Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

PC laptop infected with Malware

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

PC laptop infected with Malware

Unread postby ftraps » January 1st, 2015, 5:13 am

Hi, My PC is going nuts. It seems OK at first, until I start surfing. Any browser I use, IE, Firefox, Chrome, I get redirected to random sites like MSN (my homepage is usually google) and links on any site appear as suspicious looking malware removal sites. I am not allowed to install anything. its always blocked (I cannot even update java, etc). I tried online malware remval, also i use Avast as my antivirus, does not seem to help though. Your help would be much appreciated please!!!! Thanks


Logs are as follows:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17207
Run by Fatima Trapaga at 19:56:10 on 2015-01-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.8140.4484 [GMT 11:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Program Files\Lytro\lytroservice.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Intel\Intel(R) Smart Connect Technology Agent\ISCTHidMonitor.exe
C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Intel\Intel(R) Smart Connect Technology Agent\ISCTHidMonitor.exe
C:\Program Files (x86)\HP SimplePass 2012\TouchControl.exe
C:\Program Files (x86)\HP SimplePass 2012\BioMonitor.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\SecretSauce\bin\utilSecretSauce.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Users\Fatima Trapaga\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\SecretSauce\bin\SecretSauce.expext.exe
C:\Program Files (x86)\SecretSauce\bin\SecretSauce.PurBrowse64.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Users\Fatima Trapaga\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\SecretSauce\bin\SecretSauce.BrowserAdapter64.exe
C:\Program Files (x86)\SecretSauce\bin\SecretSauce.BrowserAdapter.exe
C:\Program Files (x86)\SecretSauce\updateSecretSauce.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\msiexec.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
mStart Page = hxxp://searchy.easylifeapp.com/
uSearchAssistant = hxxp://feed.snapdo.com/?publisher=Tight ... type=ds&q={searchTerms}&installDate=13/06/2013
mWinlogon: Userinit = userinit.exe
BHO: SecretSauce 1.0.0.6: {0ffd0ef2-dbe9-483a-80c4-d2c331da1ce4} - C:\Program Files (x86)\SecretSauce\SecretSauceBHO.dll
BHO: {1F69048B-6672-1E9D-2F37-9E9E7909B8E1} - <orphaned>
BHO: {25095EF5-82A2-4391-91AC-7904623A8F20} - <orphaned>
BHO: {27CF166C-CB94-0A45-4616-EE49A6ADEB2A} - <orphaned>
uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
uRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
uRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
uRun: [Google Update] "C:\Users\Fatima Trapaga\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [MsgCenterExe] "C:\Program Files (x86)\Real\RealPlayer\update\RealOneMessageCenter.exe" -osboot
uRunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil64_14_0_0_145_ActiveX.exe -update activex
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [CitrixReceiver] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
mRun: [Redirector] "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup
StartupFolder: C:\Users\FATIMA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Fatima Trapaga\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223}
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{F3051C2B-5821-4318-9A6F-2708B8791DC4} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{F3051C2B-5821-4318-9A6F-2708B8791DC4}\07F636B6564777966696D236136326 : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{F3051C2B-5821-4318-9A6F-2708B8791DC4}\251434650234F6E666562756E63656 : DHCPNameServer = 8.8.8.8 203.10.89.2 203.22.124.10
TCP: Interfaces\{F3051C2B-5821-4318-9A6F-2708B8791DC4}\348627F6D6563616374773739363 : DHCPNameServer = 192.168.255.249
TCP: Interfaces\{F3051C2B-5821-4318-9A6F-2708B8791DC4}\4527160716761623 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{F3051C2B-5821-4318-9A6F-2708B8791DC4}\64164796D616 : DHCPNameServer = 192.168.1.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\progra~2\citrix\icacli~1\rshook.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://searchy.easylifeapp.com/
x64-BHO: AllSaveer: {1EE3F601-01B4-1181-21FA-F33D88741507} - C:\ProgramData\AllSaveer\79_rxlRM.x64.dll
x64-BHO: {1F69048B-6672-1E9D-2F37-9E9E7909B8E1} - <orphaned>
x64-BHO: {25095EF5-82A2-4391-91AC-7904623A8F20} - <orphaned>
x64-BHO: {27CF166C-CB94-0A45-4616-EE49A6ADEB2A} - <orphaned>
x64-BHO: UTubeNOADsu: {3493C8B1-AC72-A17D-B551-DDE37A903AC1} - C:\ProgramData\UTubeNOADsu\2VvQg.x64.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-RunOnce: [NCPluginUpdater] "c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe" Update
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Fatima Trapaga\AppData\Roaming\Mozilla\Firefox\Profiles\xgm8qpd0.default-1354535595331\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search
FF - prefs.js: browser.search.selectedEngine - Microsoft (Bing)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll
FF - plugin: C:\Program Files (x86)\Citrix\ICA Client\npURLInterceptorPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Fatima Trapaga\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: C:\Users\Fatima Trapaga\AppData\Roaming\Mozilla\Firefox\Profiles\xgm8qpd0.default-1354535595331\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: C:\Users\Fatima Trapaga\AppData\Roaming\Mozilla\Firefox\Profiles\xgm8qpd0.default-1354535595331\extensions\virusscan@bullguard.com\plugins\npbgvscan.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-24 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-3-24 267632]
R1 {345422e3-72fa-447a-9550-97803edfacf3}w64;{345422e3-72fa-447a-9550-97803edfacf3}w64;C:\Windows\System32\drivers\{345422e3-72fa-447a-9550-97803edfacf3}w64.sys [2014-4-27 61120]
R1 {84f71dda-7f74-46a2-afdb-c945e69c0195}w64;{84f71dda-7f74-46a2-afdb-c945e69c0195}w64;C:\Windows\System32\drivers\{84f71dda-7f74-46a2-afdb-c945e69c0195}w64.sys [2015-1-1 48784]
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2013-3-24 22600]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2012-8-28 1050432]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-8-28 436624]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2013-8-19 95152]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-12-9 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-8-18 204288]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-1-9 659968]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2015-1-1 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-8-28 83280]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2014-1-2 116728]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-4-9 50344]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-10-18 936272]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-10-18 1001808]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-1-17 135952]
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe [2011-8-26 260424]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-8-10 197536]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-28 30520]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-12-9 13592]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-12-9 2375168]
R2 ISCTAgent;ISCT Always Updated Agent;C:\Program Files (x86)\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [2011-9-7 93696]
R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944]
R2 LytroService;Lytro Desktop Application Service;C:\Program Files\Lytro\lytroservice.exe [2012-11-29 296576]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-12-9 2656280]
R2 Update SecretSauce;Update SecretSauce;C:\Program Files (x86)\SecretSauce\updateSecretSauce.exe [2013-12-7 524528]
R2 Util SecretSauce;Util SecretSauce;C:\Program Files (x86)\SecretSauce\bin\utilSecretSauce.exe [2013-12-26 524528]
R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-2-26 2669840]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\Windows\System32\drivers\amppal.sys [2012-1-9 195584]
R3 ATSwpWDF;AuthenTec TruePrint WBF Driver;C:\Windows\System32\drivers\ATSwpWDF.sys [2012-8-30 1109296]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-10-18 1354064]
R3 btmaudio;Intel Bluetooth Audio Service;C:\Windows\System32\drivers\btmaud.sys [2011-5-19 51712]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2011-8-29 53760]
R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2011-11-15 327168]
R3 iBtFltCoex;iBtFltCoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2011-12-9 60416]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-10-15 317440]
R3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2011-8-10 12289472]
R3 ISCT;Intel(R) Smart Connect Technology Device Driver;C:\Windows\System32\drivers\ISCTD64.sys [2011-9-7 44992]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2011-8-6 25496]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-6-11 91648]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-6-11 208896]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-12-9 338536]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-12-9 539240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\System32\drivers\amppal.sys [2012-1-9 195584]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-6-4 103448]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-13 206072]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-7-12 111616]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2011-8-6 34200]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-2-26 273168]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-17 19456]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-14 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-14 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-14 740864]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-6-4 203672]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-17 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-17 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-28 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2015-01-01 08:47:05 -------- d-sh--w- C:\Users\Fatima Trapaga\AppData\Local\EmieUserList
2015-01-01 08:47:05 -------- d-sh--w- C:\Users\Fatima Trapaga\AppData\Local\EmieSiteList
2015-01-01 08:18:28 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0FFB9D40-6370-4444-BF24-4C3DC6BCAB14}\offreg.dll
2015-01-01 08:13:51 2620928 ----a-w- C:\Windows\System32\wucltux.dll
2015-01-01 08:13:16 36864 ----a-w- C:\Windows\System32\wuapp.exe
2015-01-01 08:13:16 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2015-01-01 08:13:16 198600 ----a-w- C:\Windows\System32\wuwebv.dll
2015-01-01 08:13:16 179656 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2015-01-01 08:07:36 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2015-01-01 08:07:20 43152 ----a-w- C:\Windows\avastSS.scr
2015-01-01 08:04:28 48784 ----a-w- C:\Windows\System32\drivers\{84f71dda-7f74-46a2-afdb-c945e69c0195}w64.sys
.
==================== Find3M ====================
.
2015-01-01 08:53:27 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-01 08:53:27 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-01-01 08:08:04 1050432 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
2015-01-01 08:07:23 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2015-01-01 08:07:23 267632 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2015-01-01 08:07:23 116728 ----a-w- C:\Windows\System32\drivers\aswstm.sys
2015-01-01 08:07:22 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2015-01-01 08:07:22 83280 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
.
============= FINISH: 19:56:37.86 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 2/08/2012 11:15:01 PM
System Uptime: 1/01/2015 6:59:58 PM (1 hours ago)
.
Motherboard: Hewlett-Packard | | 1794
Processor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz | CPU1 | 2401/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 446 GiB total, 2.268 GiB free.
D: is FIXED (NTFS) - 16 GiB total, 1.733 GiB free.
E: is FIXED (FAT32) - 4 GiB total, 1.093 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: avast! Firewall NDIS Filter Miniport
Device ID: ROOT\SW_ASWNDISMP\0000
Manufacturer: ALWIL Software
Name: avast! Firewall NDIS Filter Miniport
PNP Device ID: ROOT\SW_ASWNDISMP\0000
Service: aswNdis
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{00001132-0000-1000-8000-00805F9B34FB}_VID&0001000F_PID&0000\8&13A4E5BE&0&8425DB90D050_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{00001132-0000-1000-8000-00805F9B34FB}_VID&0001000F_PID&0000\8&13A4E5BE&0&8425DB90D050_C00000000
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{00001132-0000-1000-8000-00805F9B34FB}_VID&00010075_PID&0100\8&13A4E5BE&0&9C3AAFC523BF_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{00001132-0000-1000-8000-00805F9B34FB}_VID&00010075_PID&0100\8&13A4E5BE&0&9C3AAFC523BF_C00000000
Service:
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
==== System Restore Points ===================
.
RP142: 29/03/2014 10:22:12 PM - Windows Update
RP143: 30/03/2014 4:25:30 PM - Removed Google Drive
RP144: 4/04/2014 8:45:47 AM - Removed Internet Explorer Toolbar 4.9 by SweetPacks
RP145: 4/04/2014 9:28:08 AM - Windows Update
RP146: 9/04/2014 8:10:59 PM - avast! antivirus system restore point
RP147: 9/04/2014 8:43:17 PM - Configured YouCam
RP148: 9/04/2014 9:03:28 PM - Installed Java 7 Update 51
RP149: 14/04/2014 4:57:22 PM - Windows Update
RP150: 12/07/2014 7:15:05 PM - Scheduled Checkpoint
RP151: 12/07/2014 7:28:29 PM - Windows Update
RP152: 1/01/2015 7:03:27 PM - avast! antivirus system restore point
RP153: 1/01/2015 7:12:58 PM - Windows Update
RP154: 1/01/2015 7:43:12 PM - Installed Java 7 Update 71
.
==== Installed Programs ======================
.
Adobe Flash Player 14 Plugin
Adobe Flash Player 15 ActiveX
Adobe Reader X (10.1.9) MUI
Adobe Shockwave Player 11.6
Agatha Christie - Peril at End House
AMD APP SDK Runtime
AMD Catalyst Install Manager
Ashampoo Burning Studio 6 FREE v.6.84
AuthenTec TrueAPI
AuthenTec WinBio FingerPrint Software
Avast Free Antivirus
Bejeweled 3
BitTorrent
Blackhawk Striker 2
Blasterball 3
Bonjour
Bounce Symphony
Buzzdock
Cake Mania
calibre
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Catalyst Control Center Profiles Mobile
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
ChromecastApp
Chronicles of Albian
Chuzzle Deluxe
Citrix Authentication Manager
Citrix Receiver
Citrix Receiver (HDX Flash Redirection)
Citrix Receiver Inside
Citrix Receiver Updater
Citrix Receiver(Aero)
Citrix Receiver(DV)
Citrix Receiver(USB)
Cradle of Rome 2
D3DX10
Dropbox
e-tax 2013
EaseUS Data Recovery Wizard 5.6.1
ESU for Microsoft Windows 7 SP1
Evernote v. 4.2.3
Farm Frenzy
FATE
Final Drive: Nitro
Google Chrome
Google Drive
Google Update Helper
Governor of Poker 2 Premium Edition
Hewlett-Packard ACLM.NET v1.2.1.1
HP 3D DriveGuard
HP Auto
HP Client Services
HP CoolSense
HP Customer Experience Enhancements
HP Documentation
HP Games
HP Launch Box
HP On Screen Display
HP Power Manager
HP Quick Launch
HP QuickWeb
HP Recovery Manager
HP Security Assistant
HP Setup
HP Setup Manager
HP SimplePass 2012
HP Software Framework
HP Support Assistant
IDT Audio
Intel PROSet Wireless
Intel(R) Display Audio Driver
Intel(R) Identity Protection Technology 1.1.2.0
Intel(R) Management Engine Components
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
Intel(R) Rapid Storage Technology
Intel(R) Smart Connect Technology 1.0
Intel(R) WiDi
Intel(R) Wireless Display
Intel® PROSet/Wireless WiFi Software
Java 7 Update 51
Java Auto Updater
Jewel Quest: The Sleepless Star - Collector's Edition
Junk Mail filter update
K-Lite Codec Pack 9.7.5 (Standard)
Lytro Desktop
Mah Jong Medley
Mesh Runtime
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox 28.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Music Editor Free
MyFreeCodec
Mystery of Mortlake Mansion
Namco All-Stars: PAC-MAN
OLYMPUS Digital Camera Updater
OLYMPUS Viewer 2
Online Plug-in
Penguins!
Photodex Presenter
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Polar Golfer
ProShow Gold
PX Profile Update
Realtek Ethernet Controller Driver
Realtek PCIE Card Reader
Renesas Electronics USB 3.0 Host Controller Driver
Samsung Kies
SAMSUNG USB Driver for Mobile Phones
SearchNewTab
SecretSauce
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Self-service Plug-in
Skype™ 5.3
Slingo Supreme
Smart Partition Recovery v2.5
Stanza
swMSM
Synaptics TouchPad Driver
TornTV
Update Installer for WildTangent Games App
UTubeNOADsu
Vacation Quest - The Hawaiian Islands
VIP Access SDK (1.0.1.2)
Virtual Villagers 5 - New Believers
VLC media player 2.0.7
WildTangent Games App (HP Games)
Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
1/01/2015 7:01:40 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Util SecretSauce service to connect.
1/01/2015 7:01:40 PM, Error: Service Control Manager [7000] - The Util SecretSauce service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
ftraps
Active Member
 
Posts: 14
Joined: January 1st, 2015, 5:01 am
Advertisement
Register to Remove

Re: PC laptop infected with Malware

Unread postby Gary R » January 1st, 2015, 10:28 am

Looking over your logs, back soon.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: PC laptop infected with Malware

Unread postby Gary R » January 1st, 2015, 10:38 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the "Infected? Virus, malware, adware, ransomware, oh my!" forum and wait for help.


Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Hi Fatima

I'm Gary R,

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

As an added safety precaution, before we start removing anything, I'd like you to make a backup of your Registry, which we can restore to if necessary.

Please click on THIS link, and follow the instructions for installing TCRB and creating a backup of your Registry.

Please observe these rules while we work:
  • Do not edit your logs in any way whatsoever.
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
  • As you're using Windows 7, it will be necessary to right click all tools we use and select ----> Run as Administrator

It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


Before we start cleaning your infection from your machine, I'd like you to run a few additional scans for me, so that we've got a more complete picture of what needs to be removed.

First ...

Please download AdwCleaner and save it to your desktop.

  • Double click AdwCleaner.exe to run it.
  • Click Scan.
  • A logfile will automatically open after the scan has finished.
  • Close the adwCleaner window, click ok to the prompt.
  • Please post the contents of that logfile with your next reply.
  • You can also find the logfile at C:\AdwCleaner[R1].txt.

AT THIS POINT, DO NOT ATTEMPT TO CLEAN ANYTHING THAT MAY BE FOUND

Next ...

  • Download FRST64 to your Desktop.
  • Double click Frst64.exe to launch it.
  • FRST will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press the Scan button.
    • When finished scanning 2 logs will open on your Desktop, FRST.txt and Addition.txt
    • Please post them in your next reply.

Next ...

Please run a search for me with FRST ...

  • Double click Frst64.exe to launch it.
  • FRST will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Copy/Paste or Type the following line into the Search: box.
    Fun4IM;Bandoo;Searchnu;Searchqu;iLivid;whitesmoke;datamngr;kelkoopartners;trolltech;babylon;conduit;SecretSauce;easylife

    • Press the Search Registry button.
    • When finished searching a log will open on your Desktop ... Search.txt
    • Please post it in your next reply.

Summary of the logs I need from you in your next post:
  • ADWCleaner log
  • FRST.txt
  • Addition.txt
  • Search.txt


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: PC laptop infected with Malware

Unread postby ftraps » January 2nd, 2015, 5:17 am

Thank you for helping me out. The log from AdwCleaner is below. Just have a question - ADWCleaner says the following "Pending. please uncheck elements you dont want to remove" What do i do with this?

