Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

pop ups and browser windows opening relentless


  • This topic is locked This topic is locked
23 replies to this topic

#1 kilabeez0

kilabeez0

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 25 January 2015 - 10:41 PM

I can barely even type this.  Popups with "hot deals" are all along the bottom and sides of my screen and new browser windows keep opening relating to whatever web page I'm on.  It took me an hour just to read how to prepare for this post.  Here is my FRST log

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by Big Daddy (administrator) on BIGDADDY-PC on 25-01-2015 22:25:35
Running from C:\Users\Big Daddy\Desktop
Loaded Profiles: Big Daddy (Available profiles: Big Daddy & Mummy)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
() C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(CA, Inc.) C:\Program Files (x86)\CA\PPRT\bin\ITMRTSVC.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
(Weather Protector LLC) C:\Program Files (x86)\StormWatch\SWUpdaterSvc.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
() C:\Program Files (x86)\ViewPlay\updateViewPlay.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(zik.mu) C:\Program Files\BubbleSound\3D BubbleSound.exe
() C:\Program Files\TOSHIBA\FlashCards\Hotkey\TCrdKBB.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(Apple Inc.) C:\Program Files (x86)\AirPort\APAgent.exe
() C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
(Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\mpck_us_13\mpck_us_13.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-11-02] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1870120 2009-10-15] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [506208 2009-10-29] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [911160 2009-10-26] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1482592 2009-09-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [707416 2009-11-10] (TOSHIBA Corporation)
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2009-11-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2009-10-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [34648 2009-10-28] (TOSHIBA Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [3D BubbleSound] => C:\Program Files\BubbleSound\3D BubbleSound.exe [14115328 2015-01-09] (zik.mu)
HKLM-x32\...\Run: [TUSBSleepChargeSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe [253312 2009-10-26] (TOSHIBA)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-10-06] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2446648 2009-11-05] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [650080 2011-03-15] (Sony Corporation)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [847872 2009-12-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [118272 2014-07-11] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [AirPort Base Station Agent] => C:\Program Files (x86)\AirPort\APAgent.exe [771360 2009-11-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-07-05] (Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM-x32\...\Run: [VMM Mode Selection] => C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe [43520 2011-02-14] ()
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ApnUpdater] => C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1557160 2012-04-09] (Ask)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-15] (Apple Inc.)
HKLM-x32\...\Run: [mpck_us_13] => C:\Program Files (x86)\mpck_us_13\mpck_us_13.exe [3982480 2015-01-22] ()
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1712862464-967583995-3115668942-1000\...\Run: [Google Update] => C:\Users\Big Daddy\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-18] (Google Inc.)
HKU\S-1-5-21-1712862464-967583995-3115668942-1000\...\Run: [Facebook Update] => C:\Users\Big Daddy\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-11] (Facebook Inc.)
HKU\S-1-5-21-1712862464-967583995-3115668942-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-12-12] (Google Inc.)
HKU\S-1-5-21-1712862464-967583995-3115668942-1000\...\Run: [Desktop Software] => C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe [1025320 2009-04-24] (SupportSoft, Inc.)
HKU\S-1-5-21-1712862464-967583995-3115668942-1000\...\MountPoints2: {108236c0-309e-11e1-aa46-00266c43084b} - E:\TL-Bootstrap.exe
HKU\S-1-5-21-1712862464-967583995-3115668942-1000\...\MountPoints2: {108236dd-309e-11e1-aa46-00266c43084b} - E:\TL-Bootstrap.exe
HKU\S-1-5-21-1712862464-967583995-3115668942-1000\...\MountPoints2: {17e41f92-278e-11e3-8fdc-00266c43084b} - E:\TL-Bootstrap.exe
HKU\S-1-5-21-1712862464-967583995-3115668942-1000\...\MountPoints2: {247314b3-a318-11e2-bad5-00266c43084b} - E:\TL-Bootstrap.exe
HKU\S-1-5-21-1712862464-967583995-3115668942-1000\...\MountPoints2: {47c21475-c8d7-11e0-8286-00266c43084b} - E:\TL-Bootstrap.exe
HKU\S-1-5-21-1712862464-967583995-3115668942-1000\...\MountPoints2: {99b32332-6f44-11e0-891e-00266c43084b} - E:\TL-Bootstrap.exe
HKU\S-1-5-21-1712862464-967583995-3115668942-1000\...\MountPoints2: {bc5216be-14a4-11e2-bc1e-00266c43084b} - F:\TL-Bootstrap.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\windows\System32\SPReview\SPReview.exe [301568 2013-05-17] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC64LO~1.DLL => C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC64LO~1.DLL File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll [219408 2015-01-20] (Client Connect LTD)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Mummy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Mummy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWatch.lnk
ShortcutTarget: StormWatch.lnk -> C:\Program Files (x86)\StormWatch\StormWatch.exe (Weather Protector LLC)
Startup: C:\Users\Mummy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWatchApp.lnk
ShortcutTarget: StormWatchApp.lnk -> C:\Program Files (x86)\StormWatch\StormWatchApp.exe ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:60725;https=127.0.0.1:60725
HKU\S-1-5-21-1712862464-967583995-3115668942-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comcast.net/?cid=insDate05172012
HKU\S-1-5-21-1712862464-967583995-3115668942-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
URLSearchHook: HKU\S-1-5-21-1712862464-967583995-3115668942-1000 - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
SearchScopes: HKLM -> DefaultScope {E11229CC-3771-45BB-814F-40C7CF76CC6B} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {E11229CC-3771-45BB-814F-40C7CF76CC6B} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM-x32 -> DefaultScope {304D1287-3B1A-415B-B613-A144ECF326CC} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {304D1287-3B1A-415B-B613-A144ECF326CC} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKU\S-1-5-21-1712862464-967583995-3115668942-1000 -> DefaultScope {714AC89B-A871-437E-A34F-13F108BF1095} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA_enUS366
SearchScopes: HKU\S-1-5-21-1712862464-967583995-3115668942-1000 -> Comcast URL = http://search.xfinity.com/?cat=subweb&con=mmchrome&q={searchTerms}&cid=xfstart_tech_search
SearchScopes: HKU\S-1-5-21-1712862464-967583995-3115668942-1000 -> {180780f0-b348-4b44-8210-94a8f3ee15b2} URL = http://search.comcast.net/search/?cat=Web&con=toolbar&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1712862464-967583995-3115668942-1000 -> {304D1287-3B1A-415B-B613-A144ECF326CC} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKU\S-1-5-21-1712862464-967583995-3115668942-1000 -> {6553369B-DD50-4F99-A8A8-EA4463C7FB8D} URL = http://websearch.ask.com/redirect?client=ie&tb=PF&o=15176&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=RW&apn_dtid=YYYYYYYYUS&apn_uid=3f127cac-170c-4cf8-8480-2f7eb3c33d12&apn_sauid=3E0EC258-0645-45BF-9462-62CC6B2996D0
SearchScopes: HKU\S-1-5-21-1712862464-967583995-3115668942-1000 -> {714AC89B-A871-437E-A34F-13F108BF1095} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA_enUS366
BHO: PriiceeLess -> {57bdcf75-3cae-40f1-a354-f1316674a22b} -> C:\Program Files (x86)\PriiceeLess\oBQ83fYAq8YTDg.x64.dll ()
BHO: PrrIceeLLesso -> {6d0e26c9-fb3e-4cce-a8e1-25c4a1ad0c63} -> C:\Program Files (x86)\PrrIceeLLesso\aIssoeGU9VI3am.x64.dll ()
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: SpeeditUp -> {B944B960-AB77-AED8-BA15-5FE25D491444} -> C:\Program Files (x86)\ver2SpeeditUp\186_x64.dll ()
BHO: youtubeadblocker -> {c0bbc81f-8fce-4e9c-ab64-1bbaf79d6c1f} -> C:\Program Files (x86)\youtubeadblocker\DLsORLIlhtjj2O.x64.dll ()
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: PriiceeLess -> {57bdcf75-3cae-40f1-a354-f1316674a22b} -> C:\Program Files (x86)\PriiceeLess\oBQ83fYAq8YTDg.dll ()
BHO-x32: ViewPlay 1.0.0.6 -> {6336aaf8-3481-495b-bb79-70deb1f1590d} -> C:\Program Files (x86)\ViewPlay\ViewPlaybho.dll (ViewPlay)
BHO-x32: PrrIceeLLesso -> {6d0e26c9-fb3e-4cce-a8e1-25c4a1ad0c63} -> C:\Program Files (x86)\PrrIceeLLesso\aIssoeGU9VI3am.dll ()
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: SpeeditUp -> {B944B960-AB77-AED8-BA15-5FE25D491444} -> C:\Program Files (x86)\ver2SpeeditUp\186.dll ()
BHO-x32: Updater For XFIN_PORTAL -> {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} -> C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll No File
BHO-x32: youtubeadblocker -> {c0bbc81f-8fce-4e9c-ab64-1bbaf79d6c1f} -> C:\Program Files (x86)\youtubeadblocker\DLsORLIlhtjj2O.dll ()
BHO-x32: Ask Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-1712862464-967583995-3115668942-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-1712862464-967583995-3115668942-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Big Daddy\AppData\Roaming\Mozilla\Firefox\Profiles\b004zysc.default
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: XFINITY
FF Homepage: hxxp://www.google.com/
FF Keyword.URL: hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=PF&o=15176&locale=en_US&apn_uid=3f127cac-170c-4cf8-8480-2f7eb3c33d12&apn_ptnrs=RW&apn_sauid=3E0EC258-0645-45BF-9462-62CC6B2996D0&apn_dtid=YYYYYYYYUS&&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1712862464-967583995-3115668942-1000: @movenetworks.com/Quantum Media Player -> C:\Users\Big Daddy\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF Plugin HKU\S-1-5-21-1712862464-967583995-3115668942-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Big Daddy\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKU\S-1-5-21-1712862464-967583995-3115668942-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Big Daddy\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1712862464-967583995-3115668942-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Big Daddy\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1712862464-967583995-3115668942-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Big Daddy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF user.js: detected! => C:\Users\Big Daddy\AppData\Roaming\Mozilla\Firefox\Profiles\b004zysc.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Big Daddy\AppData\Roaming\Mozilla\Firefox\Profiles\b004zysc.default\searchplugins\askcom.xml
FF Extension: PriiceeLess - C:\Users\Big Daddy\AppData\Roaming\Mozilla\Firefox\Profiles\b004zysc.default\Extensions\BeRV2@0.edu [2015-01-25]
FF Extension: PrrIceeLLesso - C:\Users\Big Daddy\AppData\Roaming\Mozilla\Firefox\Profiles\b004zysc.default\Extensions\oPUko@6.com [2015-01-25]
FF Extension: Ask Toolbar - C:\Users\Big Daddy\AppData\Roaming\Mozilla\Firefox\Profiles\b004zysc.default\Extensions\toolbar@ask.com [2012-05-05]
FF Extension: youtubeadblocker - C:\Users\Big Daddy\AppData\Roaming\Mozilla\Firefox\Profiles\b004zysc.default\Extensions\UfX4@Pfk.net [2015-01-25]
FF Extension: WhiteSmoke US New  - C:\Users\Big Daddy\AppData\Roaming\Mozilla\Firefox\Profiles\b004zysc.default\Extensions\{462be121-2b54-4218-bf00-b9bf8135b23f} [2012-12-06]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-11-10]
FF HKLM-x32\...\Firefox\Extensions: [fbphotozoom@installdaddy.com] - C:\Program Files (x86)\fbphotozoom\fbphotozoom13.xpi
FF Extension: FBPhotoZoom - C:\Program Files (x86)\fbphotozoom\fbphotozoom13.xpi [2012-03-14]
FF HKU\S-1-5-21-1712862464-967583995-3115668942-1000\...\Firefox\Extensions: [moveplayer@movenetworks.com] - C:\Users\Big Daddy\AppData\Roaming\Move Networks
FF Extension: Move Media Player - C:\Users\Big Daddy\AppData\Roaming\Move Networks [2010-04-04]
FF HKU\S-1-5-21-1712862464-967583995-3115668942-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Big Daddy\AppData\Local\Google\Chrome\Application\15.0.874.106\pdf.dll No File
CHR Plugin: (Google Gears 0.5.33.0) - C:\Users\Big Daddy\AppData\Local\Google\Chrome\Application\15.0.874.106\gears.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Big Daddy\AppData\Local\Google\Chrome\Application\15.0.874.106\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.140.8) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll No File
CHR Plugin: (Java™ Platform SE 6 U14) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll No File
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Move Streaming Media Player) - C:\Users\Big Daddy\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrl.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Profile: C:\Users\Big Daddy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Hot Virtual Keyboard Extension) - C:\Users\Big Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdejgojmfhngmomodldpdppfbhoajadl [2015-01-22]
CHR Extension: (BuyNsAvee) - C:\ProgramData\gkcoklhdocmkgikbglacnkoccfbainmn\ [2015-01-22]
CHR Extension: (PrrIceeLLesso) - C:\ProgramData\gkonagknngaclmnleieejhhdapkohjgp\ [2015-01-22]
CHR Extension: (PriiceeLess) - C:\ProgramData\lnmopgohhnagpkejpjdngicaacogiceb\ [2015-01-22]
CHR HKLM-x32\...\Chrome\Extension: [aaaapkimjglpminbnhcedkcegkenknhn] - C:\Users\Big Daddy\AppData\Local\APN\GoogleCRXs\aaaapkimjglpminbnhcedkcegkenknhn_7.14.1.0.crx [2012-02-26]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path
CHR HKLM-x32\...\Chrome\Extension: [mpieaakhacmfleokhjcjnpcnmnmpfkid] - C:\Program Files (x86)\fbphotozoom\fbphotozoom13.crx [2012-03-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiSpywareService; C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [616408 2009-06-17] ()
R2 be0fb33b; c:\Program Files (x86)\Supporter\Supporter.dll [4214272 2015-01-22] () [File not signed]
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [3503376 2015-01-20] (Client Connect LTD)
R2 d924d8dc; c:\Program Files (x86)\Optimizer Pro 3.33\OptProMon.dll [1597008 2015-01-22] ()
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 ITMRTSVC; C:\Program Files (x86)\CA\PPRT\bin\ITMRTSVC.exe [283912 2007-09-26] (CA, Inc.)
R2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7241728 2014-07-11] (LeapFrog Enterprises, Inc.) [File not signed]
R2 LMS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 Orbiter; C:/Program Files (x86)/ORBTR/orbiter.dll [558544 2015-01-22] (Client Connect LTD)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 SWUpdater; C:\Program Files (x86)\StormWatch\SWUpdaterSvc.exe [17584 2014-11-22] (Weather Protector LLC)
R2 UNS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed]
R2 Update ViewPlay; C:\Program Files (x86)\ViewPlay\updateViewPlay.exe [632040 2015-01-22] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 htcusbnet; C:\Windows\System32\DRIVERS\htcusbnet.sys [153600 2010-12-14] (HTC Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-05-20] (Research In Motion Limited)
R2 webinstrNHKT; C:\windows\system32\Drivers\webinstrNHKT.sys [56432 2015-01-22] (Corsica)
R3 SPPD; \??\C:\windows\system32\drivers\SPPD.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-25 22:25 - 2015-01-25 22:26 - 00032985 _____ () C:\Users\Big Daddy\Desktop\FRST.txt
2015-01-25 22:25 - 2015-01-25 22:25 - 00000000 ____D () C:\FRST
2015-01-25 22:04 - 2015-01-25 22:04 - 02129920 _____ (Farbar) C:\Users\Big Daddy\Desktop\FRST64.exe
2015-01-25 21:30 - 2015-01-25 21:31 - 00000000 ____D () C:\Users\Big Daddy\AppData\Local\mpck_us_13
2015-01-25 21:30 - 2015-01-25 21:30 - 00000000 ____D () C:\Users\Big Daddy\AppData\Local\SearchProtect
2015-01-25 20:41 - 2015-01-25 20:41 - 00003466 _____ () C:\windows\System32\Tasks\ProPCCleaner_Popup
2015-01-25 20:41 - 2015-01-25 20:41 - 00003202 _____ () C:\windows\System32\Tasks\ProPCCleaner_Start
2015-01-25 20:41 - 2015-01-25 20:41 - 00000000 ____D () C:\Users\Mummy\Documents\ProPCCleaner
2015-01-25 20:41 - 2015-01-25 20:41 - 00000000 ____D () C:\Users\Mummy\AppData\Local\Pro_PC_Cleaner
2015-01-25 20:40 - 2015-01-25 20:40 - 00001010 _____ () C:\Users\Public\Desktop\Pro PC Cleaner.lnk
2015-01-25 20:40 - 2015-01-25 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pro PC Cleaner
2015-01-25 20:40 - 2015-01-25 20:40 - 00000000 ____D () C:\Program Files (x86)\Pro PC Cleaner
2015-01-25 20:39 - 2015-01-25 20:39 - 00000000 ____D () C:\Users\Mummy\AppData\Roaming\Pro PC Cleaner
2015-01-22 21:43 - 2015-01-25 21:33 - 00000406 _____ () C:\windows\Tasks\SpeeditUp Update.job
2015-01-22 21:43 - 2015-01-25 20:34 - 00002527 _____ () C:\windows\patsearch.bin
2015-01-22 21:43 - 2015-01-22 21:43 - 00056432 _____ (Corsica) C:\windows\system32\Drivers\webinstrNHKT.sys
2015-01-22 21:43 - 2015-01-22 21:43 - 00003054 _____ () C:\windows\System32\Tasks\SpeeditUp Update
2015-01-22 21:43 - 2015-01-22 21:43 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_webinstrNHKT_01009.Wdf
2015-01-22 21:43 - 2015-01-22 21:43 - 00000000 ____D () C:\Users\Mummy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BubbleSound 1.0
2015-01-22 21:43 - 2015-01-22 21:43 - 00000000 ____D () C:\Program Files\BubbleSound
2015-01-22 21:43 - 2015-01-22 21:43 - 00000000 ____D () C:\Program Files (x86)\ver2SpeeditUp
2015-01-22 21:37 - 2015-01-22 21:37 - 00000000 ____D () C:\Users\Mummy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Glarysoft
2015-01-22 21:37 - 2015-01-22 21:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Itibiti VoIP Phone
2015-01-22 21:37 - 2015-01-22 21:37 - 00000000 ____D () C:\Program Files (x86)\Itibiti Soft Phone
2015-01-22 21:37 - 2015-01-22 21:37 - 00000000 ____D () C:\Program Files (x86)\Glarysoft
2015-01-22 21:36 - 2015-01-25 20:41 - 00000000 ____D () C:\Users\Mummy\AppData\Local\mpck_us_13
2015-01-22 21:36 - 2015-01-22 21:36 - 00003260 _____ () C:\windows\System32\Tasks\Optimizer Pro Schedule
2015-01-22 21:36 - 2015-01-22 21:36 - 00000000 ____D () C:\Users\Mummy\Documents\Optimizer Pro
2015-01-22 21:36 - 2015-01-22 21:36 - 00000000 ____D () C:\Users\Mummy\AppData\Roaming\Optimizer Pro
2015-01-22 21:36 - 2015-01-22 21:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2015-01-22 21:36 - 2015-01-22 21:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MOBILEPCSTARTERKIT
2015-01-22 21:36 - 2015-01-22 21:36 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro 3.33
2015-01-22 21:36 - 2015-01-22 21:36 - 00000000 ____D () C:\Program Files (x86)\mpck_us_13
2015-01-22 21:35 - 2015-01-24 17:52 - 00000000 ____D () C:\Users\Mummy\AppData\Local\StormWatch
2015-01-22 21:35 - 2015-01-22 21:35 - 00000000 ____D () C:\Users\Mummy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StormWatch
2015-01-22 21:35 - 2015-01-22 21:35 - 00000000 ____D () C:\Users\Mummy\AppData\Local\Weather_Protector_LLC
2015-01-22 21:35 - 2015-01-22 21:35 - 00000000 ____D () C:\Program Files (x86)\StormWatch
2015-01-22 21:35 - 2015-01-22 21:35 - 00000000 ____D () C:\Program Files (x86)\Hot Virtual Keyboard Extension
2015-01-22 21:34 - 2015-01-22 21:35 - 00000000 ____D () C:\Program Files (x86)\Supporter
2015-01-22 21:34 - 2015-01-22 21:34 - 00000000 ____D () C:\Program Files (x86)\youtubeadblocker
2015-01-22 21:33 - 2015-01-22 21:34 - 00000000 ____D () C:\Users\Mummy\Desktop\New folder
2015-01-22 21:33 - 2015-01-22 21:34 - 00000000 ____D () C:\Program Files (x86)\PriiceeLess
2015-01-22 21:33 - 2015-01-22 21:33 - 00000000 ____D () C:\ProgramData\lnmopgohhnagpkejpjdngicaacogiceb
2015-01-22 21:33 - 2015-01-22 21:33 - 00000000 ____D () C:\ProgramData\3454867006450466601
2015-01-22 21:32 - 2015-01-22 21:32 - 00000000 ____D () C:\Program Files (x86)\PrrIceeLLesso
2015-01-22 21:31 - 2015-01-22 21:31 - 00000000 ____D () C:\ProgramData\gkonagknngaclmnleieejhhdapkohjgp
2015-01-22 21:31 - 2015-01-22 21:31 - 00000000 ____D () C:\Program Files (x86)\ORBTR
2015-01-22 21:30 - 2015-01-22 21:32 - 00000000 ____D () C:\Program Files (x86)\ViewPlay
2015-01-22 21:30 - 2015-01-22 21:30 - 00003474 _____ () C:\windows\System32\Tasks\avaxvyvax
2015-01-22 21:29 - 2015-01-25 20:37 - 00000000 ____D () C:\Users\Mummy\AppData\Local\avaxvyvax
2015-01-22 21:29 - 2015-01-22 21:31 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2015-01-22 21:27 - 2015-01-24 17:50 - 00000000 ____D () C:\Users\Mummy\AppData\Local\SearchProtect
2015-01-22 21:26 - 2015-01-22 21:27 - 01920640 _____ (TODO: <Company name>) C:\Users\Mummy\Downloads\Firefox_Updater.exe
2015-01-19 11:52 - 2015-01-19 11:54 - 00000000 ____D () C:\Users\Mummy\Desktop\RAMS2014
2015-01-14 23:50 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-01-14 23:50 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2015-01-14 23:50 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-01-14 23:50 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-01-14 23:50 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-01-14 23:50 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-01-14 23:50 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-01-14 23:50 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-01-14 23:50 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-01-14 23:50 - 2014-12-11 12:47 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-01-14 23:50 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
2015-01-14 23:50 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncsi.dll
2015-01-14 23:50 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll
2014-12-30 10:07 - 2014-12-13 00:09 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-12-30 10:07 - 2014-12-12 22:33 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-12-29 11:57 - 2014-12-29 11:57 - 00000000 ____D () C:\windows\system32\appraiser
2014-12-29 11:35 - 2014-10-17 21:05 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2014-12-29 11:35 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2014-12-29 11:35 - 2014-07-06 21:06 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2014-12-29 11:35 - 2014-07-06 21:06 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2014-12-29 11:35 - 2014-07-06 21:06 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2014-12-29 11:35 - 2014-07-06 21:02 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2014-12-29 11:35 - 2014-07-06 20:40 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2014-12-29 11:35 - 2014-07-06 20:39 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe
2014-12-29 11:35 - 2014-07-06 20:39 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe
2014-12-29 11:35 - 2014-07-06 20:37 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll
2014-12-28 15:22 - 2014-12-03 21:50 - 00830976 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2014-12-28 15:22 - 2014-12-03 21:50 - 00741376 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2014-12-28 15:22 - 2014-12-03 21:50 - 00413184 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-12-28 15:22 - 2014-12-03 21:50 - 00396800 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2014-12-28 15:22 - 2014-12-03 21:50 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-12-28 15:22 - 2014-12-03 21:50 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2014-12-28 15:22 - 2014-12-03 21:44 - 01083392 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-12-28 15:22 - 2014-12-01 18:28 - 01232040 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2014-12-28 15:22 - 2014-11-21 21:06 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-12-28 15:22 - 2014-11-21 20:58 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-12-28 15:22 - 2014-11-10 22:09 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-12-28 15:22 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-12-28 15:22 - 2014-11-10 20:46 - 00119296 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2014-12-28 15:21 - 2014-11-26 20:43 - 00389296 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-12-28 15:21 - 2014-11-26 20:10 - 00342200 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-12-28 15:21 - 2014-11-21 22:13 - 25059840 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-12-28 15:21 - 2014-11-21 22:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-12-28 15:21 - 2014-11-21 22:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-12-28 15:21 - 2014-11-21 21:50 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-12-28 15:21 - 2014-11-21 21:50 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-12-28 15:21 - 2014-11-21 21:49 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-12-28 15:21 - 2014-11-21 21:49 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-12-28 15:21 - 2014-11-21 21:48 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-12-28 15:21 - 2014-11-21 21:41 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-12-28 15:21 - 2014-11-21 21:40 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-12-28 15:21 - 2014-11-21 21:37 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-12-28 15:21 - 2014-11-21 21:35 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-12-28 15:21 - 2014-11-21 21:34 - 06039552 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-12-28 15:21 - 2014-11-21 21:34 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-12-28 15:21 - 2014-11-21 21:26 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-12-28 15:21 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-12-28 15:21 - 2014-11-21 21:22 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-12-28 15:21 - 2014-11-21 21:20 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-12-28 15:21 - 2014-11-21 21:14 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-12-28 15:21 - 2014-11-21 21:09 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-12-28 15:21 - 2014-11-21 21:08 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-12-28 15:21 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-12-28 15:21 - 2014-11-21 21:07 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-12-28 15:21 - 2014-11-21 21:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-12-28 15:21 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-12-28 15:21 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-12-28 15:21 - 2014-11-21 20:59 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-12-28 15:21 - 2014-11-21 20:56 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-12-28 15:21 - 2014-11-21 20:54 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-12-28 15:21 - 2014-11-21 20:49 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-12-28 15:21 - 2014-11-21 20:49 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-12-28 15:21 - 2014-11-21 20:47 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-12-28 15:21 - 2014-11-21 20:46 - 02125312 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-12-28 15:21 - 2014-11-21 20:45 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-12-28 15:21 - 2014-11-21 20:43 - 14412800 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-12-28 15:21 - 2014-11-21 20:40 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-28 15:21 - 2014-11-21 20:36 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-12-28 15:21 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-12-28 15:21 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-12-28 15:21 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-12-28 15:21 - 2014-11-21 20:28 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-12-28 15:21 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-12-28 15:21 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-12-28 15:21 - 2014-11-21 20:21 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-12-28 15:21 - 2014-11-21 20:15 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-12-28 15:21 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-12-28 15:21 - 2014-11-21 20:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-12-28 15:21 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-12-28 15:21 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-12-28 15:21 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-12-28 15:21 - 2014-10-29 21:03 - 00165888 _____ (Microsoft Corporation) C:\windows\system32\charmap.exe
2014-12-28 15:21 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\windows\SysWOW64\charmap.exe
2014-12-28 15:20 - 2014-11-07 22:16 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-12-28 15:20 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-12-28 15:20 - 2014-10-02 21:12 - 02020352 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll
2014-12-28 15:20 - 2014-10-02 21:12 - 00346624 _____ (Microsoft Corporation) C:\windows\system32\WSManMigrationPlugin.dll
2014-12-28 15:20 - 2014-10-02 21:12 - 00310272 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll
2014-12-28 15:20 - 2014-10-02 21:12 - 00181248 _____ (Microsoft Corporation) C:\windows\system32\WsmAuto.dll
2014-12-28 15:20 - 2014-10-02 21:11 - 00266240 _____ (Microsoft Corporation) C:\windows\system32\WSManHTTPConfig.exe
2014-12-28 15:20 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll
2014-12-28 15:20 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-28 15:20 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmWmiPl.dll
2014-12-28 15:20 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmAuto.dll
2014-12-28 15:20 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManHTTPConfig.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-25 22:14 - 2009-07-13 23:45 - 00018736 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-25 22:14 - 2009-07-13 23:45 - 00018736 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-25 21:59 - 2010-02-14 14:38 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-25 21:51 - 2011-03-07 21:22 - 00000924 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1712862464-967583995-3115668942-1000UA.job
2015-01-25 21:51 - 2010-01-25 20:57 - 01112517 _____ () C:\windows\WindowsUpdate.log
2015-01-25 21:47 - 2012-06-22 08:17 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-01-25 21:32 - 2011-08-09 19:32 - 00000944 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1712862464-967583995-3115668942-1000UA.job
2015-01-25 21:32 - 2011-08-09 19:32 - 00000922 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1712862464-967583995-3115668942-1000Core.job
2015-01-25 21:29 - 2010-02-14 14:38 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-25 21:29 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-25 21:29 - 2009-07-13 23:51 - 00079099 _____ () C:\windows\setupact.log
2015-01-25 21:28 - 2014-11-10 15:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-25 21:28 - 2012-05-25 11:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-25 21:28 - 2009-12-12 01:43 - 00359372 _____ () C:\windows\PFRO.log
2015-01-25 20:36 - 2012-06-22 08:17 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-01-25 20:36 - 2012-06-22 08:17 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-01-25 20:36 - 2011-06-14 09:00 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-25 20:34 - 2013-09-29 11:38 - 00000488 _____ () C:\windows\Tasks\PC Utility Kit Registration3.job
2015-01-25 20:34 - 2011-03-27 22:09 - 00000856 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1712862464-967583995-3115668942-1003Core.job
2015-01-22 21:32 - 2012-12-06 21:21 - 00000000 _____ () C:\END
2015-01-19 18:15 - 2011-03-27 22:09 - 00002379 _____ () C:\Users\Mummy\Desktop\Google Chrome.lnk
2015-01-19 11:10 - 2011-03-07 21:22 - 00000872 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1712862464-967583995-3115668942-1000Core.job
2015-01-09 08:46 - 2013-01-01 11:34 - 00000202 _____ () C:\Users\Mummy\Desktop\ahhbls.txt
2015-01-04 19:22 - 2011-03-25 20:06 - 00000000 ____D () C:\Users\Big Daddy\Desktop\spyware
2015-01-04 19:21 - 2011-03-07 21:40 - 00000000 ____D () C:\Users\Big Daddy\Desktop\Stuff
2015-01-04 19:19 - 2013-01-31 21:43 - 00000000 ____D () C:\Users\Big Daddy\Desktop\Motahs
2014-12-31 06:14 - 2010-02-14 14:35 - 00298120 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-12-30 22:06 - 2010-02-14 19:12 - 00000000 ____D () C:\Users\Big Daddy\AppData\Local\Adobe
2014-12-29 11:57 - 2014-05-20 15:59 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-12-29 11:57 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-12-29 11:57 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\AppCompat
2014-12-29 11:41 - 2010-01-25 21:02 - 00000000 ____D () C:\ProgramData\Microsoft Help

