ----a-w- c:\windows\system32\tzres.dll
2014-08-21 04:56 . 2014-06-03 10:02 3241984 ----a-w- c:\windows\system32\msi.dll
2014-08-21 04:56 . 2014-06-03 09:29 2363392 ----a-w- c:\windows\SysWow64\msi.dll
2014-08-21 04:56 . 2014-06-03 10:02 1941504 ----a-w- c:\windows\system32\authui.dll
2014-08-21 04:56 . 2014-06-03 10:02 112064 ----a-w- c:\windows\system32\consent.exe
2014-08-21 04:56 . 2014-06-03 10:02 504320 ----a-w- c:\windows\system32\msihnd.dll
2014-08-21 04:56 . 2014-06-03 09:29 337408 ----a-w- c:\windows\SysWow64\msihnd.dll
2014-08-21 04:56 . 2014-06-03 09:29 1805824 ----a-w- c:\windows\SysWow64\authui.dll
2014-08-21 04:55 . 2014-06-16 02:10 985536 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2014-08-21 04:55 . 2014-06-25 02:05 14175744 ----a-w- c:\windows\system32\shell32.dll
2014-08-21 04:53 . 2014-07-14 02:02 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2014-08-21 04:53 . 2014-07-14 01:40 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2014-08-21 04:19 . 2014-08-21 04:19 -------- d-----w- c:\users\Kathy\FrostWire
2014-08-21 04:19 . 2014-08-21 04:19 -------- d-----w- c:\users\Kathy\.frostwire5
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-25 07:35 . 2014-07-25 07:35 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-25 04:47 . 2014-07-25 04:47 869544 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2014-07-16 02:46 . 2014-08-15 06:05 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-07-08 19:08 . 2012-04-04 23:35 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-08 19:08 . 2011-11-20 13:14 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-08 19:07 . 2014-07-08 19:07 10603008 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CAHeadless"="c:\program files (x86)\Adobe\Elements 11 Organizer\CAHeadless\ElementsAutoAnalyzer.exe" [2012-09-17 840784]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2013-04-23 1561968]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-05-18 39408]
"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2013-11-08 1095000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Lenovo Eye Distance System"="c:\program files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe" [2010-09-09 265216]
"Lenovo Dynamic Brightness System"="c:\program files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe" [2010-10-08 285696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2013-04-23 311152]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-05-07 256896]
.
c:\users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DING!.lnk - c:\program files (x86)\Southwest Airlines Ding\Ding\Ding.exe [2006-6-22 462848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CrashPlan Tray.lnk - c:\program files\CrashPlan\CrashPlanTray.exe [2013-4-8 209920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys;c:\windows\SYSNATIVE\drivers\fbfmon.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver;c:\windows\system32\drivers\DDCDrv.sys;c:\windows\SYSNATIVE\drivers\DDCDrv.sys [x]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys;c:\windows\SYSNATIVE\drivers\BPntDrv.sys [x]
S2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;c:\program files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [x]
S2 CrashPlanService;CrashPlan Backup Service;c:\program files\CrashPlan\CrashPlanService.exe;c:\program files\CrashPlan\CrashPlanService.exe [x]
S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [x]
S2 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
S3 GeneStor;Genesys Logic Storage Driver;c:\windows\system32\DRIVERS\GeneStor.sys;c:\windows\SYSNATIVE\DRIVERS\GeneStor.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-17 05:28 1096520 ----a-w- c:\program files (x86)\Google\Chrome\Application\37.0.2062.120\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-09-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 15:31]
.
2014-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cdc875899bf979.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-18 23:53]
.
2014-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-18 23:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{35FEA2FF-196B-4271-BC0A-57E9EE1B3B9B}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{35FEA2FF-196B-4271-BC0A-57E9EE1B3B9B}\6627565646F6D607F607D263734343: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{D32F1A80-B3A1-48D1-BCF3-34A17114EBFA}: NameServer = 8.26.56.26,156.154.70.22
FF - ProfilePath - c:\users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\r15i7la1.default\
FF - prefs.js: browser.startup.homepage - hxxp://yahoo.com/
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-MyFunCards_5m Chrome Extension Uninstall - c:\program files (x86)\MyFunCards_5m Chrome Extension\bar\MyFunCardsCrxSetup.64E06839-9740-4E10-9B70-BF36C7FD508E.exe
AddRemove-vfd-ob - c:\program files (x86)\OApps\vfd-ob_uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2014-09-18  00:47:20 - machine was rebooted
ComboFix-quarantined-files.txt  2014-09-18 05:47
ComboFix2.txt  2014-09-18 02:47
.
Pre-Run: 1,165,017,788,416 bytes free
Post-Run: 1,164,579,143,680 bytes free
.
- - End Of File - - 4820E3F126DB60956C7D82A4951AF8AA
A36C5E4F47E84449FF07ED3517B43A31
 
 
 
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users