# AdwCleaner v4.106 - Report created 02/01/2015 at 20:03:59
# Updated 21/12/2014 by Xplode
# Database : 2015-01-01.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Fatima Trapaga - FATIMA-HP
# Running from : C:\Users\Fatima Trapaga\Desktop\adwcleaner_4.106.exe
# Option : Scan

***** [ Services ] *****

Service Found : Update SecretSauce
Service Found : Util SecretSauce
Service Found : Update SecretSauce
Service Found : Util SecretSauce
Service Found : {345422e3-72fa-447a-9550-97803edfacf3}w64
Service Found : {84f71dda-7f74-46a2-afdb-c945e69c0195}w64

***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Users\Fatima Trapaga\AppData\Local\funmoods.crx
File Found : C:\Users\Fatima Trapaga\AppData\Local\funmoods-speeddial_sf.crx
File Found : C:\Users\Fatima Trapaga\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage
File Found : C:\Users\Fatima Trapaga\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage
File Found : C:\Users\Fatima Trapaga\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.tanzuki.net_0.localstorage
File Found : C:\Users\Fatima Trapaga\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.tanzuki.net_0.localstorage-journal
File Found : C:\Users\Fatima Trapaga\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Found : C:\Users\Fatima Trapaga\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Found : C:\Users\Fatima Trapaga\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
File Found : C:\Users\Fatima Trapaga\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
File Found : C:\Users\Fatima Trapaga\AppData\LocalLow\SkwConfig.bin
File Found : C:\Users\Fatima Trapaga\AppData\Roaming\Mozilla\Firefox\Profiles\xgm8qpd0.default-1354535595331\searchplugins\Web Search.xml
File Found : C:\Users\FATIMA~1\AppData\Local\Temp\Uninstall.exe
File Found : C:\Windows\System32\drivers\{345422e3-72fa-447a-9550-97803edfacf3}w64.sys
File Found : C:\Windows\System32\drivers\{84f71dda-7f74-46a2-afdb-c945e69c0195}w64.sys
Folder Found : C:\Program Files (x86)\SecretSauce
Folder Found : C:\Program Files (x86)\SecretSauce
Folder Found : C:\Program Files (x86)\ss helper
Folder Found : C:\Program Files (x86)\SweetIM
Folder Found : C:\Program Files (x86)\TornTV.com
Folder Found : C:\Program Files (x86)\WebSearch
Folder Found : C:\Program Files\PC Optimizer Pro
Folder Found : C:\Program Files\Updater By SweetPacks
Folder Found : C:\ProgramData\AllSaveer
Folder Found : C:\ProgramData\c9992fbe4fe3db88
Folder Found : C:\ProgramData\CoupExtension
Folder Found : C:\ProgramData\DiGiiCoupon
Folder Found : C:\ProgramData\ExsTraSaviunggs
Folder Found : C:\ProgramData\PC Optimizer Pro
Folder Found : C:\ProgramData\savEnshaire
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\ProgramData\UTubeNOADsu
Folder Found : C:\Users\Fatima Trapaga\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbpebffoameokfhnaaedmefjncfboino
Folder Found : C:\Users\Fatima Trapaga\AppData\Local\jZip
Folder Found : C:\Users\Fatima Trapaga\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
Folder Found : C:\Users\FATIMA~1\AppData\Local\Temp\jZip

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Software\Smartbar
Key Found : HKCU\Software\AppDataLow\SProtector
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\jZip
Key Found : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Myfree Codec
Key Found : HKCU\Software\pc optimizer pro
Key Found : HKCU\Software\SecretSauce
Key Found : HKCU\Software\Smartbar
Key Found : HKCU\Software\SmartBar
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\SweetIM
Key Found : [x64] HKCU\Software\1ClickDownload
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\Cr_Installer
Key Found : [x64] HKCU\Software\IM
Key Found : [x64] HKCU\Software\ImInstaller
Key Found : [x64] HKCU\Software\jZip
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : [x64] HKCU\Software\Myfree Codec
Key Found : [x64] HKCU\Software\pc optimizer pro
Key Found : [x64] HKCU\Software\SecretSauce
Key Found : [x64] HKCU\Software\SmartBar
Key Found : [x64] HKCU\Software\Smartbar
Key Found : [x64] HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\SweetIM
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Found : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0FFD0EF2-DBE9-483A-80C4-D2C331DA1CE4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0ffd0ef2-dbe9-483a-80c4-d2c331da1ce4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Found : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc
Key Found : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Found : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{892621ce-00c5-4d58-889a-5d8413fc0e31}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bicnnkjibmphdeigoodpjlcklcnaobdj
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dbpebffoameokfhnaaedmefjncfboino
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3614D305-2DBB-4991-9297-750DD60FFC73}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0ffd0ef2-dbe9-483a-80c4-d2c331da1ce4}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FFD0EF2-DBE9-483A-80C4-D2C331DA1CE4}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C6E49138-C2CF-5337-D358-0734FD33EFB4}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C6E49138-C2CF-5337-D358-0734FD33EFB4}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Key Found : HKLM\SOFTWARE\Myfree Codec
Key Found : HKLM\SOFTWARE\SecretSauce
Key Found : HKLM\SOFTWARE\SP Global
Key Found : HKLM\SOFTWARE\SProtector
Key Found : HKLM\SOFTWARE\SweetIM
Key Found : HKLM\SOFTWARE\Updater By Sweetpacks
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Update SecretSauce
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Util SecretSauce
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ac225167-00fc-452d-94c5-bb93600e7d9a}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SecretSauce
Key Found : [x64] HKLM\SOFTWARE\pc optimizer pro
Key Found : [x64] HKLM\SOFTWARE\SweetIM
Key Found : [x64] HKLM\SOFTWARE\Tarma Installer
Key Found : [x64] HKLM\SOFTWARE\Updater By Sweetpacks
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{8E9E3331-D360-4f87-8803-52DE43566502}]
Value Found : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{8E9E3331-D360-4f87-8803-52DE43566502}]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://searchy.easylifeapp.com/
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL] - hxxp://feed.snapdo.com/?publisher=Tight ... type=ds&q={searchTerms}&installDate=13/06/2013
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant] - hxxp://feed.snapdo.com/?publisher=Tight ... type=ds&q={searchTerms}&installDate=13/06/2013
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] - hxxp://searchfunmoods.com/?f=2&a=downlo ... =204580217
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.snapdo.com/?publisher=Tight ... type=ds&q={searchTerms}&installDate=13/06/2013
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://searchy.easylifeapp.com/

-\\ Mozilla Firefox v28.0 (en-US)

[xgm8qpd0.default-1354535595331] - Line Found : user_pref("CT3225826.BT_Stats.enc", "eyJsYXN0X2xvZyI6MTM4ODU2Mjg0MCwidXVpZCI6MzE3NTMzNTE2NDA1MjI0LCJzZXFfaWQiOjIsInNzYiI6MTM4ODQxNjg3M30=");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("CT3225826.FF19Solved", "true");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("CT3225826.FirstTime", "true");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("CT3225826.FirstTimeFF3", "true");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("CT3225826.UserID", "UN20606375731234210");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("CT3225826.addressBarTakeOverEnabledInHidden", "true");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("CT3225826.appOptions", "{}");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("CT3225826.countryCode", "PH");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("CT3225826.defaultSearch", "false");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("CT3225826.enableAlerts", "true");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("CT3225826.enableSearchFromAddressBar", "false");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("CT3225826.firstTimeDialogOpened", "true");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("CT3225826.fixPageNotFoundError", "false");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("CT3225826.fixPageNotFoundErrorByUser", "false");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("CT3225826.fixPageNotFoundErrorInHidden", "true");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("CT3225826.fullUserID", "UN20606375731234210.IN.20131231022050");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("CT3225826.installDate", "31/12/2013 02:20:53");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("CT3225826.installSessionId", "{179296D1-6E94-45FE-BB8F-3524851F802B}");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("CT3225826.installSp", "false");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("CT3225826.installType", "conduitnsisintegration");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("CT3225826.installUsage", "2013-12-30T18:21:04.9964989+03:00");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("CT3225826.installUsageEarly", "2013-12-30T18:21:01.3305224+03:00");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("CT3225826.installerVersion", "1.8.1.4");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("CT3225826.isCheckedStartAsHidden", true);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("CT3225826.isFirstTimeToolbarLoading", "false");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("CT3225826.lastVersion", "10.23.0.722");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("CT3225826.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("CT3225826.openThankYouPage", "false");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("CT3225826.openUninstallPage", "true");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("CT3225826.revertSettingsEnabled", "false");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("CT3225826.search.searchAppId", "129830626805552092");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("CT3225826.search.searchCount", "0");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("CT3225826.searchInNewTabEnabledByUser", "false");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("CT3225826.searchInNewTabEnabledInHidden", "true");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("CT3225826.searchRevert", "false");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("CT3225826.searchSuggestEnabledByUser", "false");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("CT3225826.searchUninstallUserMode", "1");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("CT3225826.searchUserMode", "1");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("CT3225826.serviceLayer_services_Configuration_lastUpdate", "1388562839956");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("CT3225826.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1388416867968");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("CT3225826.serviceLayer_services_appsMetadata_lastUpdate", "1388562838373");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("CT3225826.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1388416865312");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("CT3225826.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1388416860320");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("CT3225826.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1388416863785");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("CT3225826.serviceLayer_services_login_10.23.0.722_lastUpdate", "1388636542283");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("CT3225826.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1388416865376");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("CT3225826.serviceLayer_services_searchAPI_lastUpdate", "1388562842912");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("CT3225826.serviceLayer_services_serviceMap_lastUpdate", "1388562839383");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("CT3225826.serviceLayer_services_toolbarContextMenu_lastUpdate", "1388562838324");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("CT3225826.serviceLayer_services_toolbarSettings_lastUpdate", "1388636537460");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("CT3225826.serviceLayer_services_translation_lastUpdate", "1388562840217");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("CT3225826.settingsINI", true);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("CT3225826.shouldFirstTimeDialog", "false");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("CT3225826.showToolbarPermission", "false");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("CT3225826.smartbar.CTID", "CT3225826");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("CT3225826.smartbar.Uninstall", "0");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("CT3225826.smartbar.toolbarName", "BitTorrentControl_v12 ");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("CT3225826.startPage", "false");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("CT3225826.toolbarBornServerTime", "30-12-2013");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("CT3225826.toolbarCurrentServerTime", "2-1-2014");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("CT3225826.toolbarInstallDate", "31-12-2013 02:20:51");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("CT3225826.toolbarLoginClientTime", "Tue Dec 31 2013 02:21:05 GMT+1100 (AUS Eastern Standard Time)");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("CT3225826.versionFromInstaller", "10.23.0.722");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("CT3225826.xpeMode", "1");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("aol_toolbar.default.homepage.check", false);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("aol_toolbar.default.search.check", false);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("browser.search.defaultenginename,S", "WebSearch");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("browser.search.order.1,S", "WebSearch");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("browser.search.selectedEngine,S", "WebSearch");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("extensions.BabylonToolbar.prtkDS", 0);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("extensions.helperbar.DockingPositionDown", false);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("extensions.helperbar.SmartbarDisabled", false);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("extensions.helperbar.Visibility", true);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("extensions.helperbar.countryiso", "au");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("extensions.helperbar.downloadprovider", "tightropeyb");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("extensions.helperbar.installationid", "9ba45b4f-f9c4-4e78-af60-ce7f80781f4b");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("extensions.helperbar.installdate", "13/06/2013");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("extensions.helperbar.publisher", "tightropeyb");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("plugin.state.npconduitfirefoxplugin", 2);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("smartbar.machineId", "NM03IQXLWKDMSEFW6CI0UMBF5D1DSMT8MCL8OF6UMRVZIQKXI4+XUZYBPRJ8YEBMLXK4OO2JISPLCM3QHBUFJW");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "WebSearch");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "hxxp://websearch.the-searcheng.info/?pid=1182&r=2013/09/14&hid=3267659799954690629&lg=EN&cc=AU&unqvl=35&l=1&q=");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "WebSearch");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://www.google.com");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://websearch.the-searcheng.info/?pid=1182&r=2013/09/14&hid=3267659799954690629&lg=EN&cc=AU&unqvl=35&l=1&q=");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("sweetim.toolbar.searchguard.enable", "");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("sweetim.toolbar.urls.homepage", "hxxp://mysearch.sweetpacks.com/?src=10&st=12&crg=3.5000006.10068&did=10703&barid=312954568968510268060733076332272198968");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B+7E+x305", "2423");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B+7E+x305.storedInFile", false);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B+7E,x305", "2423");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B+7E,x305.storedInFile", false);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B+7E-x305", "2423");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B+7E-x305.storedInFile", false);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B+7E.:2z527", "2423");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B+7E.:2z527.storedInFile", false);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B+7E.x305", "2423");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B+7E.x305.storedInFile", false);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B+7E/x305", "2423");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B+7E/x305.storedInFile", false);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B+7E06CG5EL8:", "6E6D696A6F736F6E7073");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B+7E06CG5EL8:.storedInFile", false);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B+7E06CG5EL;8I:K", "247E2D2F226A74736F70757975747679242F4B49474F42357D5D5C3D");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B+7E06CG5EL;8I:K.storedInFile", false);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B+7E0x305", "2423");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B+7E0x305.storedInFile", false);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B+7E1x305", "2423");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B+7E1x305.storedInFile", false);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B+7E2x305", "2423");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B+7E2x305.storedInFile", false);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B+7E3x305", "2423");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B+7E3x305.storedInFile", false);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B+7E4x305", "2423");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B+7E4x305.storedInFile", false);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B+7E5x305", "2423");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B+7E5x305.storedInFile", false);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B+7E6x305", "2423");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B+7E6x305.storedInFile", false);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B+7E7x305", "2423");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B+7E7x305.storedInFile", false);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B+7E8x305", "2423");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B+7E8x305.storedInFile", false);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B+7E9x305", "2423");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B+7E9x305.storedInFile", false);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B+7E:x305", "2423");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B+7E:x305.storedInFile", false);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B+7E;x305", "2423");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B+7E;x305.storedInFile", false);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B+7E<x305", "2423");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B+7E<x305.storedInFile", false);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B+7E=x305", "2423");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B+7E=x305.storedInFile", false);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B+7E>x305", "2423");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B+7E>x305.storedInFile", false);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B+7E?x305", "2423");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B+7E?x305.storedInFile", false);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B+7E@x305", "2423");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B+7E@x305.storedInFile", false);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B+7EAx305", "2423");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B+7EAx305.storedInFile", false);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B+7EBE3G=;D9N9=D", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D337D56545138505C");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B+7EBE3G=;D9N9=D.storedInFile", false);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B+7EBx305", "2423");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B+7EBx305.storedInFile", false);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B+7ECx305", "2423");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B+7ECx305.storedInFile", false);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B+7EDx305", "2423");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B+7EDx305.storedInFile", false);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B+7Etx305", "2423");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B+7Etx305.storedInFile", false);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B-0?3G>D", "3A70696B733E6D727A444378752077757D78257E227D202A55235856262C2B2B2C5F302D");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B-0?3G>D.storedInFile", false);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B-0?3G@6:5;", "");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B-0?3G@6:5;.storedInFile", false);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B-0?3GFA7EF", "2B2E2C3D");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B-0?3GFA7EF.storedInFile", false);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B-3=3ECCJA=F>", "247E333D2C452F4135276F292A212C393D44307832332A354448584C3A23282E2E3132333435363B466068576C5E6857705A6C60606B6668563F73796F697861");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B-3=3ECCJA=F>.storedInFile", false);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B/>01=9A6K6<IM;KRIE@PDAWM", "6E6A68707374757677");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B/>01=9A6K6<IM;KRIE@PDAWM.storedInFile", false);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B3=>@44I48?", "372C2D3269757633423633414847203E3D474E4D4C45474F2A554A4D2D5858585E4B554E366352564F");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B3=>@44I48?.storedInFile", false);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B5BA==9CJAG", "6C6E3B723D436E417A714674737577484B204E4F51");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B5BA==9CJAG.storedInFile", false);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B6B11G4C56B>F;P;ANR@P", "6E6D696A6D716F71717079757A");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B6B11G4C56B>F;P;ANR@P.storedInFile", false);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B90E@.3C;7B=?OFB>>RHIQS", "393F352F3E");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B90E@.3C;7B=?OFB>>RHIQS.storedInFile", false);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B9643G3/9E", "6A");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B9643G3/9E.storedInFile", false);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B;45>:BI9I7IE", "2B2E2C3D");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B;45>:BI9I7IE.storedInFile", false);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B<:222H64<", "393F352F3E");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B<:222H64<.storedInFile", false);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B<:222H64<L8DAJ", "6D70706F7673737974782A7976727B7D75207C");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B<:222H64<L8DAJ.storedInFile", false);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B=+03EH8H8J?:", "4443");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B=+03EH8H8J?:.storedInFile", false);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B?+E2A52D8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B?+E2A52D8.storedInFile", false);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B?B0D:8AJ62<H", "6D");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9B?B0D:8AJ62<H.storedInFile", false);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9BA@0<0BI6A7GN:6@L?", "6C");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826./9BA@0<0BI6A7GN:6@L?.storedInFile", false);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826.PG_ENABLE", "74727565");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826.PG_ENABLE.storedInFile", false);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826.SF_JUST_INSTALLED", "46414C5345");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826.SF_JUST_INSTALLED.storedInFile", false);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826.SF_STATUS", "454E41424C4544");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826.SF_STATUS.storedInFile", false);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826.SF_USER_ID", "6369645F33313132323031333232313233343231353737");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826.SF_USER_ID.storedInFile", false);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826._key_cl_active", "34613565663133652D343066632D343164302D626234352D613162333463393661313734");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826._key_cl_active.storedInFile", false);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826.cb_experience_000", "32");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826.cb_experience_000.storedInFile", false);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826.cb_user_id_000", "43423835303737353735373932375F313338383431373032353535385F46697265666F78");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826.cb_user_id_000.storedInFile", false);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826.cbfirsttime", "5475652044656320333120323031332030323A32313A323020474D542B313130302028415553204561737465726E205374616E646172642054696D6529");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826.cbfirsttime.storedInFile", false);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826.mam_gk_appStateReportTime", "31333838363336353631373137");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826.mam_gk_appStateReportTime.storedInFile", false);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826.mam_gk_appState_Clarity_Active", "6F6E");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826.mam_gk_appState_Clarity_Active.storedInFile", false);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826.mam_gk_appState_CouponBuddy", "6F6E");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826.mam_gk_appState_CouponBuddy.storedInFile", false);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826.mam_gk_appState_Easytobook", "6F6E");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826.mam_gk_appState_Easytobook.storedInFile", false);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826.mam_gk_appState_Easytobook_targeted", "6F6E");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826.mam_gk_appState_Easytobook_targeted.storedInFile", false);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826.mam_gk_appState_PriceGong", "6F6E");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826.mam_gk_appState_PriceGong.storedInFile", false);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826.mam_gk_appState_WindowShopper", "6F6E");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826.mam_gk_appState_WindowShopper.storedInFile", false);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826.mam_gk_appsConfig.storedInFile", true);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826.mam_gk_appsDefaultEnabled", "6E756C6C");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826.mam_gk_appsDefaultEnabled.storedInFile", false);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826.mam_gk_calledSetupService", "31");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826.mam_gk_calledSetupService.storedInFile", false);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826.mam_gk_currentVersion", "312E31322E302E35");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826.mam_gk_currentVersion.storedInFile", false);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826.mam_gk_eventsCache", "7B2261383930303734312D653239332D343931612D383464642D316233613230663535333366223A7B22746F706963223A2273656E645573616765222C2264617461223A7B226361746[...]
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826.mam_gk_eventsCache.storedInFile", false);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826.mam_gk_existingUsersRecoveryDone", "31");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826.mam_gk_existingUsersRecoveryDone.storedInFile", false);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826.mam_gk_first_time", "31");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826.mam_gk_first_time.storedInFile", false);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826.mam_gk_gadgetOpen", "30");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826.mam_gk_gadgetOpen.storedInFile", false);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826.mam_gk_lastLoginTime", "31333838363336353730373032");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826.mam_gk_lastLoginTime.storedInFile", false);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826.mam_gk_localization.storedInFile", true);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826.mam_gk_mamEnabled", "66616C7365");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826.mam_gk_mamEnabled.storedInFile", false);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826.mam_gk_migrated_from_ls", "31");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826.mam_gk_migrated_from_ls.storedInFile", false);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826.mam_gk_new_welcome_experience", "31");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826.mam_gk_new_welcome_experience.storedInFile", false);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826.mam_gk_settings1.12.0.5.storedInFile", true);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826.mam_gk_showWelcomeGadget", "66616C7365");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826.mam_gk_showWelcomeGadget.storedInFile", false);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826.mam_gk_stamp", "38345F30");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826.mam_gk_stamp.storedInFile", false);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826.mam_gk_userId", "64663462363965362D643032622D346562612D393235642D366237313064356336383162");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826.mam_gk_userId.storedInFile", false);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826.mam_gk_user_approval_interacted", "31");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826.mam_gk_user_approval_interacted.storedInFile", false);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826.mam_gk_welcomeDialogMode", "31");
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826.mam_gk_welcomeDialogMode.storedInFile", false);
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826.url_history0001", "68747470733A2F2F7777772E676F6F676C652E636F6D3A3A3A636C69636B68616E646C65723A3A3A313338383431363930333935392C2C2C68747470733A2F2F7777772E676F6F676C652E[...]
[xgm8qpd0.default-1354535595331] - Line Found : user_pref("valueApps.CT3225826.url_history0001.storedInFile", true);