==================== Files in the root of some directories =======

2014-05-16 08:26 - 2014-05-16 08:26 - 6103040 _____ () C:\Program Files (x86)\GUT3D01.tmp
2014-04-25 09:46 - 2014-04-25 09:46 - 0000110 _____ () C:\Users\Big Daddy\AppData\Roaming\wklnhst.dat
2014-02-09 22:07 - 2014-02-09 22:08 - 0000319 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Some content of TEMP:
====================
C:\Users\Big Daddy\AppData\Local\Temp\2a6e1f7C4.exe
C:\Users\Big Daddy\AppData\Local\Temp\32126478B.exe
C:\Users\Big Daddy\AppData\Local\Temp\hpigpwdrymrp.exe
C:\Users\Big Daddy\AppData\Local\Temp\jre-6u32-windows-i586-iftw.exe
C:\Users\Big Daddy\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Big Daddy\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Big Daddy\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Big Daddy\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Big Daddy\AppData\Local\Temp\_is4AD8.exe
C:\Users\Big Daddy\AppData\Local\Temp\_is4C30.exe
C:\Users\Big Daddy\AppData\Local\Temp\_is9BA6.exe
C:\Users\Big Daddy\AppData\Local\Temp\_isFE9C.exe
C:\Users\Mummy\AppData\Local\Temp\0184737442.exe
C:\Users\Mummy\AppData\Local\Temp\0231286211.exe
C:\Users\Mummy\AppData\Local\Temp\1379458029.exe
C:\Users\Mummy\AppData\Local\Temp\1985038552.exe
C:\Users\Mummy\AppData\Local\Temp\2329462224.exe
C:\Users\Mummy\AppData\Local\Temp\2432106010.exe
C:\Users\Mummy\AppData\Local\Temp\2483131215.exe
C:\Users\Mummy\AppData\Local\Temp\3073906557.exe
C:\Users\Mummy\AppData\Local\Temp\3565889107.exe
C:\Users\Mummy\AppData\Local\Temp\4820502884.exe
C:\Users\Mummy\AppData\Local\Temp\4902224008.exe
C:\Users\Mummy\AppData\Local\Temp\5543556218.exe
C:\Users\Mummy\AppData\Local\Temp\5966720986.exe
C:\Users\Mummy\AppData\Local\Temp\6244852833.exe
C:\Users\Mummy\AppData\Local\Temp\6297000741.exe
C:\Users\Mummy\AppData\Local\Temp\6609252417.exe
C:\Users\Mummy\AppData\Local\Temp\8384223630.exe
C:\Users\Mummy\AppData\Local\Temp\8891428080.exe
C:\Users\Mummy\AppData\Local\Temp\B12294B5-47CA-DB82-B975-F3793A4E79B5.dll
C:\Users\Mummy\AppData\Local\Temp\B12294B5-47CA-DB82-B975-F3793A4E79B5.exe
C:\Users\Mummy\AppData\Local\Temp\BDE50132-B236-99CF-EE4C-70C2AF1015C8.exe
C:\Users\Mummy\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Mummy\AppData\Local\Temp\nsr1B0D.exe
C:\Users\Mummy\AppData\Local\Temp\optprosetup.exe
C:\Users\Mummy\AppData\Local\Temp\Shockwave_Installer_FF.exe
C:\Users\Mummy\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-26 19:32