-\\ Google Chrome v34.0.1847.116

[C:\Users\Fatima Trapaga\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://mysearch.sweetpacks.com?src=6&q={searchTerms}&barid=312954568968510268060733076332272198968&crg=3.5000006.10068&ppd=&did=10703&st=23
[C:\Users\Fatima Trapaga\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://feed.snapdo.com/?publisher=Tight ... type=ds&q={searchTerms}&installDate=13/06/2013
[C:\Users\Fatima Trapaga\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://websearch.the-searcheng.info/?l=1&q={searchTerms}&pid=1182&r=2013/09/14&hid=3267659799954690629&lg=EN&cc=AU&unqvl=35
[C:\Users\Fatima Trapaga\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : bbjciahceamgodcoidkjpchnokgfpphh
[C:\Users\Fatima Trapaga\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : cjpglkicenollcignonpgiafdgfeehoj
[C:\Users\Fatima Trapaga\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : dbpebffoameokfhnaaedmefjncfboino

*************************

AdwCleaner[R0].txt - [49071 octets] - [02/01/2015 20:03:59]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [49132 octets] ##########
ftraps
Active Member
 
Posts: 14
Joined: January 1st, 2015, 5:01 am

Re: FRST First Log

Unread postby ftraps » January 2nd, 2015, 5:24 am

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-01-2015
Ran by Fatima Trapaga (administrator) on FATIMA-HP on 02-01-2015 20:20:38
Running from C:\Users\Fatima Trapaga\Desktop
Loaded Profile: Fatima Trapaga (Available profiles: Fatima Trapaga)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(HP) C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
() C:\Program Files (x86)\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
() C:\Program Files\Lytro\lytroservice.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\Intel\Intel(R) Smart Connect Technology Agent\iSCTHIDMonitor.exe
() C:\Program Files (x86)\Photodex\ProShow Gold\scsiaccess.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\Intel\Intel(R) Smart Connect Technology Agent\iSCTHIDMonitor.exe
(HP) C:\Program Files (x86)\HP SimplePass 2012\TouchControl.exe
(HP) C:\Program Files (x86)\HP SimplePass 2012\BioMonitor.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Google Inc.) C:\Users\Fatima Trapaga\AppData\Local\Google\Update\GoogleUpdate.exe
() C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
(Dropbox, Inc.) C:\Users\Fatima Trapaga\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files (x86)\SecretSauce\updateSecretSauce.exe
() C:\Program Files (x86)\SecretSauce\bin\utilSecretSauce.exe
() C:\Program Files (x86)\SecretSauce\bin\SecretSauce.BrowserAdapter.exe
() C:\Program Files (x86)\SecretSauce\bin\SecretSauce.BrowserAdapter64.exe
() C:\Program Files (x86)\SecretSauce\bin\SecretSauce.expext.exe
() C:\Program Files (x86)\SecretSauce\bin\SecretSauce.PurBrowse64.exe
() C:\Users\Fatima Trapaga\Desktop\adwcleaner_4.106.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-08-16] (IDT, Inc.)
HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [42808 2011-06-28] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2011-04-15] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-08-18] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [169528 2011-09-02] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-20] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-09-16] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-05-23] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2015-01-01] (AVAST Software)
HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-09-16] (Citrix Systems, Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-16] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3059201928-2246701655-46435128-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1561968 2013-05-23] (Samsung)
HKU\S-1-5-21-3059201928-2246701655-46435128-1000\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-3059201928-2246701655-46435128-1000\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1106288 2013-05-23] (Samsung)
HKU\S-1-5-21-3059201928-2246701655-46435128-1000\...\Run: [Google Update] => C:\Users\Fatima Trapaga\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-01-27] (Google Inc.)
HKU\S-1-5-21-3059201928-2246701655-46435128-1000\...\Run: [MsgCenterExe] => "C:\Program Files (x86)\Real\RealPlayer\update\RealOneMessageCenter.exe" -osboot
AppInit_DLLs-x32: c:\progra~2\citrix\icacli~1\rshook.dll => c:\Program Files (x86)\Citrix\ICA Client\RSHook.dll [257176 2012-04-05] (Citrix Systems, Inc.)
Startup: C:\Users\Fatima Trapaga\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Fatima Trapaga\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-3059201928-2246701655-46435128-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchy.easylifeapp.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://searchy.easylifeapp.com/
HKU\S-1-5-21-3059201928-2246701655-46435128-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
HKU\S-1-5-21-3059201928-2246701655-46435128-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/14
HKU\S-1-5-21-3059201928-2246701655-46435128-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-3059201928-2246701655-46435128-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
SearchScopes: HKLM -> DefaultScope {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuyE0CzztDzytAyEyE0AyDtAzzzz0CyB0CtN0D0Tzu0CtAtAzztN1L2XzutBtFtBtFtDtFtAyEyE&cr=204580217
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM -> {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuyE0CzztDzytAyEyE0AyDtAzzzz0CyB0CtN0D0Tzu0CtAtAzztN1L2XzutBtFtBtFtDtFtAyEyE&cr=204580217
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://au.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/5221-1110 ... com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?publisher=Tight ... type=ds&q={searchTerms}&installDate=13/06/2013
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = http://us.yhs4.search.yahoo.com/yhs/sea ... -001&type={partner_id}&p={searchTerms}
SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.the-searcheng.info/?l=1&q={searchTerms}&pid=1182&r=2013/09/14&hid=3267659799954690629&lg=EN&cc=AU&unqvl=35
SearchScopes: HKLM-x32 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://mysearch.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10068&did=10703&barid=312954568968510268060733076332272198968
SearchScopes: HKU\S-1-5-21-3059201928-2246701655-46435128-1000 -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://mysearch.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10068&did=10703&barid=312954568968510268060733076332272198968
SearchScopes: HKU\S-1-5-21-3059201928-2246701655-46435128-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?publisher=Tight ... type=ds&q={searchTerms}&installDate=13/06/2013
SearchScopes: HKU\S-1-5-21-3059201928-2246701655-46435128-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3059201928-2246701655-46435128-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-3059201928-2246701655-46435128-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = http://us.yhs4.search.yahoo.com/yhs/sea ... -001&type={partner_id}&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3059201928-2246701655-46435128-1000 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.the-searcheng.info/?l=1&q={searchTerms}&pid=1182&r=2013/09/14&hid=3267659799954690629&lg=EN&cc=AU&unqvl=35
SearchScopes: HKU\S-1-5-21-3059201928-2246701655-46435128-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
SearchScopes: HKU\S-1-5-21-3059201928-2246701655-46435128-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
SearchScopes: HKU\S-1-5-21-3059201928-2246701655-46435128-1000 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://mysearch.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10068&did=10703&barid=312954568968510268060733076332272198968
BHO: AllSaveer -> {1EE3F601-01B4-1181-21FA-F33D88741507} -> C:\ProgramData\AllSaveer\79_rxlRM.x64.dll ()
BHO: No Name -> {1F69048B-6672-1E9D-2F37-9E9E7909B8E1} -> No File
BHO: No Name -> {25095EF5-82A2-4391-91AC-7904623A8F20} -> No File
BHO: No Name -> {27CF166C-CB94-0A45-4616-EE49A6ADEB2A} -> No File
BHO: UTubeNOADsu -> {3493C8B1-AC72-A17D-B551-DDE37A903AC1} -> C:\ProgramData\UTubeNOADsu\2VvQg.x64.dll ()
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: SecretSauce 1.0.0.6 -> {0ffd0ef2-dbe9-483a-80c4-d2c331da1ce4} -> C:\Program Files (x86)\SecretSauce\SecretSauceBHO.dll (SecretSauce)
BHO-x32: No Name -> {1F69048B-6672-1E9D-2F37-9E9E7909B8E1} -> No File
BHO-x32: No Name -> {25095EF5-82A2-4391-91AC-7904623A8F20} -> No File
BHO-x32: No Name -> {27CF166C-CB94-0A45-4616-EE49A6ADEB2A} -> No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKU\S-1-5-21-3059201928-2246701655-46435128-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-3059201928-2246701655-46435128-1000 -> No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Fatima Trapaga\AppData\Roaming\Mozilla\Firefox\Profiles\xgm8qpd0.default-1354535595331
FF DefaultSearchEngine: Microsoft (Bing)
FF DefaultSearchEngine,S: WebSearch
FF DefaultSearchUrl: hxxp://www.bing.com/search
FF SearchEngineOrder.1: Microsoft (Bing)
FF SearchEngineOrder.1,S: WebSearch
FF SelectedSearchEngine: Microsoft (Bing)
FF SelectedSearchEngine,S: WebSearch
FF Homepage: hxxp://www.google.com
FF Keyword.URL: hxxp://www.bing.com/search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @photodex.com/PhotodexPresenter -> C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3059201928-2246701655-46435128-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Fatima Trapaga\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3059201928-2246701655-46435128-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Fatima Trapaga\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\Fatima Trapaga\AppData\Roaming\Mozilla\Firefox\Profiles\xgm8qpd0.default-1354535595331\searchplugins\Web Search.xml
FF Extension: Firefox Old Version Update Hotfix - C:\Users\Fatima Trapaga\AppData\Roaming\Mozilla\Firefox\Profiles\xgm8qpd0.default-1354535595331\Extensions\firefox-hotfix@mozilla.org.xpi [2015-01-01]
FF Extension: SecretSauce 1.0.1 - C:\Users\Fatima Trapaga\AppData\Roaming\Mozilla\Firefox\Profiles\xgm8qpd0.default-1354535595331\Extensions\{84f71dda-7f74-46a2-afdb-c945e69c0195}.xpi [2015-01-01]
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com [2014-02-14]
FF HKLM\...\Firefox\Extensions: [{8E9E3331-D360-4f87-8803-52DE43566502}] - C:\Program Files\Updater By Sweetpacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-08-28]
FF HKLM-x32\...\Firefox\Extensions: [{8E9E3331-D360-4f87-8803-52DE43566502}] - C:\Program Files\Updater By Sweetpacks\Firefox

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll ()
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Citrix ICA Client) - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
CHR Profile: C:\Users\Fatima Trapaga\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Cast) - C:\Users\Fatima Trapaga\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-01-27]
CHR Extension: (SecretSauce) - C:\Users\Fatima Trapaga\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbpebffoameokfhnaaedmefjncfboino [2015-01-02]
CHR Extension: (Google Wallet) - C:\Users\Fatima Trapaga\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-15]
CHR Extension: (CoupExtension) - C:\ProgramData\lfbnccdeljjeicehfjfeboepjhjajiac\ [2013-09-15]
CHR HKLM\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\FATIMA~1\AppData\Local\funmoods.crx [2012-12-03]
CHR HKLM\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\FATIMA~1\AppData\Local\funmoods-speeddial_sf.crx [2012-12-03]
CHR HKLM-x32\...\Chrome\Extension: [bicnnkjibmphdeigoodpjlcklcnaobdj] - C:\Program Files (x86)\TornTV.com\torntv10.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dbpebffoameokfhnaaedmefjncfboino] - C:\Program Files (x86)\SecretSauce\dbpebffoameokfhnaaedmefjncfboino.crx [2015-01-02]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-01]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-01] (AVAST Software)
R2 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2007-07-24] (Apple Inc.) [File not signed]
R2 FPLService; C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe [260424 2011-08-26] (HP)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2375168 2011-03-08] (Realsil Microelectronics Inc.) [File not signed]
R2 ISCTAgent; C:\Program Files (x86)\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [93696 2011-09-07] ()
R2 LytroService; C:\Program Files\Lytro\lytroservice.exe [296576 2012-11-29] ()
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-02-26] ()
R2 ScsiAccess; C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe [186760 2013-12-27] ()
R2 Update SecretSauce; C:\Program Files (x86)\SecretSauce\updateSecretSauce.exe [524528 2015-01-02] ()
R2 Util SecretSauce; C:\Program Files (x86)\SecretSauce\bin\utilSecretSauce.exe [524528 2015-01-02] ()
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-02-26] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-01-01] ()
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-03-07] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2015-01-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-01-01] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-01-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-01-01] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-01-01] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-01-01] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-01-01] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [44992 2011-09-07] ()
R1 {345422e3-72fa-447a-9550-97803edfacf3}w64; C:\Windows\System32\drivers\{345422e3-72fa-447a-9550-97803edfacf3}w64.sys [61120 2014-04-24] (StdLib)
R1 {84f71dda-7f74-46a2-afdb-c945e69c0195}w64; C:\Windows\System32\drivers\{84f71dda-7f74-46a2-afdb-c945e69c0195}w64.sys [48784 2014-12-31] (StdLib)
S3 clwvd; system32\DRIVERS\clwvd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-02 20:20 - 2015-01-02 20:20 - 00031392 _____ () C:\Users\Fatima Trapaga\Desktop\FRST.txt
2015-01-02 20:19 - 2015-01-02 20:20 - 00000000 ____D () C:\FRST
2015-01-02 20:13 - 2015-01-02 20:13 - 02123264 _____ (Farbar) C:\Users\Fatima Trapaga\Desktop\FRST64.exe
2015-01-02 20:03 - 2015-01-02 20:05 - 00000000 ____D () C:\AdwCleaner
2015-01-02 19:45 - 2015-01-02 19:45 - 02173952 _____ () C:\Users\Fatima Trapaga\Desktop\adwcleaner_4.106.exe
2015-01-02 15:05 - 2015-01-02 15:05 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-FATIMA-HP-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2015-01-02 15:03 - 2015-01-02 15:03 - 00000000 ____D () C:\RegBackup
2015-01-02 15:01 - 2015-01-02 15:01 - 04215584 _____ () C:\Users\Fatima Trapaga\Desktop\tweaking.com_registry_backup_setup.exe
2015-01-02 15:01 - 2015-01-02 15:01 - 00002235 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-01-02 15:01 - 2015-01-02 15:01 - 00002235 _____ () C:\ProgramData\Desktop\Tweaking.com - Registry Backup.lnk
2015-01-02 15:01 - 2015-01-02 15:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-01-02 15:01 - 2015-01-02 15:01 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2015-01-02 14:47 - 2015-01-02 14:47 - 00000000 ____D () C:\Windows\system32\appraiser
2015-01-01 22:19 - 2014-10-18 13:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-01-01 22:19 - 2014-10-18 12:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-01-01 22:19 - 2014-07-07 13:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-01-01 22:19 - 2014-07-07 13:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-01-01 22:19 - 2014-07-07 13:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-01-01 22:19 - 2014-07-07 13:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-01-01 22:19 - 2014-07-07 12:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-01-01 22:19 - 2014-07-07 12:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-01-01 22:19 - 2014-07-07 12:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-01-01 22:19 - 2014-07-07 12:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-01-01 22:11 - 2014-06-27 13:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2015-01-01 22:11 - 2014-06-27 12:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2015-01-01 22:09 - 2014-07-01 09:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2015-01-01 22:09 - 2014-07-01 09:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2015-01-01 22:09 - 2014-06-06 17:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2015-01-01 22:09 - 2014-06-06 17:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2015-01-01 22:09 - 2014-03-10 08:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2015-01-01 22:09 - 2014-03-10 08:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2015-01-01 22:09 - 2014-03-10 08:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2015-01-01 22:09 - 2014-03-10 08:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2015-01-01 19:56 - 2015-01-01 19:56 - 00688992 ____R (Swearware) C:\Users\Fatima Trapaga\Desktop\dds.scr
2015-01-01 19:56 - 2015-01-01 19:56 - 00029184 _____ () C:\Users\Fatima Trapaga\Desktop\dds.txt
2015-01-01 19:56 - 2015-01-01 19:56 - 00009396 _____ () C:\Users\Fatima Trapaga\Desktop\attach.txt
2015-01-01 19:54 - 2015-01-01 19:54 - 00688992 _____ (Swearware) C:\Users\Fatima Trapaga\Desktop\dds.com
2015-01-01 19:47 - 2015-01-01 19:47 - 00000000 __SHD () C:\Users\Fatima Trapaga\AppData\Local\EmieUserList
2015-01-01 19:47 - 2015-01-01 19:47 - 00000000 __SHD () C:\Users\Fatima Trapaga\AppData\Local\EmieSiteList
2015-01-01 19:47 - 2014-12-04 13:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-01-01 19:47 - 2014-12-04 13:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-01-01 19:47 - 2014-12-04 13:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-01-01 19:47 - 2014-12-04 13:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-01-01 19:47 - 2014-12-04 13:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-01-01 19:47 - 2014-12-04 13:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-01-01 19:47 - 2014-12-04 13:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-01-01 19:47 - 2014-12-02 10:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-01-01 19:47 - 2014-08-01 22:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2015-01-01 19:47 - 2014-08-01 22:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2015-01-01 19:46 - 2014-11-11 14:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-01-01 19:46 - 2014-11-11 13:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-01-01 19:46 - 2014-11-11 12:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-01-01 19:46 - 2014-10-14 13:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-01-01 19:46 - 2014-10-14 13:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-01-01 19:46 - 2014-10-14 13:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-01-01 19:46 - 2014-10-14 12:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-01-01 19:46 - 2014-10-14 12:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-01-01 19:46 - 2014-08-21 17:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-01-01 19:46 - 2014-08-21 17:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-01-01 19:46 - 2014-08-21 17:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-01-01 19:46 - 2014-08-21 17:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-01-01 19:46 - 2014-06-24 14:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-01-01 19:46 - 2014-06-24 13:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-01-01 19:46 - 2014-06-19 09:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2015-01-01 19:46 - 2014-06-19 09:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2015-01-01 19:46 - 2014-06-19 09:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2015-01-01 19:46 - 2014-06-19 09:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2015-01-01 19:46 - 2014-06-19 09:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2015-01-01 19:46 - 2014-06-19 09:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2015-01-01 19:45 - 2014-11-27 12:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-01-01 19:45 - 2014-11-27 12:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-01-01 19:45 - 2014-11-22 14:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-01-01 19:45 - 2014-11-22 14:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-01-01 19:45 - 2014-11-22 14:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-01-01 19:45 - 2014-11-22 13:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-01-01 19:45 - 2014-11-22 13:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-01-01 19:45 - 2014-11-22 13:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-01-01 19:45 - 2014-11-22 13:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-01-01 19:45 - 2014-11-22 13:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-01-01 19:45 - 2014-11-22 13:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-01-01 19:45 - 2014-11-22 13:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-01-01 19:45 - 2014-11-22 13:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-01-01 19:45 - 2014-11-22 13:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-01-01 19:45 - 2014-11-22 13:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-01-01 19:45 - 2014-11-22 13:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-01-01 19:45 - 2014-11-22 13:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-01-01 19:45 - 2014-11-22 13:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-01-01 19:45 - 2014-11-22 13:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-01-01 19:45 - 2014-11-22 13:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-01-01 19:45 - 2014-11-22 13:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-01-01 19:45 - 2014-11-22 13:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-01-01 19:45 - 2014-11-22 13:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-01-01 19:45 - 2014-11-22 13:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-01-01 19:45 - 2014-11-22 13:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-01-01 19:45 - 2014-11-22 13:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-01-01 19:45 - 2014-11-22 13:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-01-01 19:45 - 2014-11-22 13:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-01-01 19:45 - 2014-11-22 13:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-01-01 19:45 - 2014-11-22 13:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-01-01 19:45 - 2014-11-22 12:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-01-01 19:45 - 2014-11-22 12:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-01-01 19:45 - 2014-11-22 12:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-01-01 19:45 - 2014-11-22 12:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-01-01 19:45 - 2014-11-22 12:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-01-01 19:45 - 2014-11-22 12:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-01-01 19:45 - 2014-11-22 12:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-01-01 19:45 - 2014-11-22 12:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-01-01 19:45 - 2014-11-22 12:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-01-01 19:45 - 2014-11-22 12:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-01-01 19:45 - 2014-11-22 12:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-01-01 19:45 - 2014-11-22 12:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-01-01 19:45 - 2014-11-22 12:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-01-01 19:45 - 2014-11-22 12:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-01-01 19:45 - 2014-11-22 12:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-01-01 19:45 - 2014-11-22 12:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-01-01 19:45 - 2014-11-22 12:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-01-01 19:45 - 2014-11-22 12:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-01-01 19:45 - 2014-11-22 12:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-01-01 19:45 - 2014-11-22 12:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-01-01 19:45 - 2014-11-22 12:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-01-01 19:45 - 2014-11-22 12:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-01-01 19:45 - 2014-11-22 12:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-01-01 19:45 - 2014-11-22 12:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-01-01 19:45 - 2014-11-22 11:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-01-01 19:45 - 2014-11-22 11:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-01-01 19:44 - 2015-01-01 19:44 - 00000000 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_71-b14.log
2015-01-01 19:44 - 2014-09-25 13:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-01-01 19:44 - 2014-09-25 12:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-01-01 19:44 - 2014-08-12 13:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2015-01-01 19:44 - 2014-08-12 12:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2015-01-01 19:44 - 2014-06-12 18:52 - 00986560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2015-01-01 19:43 - 2014-11-11 14:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-01-01 19:43 - 2014-11-11 14:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-01-01 19:43 - 2014-11-11 13:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-01-01 19:43 - 2014-11-11 13:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-01-01 19:43 - 2014-10-30 13:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2015-01-01 19:43 - 2014-10-30 12:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2015-01-01 19:43 - 2014-10-14 13:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-01-01 19:43 - 2014-10-14 13:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-01-01 19:43 - 2014-10-14 12:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-01-01 19:43 - 2014-10-14 12:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-01-01 19:43 - 2014-10-03 13:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2015-01-01 19:43 - 2014-10-03 13:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-01-01 19:43 - 2014-10-03 13:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2015-01-01 19:43 - 2014-10-03 13:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2015-01-01 19:43 - 2014-10-03 13:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2015-01-01 19:43 - 2014-10-03 13:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-01 19:43 - 2014-10-03 13:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-01-01 19:43 - 2014-10-03 13:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-01-01 19:43 - 2014-10-03 13:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-01 19:43 - 2014-10-03 13:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2015-01-01 19:43 - 2014-10-03 12:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2015-01-01 19:43 - 2014-10-03 12:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2015-01-01 19:43 - 2014-10-03 12:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2015-01-01 19:43 - 2014-10-03 12:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2015-01-01 19:43 - 2014-10-03 12:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-01-01 19:43 - 2014-10-03 12:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-01-01 19:43 - 2014-10-03 12:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2015-01-01 19:43 - 2014-10-03 12:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-01-01 19:43 - 2014-09-04 16:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2015-01-01 19:43 - 2014-09-04 16:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2015-01-01 19:43 - 2014-08-29 13:07 - 05780480 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-01-01 19:43 - 2014-08-29 13:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-01-01 19:43 - 2014-08-29 13:07 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-01-01 19:43 - 2014-08-29 13:07 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-01-01 19:43 - 2014-08-29 13:06 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-01-01 19:43 - 2014-08-29 12:44 - 04922368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-01-01 19:43 - 2014-08-29 12:44 - 01050112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2015-01-01 19:43 - 2014-08-29 12:44 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-01-01 19:43 - 2014-08-29 12:44 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-01-01 19:43 - 2014-06-25 13:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-01-01 19:43 - 2014-06-25 12:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-01-01 19:42 - 2014-11-08 14:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-01-01 19:42 - 2014-11-08 13:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-01-01 19:42 - 2014-10-25 12:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-01-01 19:42 - 2014-10-25 12:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2015-01-01 19:42 - 2014-10-10 11:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-01-01 19:42 - 2014-09-19 20:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-01-01 19:42 - 2014-09-19 20:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-01-01 19:42 - 2014-09-19 20:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-01-01 19:42 - 2014-09-19 20:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-01-01 19:42 - 2014-09-19 20:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-01-01 19:42 - 2014-09-19 20:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-01-01 19:42 - 2014-09-19 20:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-01-01 19:42 - 2014-09-19 20:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-01-01 19:42 - 2014-09-19 20:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-01-01 19:42 - 2014-09-19 20:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-01-01 19:42 - 2014-09-19 20:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-01-01 19:42 - 2014-09-19 20:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-01-01 19:42 - 2014-07-17 13:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2015-01-01 19:42 - 2014-07-17 13:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2015-01-01 19:42 - 2014-07-17 13:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2015-01-01 19:42 - 2014-07-17 12:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2015-01-01 19:42 - 2014-07-17 12:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2015-01-01 19:42 - 2014-07-17 12:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2015-01-01 19:41 - 2014-10-14 13:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-01-01 19:41 - 2014-10-14 12:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-01-01 19:41 - 2014-06-03 21:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-01-01 19:41 - 2014-06-03 21:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-01-01 19:41 - 2014-06-03 21:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-01-01 19:41 - 2014-06-03 20:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-01-01 19:41 - 2014-06-03 20:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-01-01 19:40 - 2014-10-18 13:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-01-01 19:40 - 2014-10-18 12:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-01-01 19:40 - 2014-08-23 13:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-01-01 19:40 - 2014-08-23 12:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-01-01 19:40 - 2014-07-14 13:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-01-01 19:40 - 2014-07-14 12:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-01-01 19:13 - 2014-05-15 03:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-01-01 19:13 - 2014-05-15 03:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-01-01 19:13 - 2014-05-15 03:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-01-01 19:13 - 2014-05-15 03:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-01-01 19:13 - 2014-05-15 03:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-01-01 19:13 - 2014-05-15 03:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-01-01 19:13 - 2014-05-15 03:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-01-01 19:13 - 2014-05-15 03:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-01-01 19:13 - 2014-05-15 03:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-01-01 19:13 - 2014-05-15 03:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-01-01 19:13 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-01-01 19:13 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-01-01 19:13 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-01-01 19:13 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-01-01 19:08 - 2015-01-01 19:08 - 00001964 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-01-01 19:08 - 2015-01-01 19:08 - 00001964 _____ () C:\ProgramData\Desktop\Avast Free Antivirus.lnk
2015-01-01 19:07 - 2015-01-01 19:07 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-01-01 19:07 - 2015-01-01 19:07 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-01-01 19:07 - 2015-01-01 19:07 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-01-01 19:04 - 2014-12-31 19:28 - 00048784 _____ (StdLib) C:\Windows\system32\Drivers\{84f71dda-7f74-46a2-afdb-c945e69c0195}w64.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-02 20:05 - 2014-01-27 20:00 - 00000944 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3059201928-2246701655-46435128-1000UA.job
2015-01-02 20:05 - 2014-01-27 20:00 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3059201928-2246701655-46435128-1000Core.job
2015-01-02 19:57 - 2013-12-25 22:05 - 00000000 ____D () C:\Program Files (x86)\SecretSauce
2015-01-02 19:53 - 2012-09-06 19:04 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-02 19:52 - 2012-08-03 00:20 - 00003966 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{AFD5341F-A304-49D5-991C-B3DC8E6403F6}
2015-01-02 19:48 - 2012-08-28 15:04 - 00000914 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-02 19:48 - 2012-08-28 15:04 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-02 19:07 - 2011-12-09 16:14 - 01254447 _____ () C:\Windows\WindowsUpdate.log
2015-01-02 18:57 - 2009-07-14 13:34 - 00000580 _____ () C:\Windows\win.ini
2015-01-02 15:18 - 2009-07-14 16:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-02 15:17 - 2014-02-14 12:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-02 15:00 - 2009-07-14 15:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-02 15:00 - 2009-07-14 15:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-02 14:56 - 2012-09-29 12:22 - 00000000 ___RD () C:\Users\Fatima Trapaga\Dropbox
2015-01-02 14:56 - 2012-09-29 12:20 - 00000000 ____D () C:\Users\Fatima Trapaga\AppData\Roaming\Dropbox
2015-01-02 14:55 - 2012-08-28 15:03 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-02 14:52 - 2013-06-13 20:48 - 00000432 _____ () C:\Windows\Tasks\PC Optimizer Pro64 startups.job
2015-01-02 14:52 - 2009-07-14 16:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-02 14:52 - 2009-07-14 15:51 - 00094161 _____ () C:\Windows\setupact.log
2015-01-02 14:50 - 2009-07-14 14:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-02 14:49 - 2009-07-14 15:45 - 00419680 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-02 14:47 - 2014-07-13 17:02 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-01-02 14:47 - 2009-07-14 14:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-01-02 14:47 - 2009-07-14 14:20 - 00000000 ____D () C:\Windows\AppCompat
2015-01-02 14:46 - 2010-11-21 14:47 - 00806826 _____ () C:\Windows\PFRO.log
2015-01-01 22:33 - 2013-08-18 01:14 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-01 22:23 - 2014-02-25 23:55 - 00766820 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-01 20:53 - 2012-09-06 19:04 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-01 20:53 - 2012-09-06 19:04 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-01 20:53 - 2011-10-14 15:27 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-01 19:50 - 2013-12-31 02:44 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-01 19:48 - 2014-01-02 17:02 - 00000000 ____D () C:\ProgramData\lfbnccdeljjeicehfjfeboepjhjajiac
2015-01-01 19:44 - 2013-01-12 00:01 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-01 19:16 - 2013-02-09 10:29 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2015-01-01 19:16 - 2012-08-15 22:53 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-01-01 19:11 - 2013-01-10 23:03 - 00001478 _____ () C:\Windows\wininit.ini
2015-01-01 19:11 - 2012-09-29 12:22 - 00001045 _____ () C:\Users\Fatima Trapaga\Desktop\Dropbox.lnk
2015-01-01 19:11 - 2012-09-29 12:21 - 00000000 ____D () C:\Users\Fatima Trapaga\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-01-01 19:08 - 2012-08-28 15:03 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-01-01 19:07 - 2014-01-02 15:38 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2015-01-01 19:07 - 2013-03-24 11:50 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-01-01 19:07 - 2013-03-24 11:50 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-01-01 19:07 - 2012-08-28 15:03 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-01-01 19:07 - 2012-08-28 15:03 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-01-01 19:07 - 2012-08-28 15:03 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys

Some content of TEMP:
====================
C:\Users\Fatima Trapaga\AppData\Local\Temp\32796uninstall.exe
C:\Users\Fatima Trapaga\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpazctsx.dll
C:\Users\Fatima Trapaga\AppData\Local\Temp\Extract.exe
C:\Users\Fatima Trapaga\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Fatima Trapaga\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Fatima Trapaga\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Fatima Trapaga\AppData\Local\Temp\lowproc.exe
C:\Users\Fatima Trapaga\AppData\Local\Temp\mgsqlite3.dll
C:\Users\Fatima Trapaga\AppData\Local\Temp\ose00000.exe
C:\Users\Fatima Trapaga\AppData\Local\Temp\pa5qkdpc.dll
C:\Users\Fatima Trapaga\AppData\Local\Temp\Quarantine.exe
C:\Users\Fatima Trapaga\AppData\Local\Temp\Shortcut_BundleSweetIMSetup.exe
C:\Users\Fatima Trapaga\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Fatima Trapaga\AppData\Local\Temp\SP55138.exe
C:\Users\Fatima Trapaga\AppData\Local\Temp\SP56053.exe
C:\Users\Fatima Trapaga\AppData\Local\Temp\SP56929.exe
C:\Users\Fatima Trapaga\AppData\Local\Temp\SP57090.exe
C:\Users\Fatima Trapaga\AppData\Local\Temp\SP57232.exe
C:\Users\Fatima Trapaga\AppData\Local\Temp\SP57398.exe
C:\Users\Fatima Trapaga\AppData\Local\Temp\SP57698.exe
C:\Users\Fatima Trapaga\AppData\Local\Temp\sp58915.exe
C:\Users\Fatima Trapaga\AppData\Local\Temp\SP59555.exe
C:\Users\Fatima Trapaga\AppData\Local\Temp\SP60051.exe
C:\Users\Fatima Trapaga\AppData\Local\Temp\spacksyahoo_717_active.exe
C:\Users\Fatima Trapaga\AppData\Local\Temp\sqlite3.dll
C:\Users\Fatima Trapaga\AppData\Local\Temp\stubhelper.dll
C:\Users\Fatima Trapaga\AppData\Local\Temp\swt-win32-3448.dll
C:\Users\Fatima Trapaga\AppData\Local\Temp\Uninstall.exe
C:\Users\Fatima Trapaga\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Fatima Trapaga\AppData\Local\Temp\uttCC38.tmp.exe
C:\Users\Fatima Trapaga\AppData\Local\Temp\WSSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-12 19:39

==================== End Of Log ============================
ftraps
Active Member
 
Posts: 14
Joined: January 1st, 2015, 5:01 am

Re: FRST Additional log

Unread postby ftraps » January 2nd, 2015, 5:26 am

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-01-2015
Ran by Fatima Trapaga at 2015-01-02 20:21:23
Running from C:\Users\Fatima Trapaga\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.1.629 - Adobe Systems, Inc.)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
AMD Catalyst Install Manager (HKLM\...\{F22CFF73-BDD4-0198-32B6-C3171AA14814}) (Version: 3.0.838.0 - Advanced Micro Devices, Inc.)
Ashampoo Burning Studio 6 FREE v.6.84 (HKLM-x32\...\{91B33C97-3ED1-03EA-A67B-244AA4D7B559}_is1) (Version: 6.8.4 - Ashampoo GmbH & Co. KG)
AuthenTec TrueAPI (Version: 1.3.0.144 - AuthenTec, Inc.) Hidden
AuthenTec WinBio FingerPrint Software (HKLM\...\{4BDCF60D-EAAB-4595-B571-283F529F6AFA}) (Version: 3.2.2.1072 - AuthenTec, Inc.)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
BitTorrent (HKU\S-1-5-21-3059201928-2246701655-46435128-1000\...\BitTorrent) (Version: 7.8.2.30445 - BitTorrent Inc.)
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bonjour (HKLM-x32\...\{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}) (Version: 1.0.104 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
Buzzdock (HKLM\...\{ac225167-00fc-452d-94c5-bb93600e7d9a}) (Version: - Alactro LLC) <==== ATTENTION
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
calibre (HKLM-x32\...\{EA5D1265-C23C-4410-B722-19314A654B13}) (Version: 0.9.14 - Kovid Goyal)
ChromecastApp (HKU\S-1-5-21-3059201928-2246701655-46435128-1000\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.1.266.0 - Google Inc.)
Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.0.1.4 - Citrix Systems, Inc.)
Cradle of Rome 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-3059201928-2246701655-46435128-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
EaseUS Data Recovery Wizard 5.6.1 (HKLM-x32\...\EaseUS Data Recovery Wizard 5.6.1_is1) (Version: - EaseUS)
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)
e-tax 2013 (HKLM-x32\...\{FFF14233-FE39-4671-A38E-76FD8F24A879}) (Version: 0.7.491 - Australian Taxation Office)
Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.22 - Evernote Corp.)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Drive (HKLM-x32\...\{56D4499E-AC3E-4B8D-91C9-C700C148C44B}) (Version: 1.13.5782.599 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{DFB497E0-CE3F-40FC-9596-FC7A48775DE4}) (Version: 4.1.16.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{D25BAEFB-2216-4757-90FF-0007635BE7A1}) (Version: 1.1.1.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP Launch Box (HKLM\...\{9CAB2212-0732-4827-8EC4-61D8EF0AA65B}) (Version: 1.0.11 - Hewlett-Packard Company)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{7E799992-5DA0-4A1A-9443-B1836B063FEC}) (Version: 1.4.8 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{D6159AEF-32BD-4177-82AE-5ED1F0F0DC1D}) (Version: 3.1.1.10066 - Hewlett-Packard Company)
HP Security Assistant (HKLM\...\{5F0E36BD-658D-476C-9289-E6EA2C164830}) (Version: 1.0.10 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{5036764A-435D-40C9-869C-31085A3D741D}) (Version: 8.7.4751.3798 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13476.3753 - Hewlett-Packard Company)
HP SimplePass 2012 (HKLM-x32\...\{423FBEB8-21C6-4720-A8DA-B19B06FDB607}) (Version: 5.3.1.7 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{1DFA0C99-6E2E-46F4-B242-51C7CF41DDE5}) (Version: 4.5.12.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6359.0 - IDT)
Intel(R) Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3074 - Intel Corporation)
Intel(R) Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{37EC048A-81A2-452A-8D1F-3BE2018E767D}) (Version: 15.1.0.0096 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{2ABA2E8D-23CF-418F-BC8F-2EC99FA51A3F}) (Version: 1.2.1.0608 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.2.1001 - Intel Corporation)
Intel(R) Smart Connect Technology 1.0 (HKLM-x32\...\{0A918A9E-74F2-41CB-969F-FB0CB9A51DD8}) (Version: 1.0.698.0 - Intel)
Intel(R) WiDi (HKLM-x32\...\{7257132D-7F65-41E6-A90F-43BF6099461A}) (Version: 2.1.42.0 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )
Intel® PROSet/Wireless WiFi Software (HKLM\...\{E2D0B67F-8032-4E11-87C6-C8C721D331B3}) (Version: 15.01.0500.0903 - Intel Corporation)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Jewel Quest: The Sleepless Star - Collector's Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 9.7.5 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.7.5 - )
Lytro Desktop (HKLM-x32\...\LytroDesktop) (Version: 1.0 - Lytro, Inc.)
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Music Editor Free (HKLM-x32\...\Music Editor Free) (Version: - MEF GmbH.)
MyFreeCodec (HKU\S-1-5-21-3059201928-2246701655-46435128-1000\...\MyFreeCodec) (Version: - )
Mystery of Mortlake Mansion (x32 Version: 2.2.0.97 - WildTangent) Hidden
Namco All-Stars: PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
OLYMPUS Digital Camera Updater (HKLM-x32\...\{2A9E8F56-C31B-4DBB-BFE2-0F4EC8192355}) (Version: 1.0.3 - OLYMPUS IMAGING CORP.)
OLYMPUS Viewer 2 (HKLM-x32\...\{797808CA-1563-4EA0-A280-1371AC2F2310}) (Version: 1.3.0 - OLYMPUS IMAGING CORP.)
Online Plug-in (x32 Version: 13.1.200.22 - Citrix Systems, Inc.) Hidden
Online Plug-in (x32 Version: 14.0.1.4 - Citrix Systems, Inc.) Hidden
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Photodex Presenter (HKLM-x32\...\Photodex Presenter) (Version: - Photodex Corporation)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
ProShow Gold (HKLM-x32\...\ProShow Gold) (Version: - Photodex Corporation)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.46.610.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.83 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.19.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.19.0 - Renesas Electronics Corporation) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13052_10 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.3.13052_10 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.24.0 - SAMSUNG Electronics Co., Ltd.)
SearchNewTab (HKLM-x32\...\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}) (Version: 2.0.0.1673 - SearchNewTab) <==== ATTENTION
SecretSauce (HKLM\...\SecretSauce) (Version: 2013.12.07.011955 - SecretSauce) <==== ATTENTION!
Self-service Plug-in (x32 Version: 4.0.1.41859 - Citrix Systems, Inc.) Hidden
Skype™ 5.3 (HKLM-x32\...\{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}) (Version: 5.3.120 - Skype Technologies S.A.)
Slingo Supreme (x32 Version: 2.2.0.97 - WildTangent) Hidden
Smart Partition Recovery v2.5 (HKLM-x32\...\Smart Partition Recovery_is1) (Version: 2.5 - Smart PC Solutions)
Stanza (HKLM-x32\...\Stanza) (Version: - )
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
TornTV (HKLM-x32\...\1ClickDownload) (Version: 2.1 Build 26473 - TornTV.com) <==== ATTENTION
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.10.1 - Tweaking.com)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
UTubeNOADsu (HKLM-x32\...\{C6E49138-C2CF-5337-D358-0734FD33EFB4}) (Version: - UTubaeeNoAdS)
Vacation Quest - The Hawaiian Islands (x32 Version: 2.2.0.97 - WildTangent) Hidden
VIP Access SDK (1.0.1.2) (HKLM-x32\...\VIP Access SDK) (Version: 1.0.1.2 - Symantec Inc.)
Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden
VLC media player 2.0.7 (HKLM-x32\...\VLC media player) (Version: 2.0.7 - VideoLAN)
WildTangent Games App (HP Games) (x32 Version: 4.0.5.2 - WildTangent) Hidden
Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) (HKLM\...\2C1C2F29FADF39F533CEEE67B90F07A5306A4BDB) (Version: 09/09/2009 1.0.0.0 - OLYMPUS IMAGING CORP.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3059201928-2246701655-46435128-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Fatima Trapaga\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3059201928-2246701655-46435128-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Fatima Trapaga\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3059201928-2246701655-46435128-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Fatima Trapaga\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3059201928-2246701655-46435128-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Fatima Trapaga\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3059201928-2246701655-46435128-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Fatima Trapaga\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3059201928-2246701655-46435128-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Fatima Trapaga\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3059201928-2246701655-46435128-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Fatima Trapaga\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3059201928-2246701655-46435128-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Fatima Trapaga\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3059201928-2246701655-46435128-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Fatima Trapaga\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points =========================