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01
Ran by Big Daddy at 2015-01-25 22:27:17
Running from C:\Users\Big Daddy\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 2.0.3 - )
1ClickDownload (HKLM-x32\...\1ClickDownload) (Version: 2.1 Build 26473 - 1ClickDownload) <==== ATTENTION!
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
AirPort (HKLM-x32\...\{40184457-4514-4B18-84A8-6BB8A3AB6A81}) (Version: 5.5.3.2 - Apple Inc.)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.1.0 - Ask.com) <==== ATTENTION
Ask Toolbar Updater (HKU\S-1-5-21-1712862464-967583995-3115668942-1000\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.1.22229 - Ask.com) <==== ATTENTION
BlackBerry Device Software Updater (HKLM-x32\...\{6BA13EFC-E8D0-4D37-AF04-42796CF0E8F5}) (Version: 6.0.1.13 - Research In Motion Ltd)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BubbleSound (HKLM\...\BubbleSound) (Version: 1.0 - )
CA Pest Patrol Realtime Protection (HKLM-x32\...\{F05A5232-CE5E-4274-AB27-44EB8105898D}) (Version: 001.001.0034 - Computer Associates Inc.)
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.11222.0 - Cisco Consumer Products LLC)
Comcast Desktop Software (v1.2.1) (HKLM-x32\...\{118C3943-1683-42EF-824D-C22E70DB42E7}) (Version: 24 - Comcast)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Dolby Control Center (HKLM\...\{20387B45-18A4-4D48-ABD9-A23D2CBE42B3}) (Version: 2.2.1 - Dolby)
Epson Event Manager (HKLM-x32\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}) (Version: 2.40.0001 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.10.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WorkForce 520 Series Printer Uninstall (HKLM\...\EPSON WorkForce 520 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
EpsonNet Setup 3.3 (HKLM-x32\...\{C9D8A041-2963-4B31-8FFC-1500F3DB9293}) (Version: 3.3b - SEIKO EPSON CORPORATION)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FreeStar Free AMR MP3 Converter 1.0.7 (HKLM-x32\...\FreeStar Free AMR MP3 Converter) (Version: 1.0.7 - FreeStar, Org.)
Google Chrome (HKU\S-1-5-21-1712862464-967583995-3115668942-1000\...\Google Chrome) (Version: 40.0.2214.91 - Google Inc.)
Google SketchUp 8 (HKLM-x32\...\{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}) (Version: 3.0.4811 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hot Virtual Keyboard Extension (HKLM-x32\...\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}) (Version:  - ) <==== ATTENTION
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.0.1006 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.1986 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.0.1037 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.27 - Irfan Skiljan)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{1CF5754A-545B-4360-BFDE-2847BC728DFC}) (Version: 11.2.0.115 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Knctr (HKLM-x32\...\Itibiti_is1) (Version:  - Itibiti Inc.)
LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 6.0.19.19317 - LeapFrog)
LeapFrog Connect (x32 Version: 6.0.19.19317 - LeapFrog) Hidden
LeapFrog LeapPad Explorer Plugin (x32 Version: 6.0.19.19317 - LeapFrog) Hidden
LeapFrog My Pals Plugin (x32 Version: 6.0.19.19317 - LeapFrog) Hidden
LeapFrog MyOwnStoryTimePad Plugin (x32 Version: 6.0.19.19317 - LeapFrog) Hidden
Malwarebytes' Anti-Malware (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version:  - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MobilePCStarterKit 025.13 (HKLM-x32\...\mpck_us_13_is1) (Version:  - MOBILEPCSTARTERKIT)
Move Media Player (HKU\S-1-5-21-1712862464-967583995-3115668942-1000\...\Move Media Player) (Version:  - Move Networks)
Mozilla Firefox 35.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 en-US)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Nano 1.1.1 (HKLM-x32\...\Nano) (Version: 1.1.1 - )
Norton Security Scan (HKLM-x32\...\NSS) (Version: 3.7.2.5 - Symantec Corporation)
Optimizer Pro v3.2 (HKLM-x32\...\Optimizer Pro_is1) (Version: 3.2.0.3 - PC Utilities Software Limited) <==== ATTENTION
PC Utility Kit (HKLM-x32\...\{106DADAD-B062-4de5-8D1F-3FD2AD195E49}) (Version: 3.1.6.0 - Red Dog Media) <==== ATTENTION
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PMB (HKLM-x32\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.6.02.06173 - Sony Corporation)
PriiceeLess (HKLM-x32\...\{75F9BF4A-AF67-A478-A37B-31D73186D3F3}) (Version:  - )
Pro PC Cleaner (HKLM-x32\...\{C3060724-6AC7-4BEF-B516-4F6B1D90887D}) (Version: 2.5.5 - Pro PC Cleaner)
QuickTime (HKLM-x32\...\{C9E14402-3631-4182-B377-6B0DFB1C0339}) (Version: 7.70.80.34 - Apple Inc.)
Realtek Ethernet Controller  Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0008 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5972 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0006 - Realtek)
RICOH R5U230 Media Driver ver.2.06.03.02 (HKLM-x32\...\{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}) (Version: 2.06.03.02 - RICOH)
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.2 - Roxio)
Roxio Express Labeler 3 (HKLM-x32\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 3.2.1 - Roxio)
Safari (HKLM-x32\...\{735619D4-B42A-437A-958C-199BFCAEDB38}) (Version: 5.34.50.0 - Apple Inc.)
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.20.1.20 - Client Connect LTD) <==== ATTENTION
Software Update 2.1.0.186 (HKLM-x32\...\Software Update) (Version: 2.1.0.186 - Glarysoft Ltd)
SpeeditUp (HKLM-x32\...\A8A271F6-79DE-1267-192D-AA60D43783AA) (Version:  - SpeeditUp-software) <==== ATTENTION
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Support PL 1.1 (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{be0fb33b}) (Version:  - riceLes) <==== ATTENTION
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.11.0 - Synaptics Incorporated)
Toshiba Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.0.9 - Toshiba)
TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.10 - TOSHIBA)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{F64684A0-754B-4637-B7F9-6E8DAA8CD5CD}) (Version: 1.5.05.64 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM-x32\...\{F3529665-D75E-4D6D-98F0-745C78C68E9B}) (Version: 8.0.25 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.1.07-A - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.1.12.64 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM-x32\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version:  - )
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{D0387727-C89D-4774-B643-B9333EAA09DE}) (Version: 2.00.15 - TOSHIBA Corporation)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.0.3 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.4 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.65 - TOSHIBA CORPORATION)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.5.1.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.1 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{5BCC94A1-DEF1-4AB4-8046-BC13048E929A}) (Version: 1.5.07.64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.40 - TOSHIBA)
TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Supervisor Password (HKLM-x32\...\{A208044D-A88B-4ACF-AE95-E4F213E6EDC0}) (Version: 2.00.11 - TOSHIBA Corporation)
TOSHIBA USB Sleep and Charge Utility (HKLM-x32\...\{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}) (Version: 1.3.2.0 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.2.32.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.7 - TOSHIBA Corporation)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.3 - Toshiba)
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
Unity Web Player (HKU\S-1-5-21-1712862464-967583995-3115668942-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin) (HKLM-x32\...\LeapPadExplorerPlugin) (Version:  - LeapFrog)
Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin) (HKLM-x32\...\MyPalsPlugin) (Version:  - LeapFrog)
Use the entry named LeapFrog Connect to uninstall (LeapFrog MyOwnStoryTimePad Plugin) (HKLM-x32\...\MyOwnStoryTimePadPlugin) (Version: 6.0.19.19317 - LeapFrog)
ViewPlay (HKLM\...\ViewPlay) (Version: 2015.01.22.222332 - ViewPlay) <==== ATTENTION!
VoiceOver Kit (HKLM-x32\...\{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}) (Version: 1.42.128.0 - Apple Inc.)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
WModem Driver Installer (HKLM-x32\...\HTC_WModemDriver) (Version: 2.0.6.9 - HTC)
Xirrus Wi-Fi Inspector (HKLM-x32\...\{14F84065-1316-42C6-B619-1FE1880050E0}) (Version: 1.2.0000 - Xirrus)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )
youtubeadblocker (HKLM-x32\...\{4820778D-AB0D-6D18-C316-52A6A0E1D507}) (Version:  - ) <==== ATTENTION

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1712862464-967583995-3115668942-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Big Daddy\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1712862464-967583995-3115668942-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Big Daddy\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1712862464-967583995-3115668942-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Big Daddy\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1712862464-967583995-3115668942-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Big Daddy\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1712862464-967583995-3115668942-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Big Daddy\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1712862464-967583995-3115668942-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Big Daddy\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

30-12-2014 09:58:37 Windows Update
31-12-2014 10:18:24 Windows Update
02-01-2015 10:29:27 Windows Update
04-01-2015 11:34:52 Windows Update
05-01-2015 08:16:34 Windows Update
07-01-2015 17:41:17 Windows Update
08-01-2015 13:27:23 Windows Update
09-01-2015 08:16:47 Windows Update
11-01-2015 13:57:36 Windows Update
12-01-2015 09:03:53 Windows Update
13-01-2015 11:23:24 Windows Update
14-01-2015 23:39:37 Windows Update
15-01-2015 09:03:45 Windows Update
19-01-2015 11:10:48 Windows Update
20-01-2015 21:12:14 Windows Update
21-01-2015 19:12:19 Windows Update
22-01-2015 12:58:38 Windows Update
24-01-2015 17:51:39 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2011-03-25 18:59 - 00000098 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {10EABB0E-AE53-460B-91AC-05D6B80BA518} - System32\Tasks\Norton Security Scan for Big Daddy => C:\Program Files (x86)\Norton Security Scan\Engine\3.7.2.5\Nss.exe [2012-10-03] (Symantec Corporation)
Task: {12B12802-A7F3-46B9-BB97-E12A4CDF2827} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro 3.33\OptProLauncher.exe [2015-01-16] (PC Utilities Software Limited) <==== ATTENTION
Task: {1CABD481-550A-41C7-B5B1-2ABABC660001} - System32\Tasks\SpeeditUp Update => C:\Program Files (x86)\ver2SpeeditUp\z5SpeeditUpw51.exe [2015-01-22] () <==== ATTENTION
Task: {233E3047-8650-4670-9750-653F918D2145} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1712862464-967583995-3115668942-1003Core => C:\Users\Mummy\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {2ED9DB26-7742-438B-A1AC-3E40AC2152FF} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2009-10-28] (TOSHIBA CORPORATION)
Task: {5099A461-036A-44A0-912D-2D5CA21CDEF1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {53F2984B-206C-4171-9E28-C160B49A3AC8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {6420B077-A6F2-4841-8470-714FB6D5436E} - System32\Tasks\PC Utility Kit Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\PC Utility Kit\UUS3\UUS3.dll" RunUns
Task: {65A67967-FA64-4AAE-85A7-A7821251A317} - System32\Tasks\avaxvyvax => C:\Users\Mummy\AppData\Local\avaxvyvax\avaxvyvax.exe [2015-01-20] ()
Task: {6FB09893-75D7-4945-A6D9-B941DE245C81} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {7BF654A8-4A1B-4174-A72B-A767B8D46F89} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1712862464-967583995-3115668942-1000Core => C:\Users\Big Daddy\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {7E75C362-A772-4FAF-A416-FC4A9319DE72} - System32\Tasks\{2F1547C6-2F2D-4320-9C24-7A84EAD41339} => pcalua.exe -a "C:\Users\Big Daddy\Downloads\HijackThis.exe" -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {857BB5E3-42D9-4C13-AFE4-7561A9CF7E5B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1712862464-967583995-3115668942-1003UA => C:\Users\Mummy\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {92D5A253-AAE1-43D7-B5DD-D03C0E783CB9} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe [2014-07-14] ()
Task: {9B5B2172-4171-444E-835C-048E69F7E1C1} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2012-04-09] () <==== ATTENTION
Task: {B9009FBB-F387-44BC-9EFB-F87D68DD5D47} - System32\Tasks\{D08A1F30-C9B6-4FA7-A1FB-D7F587475655} => pcalua.exe -a "C:\Users\Big Daddy\Downloads\HijackThis(2).exe" -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {CC647A15-E568-4643-9D77-46C18E895BCA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1712862464-967583995-3115668942-1000UA => C:\Users\Big Daddy\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {E29F137E-F136-4B37-9A48-601DE042C649} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe [2014-07-14] (Pro PC Cleaner)
Task: {E2FC3A42-5F15-4A26-A5C0-3C5DE5A35048} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25] (Adobe Systems Incorporated)
Task: {E4DAAD03-F22B-4E62-9DCE-833FA4D33BB4} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1712862464-967583995-3115668942-1000Core => C:\Users\Big Daddy\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {EF082E54-5B94-4EA6-8926-5CBD0E08940C} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1712862464-967583995-3115668942-1000UA => C:\Users\Big Daddy\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1712862464-967583995-3115668942-1000Core.job => C:\Users\Big Daddy\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1712862464-967583995-3115668942-1000UA.job => C:\Users\Big Daddy\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1712862464-967583995-3115668942-1000Core.job => C:\Users\Big Daddy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1712862464-967583995-3115668942-1000UA.job => C:\Users\Big Daddy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1712862464-967583995-3115668942-1003Core.job => C:\Users\Mummy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1712862464-967583995-3115668942-1003UA.job => C:\Users\Mummy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\Norton Security Scan for Big Daddy.job => C:\PROGRA~2\NORTON~2\Engine\372~1.5\Nss.exe
Task: C:\windows\Tasks\PC Utility Kit Registration3.job => C:\Program Files (x86)\Common Files\PC Utility Kit\UUS3\UUS3.dll <==== ATTENTION
Task: C:\windows\Tasks\SpeeditUp Update.job => C:\Program Files (x86)\ver2SpeeditUp\z5SpeeditUpw51.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2015-01-08 13:12 - 2015-01-08 13:12 - 02264576 _____ () C:\Program Files\BubbleSound\BubbleSound.dll
2009-06-17 12:49 - 2009-06-17 12:49 - 00616408 _____ () C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
2015-01-22 17:23 - 2015-01-22 17:23 - 00632040 _____ () C:\Program Files (x86)\ViewPlay\updateViewPlay.exe
2009-10-18 18:20 - 2009-10-18 18:20 - 07959864 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-11-03 16:26 - 2009-11-03 16:26 - 00053560 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2009-12-12 01:22 - 2009-06-22 18:40 - 00022328 _____ () C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll
2009-03-12 22:08 - 2009-03-12 22:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
2009-07-25 20:38 - 2009-07-25 20:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2009-10-30 20:20 - 2009-10-30 20:20 - 00417592 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
2011-02-14 08:55 - 2011-02-14 08:55 - 00043520 ____R () C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
2015-01-22 21:36 - 2015-01-22 12:49 - 03982480 _____ () C:\Program Files (x86)\mpck_us_13\mpck_us_13.exe
2009-11-05 12:18 - 2009-11-05 12:18 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2014-04-23 15:05 - 2014-04-23 15:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 15:04 - 2014-04-23 15:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-01-22 21:34 - 2015-01-22 21:34 - 04214272 _____ () c:\Program Files (x86)\Supporter\Supporter.dll
2015-01-22 21:36 - 2015-01-22 21:36 - 01597008 _____ () c:\Program Files (x86)\Optimizer Pro 3.33\OptProMon.dll
2010-01-25 21:18 - 2009-10-02 16:18 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2014-02-01 13:30 - 2014-02-01 13:30 - 00861184 _____ () C:\Program Files (x86)\LeapFrog\LeapFrog Connect\platforms\qwindows.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: EEventManager => "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
MSCONFIG\startupreg: FUFAXSTM => "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
MSCONFIG\startupreg: Google Update => "C:\Users\Big Daddy\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: Monitor => "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-1712862464-967583995-3115668942-500 - Administrator - Disabled)
Big Daddy (S-1-5-21-1712862464-967583995-3115668942-1000 - Administrator - Enabled) => C:\Users\Big Daddy
Guest (S-1-5-21-1712862464-967583995-3115668942-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1712862464-967583995-3115668942-1002 - Limited - Enabled)
Mummy (S-1-5-21-1712862464-967583995-3115668942-1003 - Administrator - Enabled) => C:\Users\Mummy

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/25/2015 09:24:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2155107

Error: (01/25/2015 09:24:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2155107

Error: (01/25/2015 09:24:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/24/2015 05:59:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5600

Error: (01/24/2015 05:59:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5600

Error: (01/24/2015 05:59:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/24/2015 05:59:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4586

Error: (01/24/2015 05:59:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4586

Error: (01/24/2015 05:59:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/24/2015 05:59:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3557


System errors:
=============
Error: (01/25/2015 09:37:49 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Intel® Management & Security Application User Notification Service service hung on starting.