14-04-2014 17:57:22 Windows Update
12-07-2014 20:15:05 Scheduled Checkpoint
12-07-2014 20:28:29 Windows Update
01-01-2015 19:03:27 avast! antivirus system restore point
01-01-2015 19:12:58 Windows Update
01-01-2015 19:43:12 Installed Java 7 Update 71
01-01-2015 22:08:17 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 13:34 - 2009-06-11 08:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {02315F0F-0D29-4EF0-BEE6-872A0519C180} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {22B3E7F2-8AE0-4B5F-B3A5-B0EC9F34583A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3059201928-2246701655-46435128-1000Core => C:\Users\Fatima Trapaga\AppData\Local\Google\Update\GoogleUpdate.exe [2014-01-27] (Google Inc.)
Task: {31907BBA-3789-4A74-AF2B-B9E4778611FF} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3059201928-2246701655-46435128-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {3B7838E0-1417-4E98-AD14-06F531617FE0} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-01-01] (AVAST Software)
Task: {529F186E-E175-43B5-BC87-51DC397BDE46} - System32\Tasks\PC Optimizer Pro64 startups => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: {52DF6B52-F8B7-48E7-9B18-1CF67943FA77} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {7A784366-867E-401B-A3CE-BE26008E62EE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-28] (Google Inc.)
Task: {806E0277-2222-41FB-8754-38F8ECFFEA74} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {96B71585-1461-4075-B0F2-5538FFB217F5} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3059201928-2246701655-46435128-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {9F091427-C7FC-4194-A8B9-4F661F558400} - System32\Tasks\{F6610C78-C972-431A-963A-C5CB557AC2DA} => pcalua.exe -a "C:\ProgramData\Citrix\Citrix Receiver\TrolleyExpress.exe" -c /uninstall /cleanup
Task: {AE743FB6-9A09-4D95-900A-2AEE271CB009} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3059201928-2246701655-46435128-1000UA => C:\Users\Fatima Trapaga\AppData\Local\Google\Update\GoogleUpdate.exe [2014-01-27] (Google Inc.)
Task: {BAA56B38-D798-4751-9BE6-0AA55427B238} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-28] (Google Inc.)
Task: {EADC8D73-6A0B-4393-8E34-D39046FB0FEB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-01] (Adobe Systems Incorporated)
Task: {EE80178B-2FDD-4DA7-AA6A-5255080EAF7F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {F5263810-09D4-4D75-AD63-C1002A52034F} - System32\Tasks\{ACA18213-783D-4816-8045-5D3C84219519} => pcalua.exe -a "C:\Users\Fatima Trapaga\Desktop\StanzaSetup.exe" -d "C:\Users\Fatima Trapaga\Desktop"
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3059201928-2246701655-46435128-1000Core.job => C:\Users\Fatima Trapaga\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3059201928-2246701655-46435128-1000UA.job => C:\Users\Fatima Trapaga\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PC Optimizer Pro64 startups.job => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2011-09-07 06:48 - 2011-09-07 06:48 - 00093696 _____ () C:\Program Files (x86)\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2012-11-29 14:28 - 2012-11-29 14:28 - 00296576 _____ () C:\Program Files\Lytro\lytroservice.exe
2011-09-07 06:48 - 2011-09-07 06:48 - 00026112 _____ () C:\Program Files (x86)\Intel\Intel(R) Smart Connect Technology Agent\ISCTHidMonitor.exe
2013-12-27 17:31 - 2013-12-27 17:31 - 00186760 _____ () C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2011-08-10 02:44 - 2011-08-10 02:44 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-06-28 10:18 - 2011-06-28 10:18 - 00107320 _____ () C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
2011-08-18 17:14 - 2011-08-18 17:14 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-09-03 05:49 - 2011-09-03 05:49 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2013-12-07 12:25 - 2015-01-02 18:53 - 00524528 _____ () C:\Program Files (x86)\SecretSauce\updateSecretSauce.exe
2013-12-26 14:02 - 2015-01-02 18:56 - 00524528 _____ () C:\Program Files (x86)\SecretSauce\bin\utilSecretSauce.exe
2014-04-11 18:58 - 2015-01-02 16:27 - 00098544 _____ () C:\Program Files (x86)\SecretSauce\bin\SecretSauce.BrowserAdapter.exe
2015-01-01 19:12 - 2015-01-02 16:27 - 00114928 _____ () C:\Program Files (x86)\SecretSauce\bin\SecretSauce.BrowserAdapter64.exe
2015-01-01 19:04 - 2015-01-01 15:28 - 00101616 _____ () C:\Program Files (x86)\SecretSauce\bin\SecretSauce.expext.exe
2014-04-27 23:47 - 2015-01-01 21:28 - 00353008 _____ () C:\Program Files (x86)\SecretSauce\bin\SecretSauce.PurBrowse64.exe
2015-01-02 19:45 - 2015-01-02 19:45 - 02173952 _____ () C:\Users\Fatima Trapaga\Desktop\adwcleaner_4.106.exe
2015-01-01 19:01 - 2015-01-01 19:01 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\14123101\algo.dll
2015-01-02 18:58 - 2015-01-02 18:58 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15010200\algo.dll
2011-09-07 06:48 - 2011-09-07 06:48 - 00036352 _____ () C:\Program Files (x86)\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2014-10-22 11:22 - 2014-10-22 11:22 - 00750080 _____ () C:\Users\Fatima Trapaga\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-01-02 14:55 - 2015-01-02 14:55 - 00043008 _____ () c:\Users\Fatima Trapaga\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpazctsx.dll
2014-10-22 11:22 - 2014-10-22 11:22 - 00047616 _____ () C:\Users\Fatima Trapaga\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-22 11:22 - 2014-10-22 11:22 - 00863744 _____ () C:\Users\Fatima Trapaga\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-22 11:22 - 2014-10-22 11:22 - 00200704 _____ () C:\Users\Fatima Trapaga\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-03-30 17:17 - 2014-03-15 19:40 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2011-03-17 00:11 - 2011-03-17 00:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-01-01 19:12 - 2015-01-02 03:36 - 00197360 ____N () C:\Program Files (x86)\SecretSauce\bin\84f71dda7f7446a2afdb.dll
2015-01-01 19:07 - 2015-01-01 19:07 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2011-12-09 16:14 - 2011-08-24 16:37 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2015-01-01 20:53 - 2015-01-01 20:53 - 16841392 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll
2013-12-27 17:17 - 2013-12-27 17:17 - 00337920 _____ () C:\Program Files (x86)\SecretSauce\bin\sqlite3.DLL
2015-01-01 19:04 - 2015-01-01 15:28 - 00082160 _____ () C:\Program Files (x86)\SecretSauce\bin\SecretSauce.expextdll.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-3059201928-2246701655-46435128-500 - Administrator - Disabled)
Fatima Trapaga (S-1-5-21-3059201928-2246701655-46435128-1000 - Administrator - Enabled) => C:\Users\Fatima Trapaga
Guest (S-1-5-21-3059201928-2246701655-46435128-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3059201928-2246701655-46435128-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: avast! Firewall NDIS Filter Miniport
Description: avast! Firewall NDIS Filter Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ALWIL Software
Service: aswNdis
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/02/2015 03:07:54 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (01/02/2015 02:52:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/02/2015 02:52:21 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CIRSTDriverApi::CreateInstance *****Unable to open the IRST device driver

Error: (01/02/2015 02:52:21 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CDriverApi::GetInterfaceAlias *****Unable to enumerate device interfaces, error=0x103

Error: (01/02/2015 02:50:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/02/2015 02:49:49 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CIRSTDriverApi::CreateInstance *****Unable to open the IRST device driver

Error: (01/02/2015 02:49:49 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CDriverApi::GetInterfaceAlias *****Unable to enumerate device interfaces, error=0x103

Error: (01/01/2015 10:08:31 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary avast! Network Shield Support.

System Error:
The system cannot find the file specified.
.

Error: (01/01/2015 07:44:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary avast! Network Shield Support.

System Error:
The system cannot find the file specified.
.

Error: (01/01/2015 07:12:59 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary avast! Network Shield Support.

System Error:
The system cannot find the file specified.
.


System errors:
=============
Error: (01/02/2015 02:57:19 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows 7 for x64-based Systems (KB2952664).

Error: (01/01/2015 07:01:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Util SecretSauce service failed to start due to the following error:
%%1053

Error: (01/01/2015 07:01:40 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Util SecretSauce service to connect.

Error: (07/12/2014 06:34:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Util SecretSauce service failed to start due to the following error:
%%1053

Error: (07/12/2014 06:34:46 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Util SecretSauce service to connect.

Error: (07/12/2014 06:34:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update SecretSauce service failed to start due to the following error:
%%1053

Error: (07/12/2014 06:34:15 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Update SecretSauce service to connect.

Error: (04/14/2014 09:36:06 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4}

Error: (04/14/2014 09:30:25 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The RealPlayer Cloud Service service terminated unexpectedly. It has done this 1 time(s).

Error: (04/14/2014 09:24:18 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!


Microsoft Office Sessions:
=========================
Error: (01/02/2015 03:07:54 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Users\Fatima Trapaga\Downloads\SoftonicDownloader_for_stanza-desktop.exe

Error: (01/02/2015 02:52:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/02/2015 02:52:21 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CIRSTDriverApi::CreateInstance *****Unable to open the IRST device driver

Error: (01/02/2015 02:52:21 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CDriverApi::GetInterfaceAlias *****Unable to enumerate device interfaces, error=0x103

Error: (01/02/2015 02:50:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/02/2015 02:49:49 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CIRSTDriverApi::CreateInstance *****Unable to open the IRST device driver

Error: (01/02/2015 02:49:49 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CDriverApi::GetInterfaceAlias *****Unable to enumerate device interfaces, error=0x103

Error: (01/01/2015 10:08:31 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary avast! Network Shield Support.

System Error:
The system cannot find the file specified.

Error: (01/01/2015 07:44:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary avast! Network Shield Support.

System Error:
The system cannot find the file specified.

Error: (01/01/2015 07:12:59 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary avast! Network Shield Support.

System Error:
The system cannot find the file specified.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz
Percentage of memory in use: 44%
Total physical RAM: 8139.81 MB
Available physical RAM: 4557.11 MB
Total Pagefile: 16277.8 MB
Available Pagefile: 12339.58 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:445.93 GB) (Free:2.29 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery) (Fixed) (Total:15.67 GB) (Free:1.73 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.09 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 42F5F38D)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=445.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15.7 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)

==================== End Of Log ============================
ftraps
Active Member
 
Posts: 14
Joined: January 1st, 2015, 5:01 am

Re: Scan log search registry

Unread postby ftraps » January 2nd, 2015, 5:37 am

Farbar Recovery Scan Tool (x64) Version: 01-01-2015
Ran by Fatima Trapaga at 2015-01-02 20:33:27
Running from C:\Users\Fatima Trapaga\Desktop
Boot Mode: Normal

================== Search Registry: "Fun4IM;Bandoo;Searchnu;Searchqu;iLivid;whitesmoke;datamngr;kelkoopartners;trolltech;babylon;conduit;SecretSauce;easylife" ===========


===================== Search result for "Searchqu" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
""="ISearchQueryHelper"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
""="ISearchQueryHelper"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
""="ISearchQueryHelper"


===================== Search result for "trolltech" ==========

[HKEY_USERS\S-1-5-21-3059201928-2246701655-46435128-1000\Software\Trolltech]

[HKEY_USERS\S-1-5-21-3059201928-2246701655-46435128-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QIconEngineFactoryInterface:]

[HKEY_USERS\S-1-5-21-3059201928-2246701655-46435128-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]

===================== Search result for "babylon" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"


===================== Search result for "conduit" ==========

[HKEY_USERS\S-1-5-21-3059201928-2246701655-46435128-1000\Software\Conduit]

[HKEY_USERS\S-1-5-21-3059201928-2246701655-46435128-1000\Software\Conduit\DistributionEngine\27\OfferHistory\688683]
"OfferUrl"="http://cms.distributionengine.conduit-services.com/DynamicOffer/542659/688683/"


===================== Search result for "SecretSauce" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}\InprocServer32]
""="C:\Program Files (x86)\SecretSauce\bin\{84f71dda-7f74-46a2-afdb-c945e69c0195}64.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E98BAC43-260C-4BB5-9CD5-75EE5BD6BF5E}]
""="ISecretSauce"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{24B1AADD-EDA7-454D-B65E-14DC07CC7811}\1.0\0\win32]
""="C:\Program Files (x86)\SecretSauce\SecretSaucebho.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{892621CE-00C5-4D58-889A-5D8413FC0E31}\1.0]
""="SecretSauceIEClientLib"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{892621CE-00C5-4D58-889A-5D8413FC0E31}\1.0\HELPDIR]
""="C:\Program Files (x86)\SecretSauce"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}\1.0\HELPDIR]
""="C:\Program Files (x86)\SecretSauce\bin"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0ffd0ef2-dbe9-483a-80c4-d2c331da1ce4}\InprocServer32]
""="C:\Program Files (x86)\SecretSauce\SecretSauceBHO.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E98BAC43-260C-4BB5-9CD5-75EE5BD6BF5E}]
""="ISecretSauce"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{24B1AADD-EDA7-454D-B65E-14DC07CC7811}\1.0\0\win32]
""="C:\Program Files (x86)\SecretSauce\SecretSaucebho.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{892621CE-00C5-4D58-889A-5D8413FC0E31}\1.0]
""="SecretSauceIEClientLib"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{892621CE-00C5-4D58-889A-5D8413FC0E31}\1.0\HELPDIR]
""="C:\Program Files (x86)\SecretSauce"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}\1.0\HELPDIR]
""="C:\Program Files (x86)\SecretSauce\bin"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SecretSauce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SecretSauce]
"UninstallString"="C:\Program Files (x86)\SecretSauce\SecretSauceUn.exe REP_"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SecretSauce]
"InstallLocation"="C:\Program Files (x86)\SecretSauce"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SecretSauce]
"Publisher"="SecretSauce"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SecretSauce]
"URLUpdateInfo"="http://secretsauce.biz"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ac225167-00fc-452d-94c5-bb93600e7d9a}]
"QuietUninstallString"="C:\Program Files (x86)\SecretSauce\SecretSauceUn.exe REP_BD_"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dbpebffoameokfhnaaedmefjncfboino]
"path"="C:\Program Files (x86)\SecretSauce\dbpebffoameokfhnaaedmefjncfboino.crx"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateSecretSauce_RASAPI32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilSecretSauce_RASAPI32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{0ffd0ef2-dbe9-483a-80c4-d2c331da1ce4}]
""="SecretSauce 1.0.0.6"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{0ffd0ef2-dbe9-483a-80c4-d2c331da1ce4}]
""="SecretSauce 1.0.0.6"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}\InprocServer32]
""="C:\Program Files (x86)\SecretSauce\bin\{84f71dda-7f74-46a2-afdb-c945e69c0195}.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{E98BAC43-260C-4BB5-9CD5-75EE5BD6BF5E}]
""="ISecretSauce"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{24B1AADD-EDA7-454D-B65E-14DC07CC7811}\1.0\0\win32]
""="C:\Program Files (x86)\SecretSauce\SecretSaucebho.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{892621CE-00C5-4D58-889A-5D8413FC0E31}\1.0]
""="SecretSauceIEClientLib"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{892621CE-00C5-4D58-889A-5D8413FC0E31}\1.0\HELPDIR]
""="C:\Program Files (x86)\SecretSauce"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}\1.0\HELPDIR]
""="C:\Program Files (x86)\SecretSauce\bin"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\Update SecretSauce]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Update SecretSauce]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Update SecretSauce]
"DisplayName"="Update SecretSauce"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Util SecretSauce]
"ImagePath"=""C:\Program Files (x86)\SecretSauce\bin\utilSecretSauce.exe""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\eventlog\Application\Update SecretSauce]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Update SecretSauce]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Update SecretSauce]
"DisplayName"="Update SecretSauce"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Util SecretSauce]
"ImagePath"=""C:\Program Files (x86)\SecretSauce\bin\utilSecretSauce.exe""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations"="\??\C:\Program Files (x86)\SecretSauce\bin\tmp552.tmp
"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Util SecretSauce]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Update SecretSauce]
"ImagePath"=""C:\Program Files (x86)\SecretSauce\updateSecretSauce.exe""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Util SecretSauce]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Util SecretSauce]
"DisplayName"="Util SecretSauce"

[HKEY_USERS\S-1-5-21-3059201928-2246701655-46435128-1000\Software\Microsoft\Internet Explorer\DOMStorage\api.secretsauce.biz]

[HKEY_USERS\S-1-5-21-3059201928-2246701655-46435128-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\api.secretsauce.biz]

[HKEY_USERS\S-1-5-21-3059201928-2246701655-46435128-1000\Software\SecretSauce]


===================== Search result for "easylife" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN]
"Start Page"="http://searchy.easylifeapp.com/"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN]
"Start Page"="http://searchy.easylifeapp.com/"

====== End Of Search ======
ftraps
Active Member
 
Posts: 14
Joined: January 1st, 2015, 5:01 am

Re: PC laptop infected with Malware

Unread postby Gary R » January 2nd, 2015, 11:53 am

Don't worry about the "Pending", ADWCleaner allows us to de-select items it has found if we don't need to remove them, in this case that's not an option we need to use.

OK, let's get started on cleaning your computer.

First ...

Please go to Control Panel > Programs > Uninstall a program and Uninstall the following:

BitTorrent
Java 7 Update 51
Buzzdock
SearchNewTab
SecretSauce
TornTV


Reboot your computer once you've uninstalled them all

Please note ... If any of the programs cannot be uninstalled just continue with the instructions below.

Next ...

  • Double click AdwCleaner.exe to run it.
  • Click Scan and allow the scan to finish.
  • Now click Clean to remove the items found.
  • Click OK to the prompt.
  • The tool will run & your computer will be rebooted automatically. A logfile will open after the restart.
  • Post the contents of the logfile with your next reply.
  • You can also find the logfile at C:\AdwCleaner[s1].txt.

Next ...

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad (don't include Code: Select all).
Code: Select all
C:\Program Files (x86)\SecretSauce
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-3059201928-2246701655-46435128-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchy.easylifeapp.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://searchy.easylifeapp.com/
SearchScopes: HKLM -> DefaultScope {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = http://searchfunmoods.com/results.php?f=4&q= {searchTerms}&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuyE0CzztDzytAyEyE0AyDtAzzzz0CyB0CtN0D0Tzu0CtAtAzztN1L2XzutBtFtBtFtDtFtAyEyE&cr=204580217
SearchScopes: HKLM -> {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = http://searchfunmoods.com/results.php?f=4&q= {searchTerms}&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuyE0CzztDzytAyEyE0AyDtAzzzz0CyB0CtN0D0Tzu0CtAtAzztN1L2XzutBtFtBtFtDtFtAyEyE&cr=204580217
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?publisher=Tight ... type=ds&q= {searchTerms}&installDate=13/06/2013
SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.the-searcheng.info/?l=1&q= {searchTerms}&pid=1182&r=2013/09/14&hid=3267659799954690629&lg=EN&cc=AU&unqvl=35
SearchScopes: HKLM-x32 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://mysearch.sweetpacks.com/?src=6&q= {searchTerms}&st=12&crg=3.5000006.10068&did=10703&barid=312954568968510268060733076332272198968
SearchScopes: HKU\S-1-5-21-3059201928-2246701655-46435128-1000 -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://mysearch.sweetpacks.com/?src=6&q= {searchTerms}&st=12&crg=3.5000006.10068&did=10703&barid=312954568968510268060733076332272198968
SearchScopes: HKU\S-1-5-21-3059201928-2246701655-46435128-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?publisher=Tight ... type=ds&q= {searchTerms}&installDate=13/06/2013
SearchScopes: HKU\S-1-5-21-3059201928-2246701655-46435128-1000 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.the-searcheng.info/?l=1&q= {searchTerms}&pid=1182&r=2013/09/14&hid=3267659799954690629&lg=EN&cc=AU&unqvl=35
SearchScopes: HKU\S-1-5-21-3059201928-2246701655-46435128-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
SearchScopes: HKU\S-1-5-21-3059201928-2246701655-46435128-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
SearchScopes: HKU\S-1-5-21-3059201928-2246701655-46435128-1000 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://mysearch.sweetpacks.com/?src=6&q= {searchTerms}&st=12&crg=3.5000006.10068&did=10703&barid=312954568968510268060733076332272198968
BHO: AllSaveer -> {1EE3F601-01B4-1181-21FA-F33D88741507} -> C:\ProgramData\AllSaveer\79_rxlRM.x64.dll ()
BHO: No Name -> {1F69048B-6672-1E9D-2F37-9E9E7909B8E1} -> No File
BHO: No Name -> {25095EF5-82A2-4391-91AC-7904623A8F20} -> No File
BHO: No Name -> {27CF166C-CB94-0A45-4616-EE49A6ADEB2A} -> No File
BHO-x32: SecretSauce 1.0.0.6 -> {0ffd0ef2-dbe9-483a-80c4-d2c331da1ce4} -> C:\Program Files (x86)\SecretSauce\SecretSauceBHO.dll (SecretSauce)
BHO-x32: No Name -> {1F69048B-6672-1E9D-2F37-9E9E7909B8E1} -> No File
BHO-x32: No Name -> {25095EF5-82A2-4391-91AC-7904623A8F20} -> No File
BHO-x32: No Name -> {27CF166C-CB94-0A45-4616-EE49A6ADEB2A} -> No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKU\S-1-5-21-3059201928-2246701655-46435128-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-3059201928-2246701655-46435128-1000 -> No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
FF Extension: SecretSauce 1.0.1 - C:\Users\Fatima Trapaga\AppData\Roaming\Mozilla\Firefox\Profiles\xgm8qpd0.default-1354535595331\Extensions\{84f71dda-7f74-46a2-afdb-c945e69c0195}.xpi [2015-01-01]
FF HKLM\...\Firefox\Extensions: [{8E9E3331-D360-4f87-8803-52DE43566502}] - C:\Program Files\Updater By Sweetpacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{8E9E3331-D360-4f87-8803-52DE43566502}] - C:\Program Files\Updater By Sweetpacks\Firefox
CHR Extension: (SecretSauce) - C:\Users\Fatima Trapaga\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbpebffoameokfhnaaedmefjncfboino [2015-01-02]
CHR Extension: (CoupExtension) - C:\ProgramData\lfbnccdeljjeicehfjfeboepjhjajiac\ [2013-09-15]
CHR HKLM\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\FATIMA~1\AppData\Local\funmoods.crx [2012-12-03]
CHR HKLM\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\FATIMA~1\AppData\Local\funmoods-speeddial_sf.crx [2012-12-03]
CHR HKLM-x32\...\Chrome\Extension: [bicnnkjibmphdeigoodpjlcklcnaobdj] - C:\Program Files (x86)\TornTV.com\torntv10.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dbpebffoameokfhnaaedmefjncfboino] - C:\Program Files (x86)\SecretSauce\dbpebffoameokfhnaaedmefjncfboino.crx [2015-01-02]
R2 Update SecretSauce; C:\Program Files (x86)\SecretSauce\updateSecretSauce.exe [524528 2015-01-02] ()
R2 Util SecretSauce; C:\Program Files (x86)\SecretSauce\bin\utilSecretSauce.exe [524528 2015-01-02] ()
R1 {345422e3-72fa-447a-9550-97803edfacf3}w64; C:\Windows\System32\drivers\{345422e3-72fa-447a-9550-97803edfacf3}w64.sys [61120 2014-04-24] (StdLib)
C:\Windows\System32\drivers\{345422e3-72fa-447a-9550-97803edfacf3}w64.sys
R1 {84f71dda-7f74-46a2-afdb-c945e69c0195}w64; C:\Windows\System32\drivers\{84f71dda-7f74-46a2-afdb-c945e69c0195}w64.sys [48784 2014-12-31] (StdLib)
C:\Windows\System32\drivers\{84f71dda-7f74-46a2-afdb-c945e69c0195}w64.sys
2015-01-01 19:04 - 2014-12-31 19:28 - 00048784 _____ (StdLib) C:\Windows\system32\Drivers\{84f71dda-7f74-46a2-afdb-c945e69c0195}w64.sys
2015-01-02 19:57 - 2013-12-25 22:05 - 00000000 ____D () C:\Program Files (x86)\SecretSauce
2015-01-02 14:52 - 2013-06-13 20:48 - 00000432 _____ () C:\Windows\Tasks\PC Optimizer Pro64 startups.job
Task: {529F186E-E175-43B5-BC87-51DC397BDE46} - System32\Tasks\PC Optimizer Pro64 startups => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: C:\Windows\Tasks\PC Optimizer Pro64 startups.job => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
2013-12-07 12:25 - 2015-01-02 18:53 - 00524528 _____ () C:\Program Files (x86)\SecretSauce\updateSecretSauce.exe
2013-12-26 14:02 - 2015-01-02 18:56 - 00524528 _____ () C:\Program Files (x86)\SecretSauce\bin\utilSecretSauce.exe
2014-04-11 18:58 - 2015-01-02 16:27 - 00098544 _____ () C:\Program Files (x86)\SecretSauce\bin\SecretSauce.BrowserAdapter.exe
2015-01-01 19:12 - 2015-01-02 16:27 - 00114928 _____ () C:\Program Files (x86)\SecretSauce\bin\SecretSauce.BrowserAdapter64.exe
2015-01-01 19:04 - 2015-01-01 15:28 - 00101616 _____ () C:\Program Files (x86)\SecretSauce\bin\SecretSauce.expext.exe
2014-04-27 23:47 - 2015-01-01 21:28 - 00353008 _____ () C:\Program Files (x86)\SecretSauce\bin\SecretSauce.PurBrowse64.exe
2015-01-01 19:12 - 2015-01-02 03:36 - 00197360 ____N () C:\Program Files (x86)\SecretSauce\bin\84f71dda7f7446a2afdb.dll
2013-12-27 17:17 - 2013-12-27 17:17 - 00337920 _____ () C:\Program Files (x86)\SecretSauce\bin\sqlite3.DLL
2015-01-01 19:04 - 2015-01-01 15:28 - 00082160 _____ () C:\Program Files (x86)\SecretSauce\bin\SecretSauce.expextdll.dll
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-3059201928-2246701655-46435128-1000\Software\Trolltech" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-3059201928-2246701655-46435128-1000\Software\Conduit" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E98BAC43-260C-4BB5-9CD5-75EE5BD6BF5E}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{24B1AADD-EDA7-454D-B65E-14DC07CC7811}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{892621CE-00C5-4D58-889A-5D8413FC0E31}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0ffd0ef2-dbe9-483a-80c4-d2c331da1ce4}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E98BAC43-260C-4BB5-9CD5-75EE5BD6BF5E}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{24B1AADD-EDA7-454D-B65E-14DC07CC7811}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{892621CE-00C5-4D58-889A-5D8413FC0E31}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SecretSauce" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ac225167-00fc-452d-94c5-bb93600e7d9a}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dbpebffoameokfhnaaedmefjncfboino" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateSecretSauce_RASAPI32" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilSecretSauce_RASAPI32" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{0ffd0ef2-dbe9-483a-80c4-d2c331da1ce4}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{0ffd0ef2-dbe9-483a-80c4-d2c331da1ce4}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{E98BAC43-260C-4BB5-9CD5-75EE5BD6BF5E}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{24B1AADD-EDA7-454D-B65E-14DC07CC7811}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{892621CE-00C5-4D58-889A-5D8413FC0E31}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v "PendingFileRenameOperations" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Util SecretSauce" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Update SecretSauce" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Util SecretSauce" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-3059201928-2246701655-46435128-1000\Software\Microsoft\Internet Explorer\DOMStorage\api.secretsauce.biz" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-3059201928-2246701655-46435128-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\api.secretsauce.biz" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-3059201928-2246701655-46435128-1000\Software\SecretSauce" /f
EmptyTemp:
Hosts:
Cmd: ipconfig /flushdns

    • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post me the log

Summary of the logs I need from you in your next post:
  • ADWCleaner fix log
  • Fixlog.txt
  • Please let me know how your computer is behaving now.


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: ADWCleaner Fix Log

Unread postby ftraps » January 2nd, 2015, 10:45 pm

# AdwCleaner v4.106 - Report created 03/01/2015 at 13:40:46
# Updated 21/12/2014 by Xplode
# Database : 2015-01-01.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Fatima Trapaga - FATIMA-HP
# Running from : C:\Users\Fatima Trapaga\Desktop\adwcleaner_4.106.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : {345422e3-72fa-447a-9550-97803edfacf3}w64
Service Deleted : {84f71dda-7f74-46a2-afdb-c945e69c0195}w64

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\PC Optimizer Pro
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\AllSaveer
Folder Deleted : C:\ProgramData\CoupExtension
Folder Deleted : C:\ProgramData\DiGiiCoupon
Folder Deleted : C:\ProgramData\ExsTraSaviunggs
Folder Deleted : C:\ProgramData\savEnshaire
Folder Deleted : C:\ProgramData\UTubeNOADsu
Folder Deleted : C:\ProgramData\c9992fbe4fe3db88
Folder Deleted : C:\Program Files (x86)\ss helper
Folder Deleted : C:\Program Files (x86)\SweetIM
Folder Deleted : C:\Program Files (x86)\TornTV.com
Folder Deleted : C:\Program Files (x86)\WebSearch
Folder Deleted : C:\Users\FATIMA~1\AppData\Local\Temp\jZip
Folder Deleted : C:\Program Files\PC Optimizer Pro
Folder Deleted : C:\Program Files\Updater By SweetPacks
Folder Deleted : C:\Users\Fatima Trapaga\AppData\Local\jZip
Folder Deleted : C:\Users\Fatima Trapaga\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
File Deleted : C:\END
File Deleted : C:\Users\FATIMA~1\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Windows\System32\drivers\{345422e3-72fa-447a-9550-97803edfacf3}w64.sys
File Deleted : C:\Windows\System32\drivers\{84f71dda-7f74-46a2-afdb-c945e69c0195}w64.sys
File Deleted : C:\Users\Fatima Trapaga\AppData\Local\funmoods.crx
File Deleted : C:\Users\Fatima Trapaga\AppData\Local\funmoods-speeddial_sf.crx
File Deleted : C:\Users\Fatima Trapaga\AppData\LocalLow\SkwConfig.bin
File Deleted : C:\Users\Fatima Trapaga\AppData\Roaming\Mozilla\Firefox\Profiles\xgm8qpd0.default-1354535595331\searchplugins\Web Search.xml
File Deleted : C:\Users\Fatima Trapaga\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage
File Deleted : C:\Users\Fatima Trapaga\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage
File Deleted : C:\Users\Fatima Trapaga\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Fatima Trapaga\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Fatima Trapaga\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
File Deleted : C:\Users\Fatima Trapaga\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Fatima Trapaga\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.tanzuki.net_0.localstorage
File Deleted : C:\Users\Fatima Trapaga\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.tanzuki.net_0.localstorage-journal

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{8E9E3331-D360-4f87-8803-52DE43566502}]
Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{8E9E3331-D360-4f87-8803-52DE43566502}]
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bicnnkjibmphdeigoodpjlcklcnaobdj
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dbpebffoameokfhnaaedmefjncfboino
Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3614D305-2DBB-4991-9297-750DD60FFC73}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\jZip
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKCU\Software\pc optimizer pro
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\SweetIM
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Deleted : HKLM\SOFTWARE\Myfree Codec
Key Deleted : HKLM\SOFTWARE\SP Global
Key Deleted : HKLM\SOFTWARE\SProtector
Key Deleted : HKLM\SOFTWARE\SweetIM
Key Deleted : HKLM\SOFTWARE\Updater By Sweetpacks
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C6E49138-C2CF-5337-D358-0734FD33EFB4}
Key Deleted : [x64] HKLM\SOFTWARE\pc optimizer pro
Key Deleted : [x64] HKLM\SOFTWARE\SweetIM
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : [x64] HKLM\SOFTWARE\Updater By Sweetpacks
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v28.0 (en-US)