Error: (01/25/2015 09:26:43 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.191.2930.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.6.0305.00

    Source Path: 4.6.0305.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (01/25/2015 08:48:08 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (01/25/2015 08:39:37 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2667402).

Error: (01/25/2015 08:33:47 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (01/22/2015 10:49:14 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (01/22/2015 01:11:33 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.191.3014.0).

Error: (01/22/2015 01:11:12 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.191.2930.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.6.0305.00

    Source Path: 4.6.0305.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (01/22/2015 01:01:23 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2667402).

Error: (01/21/2015 07:15:34 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2667402).


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel® Core™ i3 CPU M 330 @ 2.13GHz
Percentage of memory in use: 39%
Total physical RAM: 3894.85 MB
Available physical RAM: 2355.27 MB
Total Pagefile: 7787.88 MB
Available Pagefile: 5611.87 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (TI105322W0F) (Fixed) (Total:453.89 GB) (Free:240.77 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 31AC024B)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=453.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10.4 GB) - (Type=17)

==================== End Of Log ============================

 
 


BC AdBot (Login to Remove)

 


m

#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:02 AM

Posted 26 January 2015 - 01:06 AM

1.

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool .
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

 

2.[/b

Download and run Junkware Removal Tool. ***Your Anti Virus may see this download as malicious, don't worry continue on. 

Please download Junkware Removal Tool to your desktop.

 

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
    the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next Reply.

 

 

[b]3

Please Run FRST again after running the tools above and post the new FRST.txt.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 kilabeez0

kilabeez0
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 26 January 2015 - 07:51 PM

# AdwCleaner v4.109 - Report created 26/01/2015 at 19:39:50
# Updated 24/01/2015 by Xplode
# Database : 2015-01-26.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Big Daddy - BIGDADDY-PC
# Running from : C:\Users\Big Daddy\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : be0fb33b
Service Deleted : CltMngSvc
Service Deleted : SPPD
Service Deleted : Orbiter
Service Deleted : SWUpdater
Service Deleted : webinstrNHKT

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Free Ride Games
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\3454867006450466601
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\freestar
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pro PC Cleaner
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Program Files (x86)\comcasttb
Folder Deleted : C:\Program Files (x86)\fbphotozoom
Folder Deleted : C:\Program Files (x86)\Free Offers from Freeze.com
Folder Deleted : C:\Program Files (x86)\freestar
Folder Deleted : C:\Program Files (x86)\PriceGong
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Program Files (x86)\supporter
Folder Deleted : C:\Program Files (x86)\StormWatch
Folder Deleted : C:\Program Files (x86)\ORBTR
Folder Deleted : C:\Program Files (x86)\Pro PC Cleaner
Folder Deleted : C:\Program Files (x86)\PriiceeLess
Folder Deleted : C:\Program Files (x86)\PrrIceeLLesso
Folder Deleted : C:\Program Files (x86)\youtubeadblocker
Folder Deleted : C:\Program Files (x86)\ver2SpeeditUp
Folder Deleted : C:\windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Folder Deleted : C:\Users\BIGDAD~1\AppData\Local\Temp\AskSearch
Folder Deleted : C:\Users\Big Daddy\AppData\Local\apn
Folder Deleted : C:\Users\Big Daddy\AppData\Local\PackageAware
Folder Deleted : C:\Users\Big Daddy\AppData\Local\SearchProtect
Folder Deleted : C:\Users\Big Daddy\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Big Daddy\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Mummy\AppData\Local\SearchProtect
Folder Deleted : C:\Users\Mummy\AppData\Local\StormWatch
Folder Deleted : C:\Users\Mummy\AppData\Local\Weather_Protector_LLC
Folder Deleted : C:\Users\Mummy\AppData\Local\Pro_PC_Cleaner
Folder Deleted : C:\Users\Mummy\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Mummy\AppData\LocalLow\xfin_portal
Folder Deleted : C:\Users\Mummy\AppData\Roaming\Optimizer Pro
Folder Deleted : C:\Users\Mummy\AppData\Roaming\Pro PC Cleaner
Folder Deleted : C:\Users\Mummy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StormWatch
Folder Deleted : C:\Users\Mummy\Documents\Optimizer Pro
Folder Deleted : C:\Users\Mummy\Documents\ProPCCleaner
Folder Deleted : C:\Users\Mummy\AppData\Roaming\Mozilla\Firefox\Profiles\t3wkkknm.default\Extensions\39ffxtbr@MapsGalaxy_39.com
Folder Deleted : C:\Users\Big Daddy\AppData\Roaming\Mozilla\Firefox\Profiles\b004zysc.default\Extensions\toolbar@ask.com
Folder Deleted : C:\Users\Big Daddy\AppData\Roaming\Mozilla\Firefox\Profiles\b004zysc.default\Extensions\BeRV2@0.edu
Folder Deleted : C:\Users\Mummy\AppData\Roaming\Mozilla\Firefox\Profiles\t3wkkknm.default\Extensions\BeRV2@0.edu
Folder Deleted : C:\Users\Big Daddy\AppData\Roaming\Mozilla\Firefox\Profiles\b004zysc.default\Extensions\oPUko@6.com
Folder Deleted : C:\Users\Mummy\AppData\Roaming\Mozilla\Firefox\Profiles\t3wkkknm.default\Extensions\oPUko@6.com
Folder Deleted : C:\Users\Big Daddy\AppData\Roaming\Mozilla\Firefox\Profiles\b004zysc.default\Extensions\UfX4@Pfk.net
Folder Deleted : C:\Users\Mummy\AppData\Roaming\Mozilla\Firefox\Profiles\t3wkkknm.default\Extensions\UfX4@Pfk.net
Folder Deleted : C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Folder Deleted : C:\ProgramData\gkcoklhdocmkgikbglacnkoccfbainmn
Folder Deleted : C:\ProgramData\gkonagknngaclmnleieejhhdapkohjgp
Folder Deleted : C:\ProgramData\lnmopgohhnagpkejpjdngicaacogiceb
File Deleted : C:\END
File Deleted : C:\Users\Public\Desktop\Pro PC Cleaner.lnk
File Deleted : C:\windows\patsearch.bin
File Deleted : C:\windows\System32\drivers\Msft_Kernel_webinstrNHKT_01009.Wdf
File Deleted : C:\windows\System32\drivers\webinstrNHKT.sys
File Deleted : C:\Users\Mummy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Knctr.lnk
File Deleted : C:\Users\Mummy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWatch.lnk
File Deleted : C:\Users\Mummy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWatchApp.lnk
File Deleted : C:\Users\Big Daddy\AppData\Roaming\Mozilla\Firefox\Profiles\b004zysc.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Mummy\AppData\Roaming\Mozilla\Firefox\Profiles\t3wkkknm.default\searchplugins\ask-web-search.xml
File Deleted : C:\Users\Big Daddy\AppData\Roaming\Mozilla\Firefox\Profiles\b004zysc.default\user.js
File Deleted : C:\Users\Mummy\AppData\Roaming\Mozilla\Firefox\Profiles\t3wkkknm.default\user.js
File Deleted : C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
File Deleted : C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal

***** [ Scheduled Tasks ] *****

Task Deleted : Optimizer Pro Schedule
Task Deleted : Scheduled Update for Ask Toolbar
Task Deleted : ProPCCleaner_Start
Task Deleted : ProPCCleaner_Popup
Task Deleted : SpeeditUp Update

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
Key Deleted : HKLM\SOFTWARE\Classes\P57bdcf75_3cae_40f1_a354_f1316674a22b_.P57bdcf75_3cae_40f1_a354_f1316674a22b_
Key Deleted : HKLM\SOFTWARE\Classes\P57bdcf75_3cae_40f1_a354_f1316674a22b_.P57bdcf75_3cae_40f1_a354_f1316674a22b_.9
Key Deleted : HKLM\SOFTWARE\Classes\P6d0e26c9_fb3e_4cce_a8e1_25c4a1ad0c63_.P6d0e26c9_fb3e_4cce_a8e1_25c4a1ad0c63_
Key Deleted : HKLM\SOFTWARE\Classes\P6d0e26c9_fb3e_4cce_a8e1_25c4a1ad0c63_.P6d0e26c9_fb3e_4cce_a8e1_25c4a1ad0c63_.9
Key Deleted : HKLM\SOFTWARE\Classes\Pc0bbc81f_8fce_4e9c_ab64_1bbaf79d6c1f_.Pc0bbc81f_8fce_4e9c_ab64_1bbaf79d6c1f_
Key Deleted : HKLM\SOFTWARE\Classes\Pc0bbc81f_8fce_4e9c_ab64_1bbaf79d6c1f_.Pc0bbc81f_8fce_4e9c_ab64_1bbaf79d6c1f_.9
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{be0fb33b}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{08635077-8829-49E2-B338-C968817EB460}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{20A3F109-F7C1-47B4-8098-8E654B264B1D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8C7478AB-3155-463E-936F-55F91F0F10D0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9E1B65EE-A131-42B4-94CA-847505E2F611}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57bdcf75-3cae-40f1-a354-f1316674a22b}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6d0e26c9-fb3e-4cce-a8e1-25c4a1ad0c63}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{c0bbc81f-8fce-4e9c-ab64-1bbaf79d6c1f}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B944B960-AB77-AED8-BA15-5FE25D491444}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A11A6BD-7880-49BD-92D4-6F09D0BD3250}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{68DE31F7-43FF-4EE2-B88B-10665016970D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{230332DF-D235-47EE-BC42-60860EF144CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{57bdcf75-3cae-40f1-a354-f1316674a22b}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d0e26c9-fb3e-4cce-a8e1-25c4a1ad0c63}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c0bbc81f-8fce-4e9c-ab64-1bbaf79d6c1f}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B944B960-AB77-AED8-BA15-5FE25D491444}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{57bdcf75-3cae-40f1-a354-f1316674a22b}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6d0e26c9-fb3e-4cce-a8e1-25c4a1ad0c63}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{c0bbc81f-8fce-4e9c-ab64-1bbaf79d6c1f}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{57bdcf75-3cae-40f1-a354-f1316674a22b}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{6d0e26c9-fb3e-4cce-a8e1-25c4a1ad0c63}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{c0bbc81f-8fce-4e9c-ab64-1bbaf79d6c1f}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{B944B960-AB77-AED8-BA15-5FE25D491444}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{57bdcf75-3cae-40f1-a354-f1316674a22b}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d0e26c9-fb3e-4cce-a8e1-25c4a1ad0c63}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c0bbc81f-8fce-4e9c-ab64-1bbaf79d6c1f}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B944B960-AB77-AED8-BA15-5FE25D491444}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6553369B-DD50-4F99-A8A8-EA4463C7FB8D}
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\powerpack
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\SweetIM
Key Deleted : HKCU\Software\Tutorials
Key Deleted : HKCU\Software\wscontb
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\APN
Key Deleted : HKLM\SOFTWARE\AskToolbar
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Iminent
Key Deleted : HKLM\SOFTWARE\SearchProtect
Key Deleted : HKLM\SOFTWARE\SweetIM
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : HKLM\SOFTWARE\StormWatch
Key Deleted : HKLM\SOFTWARE\ORBTR
Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\Pro PC Cleaner
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : HKLM\SOFTWARE\SPPDCOM
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_US Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C3060724-6AC7-4BEF-B516-4F6B1D90887D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{75F9BF4A-AF67-A478-A37B-31D73186D3F3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\A8A271F6-79DE-1267-192D-AA60D43783AA
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC64LO~1.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v35.0 (x86 en-US)

[b004zysc.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
[b004zysc.default\prefs.js] - Line Deleted : user_pref("browser.search.order.1", "Ask.com");
[b004zysc.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.InstallDir", "C:\\Program Files (x86)\\Ask.com\\");
[b004zysc.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.abar-war-timeout", "4000");
[b004zysc.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.apn_dbr", "ff_7.0");
[b004zysc.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.autofill-competitor-query-enabled", true);
[b004zysc.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.cbid", "RW");
[b004zysc.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.config-updated", false);
[b004zysc.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.cr-o", "15176cr");
[b004zysc.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.crumb", "2012.02.26+14.35.31-toolbar014iad-US-TW91bnQgTGF1cmVsLE5KLFVuaXRlZCBTdGF0ZXM%3D");
[b004zysc.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&l={l}&qsrc={qsrc}");
[b004zysc.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.displaybehavior", "");
[b004zysc.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.displaytext", "");
[b004zysc.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.dtid", "YYYYYYYYUS");
[b004zysc.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false);
[b004zysc.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "USNJ0336");
[b004zysc.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "F");
[b004zysc.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=");
[b004zysc.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.fresh-install", false);
[b004zysc.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.guid", "3f127cac-170c-4cf8-8480-2f7eb3c33d12");
[b004zysc.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.hpr", "YES");
[b004zysc.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com\", \"www.facebook.com\", \"www.playsushi.com\", \"WWW.google.com\", \"hxxps://websearch.ask.com\", [...]
[b004zysc.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.if", "first");
[b004zysc.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.l", "dis");
[b004zysc.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.last-config-req", "1337886386123");
[b004zysc.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.last-search-timestamp", "1337716726079");
[b004zysc.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.locale", "en_US");
[b004zysc.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.location", "Mount Laurel,NJ,United States");
[b004zysc.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.lstation", "");
[b004zysc.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.new-tab-enabled", true);
[b004zysc.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.news-native-on", true);
[b004zysc.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.o", "15176");
[b004zysc.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
[b004zysc.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.pstate", "");
[b004zysc.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.qsrc", "2871");
[b004zysc.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.r", "3");
[b004zysc.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.sa", "YES");
[b004zysc.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.saguid", "3E0EC258-0645-45BF-9462-62CC6B2996D0");
[b004zysc.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.search-history-queries", "twisted tea calories");
[b004zysc.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.search-plugin-suggestions-url", "hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms}");
[b004zysc.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.search-suggestions-enabled", true);
[b004zysc.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.silent-upgrade", true);
[b004zysc.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
[b004zysc.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.socialmini-first", true);
[b004zysc.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.socialmini-interval", "1200000");
[b004zysc.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
[b004zysc.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.socialmini-max-items", "30");
[b004zysc.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.socialmini-native-on", true);
[b004zysc.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.socialmini-speed", "10000");
[b004zysc.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.socialmini-transition-first-open", false);
[b004zysc.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.themeid", "");
[b004zysc.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.timeinstalled", "2/26/2012 5:35:48 PM");
[b004zysc.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.to", "");
[b004zysc.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.v", "3.15.1.100013");
[b004zysc.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.version", "5.15.1.22229");
[b004zysc.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.volume", "");
[b004zysc.default\prefs.js] - Line Deleted : user_pref("extensions.xpiState", "{\"app-profile\":{\"BeRV2@0.edu\":{\"d\":\"C:\\\\Users\\\\Big Daddy\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\b004zysc.default\\\\extensions\\\\BeRV2[...]
[b004zysc.default\prefs.js] - Line Deleted : user_pref("freecause5835466c49af4cbeb102a8c8b6313749.DNSCatch", false);
[b004zysc.default\prefs.js] - Line Deleted : user_pref("freecause5835466c49af4cbeb102a8c8b6313749.FirstLaunchShown", true);
[b004zysc.default\prefs.js] - Line Deleted : user_pref("freecause5835466c49af4cbeb102a8c8b6313749.LastDate", 23);
[b004zysc.default\prefs.js] - Line Deleted : user_pref("freecause5835466c49af4cbeb102a8c8b6313749.customNewTab", false);
[b004zysc.default\prefs.js] - Line Deleted : user_pref("freecause5835466c49af4cbeb102a8c8b6313749.processAddrBar", false);
[b004zysc.default\prefs.js] - Line Deleted : user_pref("freecause5835466c49af4cbeb102a8c8b6313749.tb_lang", "en");
[b004zysc.default\prefs.js] - Line Deleted : user_pref("freecause5835466c49af4cbeb102a8c8b6313749.user_id", "16881659");
[b004zysc.default\prefs.js] - Line Deleted : user_pref("freecause5835466c49af4cbeb102a8c8b6313749.yahooSearch", false);
[b004zysc.default\prefs.js] - Line Deleted : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=PF&o=15176&locale=en_US&apn_uid=3f127cac-170c-4cf8-8480-2f7eb3c33d12&apn_ptnrs=RW&apn_sauid=3E0EC258-0645-45BF-9462-62CC[...]
[t3wkkknm.default\prefs.js] - Line Deleted : user_pref("browser.newtab.url", "hxxp://www.trovi.com/?gd=&ctid=CT3324769&octid=EB_ORIGINAL_CTID&ISID=M5E1AFFCA-D69A-4033-B3FD-2F56988DD24A&SearchSource=69&CUI=&SSPV=SP2201TB_sp_ff&Lay=1&UM=8&UP=SPFDB[...]
[t3wkkknm.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
[t3wkkknm.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "Trovi");
[t3wkkknm.default\prefs.js] - Line Deleted : user_pref("browser.search.order.1", "Ask.com");
[t3wkkknm.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Trovi");
[t3wkkknm.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://www.trovi.com/?gd=&ctid=CT3324769&octid=EB_ORIGINAL_CTID&ISID=M5E1AFFCA-D69A-4033-B3FD-2F56988DD24A&SearchSource=55&CUI=&UM=8&UP=SPFDB4BCF3-2CC7-4823-A8FE[...]
[t3wkkknm.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");
[t3wkkknm.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.BUTTON_STRUCTURE", "[{\"b\":222710069,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":222710070,\"c\":\"mindspark.entersearchterms\",\"p\":\"L.0.0[...]
[t3wkkknm.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.browser.search.defaultenginename.savedPrev", "true");
[t3wkkknm.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.browser.search.defaultenginename.tb", "Ask Web Search");
[t3wkkknm.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.browser.search.selectedEngine.savedPrev", "true");
[t3wkkknm.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.browser.search.selectedEngine.tb", "Ask Web Search");
[t3wkkknm.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.browser.startup.homepage.prev", "hxxps://www.google.com/");
[t3wkkknm.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.browser.startup.homepage.savedPrev", "true");
[t3wkkknm.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.browser.startup.homepage.tb", "hxxp://home.tb.ask.com/index.jhtml?ptb=967C7872-0B1E-4032-84C3-08B6339AD28A&n=780ce2c9&p2=^UX^xdm423^S11474^us&si=495[...]
[t3wkkknm.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.browser.startup.page.savedPrev", 1);
[t3wkkknm.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.browser.startup.page.tb", 1);
[t3wkkknm.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.browser.version.last", "35.0");
[t3wkkknm.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.competitorDNS", "{\"comment\":\"refresh every 1 week (7*24*60*60*1000)\",\"refreshPeriod\":604800000,\"list\":[{\"url\":\"hxxp://www.dnsrsearch.com/[...]
[t3wkkknm.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.firstKnownVersion", "6.72.5.18841");
[t3wkkknm.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.homepage", "hxxp://home.tb.ask.com/index.jhtml?ptb=967C7872-0B1E-4032-84C3-08B6339AD28A&n=780ce2c9&p2=^UX^xdm423^S11474^us&si=49588_MAPDRIVE-DIRECTI[...]
[t3wkkknm.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.hp.enabled", false);
[t3wkkknm.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.hp.guardType", "HPR");
[t3wkkknm.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.hp.user.defined", true);
[t3wkkknm.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.initialized", true);
[t3wkkknm.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.installKeysSource", "LocalStorage");
[t3wkkknm.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.installType", "XPI");
[t3wkkknm.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.installation.contextKey", "");
[t3wkkknm.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.installation.installDate", "2014110409");
[t3wkkknm.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.installation.partnerId", "^UX^xdm423^S11474^us");
[t3wkkknm.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.installation.partnerSubId", "49588_MAPDRIVE-DIRECTIONS-MAPS-main");
[t3wkkknm.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.installation.pixelUrl", "hxxp://mapsgalaxy.dl.tb.ask.com/install_pixels.jhtml?partner=^UX^xdm423^S11474^us&coId=3f57950c9f3f48cf84e254351a117328&tbG[...]
[t3wkkknm.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.installation.success", true);
[t3wkkknm.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.installation.toolbarId", "967C7872-0B1E-4032-84C3-08B6339AD28A");
[t3wkkknm.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.isCompliantUninstallImplementation", true);
[t3wkkknm.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.lastActivePing", "1422236029342");
[t3wkkknm.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.lastKnownVersion", "6.83.5.44294");
[t3wkkknm.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.options.defaultSearch", true);
[t3wkkknm.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.options.homePageEnabled", true);
[t3wkkknm.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.options.keywordEnabled", false);
[t3wkkknm.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.options.tabEnabled", false);
[t3wkkknm.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.partnerPixelFired", true);
[t3wkkknm.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.searchHistory", "why cant my iphone connect to itunessalem patriot salem ramsboyce5thgrade.blogspot.comhow to make diaper cake");
[t3wkkknm.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.successUrl", "hxxp://free.mapsgalaxy.com/installComplete.jhtml");
[t3wkkknm.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.toolbar.versionChanged", false);
[t3wkkknm.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.toolbarCollapsed", true);
[t3wkkknm.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.weather.location", "03038");
[t3wkkknm.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled", false);
[t3wkkknm.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "");
[t3wkkknm.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "mapsgalaxy@mindspark.com");

-\\ Google Chrome v

[C:\Users\Big Daddy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=PF&o=15176&locale=en_US&apn_uid=3f127cac-170c-4cf8-8480-2f7eb3c33d12&apn_ptnrs=RW&apn_sauid=3E0EC258-0645-45BF-9462-62CC6B2996D0&apn_dtid=YYYYYYYYUS&q={searchTerms}
[C:\Users\Big Daddy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=PF&o=15176&locale=en_US&apn_uid=3f127cac-170c-4cf8-8480-2f7eb3c33d12&apn_ptnrs=RW&apn_sauid=3E0EC258-0645-45BF-9462-62CC6B2996D0&apn_dtid=YYYYYYYYUS&q={searchTerms}
[C:\Users\Big Daddy\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : lnmopgohhnagpkejpjdngicaacogiceb
[C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3324769&octid=EB_ORIGINAL_CTID&ISID=M5E1AFFCA-D69A-4033-B3FD-2F56988DD24A&SearchSource=58&CUI=&UM=8&UP=SPFDB4BCF3-2CC7-4823-A8FE-6A3A8B8455DC&q={searchTerms}&SSPV=SP2201TB_sp_ch
[C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : bopakagnckmlgajfccecajhnimjiiedh
[C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : gkcoklhdocmkgikbglacnkoccfbainmn
[C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : gkonagknngaclmnleieejhhdapkohjgp
[C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : lnmopgohhnagpkejpjdngicaacogiceb
[C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Homepage] : hxxp://www.trovi.com/?gd=&ctid=CT3324769&octid=EB_ORIGINAL_CTID&ISID=M5E1AFFCA-D69A-4033-B3FD-2F56988DD24A&SearchSource=55&CUI=&UM=8&UP=SPFDB4BCF3-2CC7-4823-A8FE-6A3A8B8455DC&SSPV=SP2201TB_sp_ch

*************************

AdwCleaner[R0].txt - [35883 octets] - [26/01/2015 19:36:47]
AdwCleaner[S0].txt - [36774 octets] - [26/01/2015 19:39:50]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [36835 octets] ##########
 



#4 kilabeez0

kilabeez0
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 26 January 2015 - 07:59 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by Big Daddy on Mon 01/26/2015 at 19:53:30.36
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] antispywareservice
Successfully deleted: [Service] antispywareservice



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9"
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{180780f0-b348-4b44-8210-94a8f3ee15b2}



~~~ Files

Successfully deleted: [File] C:\windows\prefetch\GOOGLETOOLBARNOTIFIER.EXE-7AE0A20E.pf



~~~ Folders



~~~ FireFox

Successfully deleted: [Folder] C:\Users\Big Daddy\AppData\Roaming\mozilla\firefox\profiles\b004zysc.default\fctb
Failed to delete: [Folder] C:\Users\Big Daddy\AppData\Roaming\mozilla\firefox\profiles\b004zysc.default\extensions\{462be121-2b54-4218-bf00-b9bf8135b23f}
Successfully deleted the following from C:\Users\Big Daddy\AppData\Roaming\mozilla\firefox\profiles\b004zysc.default\prefs.js

user_pref("CT3244149.autoDisableScopes", -1);
user_pref("extensions.ACciY52h69pf0HaS.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnale
user_pref("extensions.SmmkRUVOvle6kbO4.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnale
user_pref("extensions.bLM0a3laNuNpVNp7.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnale
user_pref("extensions.bLM0a3laNuNpVNp7.url", "hxxp://extsync.info/sync2/?q=hfZ9ofV9CShEAen0qjk7qHrMg708BNmGWj8lkGhGheDUojw8rdwGrHaGrHnGrchIC7n0rjkErjs7rdsHqdkFtNhVCT94tMVKhd9H
Emptied folder: C:\Users\Big Daddy\AppData\Roaming\mozilla\firefox\profiles\b004zysc.default\minidumps [236 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 01/26/2015 at 19:58:02.16
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#5 kilabeez0

kilabeez0
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 26 January 2015 - 08:09 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by Big Daddy (administrator) on BIGDADDY-PC on 26-01-2015 20:00:12
Running from C:\Users\Big Daddy\Desktop
Loaded Profiles: Big Daddy (Available profiles: Big Daddy & Mummy)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CA, Inc.) C:\Program Files (x86)\CA\PPRT\bin\ITMRTSVC.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files\TOSHIBA\FlashCards\Hotkey\TCrdKBB.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(Apple Inc.) C:\Program Files (x86)\AirPort\APAgent.exe
() C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\mpck_us_13\mpck_us_13.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
() C:\Program Files (x86)\ViewPlay\updateViewPlay.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-11-02] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1870120 2009-10-15] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [506208 2009-10-29] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [911160 2009-10-26] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1482592 2009-09-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [707416 2009-11-10] (TOSHIBA Corporation)
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2009-11-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2009-10-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [34648 2009-10-28] (TOSHIBA Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [3D BubbleSound] => C:\Program Files\BubbleSound\3D BubbleSound.exe [14115328 2015-01-09] (zik.mu)
HKLM-x32\...\Run: [TUSBSleepChargeSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe [253312 2009-10-26] (TOSHIBA)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-10-06] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2446648 2009-11-05] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [650080 2011-03-15] (Sony Corporation)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [847872 2009-12-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [118272 2014-07-11] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [AirPort Base Station Agent] => C:\Program Files (x86)\AirPort\APAgent.exe [771360 2009-11-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-07-05] (Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM-x32\...\Run: [VMM Mode Selection] => C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe [43520 2011-02-14] ()
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-15] (Apple Inc.)
HKLM-x32\...\Run: [mpck_us_13] => C:\Program Files (x86)\mpck_us_13\mpck_us_13.exe [3982480 2015-01-22] ()
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1712862464-967583995-3115668942-1000\...\Run: [Google Update] => C:\Users\Big Daddy\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-18] (Google Inc.)
HKU\S-1-5-21-1712862464-967583995-3115668942-1000\...\Run: [Facebook Update] => C:\Users\Big Daddy\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-11] (Facebook Inc.)
HKU\S-1-5-21-1712862464-967583995-3115668942-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-12-12] (Google Inc.)
HKU\S-1-5-21-1712862464-967583995-3115668942-1000\...\Run: [Desktop Software] => C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe [1025320 2009-04-24] (SupportSoft, Inc.)
HKU\S-1-5-21-1712862464-967583995-3115668942-1000\...\MountPoints2: {108236c0-309e-11e1-aa46-00266c43084b} - E:\TL-Bootstrap.exe
HKU\S-1-5-21-1712862464-967583995-3115668942-1000\...\MountPoints2: {108236dd-309e-11e1-aa46-00266c43084b} - E:\TL-Bootstrap.exe
HKU\S-1-5-21-1712862464-967583995-3115668942-1000\...\MountPoints2: {17e41f92-278e-11e3-8fdc-00266c43084b} - E:\TL-Bootstrap.exe
HKU\S-1-5-21-1712862464-967583995-3115668942-1000\...\MountPoints2: {247314b3-a318-11e2-bad5-00266c43084b} - E:\TL-Bootstrap.exe
HKU\S-1-5-21-1712862464-967583995-3115668942-1000\...\MountPoints2: {47c21475-c8d7-11e0-8286-00266c43084b} - E:\TL-Bootstrap.exe
HKU\S-1-5-21-1712862464-967583995-3115668942-1000\...\MountPoints2: {99b32332-6f44-11e0-891e-00266c43084b} - E:\TL-Bootstrap.exe
HKU\S-1-5-21-1712862464-967583995-3115668942-1000\...\MountPoints2: {bc5216be-14a4-11e2-bc1e-00266c43084b} - F:\TL-Bootstrap.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\windows\System32\SPReview\SPReview.exe [301568 2013-05-17] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Mummy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:60725;https=127.0.0.1:60725
HKU\S-1-5-21-1712862464-967583995-3115668942-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comcast.net/?cid=insDate05172012
HKU\S-1-5-21-1712862464-967583995-3115668942-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
SearchScopes: HKLM -> {E11229CC-3771-45BB-814F-40C7CF76CC6B} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM-x32 -> {304D1287-3B1A-415B-B613-A144ECF326CC} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1712862464-967583995-3115668942-1000 -> DefaultScope {714AC89B-A871-437E-A34F-13F108BF1095} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA_enUS366
SearchScopes: HKU\S-1-5-21-1712862464-967583995-3115668942-1000 -> Comcast URL = http://search.xfinity.com/?cat=subweb&con=mmchrome&q={searchTerms}&cid=xfstart_tech_search
SearchScopes: HKU\S-1-5-21-1712862464-967583995-3115668942-1000 -> {304D1287-3B1A-415B-B613-A144ECF326CC} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKU\S-1-5-21-1712862464-967583995-3115668942-1000 -> {714AC89B-A871-437E-A34F-13F108BF1095} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA_enUS366
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: ViewPlay 1.0.0.6 -> {6336aaf8-3481-495b-bb79-70deb1f1590d} -> C:\Program Files (x86)\ViewPlay\ViewPlaybho.dll (ViewPlay)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Updater For XFIN_PORTAL -> {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} -> C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-1712862464-967583995-3115668942-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Big Daddy\AppData\Roaming\Mozilla\Firefox\Profiles\b004zysc.default
FF SelectedSearchEngine: XFINITY
FF Homepage: hxxp://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1712862464-967583995-3115668942-1000: @movenetworks.com/Quantum Media Player -> C:\Users\Big Daddy\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF Plugin HKU\S-1-5-21-1712862464-967583995-3115668942-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Big Daddy\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKU\S-1-5-21-1712862464-967583995-3115668942-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Big Daddy\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1712862464-967583995-3115668942-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Big Daddy\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1712862464-967583995-3115668942-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Big Daddy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-01-26]
FF HKLM-x32\...\Firefox\Extensions: [fbphotozoom@installdaddy.com] - C:\Program Files (x86)\fbphotozoom\fbphotozoom13.xpi
FF HKU\S-1-5-21-1712862464-967583995-3115668942-1000\...\Firefox\Extensions: [moveplayer@movenetworks.com] - C:\Users\Big Daddy\AppData\Roaming\Move Networks
FF Extension: Move Media Player - C:\Users\Big Daddy\AppData\Roaming\Move Networks [2010-04-04]
FF HKU\S-1-5-21-1712862464-967583995-3115668942-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Big Daddy\AppData\Local\Google\Chrome\Application\15.0.874.106\pdf.dll No File
CHR Plugin: (Google Gears 0.5.33.0) - C:\Users\Big Daddy\AppData\Local\Google\Chrome\Application\15.0.874.106\gears.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Big Daddy\AppData\Local\Google\Chrome\Application\15.0.874.106\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.140.8) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll No File
CHR Plugin: (Java™ Platform SE 6 U14) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll No File
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Move Streaming Media Player) - C:\Users\Big Daddy\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrl.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Profile: C:\Users\Big Daddy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Hot Virtual Keyboard Extension) - C:\Users\Big Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdejgojmfhngmomodldpdppfbhoajadl [2015-01-22]
CHR HKLM-x32\...\Chrome\Extension: [aaaapkimjglpminbnhcedkcegkenknhn] - C:\Users\Big Daddy\AppData\Local\APN\GoogleCRXs\aaaapkimjglpminbnhcedkcegkenknhn_7.14.1.0.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [mpieaakhacmfleokhjcjnpcnmnmpfkid] - C:\Program Files (x86)\fbphotozoom\fbphotozoom13.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 d924d8dc; c:\Program Files (x86)\Optimizer Pro 3.33\OptProMon.dll [1597008 2015-01-22] ()
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 ITMRTSVC; C:\Program Files (x86)\CA\PPRT\bin\ITMRTSVC.exe [283912 2007-09-26] (CA, Inc.)
R2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7241728 2014-07-11] (LeapFrog Enterprises, Inc.) [File not signed]
R2 LMS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 UNS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed]
R2 Update ViewPlay; C:\Program Files (x86)\ViewPlay\updateViewPlay.exe [632040 2015-01-22] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 htcusbnet; C:\Windows\System32\DRIVERS\htcusbnet.sys [153600 2010-12-14] (HTC Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-05-20] (Research In Motion Limited)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-26 20:00 - 2015-01-26 20:04 - 00026185 _____ () C:\Users\Big Daddy\Desktop\FRST.txt
2015-01-26 19:58 - 2015-01-26 19:58 - 00002565 _____ () C:\Users\Big Daddy\Desktop\JRT.txt
2015-01-26 19:53 - 2015-01-26 19:53 - 00000000 ____D () C:\windows\ERUNT
2015-01-26 19:52 - 2015-01-26 19:52 - 01707939 _____ (Thisisu) C:\Users\Big Daddy\Desktop\JRT.exe
2015-01-26 19:51 - 2015-01-26 19:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-26 19:36 - 2015-01-26 19:40 - 00000000 ____D () C:\AdwCleaner
2015-01-26 19:34 - 2015-01-26 19:34 - 02194432 _____ () C:\Users\Big Daddy\Desktop\AdwCleaner.exe
2015-01-25 22:25 - 2015-01-26 20:00 - 00000000 ____D () C:\FRST
2015-01-25 22:04 - 2015-01-25 22:04 - 02129920 _____ (Farbar) C:\Users\Big Daddy\Desktop\FRST64.exe
2015-01-25 21:30 - 2015-01-25 21:31 - 00000000 ____D () C:\Users\Big Daddy\AppData\Local\mpck_us_13
2015-01-22 21:43 - 2015-01-22 21:43 - 00000000 ____D () C:\Users\Mummy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BubbleSound 1.0
2015-01-22 21:43 - 2015-01-22 21:43 - 00000000 ____D () C:\Program Files\BubbleSound
2015-01-22 21:37 - 2015-01-22 21:37 - 00000000 ____D () C:\Users\Mummy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Glarysoft
2015-01-22 21:37 - 2015-01-22 21:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Itibiti VoIP Phone
2015-01-22 21:37 - 2015-01-22 21:37 - 00000000 ____D () C:\Program Files (x86)\Itibiti Soft Phone
2015-01-22 21:37 - 2015-01-22 21:37 - 00000000 ____D () C:\Program Files (x86)\Glarysoft
2015-01-22 21:36 - 2015-01-25 20:41 - 00000000 ____D () C:\Users\Mummy\AppData\Local\mpck_us_13
2015-01-22 21:36 - 2015-01-22 21:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MOBILEPCSTARTERKIT
2015-01-22 21:36 - 2015-01-22 21:36 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro 3.33
2015-01-22 21:36 - 2015-01-22 21:36 - 00000000 ____D () C:\Program Files (x86)\mpck_us_13
2015-01-22 21:35 - 2015-01-22 21:35 - 00000000 ____D () C:\Program Files (x86)\Hot Virtual Keyboard Extension
2015-01-22 21:33 - 2015-01-22 21:34 - 00000000 ____D () C:\Users\Mummy\Desktop\New folder
2015-01-22 21:30 - 2015-01-22 21:32 - 00000000 ____D () C:\Program Files (x86)\ViewPlay
2015-01-22 21:30 - 2015-01-22 21:30 - 00003474 _____ () C:\windows\System32\Tasks\avaxvyvax
2015-01-22 21:29 - 2015-01-25 20:37 - 00000000 ____D () C:\Users\Mummy\AppData\Local\avaxvyvax
2015-01-22 21:26 - 2015-01-22 21:27 - 01920640 _____ (TODO: <Company name>) C:\Users\Mummy\Downloads\Firefox_Updater.exe
2015-01-19 11:52 - 2015-01-19 11:54 - 00000000 ____D () C:\Users\Mummy\Desktop\RAMS2014
2015-01-14 23:50 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-01-14 23:50 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2015-01-14 23:50 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-01-14 23:50 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-01-14 23:50 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-01-14 23:50 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-01-14 23:50 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-01-14 23:50 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-01-14 23:50 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-01-14 23:50 - 2014-12-11 12:47 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-01-14 23:50 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
2015-01-14 23:50 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncsi.dll
2015-01-14 23:50 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll
2014-12-30 10:07 - 2014-12-13 00:09 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-12-30 10:07 - 2014-12-12 22:33 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-12-29 11:57 - 2014-12-29 11:57 - 00000000 ____D () C:\windows\system32\appraiser
2014-12-29 11:35 - 2014-10-17 21:05 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2014-12-29 11:35 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2014-12-29 11:35 - 2014-07-06 21:06 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2014-12-29 11:35 - 2014-07-06 21:06 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2014-12-29 11:35 - 2014-07-06 21:06 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2014-12-29 11:35 - 2014-07-06 21:02 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2014-12-29 11:35 - 2014-07-06 20:40 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2014-12-29 11:35 - 2014-07-06 20:39 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe
2014-12-29 11:35 - 2014-07-06 20:39 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe
2014-12-29 11:35 - 2014-07-06 20:37 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll
2014-12-28 15:22 - 2014-12-03 21:50 - 00830976 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2014-12-28 15:22 - 2014-12-03 21:50 - 00741376 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2014-12-28 15:22 - 2014-12-03 21:50 - 00413184 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-12-28 15:22 - 2014-12-03 21:50 - 00396800 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2014-12-28 15:22 - 2014-12-03 21:50 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-12-28 15:22 - 2014-12-03 21:50 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2014-12-28 15:22 - 2014-12-03 21:44 - 01083392 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-12-28 15:22 - 2014-12-01 18:28 - 01232040 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2014-12-28 15:22 - 2014-11-21 21:06 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-12-28 15:22 - 2014-11-21 20:58 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-12-28 15:22 - 2014-11-10 22:09 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-12-28 15:22 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-12-28 15:22 - 2014-11-10 20:46 - 00119296 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2014-12-28 15:21 - 2014-11-26 20:43 - 00389296 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-12-28 15:21 - 2014-11-26 20:10 - 00342200 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-12-28 15:21 - 2014-11-21 22:13 - 25059840 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-12-28 15:21 - 2014-11-21 22:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-12-28 15:21 - 2014-11-21 22:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-12-28 15:21 - 2014-11-21 21:50 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-12-28 15:21 - 2014-11-21 21:50 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-12-28 15:21 - 2014-11-21 21:49 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-12-28 15:21 - 2014-11-21 21:49 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-12-28 15:21 - 2014-11-21 21:48 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-12-28 15:21 - 2014-11-21 21:41 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-12-28 15:21 - 2014-11-21 21:40 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-12-28 15:21 - 2014-11-21 21:37 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-12-28 15:21 - 2014-11-21 21:35 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-12-28 15:21 - 2014-11-21 21:34 - 06039552 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-12-28 15:21 - 2014-11-21 21:34 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-12-28 15:21 - 2014-11-21 21:26 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-12-28 15:21 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-12-28 15:21 - 2014-11-21 21:22 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-12-28 15:21 - 2014-11-21 21:20 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-12-28 15:21 - 2014-11-21 21:14 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-12-28 15:21 - 2014-11-21 21:09 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-12-28 15:21 - 2014-11-21 21:08 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-12-28 15:21 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-12-28 15:21 - 2014-11-21 21:07 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-12-28 15:21 - 2014-11-21 21:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-12-28 15:21 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-12-28 15:21 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-12-28 15:21 - 2014-11-21 20:59 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-12-28 15:21 - 2014-11-21 20:56 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-12-28 15:21 - 2014-11-21 20:54 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-12-28 15:21 - 2014-11-21 20:49 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-12-28 15:21 - 2014-11-21 20:49 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-12-28 15:21 - 2014-11-21 20:47 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-12-28 15:21 - 2014-11-21 20:46 - 02125312 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-12-28 15:21 - 2014-11-21 20:45 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-12-28 15:21 - 2014-11-21 20:43 - 14412800 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-12-28 15:21 - 2014-11-21 20:40 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-28 15:21 - 2014-11-21 20:36 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-12-28 15:21 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-12-28 15:21 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-12-28 15:21 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-12-28 15:21 - 2014-11-21 20:28 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-12-28 15:21 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-12-28 15:21 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-12-28 15:21 - 2014-11-21 20:21 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-12-28 15:21 - 2014-11-21 20:15 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-12-28 15:21 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-12-28 15:21 - 2014-11-21 20:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-12-28 15:21 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-12-28 15:21 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-12-28 15:21 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-12-28 15:21 - 2014-10-29 21:03 - 00165888 _____ (Microsoft Corporation) C:\windows\system32\charmap.exe
2014-12-28 15:21 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\windows\SysWOW64\charmap.exe
2014-12-28 15:20 - 2014-11-07 22:16 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-12-28 15:20 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-12-28 15:20 - 2014-10-02 21:12 - 02020352 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll
2014-12-28 15:20 - 2014-10-02 21:12 - 00346624 _____ (Microsoft Corporation) C:\windows\system32\WSManMigrationPlugin.dll
2014-12-28 15:20 - 2014-10-02 21:12 - 00310272 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll
2014-12-28 15:20 - 2014-10-02 21:12 - 00181248 _____ (Microsoft Corporation) C:\windows\system32\WsmAuto.dll
2014-12-28 15:20 - 2014-10-02 21:11 - 00266240 _____ (Microsoft Corporation) C:\windows\system32\WSManHTTPConfig.exe
2014-12-28 15:20 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll
2014-12-28 15:20 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-28 15:20 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmWmiPl.dll
2014-12-28 15:20 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmAuto.dll
2014-12-28 15:20 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManHTTPConfig.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-26 19:59 - 2010-02-14 14:38 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-26 19:58 - 2012-05-25 11:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-26 19:55 - 2009-07-13 23:45 - 00018736 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-26 19:55 - 2009-07-13 23:45 - 00018736 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-26 19:54 - 2011-03-27 22:09 - 00000856 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1712862464-967583995-3115668942-1003Core.job
2015-01-26 19:52 - 2010-01-25 20:57 - 01170693 _____ () C:\windows\WindowsUpdate.log
2015-01-26 19:51 - 2011-03-07 21:22 - 00000924 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1712862464-967583995-3115668942-1000UA.job
2015-01-26 19:47 - 2012-06-22 08:17 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-01-26 19:44 - 2010-02-14 14:38 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-26 19:43 - 2009-12-12 01:43 - 00359686 _____ () C:\windows\PFRO.log
2015-01-26 19:43 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-26 19:43 - 2009-07-13 23:51 - 00079155 _____ () C:\windows\setupact.log
2015-01-26 19:26 - 2011-08-09 19:32 - 00000944 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1712862464-967583995-3115668942-1000UA.job
2015-01-25 21:32 - 2011-08-09 19:32 - 00000922 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1712862464-967583995-3115668942-1000Core.job
2015-01-25 20:36 - 2012-06-22 08:17 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-01-25 20:36 - 2012-06-22 08:17 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-01-25 20:36 - 2011-06-14 09:00 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-25 20:34 - 2013-09-29 11:38 - 00000488 _____ () C:\windows\Tasks\PC Utility Kit Registration3.job
2015-01-19 18:15 - 2011-03-27 22:09 - 00002379 _____ () C:\Users\Mummy\Desktop\Google Chrome.lnk
2015-01-19 11:10 - 2011-03-07 21:22 - 00000872 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1712862464-967583995-3115668942-1000Core.job
2015-01-09 08:46 - 2013-01-01 11:34 - 00000202 _____ () C:\Users\Mummy\Desktop\ahhbls.txt
2015-01-04 19:22 - 2011-03-25 20:06 - 00000000 ____D () C:\Users\Big Daddy\Desktop\spyware
2015-01-04 19:21 - 2011-03-07 21:40 - 00000000 ____D () C:\Users\Big Daddy\Desktop\Stuff
2015-01-04 19:19 - 2013-01-31 21:43 - 00000000 ____D () C:\Users\Big Daddy\Desktop\Motahs
2014-12-31 06:14 - 2010-02-14 14:35 - 00298120 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-12-30 22:06 - 2010-02-14 19:12 - 00000000 ____D () C:\Users\Big Daddy\AppData\Local\Adobe
2014-12-29 11:57 - 2014-05-20 15:59 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-12-29 11:57 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-12-29 11:57 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\AppCompat
2014-12-29 11:41 - 2010-01-25 21:02 - 00000000 ____D () C:\ProgramData\Microsoft Help

==================== Files in the root of some directories =======

2014-05-16 08:26 - 2014-05-16 08:26 - 6103040 _____ () C:\Program Files (x86)\GUT3D01.tmp
2014-04-25 09:46 - 2014-04-25 09:46 - 0000110 _____ () C:\Users\Big Daddy\AppData\Roaming\wklnhst.dat
2014-02-09 22:07 - 2014-02-09 22:08 - 0000319 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Some content of TEMP:
====================
C:\Users\Big Daddy\AppData\Local\Temp\2a6e1f7C4.exe
C:\Users\Big Daddy\AppData\Local\Temp\32126478B.exe
C:\Users\Big Daddy\AppData\Local\Temp\hpigpwdrymrp.exe
C:\Users\Big Daddy\AppData\Local\Temp\jre-6u32-windows-i586-iftw.exe
C:\Users\Big Daddy\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Big Daddy\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Big Daddy\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Big Daddy\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Big Daddy\AppData\Local\Temp\_is4AD8.exe
C:\Users\Big Daddy\AppData\Local\Temp\_is4C30.exe
C:\Users\Big Daddy\AppData\Local\Temp\_is9BA6.exe
C:\Users\Big Daddy\AppData\Local\Temp\_isFE9C.exe
C:\Users\Mummy\AppData\Local\Temp\0184737442.exe
C:\Users\Mummy\AppData\Local\Temp\0231286211.exe
C:\Users\Mummy\AppData\Local\Temp\1379458029.exe
C:\Users\Mummy\AppData\Local\Temp\1985038552.exe
C:\Users\Mummy\AppData\Local\Temp\2329462224.exe
C:\Users\Mummy\AppData\Local\Temp\2432106010.exe
C:\Users\Mummy\AppData\Local\Temp\2483131215.exe
C:\Users\Mummy\AppData\Local\Temp\3073906557.exe
C:\Users\Mummy\AppData\Local\Temp\3565889107.exe
C:\Users\Mummy\AppData\Local\Temp\4820502884.exe
C:\Users\Mummy\AppData\Local\Temp\4902224008.exe
C:\Users\Mummy\AppData\Local\Temp\5543556218.exe
C:\Users\Mummy\AppData\Local\Temp\5966720986.exe
C:\Users\Mummy\AppData\Local\Temp\6244852833.exe
C:\Users\Mummy\AppData\Local\Temp\6297000741.exe
C:\Users\Mummy\AppData\Local\Temp\6609252417.exe
C:\Users\Mummy\AppData\Local\Temp\8384223630.exe
C:\Users\Mummy\AppData\Local\Temp\8891428080.exe
C:\Users\Mummy\AppData\Local\Temp\B12294B5-47CA-DB82-B975-F3793A4E79B5.dll
C:\Users\Mummy\AppData\Local\Temp\B12294B5-47CA-DB82-B975-F3793A4E79B5.exe
C:\Users\Mummy\AppData\Local\Temp\BDE50132-B236-99CF-EE4C-70C2AF1015C8.exe
C:\Users\Mummy\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Mummy\AppData\Local\Temp\nsr1B0D.exe
C:\Users\Mummy\AppData\Local\Temp\optprosetup.exe
C:\Users\Mummy\AppData\Local\Temp\Shockwave_Installer_FF.exe
C:\Users\Mummy\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-26 19:32

==================== End Of Log ============================

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01
Ran by Big Daddy at 2015-01-26 20:04:53
Running from C:\Users\Big Daddy\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 2.0.3 - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
AirPort (HKLM-x32\...\{40184457-4514-4B18-84A8-6BB8A3AB6A81}) (Version: 5.5.3.2 - Apple Inc.)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
BlackBerry Device Software Updater (HKLM-x32\...\{6BA13EFC-E8D0-4D37-AF04-42796CF0E8F5}) (Version: 6.0.1.13 - Research In Motion Ltd)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BubbleSound (HKLM\...\BubbleSound) (Version: 1.0 - )
CA Pest Patrol Realtime Protection (HKLM-x32\...\{F05A5232-CE5E-4274-AB27-44EB8105898D}) (Version: 001.001.0034 - Computer Associates Inc.)
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.11222.0 - Cisco Consumer Products LLC)
Comcast Desktop Software (v1.2.1) (HKLM-x32\...\{118C3943-1683-42EF-824D-C22E70DB42E7}) (Version: 24 - Comcast)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Dolby Control Center (HKLM\...\{20387B45-18A4-4D48-ABD9-A23D2CBE42B3}) (Version: 2.2.1 - Dolby)
Epson Event Manager (HKLM-x32\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}) (Version: 2.40.0001 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.10.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WorkForce 520 Series Printer Uninstall (HKLM\...\EPSON WorkForce 520 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
EpsonNet Setup 3.3 (HKLM-x32\...\{C9D8A041-2963-4B31-8FFC-1500F3DB9293}) (Version: 3.3b - SEIKO EPSON CORPORATION)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FreeStar Free AMR MP3 Converter 1.0.7 (HKLM-x32\...\FreeStar Free AMR MP3 Converter) (Version: 1.0.7 - FreeStar, Org.)
Google Chrome (HKU\S-1-5-21-1712862464-967583995-3115668942-1000\...\Google Chrome) (Version: 40.0.2214.91 - Google Inc.)
Google SketchUp 8 (HKLM-x32\...\{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}) (Version: 3.0.4811 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hot Virtual Keyboard Extension (HKLM-x32\...\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}) (Version:  - ) <==== ATTENTION
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.0.1006 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.1986 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.0.1037 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.27 - Irfan Skiljan)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{1CF5754A-545B-4360-BFDE-2847BC728DFC}) (Version: 11.2.0.115 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Knctr (HKLM-x32\...\Itibiti_is1) (Version:  - Itibiti Inc.)
LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 6.0.19.19317 - LeapFrog)
LeapFrog Connect (x32 Version: 6.0.19.19317 - LeapFrog) Hidden
LeapFrog LeapPad Explorer Plugin (x32 Version: 6.0.19.19317 - LeapFrog) Hidden
LeapFrog My Pals Plugin (x32 Version: 6.0.19.19317 - LeapFrog) Hidden
LeapFrog MyOwnStoryTimePad Plugin (x32 Version: 6.0.19.19317 - LeapFrog) Hidden
Malwarebytes' Anti-Malware (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version:  - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MobilePCStarterKit 025.13 (HKLM-x32\...\mpck_us_13_is1) (Version:  - MOBILEPCSTARTERKIT)
Move Media Player (HKU\S-1-5-21-1712862464-967583995-3115668942-1000\...\Move Media Player) (Version:  - Move Networks)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Nano 1.1.1 (HKLM-x32\...\Nano) (Version: 1.1.1 - )
Norton Security Scan (HKLM-x32\...\NSS) (Version: 3.7.2.5 - Symantec Corporation)
PC Utility Kit (HKLM-x32\...\{106DADAD-B062-4de5-8D1F-3FD2AD195E49}) (Version: 3.1.6.0 - Red Dog Media) <==== ATTENTION
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PMB (HKLM-x32\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.6.02.06173 - Sony Corporation)
QuickTime (HKLM-x32\...\{C9E14402-3631-4182-B377-6B0DFB1C0339}) (Version: 7.70.80.34 - Apple Inc.)
Realtek Ethernet Controller  Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0008 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5972 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0006 - Realtek)
RICOH R5U230 Media Driver ver.2.06.03.02 (HKLM-x32\...\{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}) (Version: 2.06.03.02 - RICOH)
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.2 - Roxio)
Roxio Express Labeler 3 (HKLM-x32\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 3.2.1 - Roxio)
Safari (HKLM-x32\...\{735619D4-B42A-437A-958C-199BFCAEDB38}) (Version: 5.34.50.0 - Apple Inc.)
Software Update 2.1.0.186 (HKLM-x32\...\Software Update) (Version: 2.1.0.186 - Glarysoft Ltd)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.11.0 - Synaptics Incorporated)
Toshiba Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.0.9 - Toshiba)
TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.10 - TOSHIBA)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{F64684A0-754B-4637-B7F9-6E8DAA8CD5CD}) (Version: 1.5.05.64 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM-x32\...\{F3529665-D75E-4D6D-98F0-745C78C68E9B}) (Version: 8.0.25 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.1.07-A - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.1.12.64 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM-x32\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version:  - )
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{D0387727-C89D-4774-B643-B9333EAA09DE}) (Version: 2.00.15 - TOSHIBA Corporation)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.0.3 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.4 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.65 - TOSHIBA CORPORATION)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.5.1.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.1 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{5BCC94A1-DEF1-4AB4-8046-BC13048E929A}) (Version: 1.5.07.64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.40 - TOSHIBA)
TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Supervisor Password (HKLM-x32\...\{A208044D-A88B-4ACF-AE95-E4F213E6EDC0}) (Version: 2.00.11 - TOSHIBA Corporation)
TOSHIBA USB Sleep and Charge Utility (HKLM-x32\...\{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}) (Version: 1.3.2.0 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.2.32.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.7 - TOSHIBA Corporation)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.3 - Toshiba)
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
Unity Web Player (HKU\S-1-5-21-1712862464-967583995-3115668942-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin) (HKLM-x32\...\LeapPadExplorerPlugin) (Version:  - LeapFrog)
Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin) (HKLM-x32\...\MyPalsPlugin) (Version:  - LeapFrog)
Use the entry named LeapFrog Connect to uninstall (LeapFrog MyOwnStoryTimePad Plugin) (HKLM-x32\...\MyOwnStoryTimePadPlugin) (Version: 6.0.19.19317 - LeapFrog)
ViewPlay (HKLM\...\ViewPlay) (Version: 2015.01.22.222332 - ViewPlay) <==== ATTENTION!
VoiceOver Kit (HKLM-x32\...\{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}) (Version: 1.42.128.0 - Apple Inc.)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
WModem Driver Installer (HKLM-x32\...\HTC_WModemDriver) (Version: 2.0.6.9 - HTC)
Xirrus Wi-Fi Inspector (HKLM-x32\...\{14F84065-1316-42C6-B619-1FE1880050E0}) (Version: 1.2.0000 - Xirrus)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1712862464-967583995-3115668942-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Big Daddy\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1712862464-967583995-3115668942-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Big Daddy\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1712862464-967583995-3115668942-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Big Daddy\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1712862464-967583995-3115668942-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Big Daddy\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1712862464-967583995-3115668942-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Big Daddy\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1712862464-967583995-3115668942-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Big Daddy\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

31-12-2014 10:18:24 Windows Update
02-01-2015 10:29:27 Windows Update
04-01-2015 11:34:52 Windows Update
05-01-2015 08:16:34 Windows Update
07-01-2015 17:41:17 Windows Update
08-01-2015 13:27:23 Windows Update
09-01-2015 08:16:47 Windows Update
11-01-2015 13:57:36 Windows Update
12-01-2015 09:03:53 Windows Update
13-01-2015 11:23:24 Windows Update
14-01-2015 23:39:37 Windows Update
15-01-2015 09:03:45 Windows Update
19-01-2015 11:10:48 Windows Update
20-01-2015 21:12:14 Windows Update
21-01-2015 19:12:19 Windows Update
22-01-2015 12:58:38 Windows Update
24-01-2015 17:51:39 Windows Update
26-01-2015 19:26:42 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2011-03-25 18:59 - 00000098 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {10EABB0E-AE53-460B-91AC-05D6B80BA518} - System32\Tasks\Norton Security Scan for Big Daddy => C:\Program Files (x86)\Norton Security Scan\Engine\3.7.2.5\Nss.exe [2012-10-03] (Symantec Corporation)
Task: {233E3047-8650-4670-9750-653F918D2145} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1712862464-967583995-3115668942-1003Core => C:\Users\Mummy\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {2ED9DB26-7742-438B-A1AC-3E40AC2152FF} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2009-10-28] (TOSHIBA CORPORATION)
Task: {5099A461-036A-44A0-912D-2D5CA21CDEF1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {53F2984B-206C-4171-9E28-C160B49A3AC8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {6420B077-A6F2-4841-8470-714FB6D5436E} - System32\Tasks\PC Utility Kit Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\PC Utility Kit\UUS3\UUS3.dll" RunUns
Task: {65A67967-FA64-4AAE-85A7-A7821251A317} - System32\Tasks\avaxvyvax => C:\Users\Mummy\AppData\Local\avaxvyvax\avaxvyvax.exe [2015-01-20] ()
Task: {6FB09893-75D7-4945-A6D9-B941DE245C81} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {7BF654A8-4A1B-4174-A72B-A767B8D46F89} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1712862464-967583995-3115668942-1000Core => C:\Users\Big Daddy\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {7E75C362-A772-4FAF-A416-FC4A9319DE72} - System32\Tasks\{2F1547C6-2F2D-4320-9C24-7A84EAD41339} => pcalua.exe -a "C:\Users\Big Daddy\Downloads\HijackThis.exe" -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {857BB5E3-42D9-4C13-AFE4-7561A9CF7E5B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1712862464-967583995-3115668942-1003UA => C:\Users\Mummy\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {B9009FBB-F387-44BC-9EFB-F87D68DD5D47} - System32\Tasks\{D08A1F30-C9B6-4FA7-A1FB-D7F587475655} => pcalua.exe -a "C:\Users\Big Daddy\Downloads\HijackThis(2).exe" -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {CC647A15-E568-4643-9D77-46C18E895BCA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1712862464-967583995-3115668942-1000UA => C:\Users\Big Daddy\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {E2FC3A42-5F15-4A26-A5C0-3C5DE5A35048} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25] (Adobe Systems Incorporated)
Task: {E4DAAD03-F22B-4E62-9DCE-833FA4D33BB4} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1712862464-967583995-3115668942-1000Core => C:\Users\Big Daddy\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {EF082E54-5B94-4EA6-8926-5CBD0E08940C} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1712862464-967583995-3115668942-1000UA => C:\Users\Big Daddy\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1712862464-967583995-3115668942-1000Core.job => C:\Users\Big Daddy\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1712862464-967583995-3115668942-1000UA.job => C:\Users\Big Daddy\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1712862464-967583995-3115668942-1000Core.job => C:\Users\Big Daddy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1712862464-967583995-3115668942-1000UA.job => C:\Users\Big Daddy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1712862464-967583995-3115668942-1003Core.job => C:\Users\Mummy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1712862464-967583995-3115668942-1003UA.job => C:\Users\Mummy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\Norton Security Scan for Big Daddy.job => C:\PROGRA~2\NORTON~2\Engine\372~1.5\Nss.exe
Task: C:\windows\Tasks\PC Utility Kit Registration3.job => C:\Program Files (x86)\Common Files\PC Utility Kit\UUS3\UUS3.dll <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2009-10-18 18:20 - 2009-10-18 18:20 - 07959864 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-11-03 16:26 - 2009-11-03 16:26 - 00053560 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2009-12-12 01:22 - 2009-06-22 18:40 - 00022328 _____ () C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll
2009-03-12 22:08 - 2009-03-12 22:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
2009-07-25 20:38 - 2009-07-25 20:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2009-10-30 20:20 - 2009-10-30 20:20 - 00417592 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
2011-02-14 08:55 - 2011-02-14 08:55 - 00043520 ____R () C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
2015-01-22 21:36 - 2015-01-22 12:49 - 03982480 _____ () C:\Program Files (x86)\mpck_us_13\mpck_us_13.exe
2009-11-05 12:18 - 2009-11-05 12:18 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2015-01-22 17:23 - 2015-01-22 17:23 - 00632040 _____ () C:\Program Files (x86)\ViewPlay\updateViewPlay.exe
2014-04-23 15:05 - 2014-04-23 15:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 15:04 - 2014-04-23 15:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-01-25 21:18 - 2009-10-02 16:18 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2009-07-13 16:03 - 2009-07-13 20:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2014-02-01 13:30 - 2014-02-01 13:30 - 00861184 _____ () C:\Program Files (x86)\LeapFrog\LeapFrog Connect\platforms\qwindows.dll
2015-01-26 19:51 - 2015-01-26 19:51 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: EEventManager => "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
MSCONFIG\startupreg: FUFAXSTM => "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
MSCONFIG\startupreg: Google Update => "C:\Users\Big Daddy\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: Monitor => "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-1712862464-967583995-3115668942-500 - Administrator - Disabled)
Big Daddy (S-1-5-21-1712862464-967583995-3115668942-1000 - Administrator - Enabled) => C:\Users\Big Daddy
Guest (S-1-5-21-1712862464-967583995-3115668942-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1712862464-967583995-3115668942-1002 - Limited - Enabled)
Mummy (S-1-5-21-1712862464-967583995-3115668942-1003 - Administrator - Enabled) => C:\Users\Mummy

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel® Core™ i3 CPU M 330 @ 2.13GHz
Percentage of memory in use: 46%
Total physical RAM: 3894.85 MB
Available physical RAM: 2070.89 MB
Total Pagefile: 7787.88 MB
Available Pagefile: 5917.78 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: (TI105322W0F) (Fixed) (Total:453.89 GB) (Free:241 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 31AC024B)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=453.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10.4 GB) - (Type=17)

==================== End Of Log ============================

 

 

 

Already seems to be MUCH better!  No more pop ups!  Computer has been sluggish for years.  Anything else you notice that needs to be taken care of please let me know.  Thank you!



#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:02 AM

Posted 26 January 2015 - 08:51 PM

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Attached File  fixlist.txt   5.72KB   2 downloads

 

 

 


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 kilabeez0

kilabeez0
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 26 January 2015 - 11:35 PM

I think I did it right.  The fixlog didn't pop up automatically after a restart but there was one on the desktop.

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-01-2015 01
Ran by Big Daddy at 2015-01-26 23:24:20 Run:1
Running from C:\Users\Big Daddy\Desktop
Loaded Profiles: Big Daddy (Available profiles: Big Daddy & Mummy)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
FF HKLM-x32\...\Firefox\Extensions: [fbphotozoom@installdaddy.com] - C:\Program Files (x86)\fbphotozoom\fbphotozoom13.xpi
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR HKLM-x32\...\Chrome\Extension: [mpieaakhacmfleokhjcjnpcnmnmpfkid] - C:\Program Files (x86)\fbphotozoom\fbphotozoom13.crx [Not Found]
S2 d924d8dc; c:\Program Files (x86)\Optimizer Pro 3.33\OptProMon.dll [1597008 2015-01-22] ()
c:\Program Files (x86)\Optimizer Pro 3.33
R2 Update ViewPlay; C:\Program Files (x86)\ViewPlay\updateViewPlay.exe [632040 2015-01-22] ()
C:\Program Files (x86)\ViewPlay
2015-01-22 21:30 - 2015-01-22 21:30 - 00003474 _____ () C:\windows\System32\Tasks\avaxvyvax
2015-01-22 21:29 - 2015-01-25 20:37 - 00000000 ____D () C:\Users\Mummy\AppData\Local\avaxvyvax
2015-01-22 21:36 - 2015-01-22 21:36 - 00000000 ____D () C:\Program Files (x86)\mpck_us_13
2015-01-22 21:36 - 2015-01-25 20:41 - 00000000 ____D () C:\Users\Mummy\AppData\Local\mpck_us_13
CustomCLSID: HKU\S-1-5-21-1712862464-967583995-3115668942-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Big Daddy\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1712862464-967583995-3115668942-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Big Daddy\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1712862464-967583995-3115668942-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Big Daddy\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1712862464-967583995-3115668942-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Big Daddy\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1712862464-967583995-3115668942-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Big Daddy\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1712862464-967583995-3115668942-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Big Daddy\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
Task: C:\windows\Tasks\PC Utility Kit Registration3.job => C:\Program Files (x86)\Common Files\PC Utility Kit\UUS3\UUS3.dll <==== ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
HKLM-x32\...\Run: [mpck_us_13] => C:\Program Files (x86)\mpck_us_13\mpck_us_13.exe [3982480 2015-01-22] ()
HKLM\...\Run: [3D BubbleSound] => C:\Program Files\BubbleSound\3D BubbleSound.exe [14115328 2015-01-09] (zik.mu)
C:\Program Files\BubbleSound
Emptytemp:




*****************

HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\fbphotozoom@installdaddy.com => value deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mpieaakhacmfleokhjcjnpcnmnmpfkid" => Key deleted successfully.
d924d8dc => Service deleted successfully.
c:\Program Files (x86)\Optimizer Pro 3.33 => Moved successfully.
Update ViewPlay => Unable to stop service
Update ViewPlay => Service deleted successfully.
C:\Program Files (x86)\ViewPlay => Moved successfully.
C:\windows\System32\Tasks\avaxvyvax => Moved successfully.
C:\Users\Mummy\AppData\Local\avaxvyvax => Moved successfully.
C:\Program Files (x86)\mpck_us_13 => Moved successfully.
C:\Users\Mummy\AppData\Local\mpck_us_13 => Moved successfully.
"HKU\S-1-5-21-1712862464-967583995-3115668942-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => Key deleted successfully.
"HKU\S-1-5-21-1712862464-967583995-3115668942-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully.
"HKU\S-1-5-21-1712862464-967583995-3115668942-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => Key deleted successfully.
"HKU\S-1-5-21-1712862464-967583995-3115668942-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => Key deleted successfully.
"HKU\S-1-5-21-1712862464-967583995-3115668942-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}" => Key deleted successfully.
"HKU\S-1-5-21-1712862464-967583995-3115668942-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully.
C:\windows\Tasks\PC Utility Kit Registration3.job => Moved successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\mpck_us_13 => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\3D BubbleSound => value deleted successfully.
C:\Program Files\BubbleSound => Moved successfully.
EmptyTemp: => Removed 3.9 GB temporary data.


The system needed a reboot.

==== End of Fixlog 23:25:42 ====



#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:02 AM

Posted 26 January 2015 - 11:52 PM

1.

Please download Malwarebytes Anti-Malware photo.jpg?sz=48 and save it to your desktop.

  • Double-click on the setup file (mbam-setup.exe), then click on Run to install.
  • Malwarebytes will automatically open to it's Dashboard. If you have never run this version, you should see a red note at the top indicating "A scan has never been run on your system"
     
    malwarebytes-anti-malware-fix-now.jpg
    .
  • Click on Update Now to download the current database definitions, then click the Scan Now >> button.
    .
  • If you have run this version before, you should see a green note at the top indicating "Your system is fully protected".
  • You will be prompted to update Malwarebytes...click on the Update Now button.
     
    malwarebytes-anti-malware-2-0-update-now
    .
  • The THREAT SCAN will automatically begin.
     
    malwarebytes-anti-malware-scan.jpg
    .
  • When the scan has completed, the results will be displayed. Click on Quarantine All, then click on Apply Actions.
     
    malwarebytes-anti-malware-potential-thre
    .
  • To complete any actions taken you will be prompted to restart your computer...click on Yes. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
     
    mbam4_zps490948cc.png
    .
  • After rebooting the computer, copy and past the mbam.log in your next reply.

.
To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1)
  • Open Malwarebytes Anti-Malware.
  • Click the History Tab at the top and select Application Logs.
  • Select (check) the box next to Scan Log. Choose the most current scan.
  • Click the View button.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 2)
  • Open Malwarebytes Anti-Malware.
  • Click the Scan Tab at the top.
  • Click the View detailed log link on the right.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.


Logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7/8: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd

 

 

2.

ESET Online Scanner:

IMPORTANT: You MUST use Internet Explorer for this step!

  • Visit the ESET Online Scanner Web Page
  • Select the blue Run ESET Online Scanner button:
    ESET1_zps23a5e840.png
  • Tick the box next to YES, I accept the Terms of Use and click Start
    ESET_EULA2_zps9451f1c3.png
  • When asked, allow the ActiveX control to install.
  • Select Enable detection of potentially unwanted applications and select Advanced Settings:
    ESET2_zpsc701c045.png
  • Make sure to check the options Remove found threats and Enable Anti-Stealth technology are checked:
    ESET4_zps0afafd0d.png
  • Click Start. (This scan can take several hours, so please be patient):
    ESET3_zpsccd1657d.png
  • Once the scan is completed, select List of found threats:
    ESET5_zpsd27be299.png
  • Select Export to text file... and save the file as ESETlog.txt on your Desktop:
    ESET6_zpsc17d154e.png
  • Click the Back button.
  • Click the Finish button:
    ESET9_zps51587217.png
  • Use Notepad to open the saved log file (on your Desktop- ESET.txt)[/b]
  • Copy and paste that log as a reply to this topic.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:02 AM

Posted 28 January 2015 - 07:50 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#10 kilabeez0

kilabeez0
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 28 January 2015 - 08:14 PM

sorry i live in nh and got hit with 30 inches of snow yesterday.  anyway, after I clicked quarantine all i didn't have to click on apply it just automatically fixed everything on it's own.  it did however ask to reboot.  it's not showing it here but it did find like 46 problems.

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/28/2015
Scan Time: 7:03:24 PM
Logfile:
Administrator: Yes

Version: 0.00.0.0000
Malware Database: v2015.01.28.12
Rootkit Database: v2015.01.14.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Big Daddy

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 396897
Time Elapsed: 42 min, 5 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


Edited by kilabeez0, 28 January 2015 - 08:15 PM.


#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:02 AM

Posted 28 January 2015 - 08:19 PM

Have you ran ESET yet?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 kilabeez0

kilabeez0
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 28 January 2015 - 10:00 PM

its still running.  Hour and a half at 93%.  59 infected so far.


Edited by kilabeez0, 28 January 2015 - 10:02 PM.


#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:02 AM

Posted 28 January 2015 - 10:07 PM

Post the log when finished. Use multiple posts if need to post the whole log.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#14 kilabeez0

kilabeez0
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 29 January 2015 - 06:03 PM

C:\Users\All Users\InstallMate\{3A805B28-3B0F-D6C6-342D-732DE16379DE}\_Setupx.dll Win32/InstalleRex.T potentially unwanted application 
C:\AdwCleaner\Quarantine\C\Program Files (x86)\ORBTR\orbiter.dll.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\ORBTR\uninstall.exe.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\PriceGong\2.1.0\PriceGongIE.dll.vir a variant of Win32/PriceGong.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\PriiceeLess\oBQ83fYAq8YTDg.dll.vir a variant of Win32/Adware.MultiPlug.EG application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\PrrIceeLLesso\aIssoeGU9VI3am.dll.vir a variant of Win32/Adware.MultiPlug.EG application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe.vir a variant of Win32/Conduit.SearchProtect.Y potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll.vir a variant of Win32/Conduit.SearchProtect.Y potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe.vir a variant of Win32/ClientConnect.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe.vir a variant of Win32/Conduit.SearchProtect.Y potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\RN32.dll.vir a variant of Win32/ClientConnect.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPtool64.exe.vir a variant of Win32/ClientConnect.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32.dll.vir a variant of Win32/ClientConnect.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll.vir a variant of Win32/ClientConnect.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64.dll.vir a variant of Win32/ClientConnect.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe.vir a variant of Win32/Conduit.SearchProtect.Y potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\StormWatch\StormWatchApp.exe.vir a variant of Win32/Verti.K potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\supporter\Supporter.dll.vir a variant of Win32/SProtector.K potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\ver2SpeeditUp\186.dll.vir a variant of Win32/Adware.AddLyrics.DN application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\ver2SpeeditUp\Uninstall.exe.vir a variant of Win32/Adware.AddLyrics.DN application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\ver2SpeeditUp\z5SpeeditUpw51.exe.vir a variant of Win32/Adware.AddLyrics.DN application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\ver2SpeeditUp\x64\webinstrNHKT.sys.vir a variant of Win64/Adware.AddLyrics.F application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\youtubeadblocker\DLsORLIlhtjj2O.dll.vir a variant of Win32/Adware.MultiPlug.EG application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\gkcoklhdocmkgikbglacnkoccfbainmn\content.js.vir JS/Adware.MultiPlug.B application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\gkcoklhdocmkgikbglacnkoccfbainmn\eg1x.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\gkonagknngaclmnleieejhhdapkohjgp\content.js.vir JS/Adware.MultiPlug.B application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\gkonagknngaclmnleieejhhdapkohjgp\N2sE4vu.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\lnmopgohhnagpkejpjdngicaacogiceb\content.js.vir JS/Adware.MultiPlug.B application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\lnmopgohhnagpkejpjdngicaacogiceb\oSzZaAIyh.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Big Daddy\AppData\Roaming\Mozilla\Firefox\Profiles\b004zysc.default\Extensions\BeRV2@0.edu\content\bg.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Big Daddy\AppData\Roaming\Mozilla\Firefox\Profiles\b004zysc.default\Extensions\oPUko@6.com\content\bg.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Big Daddy\AppData\Roaming\Mozilla\Firefox\Profiles\b004zysc.default\Extensions\UfX4@Pfk.net\content\bg.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Mummy\AppData\Roaming\Mozilla\Firefox\Profiles\t3wkkknm.default\Extensions\39ffxtbr@MapsGalaxy_39.com\plugins\NativeMessagingDispatcher.dll.vir Win32/Toolbar.MyWebSearch.AO potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Mummy\AppData\Roaming\Mozilla\Firefox\Profiles\t3wkkknm.default\Extensions\BeRV2@0.edu\content\bg.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Mummy\AppData\Roaming\Mozilla\Firefox\Profiles\t3wkkknm.default\Extensions\oPUko@6.com\content\bg.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Mummy\AppData\Roaming\Mozilla\Firefox\Profiles\t3wkkknm.default\Extensions\UfX4@Pfk.net\content\bg.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\windows\System32\drivers\webinstrNHKT.sys.vir a variant of Win64/Adware.AddLyrics.F application cleaned by deleting - quarantined
C:\FRST\Quarantine\c\Program Files (x86)\mpck_us_13\mobilepcstarterkit_widget.exe a variant of Win32/AdWare.EoRezo.AU application cleaned by deleting - quarantined
C:\FRST\Quarantine\c\Program Files (x86)\mpck_us_13\mpck_us_13.exe a variant of Win32/AdWare.EoRezo.AU application cleaned by deleting - quarantined
C:\FRST\Quarantine\c\Program Files (x86)\mpck_us_13\predm.exe Win32/Adware.EoRezo application cleaned by deleting - quarantined
C:\FRST\Quarantine\c\Program Files (x86)\Optimizer Pro 3.33\OptimizerPro.exe a variant of Win32/SpeedingUpMyPC application cleaned by deleting - quarantined
C:\FRST\Quarantine\c\Program Files (x86)\Optimizer Pro 3.33\OptProSmartScan.exe a variant of Win32/Adware.SpeedingUpMyPC.C application cleaned by deleting - quarantined
C:\FRST\Quarantine\c\Program Files (x86)\ViewPlay\updateViewPlay.exe a variant of MSIL/BrowseFox.H potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\c\Program Files (x86)\ViewPlay\ViewPlaybho.dll a variant of Win32/BrowseFox.O potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\c\Program Files (x86)\ViewPlay\ViewPlayUninstall.exe Win32/BrowseFox.C potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\c\Users\Mummy\AppData\Local\avaxvyvax\avaxvyvax.exe a variant of Win32/Conduit.SearchProtect.Y potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\c\Users\Mummy\AppData\Local\avaxvyvax\pbqrmvbub a variant of Win32/ClientConnect.A potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\c\Users\Mummy\AppData\Local\mpck_us_13\upmpck_us_13.exe a variant of Win32/Adware.EoRezo.AJ application cleaned by deleting - quarantined
C:\FRST\Quarantine\c\Users\Mummy\AppData\Local\mpck_us_13\Download\majmp_gentleeeuu.exe Win32/AdWare.EoRezo.AW application cleaned by deleting - quarantined
C:\ProgramData\InstallMate\{3A805B28-3B0F-D6C6-342D-732DE16379DE}\_Setupx.dll Win32/InstalleRex.T potentially unwanted application deleted - quarantined
C:\Users\Big Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdejgojmfhngmomodldpdppfbhoajadl\145\content.js JS/Adware.MultiPlug.B application cleaned by deleting - quarantined
C:\Users\Big Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdejgojmfhngmomodldpdppfbhoajadl\145\DVP0.js JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\Users\Big Daddy\Downloads\cnet2_amr-mp3-converter-setup_exe.exe a variant of Win32/InstallCore.D potentially unwanted application deleted - quarantined
C:\Users\Big Daddy\Downloads\Snow_-_12_Inches_Of_Snow_[Mp3@256Kbps.exe multiple threats cleaned by deleting - quarantined
C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdejgojmfhngmomodldpdppfbhoajadl\145\content.js JS/Adware.MultiPlug.B application cleaned by deleting - quarantined
C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdejgojmfhngmomodldpdppfbhoajadl\145\DVP0.js JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\Users\Mummy\AppData\Local\SupportSoft\ComcastUI\Mummy\CACHE\5599fea7-b9d0-4c48-84c3-66d697784679.exe a variant of Win32/Toolbar.Visicom.A potentially unwanted application deleted - quarantined
C:\Users\Mummy\Downloads\Firefox_Updater.exe a variant of Win32/Adware.InstallMetrix.J application cleaned by deleting - quarantined
C:\Users\Mummy\Downloads\Retrogamer.exe a variant of Win32/AdInstaller potentially unwanted application deleted - quarantined
 


Edited by kilabeez0, 29 January 2015 - 06:10 PM.


#15 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:02 AM

Posted 29 January 2015 - 06:28 PM

How is your computer running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users