[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("CT3225826.BT_Stats.enc", "eyJsYXN0X2xvZyI6MTM4ODU2Mjg0MCwidXVpZCI6MzE3NTMzNTE2NDA1MjI0LCJzZXFfaWQiOjIsInNzYiI6MTM4ODQxNjg3M30=");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("CT3225826.FF19Solved", "true");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("CT3225826.FirstTime", "true");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("CT3225826.FirstTimeFF3", "true");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("CT3225826.UserID", "UN20606375731234210");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("CT3225826.addressBarTakeOverEnabledInHidden", "true");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("CT3225826.appOptions", "{}");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("CT3225826.countryCode", "PH");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("CT3225826.defaultSearch", "false");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("CT3225826.enableAlerts", "true");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("CT3225826.enableSearchFromAddressBar", "false");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("CT3225826.firstTimeDialogOpened", "true");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("CT3225826.fixPageNotFoundError", "false");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("CT3225826.fixPageNotFoundErrorByUser", "false");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("CT3225826.fixPageNotFoundErrorInHidden", "true");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("CT3225826.fullUserID", "UN20606375731234210.IN.20131231022050");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("CT3225826.installDate", "31/12/2013 02:20:53");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("CT3225826.installSessionId", "{179296D1-6E94-45FE-BB8F-3524851F802B}");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("CT3225826.installSp", "false");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("CT3225826.installType", "conduitnsisintegration");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("CT3225826.installUsage", "2013-12-30T18:21:04.9964989+03:00");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("CT3225826.installUsageEarly", "2013-12-30T18:21:01.3305224+03:00");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("CT3225826.installerVersion", "1.8.1.4");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("CT3225826.isCheckedStartAsHidden", true);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("CT3225826.isFirstTimeToolbarLoading", "false");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("CT3225826.lastVersion", "10.23.0.722");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("CT3225826.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("CT3225826.openThankYouPage", "false");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("CT3225826.openUninstallPage", "true");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("CT3225826.revertSettingsEnabled", "false");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("CT3225826.search.searchAppId", "129830626805552092");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("CT3225826.search.searchCount", "0");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("CT3225826.searchInNewTabEnabledByUser", "false");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("CT3225826.searchInNewTabEnabledInHidden", "true");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("CT3225826.searchRevert", "false");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("CT3225826.searchSuggestEnabledByUser", "false");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("CT3225826.searchUninstallUserMode", "1");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("CT3225826.searchUserMode", "1");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("CT3225826.serviceLayer_services_Configuration_lastUpdate", "1388562839956");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("CT3225826.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1388416867968");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("CT3225826.serviceLayer_services_appsMetadata_lastUpdate", "1388562838373");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("CT3225826.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1388416865312");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("CT3225826.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1388416860320");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("CT3225826.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1388416863785");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("CT3225826.serviceLayer_services_login_10.23.0.722_lastUpdate", "1388636542283");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("CT3225826.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1388416865376");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("CT3225826.serviceLayer_services_searchAPI_lastUpdate", "1388562842912");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("CT3225826.serviceLayer_services_serviceMap_lastUpdate", "1388562839383");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("CT3225826.serviceLayer_services_toolbarContextMenu_lastUpdate", "1388562838324");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("CT3225826.serviceLayer_services_toolbarSettings_lastUpdate", "1388636537460");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("CT3225826.serviceLayer_services_translation_lastUpdate", "1388562840217");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("CT3225826.settingsINI", true);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("CT3225826.shouldFirstTimeDialog", "false");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("CT3225826.showToolbarPermission", "false");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("CT3225826.smartbar.CTID", "CT3225826");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("CT3225826.smartbar.Uninstall", "0");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("CT3225826.smartbar.toolbarName", "BitTorrentControl_v12 ");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("CT3225826.startPage", "false");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("CT3225826.toolbarBornServerTime", "30-12-2013");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("CT3225826.toolbarCurrentServerTime", "2-1-2014");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("CT3225826.toolbarInstallDate", "31-12-2013 02:20:51");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("CT3225826.toolbarLoginClientTime", "Tue Dec 31 2013 02:21:05 GMT+1100 (AUS Eastern Standard Time)");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("CT3225826.versionFromInstaller", "10.23.0.722");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("CT3225826.xpeMode", "1");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.homepage.check", false);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.search.check", false);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("browser.search.order.1,S", "WebSearch");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("extensions.helperbar.DockingPositionDown", false);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("extensions.helperbar.SmartbarDisabled", false);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("extensions.helperbar.Visibility", true);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("extensions.helperbar.countryiso", "au");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("extensions.helperbar.downloadprovider", "tightropeyb");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("extensions.helperbar.installationid", "9ba45b4f-f9c4-4e78-af60-ce7f80781f4b");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("extensions.helperbar.installdate", "13/06/2013");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("extensions.helperbar.publisher", "tightropeyb");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("plugin.state.npconduitfirefoxplugin", 2);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("smartbar.machineId", "NM03IQXLWKDMSEFW6CI0UMBF5D1DSMT8MCL8OF6UMRVZIQKXI4+XUZYBPRJ8YEBMLXK4OO2JISPLCM3QHBUFJW");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "WebSearch");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "hxxp://websearch.the-searcheng.info/?pid=1182&r=2013/09/14&hid=3267659799954690629&lg=EN&cc=AU&unqvl=35&l=1&q=");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "WebSearch");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://www.google.com");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://websearch.the-searcheng.info/?pid=1182&r=2013/09/14&hid=3267659799954690629&lg=EN&cc=AU&unqvl=35&l=1&q=");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://mysearch.sweetpacks.com/?src=10&st=12&crg=3.5000006.10068&did=10703&barid=312954568968510268060733076332272198968");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B+7E+x305", "2423");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B+7E+x305.storedInFile", false);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B+7E,x305", "2423");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B+7E,x305.storedInFile", false);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B+7E-x305", "2423");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B+7E-x305.storedInFile", false);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B+7E.:2z527", "2423");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B+7E.:2z527.storedInFile", false);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B+7E.x305", "2423");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B+7E.x305.storedInFile", false);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B+7E/x305", "2423");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B+7E/x305.storedInFile", false);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B+7E06CG5EL8:", "6E6D696A6F736F6E7073");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B+7E06CG5EL8:.storedInFile", false);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B+7E06CG5EL;8I:K", "247E2D2F226A74736F70757975747679242F4B49474F42357D5D5C3D");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B+7E06CG5EL;8I:K.storedInFile", false);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B+7E0x305", "2423");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B+7E0x305.storedInFile", false);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B+7E1x305", "2423");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B+7E1x305.storedInFile", false);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B+7E2x305", "2423");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B+7E2x305.storedInFile", false);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B+7E3x305", "2423");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B+7E3x305.storedInFile", false);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B+7E4x305", "2423");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B+7E4x305.storedInFile", false);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B+7E5x305", "2423");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B+7E5x305.storedInFile", false);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B+7E6x305", "2423");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B+7E6x305.storedInFile", false);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B+7E7x305", "2423");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B+7E7x305.storedInFile", false);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B+7E8x305", "2423");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B+7E8x305.storedInFile", false);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B+7E9x305", "2423");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B+7E9x305.storedInFile", false);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B+7E:x305", "2423");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B+7E:x305.storedInFile", false);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B+7E;x305", "2423");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B+7E;x305.storedInFile", false);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B+7E<x305", "2423");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B+7E<x305.storedInFile", false);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B+7E=x305", "2423");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B+7E=x305.storedInFile", false);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B+7E>x305", "2423");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B+7E>x305.storedInFile", false);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B+7E?x305", "2423");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B+7E?x305.storedInFile", false);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B+7E@x305", "2423");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B+7E@x305.storedInFile", false);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B+7EAx305", "2423");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B+7EAx305.storedInFile", false);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B+7EBE3G=;D9N9=D", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D337D56545138505C");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B+7EBE3G=;D9N9=D.storedInFile", false);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B+7EBx305", "2423");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B+7EBx305.storedInFile", false);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B+7ECx305", "2423");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B+7ECx305.storedInFile", false);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B+7EDx305", "2423");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B+7EDx305.storedInFile", false);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B+7Etx305", "2423");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B+7Etx305.storedInFile", false);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B-0?3G>D", "3A70696B733E6D727A444378752077757D78257E227D202A55235856262C2B2B2C5F302D");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B-0?3G>D.storedInFile", false);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B-0?3G@6:5;", "");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B-0?3G@6:5;.storedInFile", false);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B-0?3GFA7EF", "2B2E2C3D");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B-0?3GFA7EF.storedInFile", false);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B-3=3ECCJA=F>", "247E333D2C452F4135276F292A212C393D44307832332A354448584C3A23282E2E3132333435363B466068576C5E6857705A6C60606B6668563F73796F697861");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B-3=3ECCJA=F>.storedInFile", false);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B/>01=9A6K6<IM;KRIE@PDAWM", "6E6A68707374757677");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B/>01=9A6K6<IM;KRIE@PDAWM.storedInFile", false);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B3=>@44I48?", "372C2D3269757633423633414847203E3D474E4D4C45474F2A554A4D2D5858585E4B554E366352564F");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B3=>@44I48?.storedInFile", false);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B5BA==9CJAG", "6C6E3B723D436E417A714674737577484B204E4F51");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B5BA==9CJAG.storedInFile", false);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B6B11G4C56B>F;P;ANR@P", "6E6D696A6D716F71717079757A");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B6B11G4C56B>F;P;ANR@P.storedInFile", false);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B90E@.3C;7B=?OFB>>RHIQS", "393F352F3E");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B90E@.3C;7B=?OFB>>RHIQS.storedInFile", false);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B9643G3/9E", "6A");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B9643G3/9E.storedInFile", false);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B;45>:BI9I7IE", "2B2E2C3D");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B;45>:BI9I7IE.storedInFile", false);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B<:222H64<", "393F352F3E");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B<:222H64<.storedInFile", false);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B<:222H64<L8DAJ", "6D70706F7673737974782A7976727B7D75207C");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B<:222H64<L8DAJ.storedInFile", false);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B=+03EH8H8J?:", "4443");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B=+03EH8H8J?:.storedInFile", false);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B?+E2A52D8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B?+E2A52D8.storedInFile", false);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B?B0D:8AJ62<H", "6D");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9B?B0D:8AJ62<H.storedInFile", false);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9BA@0<0BI6A7GN:6@L?", "6C");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826./9BA@0<0BI6A7GN:6@L?.storedInFile", false);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826.PG_ENABLE", "74727565");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826.PG_ENABLE.storedInFile", false);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826.SF_JUST_INSTALLED", "46414C5345");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826.SF_JUST_INSTALLED.storedInFile", false);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826.SF_STATUS", "454E41424C4544");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826.SF_STATUS.storedInFile", false);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826.SF_USER_ID", "6369645F33313132323031333232313233343231353737");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826.SF_USER_ID.storedInFile", false);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826._key_cl_active", "34613565663133652D343066632D343164302D626234352D613162333463393661313734");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826._key_cl_active.storedInFile", false);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826.cb_experience_000", "32");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826.cb_experience_000.storedInFile", false);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826.cb_user_id_000", "43423835303737353735373932375F313338383431373032353535385F46697265666F78");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826.cb_user_id_000.storedInFile", false);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826.cbfirsttime", "5475652044656320333120323031332030323A32313A323020474D542B313130302028415553204561737465726E205374616E646172642054696D6529");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826.cbfirsttime.storedInFile", false);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826.mam_gk_appStateReportTime", "31333838363336353631373137");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826.mam_gk_appStateReportTime.storedInFile", false);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826.mam_gk_appState_Clarity_Active", "6F6E");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826.mam_gk_appState_Clarity_Active.storedInFile", false);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826.mam_gk_appState_CouponBuddy", "6F6E");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826.mam_gk_appState_CouponBuddy.storedInFile", false);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826.mam_gk_appState_Easytobook", "6F6E");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826.mam_gk_appState_Easytobook.storedInFile", false);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826.mam_gk_appState_Easytobook_targeted", "6F6E");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826.mam_gk_appState_Easytobook_targeted.storedInFile", false);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826.mam_gk_appState_PriceGong", "6F6E");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826.mam_gk_appState_PriceGong.storedInFile", false);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826.mam_gk_appState_WindowShopper", "6F6E");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826.mam_gk_appState_WindowShopper.storedInFile", false);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826.mam_gk_appsConfig.storedInFile", true);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826.mam_gk_appsDefaultEnabled", "6E756C6C");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826.mam_gk_appsDefaultEnabled.storedInFile", false);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826.mam_gk_calledSetupService", "31");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826.mam_gk_calledSetupService.storedInFile", false);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826.mam_gk_currentVersion", "312E31322E302E35");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826.mam_gk_currentVersion.storedInFile", false);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826.mam_gk_eventsCache", "7B2261383930303734312D653239332D343931612D383464642D316233613230663535333366223A7B22746F706963223A2273656E645573616765222C2264617461223A7B226361746[...]
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826.mam_gk_eventsCache.storedInFile", false);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826.mam_gk_existingUsersRecoveryDone", "31");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826.mam_gk_existingUsersRecoveryDone.storedInFile", false);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826.mam_gk_first_time", "31");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826.mam_gk_first_time.storedInFile", false);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826.mam_gk_gadgetOpen", "30");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826.mam_gk_gadgetOpen.storedInFile", false);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826.mam_gk_lastLoginTime", "31333838363336353730373032");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826.mam_gk_lastLoginTime.storedInFile", false);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826.mam_gk_localization.storedInFile", true);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826.mam_gk_mamEnabled", "66616C7365");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826.mam_gk_mamEnabled.storedInFile", false);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826.mam_gk_migrated_from_ls", "31");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826.mam_gk_migrated_from_ls.storedInFile", false);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826.mam_gk_new_welcome_experience", "31");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826.mam_gk_new_welcome_experience.storedInFile", false);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826.mam_gk_settings1.12.0.5.storedInFile", true);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826.mam_gk_showWelcomeGadget", "66616C7365");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826.mam_gk_showWelcomeGadget.storedInFile", false);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826.mam_gk_stamp", "38345F30");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826.mam_gk_stamp.storedInFile", false);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826.mam_gk_userId", "64663462363965362D643032622D346562612D393235642D366237313064356336383162");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826.mam_gk_userId.storedInFile", false);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826.mam_gk_user_approval_interacted", "31");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826.mam_gk_user_approval_interacted.storedInFile", false);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826.mam_gk_welcomeDialogMode", "31");
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826.mam_gk_welcomeDialogMode.storedInFile", false);
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826.url_history0001", "68747470733A2F2F7777772E676F6F676C652E636F6D3A3A3A636C69636B68616E646C65723A3A3A313338383431363930333935392C2C2C68747470733A2F2F7777772E676F6F676C652E[...]
[xgm8qpd0.default-1354535595331\prefs.js] - Line Deleted : user_pref("valueApps.CT3225826.url_history0001.storedInFile", true);

-\\ Google Chrome v34.0.1847.116

[C:\Users\Fatima Trapaga\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://mysearch.sweetpacks.com?src=6&q={searchTerms}&barid=312954568968510268060733076332272198968&crg=3.5000006.10068&ppd=&did=10703&st=23
[C:\Users\Fatima Trapaga\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://feed.snapdo.com/?publisher=Tight ... type=ds&q={searchTerms}&installDate=13/06/2013
[C:\Users\Fatima Trapaga\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.the-searcheng.info/?l=1&q={searchTerms}&pid=1182&r=2013/09/14&hid=3267659799954690629&lg=EN&cc=AU&unqvl=35
[C:\Users\Fatima Trapaga\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : bbjciahceamgodcoidkjpchnokgfpphh
[C:\Users\Fatima Trapaga\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : cjpglkicenollcignonpgiafdgfeehoj
[C:\Users\Fatima Trapaga\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : dbpebffoameokfhnaaedmefjncfboino

*************************

AdwCleaner[R0].txt - [49441 octets] - [02/01/2015 20:03:59]
AdwCleaner[R1].txt - [47510 octets] - [03/01/2015 13:38:04]
AdwCleaner[S0].txt - [47783 octets] - [03/01/2015 13:40:46]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [47844 octets] ##########
ftraps
Active Member
 
Posts: 14
Joined: January 1st, 2015, 5:01 am

Re: FRST Fix Log

Unread postby ftraps » January 2nd, 2015, 10:58 pm

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-01-2015
Ran by Fatima Trapaga at 2015-01-03 13:52:04 Run:1
Running from C:\Users\Fatima Trapaga\Desktop
Loaded Profile: Fatima Trapaga (Available profiles: Fatima Trapaga)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Program Files (x86)\SecretSauce
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-3059201928-2246701655-46435128-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchy.easylifeapp.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://searchy.easylifeapp.com/
SearchScopes: HKLM -> DefaultScope {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = http://searchfunmoods.com/results.php?f=4&q= {searchTerms}&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuyE0CzztDzytAyEyE0AyDtAzzzz0CyB0CtN0D0Tzu0CtAtAzztN1L2XzutBtFtBtFtDtFtAyEyE&cr=204580217
SearchScopes: HKLM -> {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = http://searchfunmoods.com/results.php?f=4&q= {searchTerms}&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuyE0CzztDzytAyEyE0AyDtAzzzz0CyB0CtN0D0Tzu0CtAtAzztN1L2XzutBtFtBtFtDtFtAyEyE&cr=204580217
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?publisher=Tight ... type=ds&q= {searchTerms}&installDate=13/06/2013
SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.the-searcheng.info/?l=1&q= {searchTerms}&pid=1182&r=2013/09/14&hid=3267659799954690629&lg=EN&cc=AU&unqvl=35
SearchScopes: HKLM-x32 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://mysearch.sweetpacks.com/?src=6&q= {searchTerms}&st=12&crg=3.5000006.10068&did=10703&barid=312954568968510268060733076332272198968
SearchScopes: HKU\S-1-5-21-3059201928-2246701655-46435128-1000 -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://mysearch.sweetpacks.com/?src=6&q= {searchTerms}&st=12&crg=3.5000006.10068&did=10703&barid=312954568968510268060733076332272198968
SearchScopes: HKU\S-1-5-21-3059201928-2246701655-46435128-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?publisher=Tight ... type=ds&q= {searchTerms}&installDate=13/06/2013
SearchScopes: HKU\S-1-5-21-3059201928-2246701655-46435128-1000 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.the-searcheng.info/?l=1&q= {searchTerms}&pid=1182&r=2013/09/14&hid=3267659799954690629&lg=EN&cc=AU&unqvl=35
SearchScopes: HKU\S-1-5-21-3059201928-2246701655-46435128-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
SearchScopes: HKU\S-1-5-21-3059201928-2246701655-46435128-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
SearchScopes: HKU\S-1-5-21-3059201928-2246701655-46435128-1000 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://mysearch.sweetpacks.com/?src=6&q= {searchTerms}&st=12&crg=3.5000006.10068&did=10703&barid=312954568968510268060733076332272198968
BHO: AllSaveer -> {1EE3F601-01B4-1181-21FA-F33D88741507} -> C:\ProgramData\AllSaveer\79_rxlRM.x64.dll ()
BHO: No Name -> {1F69048B-6672-1E9D-2F37-9E9E7909B8E1} -> No File
BHO: No Name -> {25095EF5-82A2-4391-91AC-7904623A8F20} -> No File
BHO: No Name -> {27CF166C-CB94-0A45-4616-EE49A6ADEB2A} -> No File
BHO-x32: SecretSauce 1.0.0.6 -> {0ffd0ef2-dbe9-483a-80c4-d2c331da1ce4} -> C:\Program Files (x86)\SecretSauce\SecretSauceBHO.dll (SecretSauce)
BHO-x32: No Name -> {1F69048B-6672-1E9D-2F37-9E9E7909B8E1} -> No File
BHO-x32: No Name -> {25095EF5-82A2-4391-91AC-7904623A8F20} -> No File
BHO-x32: No Name -> {27CF166C-CB94-0A45-4616-EE49A6ADEB2A} -> No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKU\S-1-5-21-3059201928-2246701655-46435128-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-3059201928-2246701655-46435128-1000 -> No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
FF Extension: SecretSauce 1.0.1 - C:\Users\Fatima Trapaga\AppData\Roaming\Mozilla\Firefox\Profiles\xgm8qpd0.default-1354535595331\Extensions\{84f71dda-7f74-46a2-afdb-c945e69c0195}.xpi [2015-01-01]
FF HKLM\...\Firefox\Extensions: [{8E9E3331-D360-4f87-8803-52DE43566502}] - C:\Program Files\Updater By Sweetpacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{8E9E3331-D360-4f87-8803-52DE43566502}] - C:\Program Files\Updater By Sweetpacks\Firefox
CHR Extension: (SecretSauce) - C:\Users\Fatima Trapaga\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbpebffoameokfhnaaedmefjncfboino [2015-01-02]
CHR Extension: (CoupExtension) - C:\ProgramData\lfbnccdeljjeicehfjfeboepjhjajiac\ [2013-09-15]
CHR HKLM\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\FATIMA~1\AppData\Local\funmoods.crx [2012-12-03]
CHR HKLM\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\FATIMA~1\AppData\Local\funmoods-speeddial_sf.crx [2012-12-03]
CHR HKLM-x32\...\Chrome\Extension: [bicnnkjibmphdeigoodpjlcklcnaobdj] - C:\Program Files (x86)\TornTV.com\torntv10.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dbpebffoameokfhnaaedmefjncfboino] - C:\Program Files (x86)\SecretSauce\dbpebffoameokfhnaaedmefjncfboino.crx [2015-01-02]
R2 Update SecretSauce; C:\Program Files (x86)\SecretSauce\updateSecretSauce.exe [524528 2015-01-02] ()
R2 Util SecretSauce; C:\Program Files (x86)\SecretSauce\bin\utilSecretSauce.exe [524528 2015-01-02] ()
R1 {345422e3-72fa-447a-9550-97803edfacf3}w64; C:\Windows\System32\drivers\{345422e3-72fa-447a-9550-97803edfacf3}w64.sys [61120 2014-04-24] (StdLib)
C:\Windows\System32\drivers\{345422e3-72fa-447a-9550-97803edfacf3}w64.sys
R1 {84f71dda-7f74-46a2-afdb-c945e69c0195}w64; C:\Windows\System32\drivers\{84f71dda-7f74-46a2-afdb-c945e69c0195}w64.sys [48784 2014-12-31] (StdLib)
C:\Windows\System32\drivers\{84f71dda-7f74-46a2-afdb-c945e69c0195}w64.sys
2015-01-01 19:04 - 2014-12-31 19:28 - 00048784 _____ (StdLib) C:\Windows\system32\Drivers\{84f71dda-7f74-46a2-afdb-c945e69c0195}w64.sys
2015-01-02 19:57 - 2013-12-25 22:05 - 00000000 ____D () C:\Program Files (x86)\SecretSauce
2015-01-02 14:52 - 2013-06-13 20:48 - 00000432 _____ () C:\Windows\Tasks\PC Optimizer Pro64 startups.job
Task: {529F186E-E175-43B5-BC87-51DC397BDE46} - System32\Tasks\PC Optimizer Pro64 startups => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: C:\Windows\Tasks\PC Optimizer Pro64 startups.job => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
2013-12-07 12:25 - 2015-01-02 18:53 - 00524528 _____ () C:\Program Files (x86)\SecretSauce\updateSecretSauce.exe
2013-12-26 14:02 - 2015-01-02 18:56 - 00524528 _____ () C:\Program Files (x86)\SecretSauce\bin\utilSecretSauce.exe
2014-04-11 18:58 - 2015-01-02 16:27 - 00098544 _____ () C:\Program Files (x86)\SecretSauce\bin\SecretSauce.BrowserAdapter.exe
2015-01-01 19:12 - 2015-01-02 16:27 - 00114928 _____ () C:\Program Files (x86)\SecretSauce\bin\SecretSauce.BrowserAdapter64.exe
2015-01-01 19:04 - 2015-01-01 15:28 - 00101616 _____ () C:\Program Files (x86)\SecretSauce\bin\SecretSauce.expext.exe
2014-04-27 23:47 - 2015-01-01 21:28 - 00353008 _____ () C:\Program Files (x86)\SecretSauce\bin\SecretSauce.PurBrowse64.exe
2015-01-01 19:12 - 2015-01-02 03:36 - 00197360 ____N () C:\Program Files (x86)\SecretSauce\bin\84f71dda7f7446a2afdb.dll
2013-12-27 17:17 - 2013-12-27 17:17 - 00337920 _____ () C:\Program Files (x86)\SecretSauce\bin\sqlite3.DLL
2015-01-01 19:04 - 2015-01-01 15:28 - 00082160 _____ () C:\Program Files (x86)\SecretSauce\bin\SecretSauce.expextdll.dll
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-3059201928-2246701655-46435128-1000\Software\Trolltech" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-3059201928-2246701655-46435128-1000\Software\Conduit" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E98BAC43-260C-4BB5-9CD5-75EE5BD6BF5E}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{24B1AADD-EDA7-454D-B65E-14DC07CC7811}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{892621CE-00C5-4D58-889A-5D8413FC0E31}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0ffd0ef2-dbe9-483a-80c4-d2c331da1ce4}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E98BAC43-260C-4BB5-9CD5-75EE5BD6BF5E}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{24B1AADD-EDA7-454D-B65E-14DC07CC7811}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{892621CE-00C5-4D58-889A-5D8413FC0E31}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SecretSauce" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ac225167-00fc-452d-94c5-bb93600e7d9a}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dbpebffoameokfhnaaedmefjncfboino" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateSecretSauce_RASAPI32" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilSecretSauce_RASAPI32" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{0ffd0ef2-dbe9-483a-80c4-d2c331da1ce4}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{0ffd0ef2-dbe9-483a-80c4-d2c331da1ce4}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{E98BAC43-260C-4BB5-9CD5-75EE5BD6BF5E}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{24B1AADD-EDA7-454D-B65E-14DC07CC7811}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{892621CE-00C5-4D58-889A-5D8413FC0E31}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v "PendingFileRenameOperations" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Util SecretSauce" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Update SecretSauce" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Util SecretSauce" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-3059201928-2246701655-46435128-1000\Software\Microsoft\Internet Explorer\DOMStorage\api.secretsauce.biz" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-3059201928-2246701655-46435128-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\api.secretsauce.biz" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-3059201928-2246701655-46435128-1000\Software\SecretSauce" /f
EmptyTemp:
Hosts:
Cmd: ipconfig /flushdns
*****************

"C:\Program Files (x86)\SecretSauce" => File/Directory not found.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-3059201928-2246701655-46435128-1000\SOFTWARE\Policies\Google" => Key deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} => Key not found.
HKCR\CLSID\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => Key not found.
HKCR\Wow6432Node\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => Key not found.
HKCR\Wow6432Node\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} => Key not found.
HKCR\Wow6432Node\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847} => Key not found.
HKU\S-1-5-21-3059201928-2246701655-46435128-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-3059201928-2246701655-46435128-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => Key not found.
HKCR\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => Key not found.
HKU\S-1-5-21-3059201928-2246701655-46435128-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => Key not found.
HKCR\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => Key not found.
HKU\S-1-5-21-3059201928-2246701655-46435128-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => Key not found.
HKCR\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => Key not found.
"HKU\S-1-5-21-3059201928-2246701655-46435128-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Key deleted successfully.
HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => Key not found.
HKU\S-1-5-21-3059201928-2246701655-46435128-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} => Key not found.
HKCR\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1EE3F601-01B4-1181-21FA-F33D88741507}" => Key deleted successfully.
"HKCR\CLSID\{1EE3F601-01B4-1181-21FA-F33D88741507}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1F69048B-6672-1E9D-2F37-9E9E7909B8E1}" => Key deleted successfully.
HKCR\CLSID\{1F69048B-6672-1E9D-2F37-9E9E7909B8E1} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25095EF5-82A2-4391-91AC-7904623A8F20}" => Key deleted successfully.
HKCR\CLSID\{25095EF5-82A2-4391-91AC-7904623A8F20} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27CF166C-CB94-0A45-4616-EE49A6ADEB2A}" => Key deleted successfully.
HKCR\CLSID\{27CF166C-CB94-0A45-4616-EE49A6ADEB2A} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0ffd0ef2-dbe9-483a-80c4-d2c331da1ce4} => Key not found.
HKCR\Wow6432Node\CLSID\{0ffd0ef2-dbe9-483a-80c4-d2c331da1ce4} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1F69048B-6672-1E9D-2F37-9E9E7909B8E1}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{1F69048B-6672-1E9D-2F37-9E9E7909B8E1} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25095EF5-82A2-4391-91AC-7904623A8F20}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{25095EF5-82A2-4391-91AC-7904623A8F20} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27CF166C-CB94-0A45-4616-EE49A6ADEB2A}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{27CF166C-CB94-0A45-4616-EE49A6ADEB2A} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully.
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => Key not found.
HKU\S-1-5-21-3059201928-2246701655-46435128-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
HKU\S-1-5-21-3059201928-2246701655-46435128-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} => Value not found.
HKCR\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847} => Key not found.
C:\Users\Fatima Trapaga\AppData\Roaming\Mozilla\Firefox\Profiles\xgm8qpd0.default-1354535595331\Extensions\{84f71dda-7f74-46a2-afdb-c945e69c0195}.xpi not found.
HKLM\Software\Mozilla\Firefox\Extensions\\{8E9E3331-D360-4f87-8803-52DE43566502} => Value not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{8E9E3331-D360-4f87-8803-52DE43566502} => Value not found.
C:\Users\Fatima Trapaga\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbpebffoameokfhnaaedmefjncfboino directory not found.
C:\ProgramData\lfbnccdeljjeicehfjfeboepjhjajiac\ => Moved successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh => Key not found.
"C:\Users\FATIMA~1\AppData\Local\funmoods.crx" => File/Directory not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj => Key not found.
"C:\Users\FATIMA~1\AppData\Local\funmoods-speeddial_sf.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bicnnkjibmphdeigoodpjlcklcnaobdj => Key not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dbpebffoameokfhnaaedmefjncfboino => Key not found.
"C:\Program Files (x86)\SecretSauce\dbpebffoameokfhnaaedmefjncfboino.crx" => File/Directory not found.
Update SecretSauce => Service not found.
Util SecretSauce => Service not found.
{345422e3-72fa-447a-9550-97803edfacf3}w64 => Service not found.
"C:\Windows\System32\drivers\{345422e3-72fa-447a-9550-97803edfacf3}w64.sys" => File/Directory not found.
{84f71dda-7f74-46a2-afdb-c945e69c0195}w64 => Service not found.
"C:\Windows\System32\drivers\{84f71dda-7f74-46a2-afdb-c945e69c0195}w64.sys" => File/Directory not found.
"C:\Windows\system32\Drivers\{84f71dda-7f74-46a2-afdb-c945e69c0195}w64.sys" => File/Directory not found.
"C:\Program Files (x86)\SecretSauce" => File/Directory not found.
C:\Windows\Tasks\PC Optimizer Pro64 startups.job => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{529F186E-E175-43B5-BC87-51DC397BDE46}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{529F186E-E175-43B5-BC87-51DC397BDE46}" => Key deleted successfully.
C:\Windows\System32\Tasks\PC Optimizer Pro64 startups => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC Optimizer Pro64 startups" => Key deleted successfully.
C:\Windows\Tasks\PC Optimizer Pro64 startups.job not found.
"C:\Program Files (x86)\SecretSauce\updateSecretSauce.exe" => File/Directory not found.
"C:\Program Files (x86)\SecretSauce\bin\utilSecretSauce.exe" => File/Directory not found.
"C:\Program Files (x86)\SecretSauce\bin\SecretSauce.BrowserAdapter.exe" => File/Directory not found.
"C:\Program Files (x86)\SecretSauce\bin\SecretSauce.BrowserAdapter64.exe" => File/Directory not found.
"C:\Program Files (x86)\SecretSauce\bin\SecretSauce.expext.exe" => File/Directory not found.
"C:\Program Files (x86)\SecretSauce\bin\SecretSauce.PurBrowse64.exe" => File/Directory not found.
"C:\Program Files (x86)\SecretSauce\bin\84f71dda7f7446a2afdb.dll" => File/Directory not found.
"C:\Program Files (x86)\SecretSauce\bin\sqlite3.DLL" => File/Directory not found.
"C:\Program Files (x86)\SecretSauce\bin\SecretSauce.expextdll.dll" => File/Directory not found.

========= Reg.exe delete "HKEY_USERS\S-1-5-21-3059201928-2246701655-46435128-1000\Software\Trolltech" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-21-3059201928-2246701655-46435128-1000\Software\Conduit" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E98BAC43-260C-4BB5-9CD5-75EE5BD6BF5E}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{24B1AADD-EDA7-454D-B65E-14DC07CC7811}" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{892621CE-00C5-4D58-889A-5D8413FC0E31}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0ffd0ef2-dbe9-483a-80c4-d2c331da1ce4}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E98BAC43-260C-4BB5-9CD5-75EE5BD6BF5E}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{24B1AADD-EDA7-454D-B65E-14DC07CC7811}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{892621CE-00C5-4D58-889A-5D8413FC0E31}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SecretSauce" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ac225167-00fc-452d-94c5-bb93600e7d9a}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dbpebffoameokfhnaaedmefjncfboino" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateSecretSauce_RASAPI32" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilSecretSauce_RASAPI32" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{0ffd0ef2-dbe9-483a-80c4-d2c331da1ce4}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{0ffd0ef2-dbe9-483a-80c4-d2c331da1ce4}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{E98BAC43-260C-4BB5-9CD5-75EE5BD6BF5E}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{24B1AADD-EDA7-454D-B65E-14DC07CC7811}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{892621CE-00C5-4D58-889A-5D8413FC0E31}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v "PendingFileRenameOperations" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Util SecretSauce" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Update SecretSauce" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Util SecretSauce" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-21-3059201928-2246701655-46435128-1000\Software\Microsoft\Internet Explorer\DOMStorage\api.secretsauce.biz" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-21-3059201928-2246701655-46435128-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\api.secretsauce.biz" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-21-3059201928-2246701655-46435128-1000\Software\SecretSauce" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => Removed 21.9 GB temporary data.


The system needed a reboot.

==== End of Fixlog 13:52:42 ====
ftraps
Active Member
 
Posts: 14
Joined: January 1st, 2015, 5:01 am

Re: PC laptop behaviour

Unread postby ftraps » January 2nd, 2015, 11:04 pm

Hi,

So far laptop is behaving - I no longer get random webpage popups, crazy hyperlinks on webpages have disappeared. I have not tried installing or updating something though, that was one of the main problems before. should I try doing that?
May I ask for advice? I use this laptop to work remotely, and my BT asked me to install Citrix Receiver. When I downloaded and tried installing this is when all the crazy problems happened. Do you happen to know a safe site where I can find and install this program?

Thank you.
ftraps
Active Member
 
Posts: 14
Joined: January 1st, 2015, 5:01 am

Re: PC laptop infected with Malware

Unread postby Gary R » January 3rd, 2015, 1:59 am

Sure go ahead and try to download something. If you need a clean install for Citrix, then go to their website ... https://www.citrix.com/go/receiver.html ... it's nearly always best to get things straight from a manufacturer's website direct.

Check carefully when you install it that there are no additional "toolbars" bundled (and pre-checked) with the installer, if there are then they can usually be unchecked before committing to the installation.

For info on how manufacturers sometimes include bundled software, please read ... viewtopic.php?p=623355#p623355

Let me know how things go with your download, because there's still a couple of things we need to do before we're finished.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: PC laptop infected with Malware

Unread postby ftraps » January 3rd, 2015, 6:13 am

Hi,

Thanks for the advice. I tried to download citrix receiver and it worked only in IE. Both firefox and chrome could not download it for some reason. Maybe I should uninstall both and do a fresh install. What do you think?
Citrix receiver was installed successfully so that part is resolved! Should we go on to the rest?

Sincerely,
Fatima
ftraps
Active Member
 
Posts: 14
Joined: January 1st, 2015, 5:01 am

Re: PC laptop infected with Malware

Unread postby Gary R » January 3rd, 2015, 12:52 pm

OK, before we remove the programs that we've been using to clean your computer, I'd like you to run an online AV scan for me. The scans we've run so far are specific to the infection I saw in your DDS logs, and it's possible there may be other things that need attention, an online scan is much more wide ranging, and should highlight anything else that may be on your machine.

Please run a scan with ESET Online Scanner (this scan can sometimes take a couple of hours or so to run, but it is very thorough)

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go HERE then click on Run ESET Online Scanner
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed click on Start to start the scan.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed you will be presented with a list of found threats ....
    • Click on the List of found threats link
    • Click on Export to text file
    • Save as ESET.txt to your Desktop
  • Exit out of ESET Online Scanner.
  • Post me the contents of ESET.txt please.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: ESET TXT

Unread postby ftraps » January 4th, 2015, 1:51 am

C:\AdwCleaner\Quarantine\C\ProgramData\AllSaveer\79_rxlRM.x64.dll.vir a variant of Win64/Adware.MultiPlug.A application
C:\AdwCleaner\Quarantine\C\ProgramData\CoupExtension\c71ddffK0.dll.vir a variant of Win32/AdWare.MultiPlug.N application
C:\AdwCleaner\Quarantine\C\ProgramData\CoupExtension\c71ddffK0.x64.dll.vir a variant of Win64/Adware.MultiPlug.A application
C:\AdwCleaner\Quarantine\C\ProgramData\DiGiiCoupon\kJYqO.dll.vir a variant of Win32/AdWare.MultiPlug.N application
C:\AdwCleaner\Quarantine\C\ProgramData\ExsTraSaviunggs\sgaYs_.dll.vir a variant of Win32/AdWare.MultiPlug.N application
C:\AdwCleaner\Quarantine\C\ProgramData\UTubeNOADsu\2VvQg.x64.dll.vir a variant of Win64/Adware.MultiPlug.A application
C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{84f71dda-7f74-46a2-afdb-c945e69c0195}w64.sys.vir a variant of Win64/BrowseFox.CG potentially unwanted application
C:\Documents and Settings\All Users\Application Data\InstallMate\{96F12AFC-7901-4F73-AD98-31234D12080A}\Custom.dll Win32/InstalleRex.S potentially unwanted application
C:\Documents and Settings\All Users\InstallMate\{96F12AFC-7901-4F73-AD98-31234D12080A}\Custom.dll Win32/InstalleRex.S potentially unwanted application
C:\Documents and Settings\Fatima Trapaga\Downloads\cbsidlm-tr1_8-Data_Doctor_Recovery_Pen_Drive-ORG2-10700114.exe Win32/DownloadAdmin.E potentially unwanted application
C:\Documents and Settings\Fatima Trapaga\Downloads\jZipSetup-r100-w-bf.exe a variant of Win32/Toolbar.SearchSuite.V potentially unwanted application
C:\Documents and Settings\Fatima Trapaga\Downloads\SoftonicDownloader_for_stanza-desktop.exe Win32/SoftonicDownloader.E potentially unwanted application
C:\Program Files (x86)\Music Editor Free\ConduitInstaller.exe Win32/Toolbar.Conduit potentially unwanted application
C:\ProgramData\InstallMate\{96F12AFC-7901-4F73-AD98-31234D12080A}\Custom.dll Win32/InstalleRex.S potentially unwanted application
C:\Users\All Users\Application Data\InstallMate\{96F12AFC-7901-4F73-AD98-31234D12080A}\Custom.dll Win32/InstalleRex.S potentially unwanted application
C:\Users\All Users\InstallMate\{96F12AFC-7901-4F73-AD98-31234D12080A}\Custom.dll Win32/InstalleRex.S potentially unwanted application
C:\Users\Fatima Trapaga\Downloads\cbsidlm-tr1_8-Data_Doctor_Recovery_Pen_Drive-ORG2-10700114.exe Win32/DownloadAdmin.E potentially unwanted application
C:\Users\Fatima Trapaga\Downloads\jZipSetup-r100-w-bf.exe a variant of Win32/Toolbar.SearchSuite.V potentially unwanted application
C:\Users\Fatima Trapaga\Downloads\SoftonicDownloader_for_stanza-desktop.exe Win32/SoftonicDownloader.E potentially unwanted application
ftraps
Active Member
 
Posts: 14
Joined: January 1st, 2015, 5:01 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 131 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware