Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91819 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

how to remove Deal Finder and Conduit Search [Solved]


  • This topic is locked This topic is locked
35 replies to this topic

#1 bobburk3

bobburk3

    Authentic Member

  • Authentic Member
  • PipPip
  • 35 posts

Posted 02 March 2014 - 02:18 PM

I don't know how I got it but now every time I open a new tab in Firefox Conduit Search page come up instead of my default home page. I also get Deal Finder popping up on some pages I go to and I can't find it in my computer. Help appreciated


    Advertisements

Register to Remove


#2 Juliet

Juliet

    SuperHelper

  • Classroom Teacher
  • 7,063 posts
  • Interests:Boo!....
  • MVP

Posted 04 March 2014 - 08:54 AM

Hi and welcome

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 6 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.
  • rkill.exe
  • rkill.com
  • rkill.scr
  • rkill.pif
  • WiNlOgOn.exe
  • uSeRiNiT.exe
  • ~~~~~~~~~~~~~~~~~~~

    Please download Farbar Recovery Scan Tool

    (use correct version for your system.....Which system am I using?)
    and Tutorial http://www.geekstogo...very-scan-tool/



    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will produce a log called FRST.txt in the same directory the tool is run from.
    • Please copy and paste log back here.
    • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Sometimes the angels fly close enough to you that you can hear the flutter of their wings...

Want to help others? Join the ClassRoom and learn how.
MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#3 bobburk3

bobburk3

    Authentic Member

  • Authentic Member
  • PipPip
  • 35 posts

Posted 04 March 2014 - 10:19 AM

Hopefully I did this correctly. The two logs are posted below:

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-03-2014
Ran by Bob B (administrator) on DELL-1 on 04-03-2014 11:14:38
Running from C:\Users\Bob B\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
() C:\Program Files (x86)\NewPlayer\NewPlayerUpdaterService.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe
(Bleeping Computer, LLC) C:\Users\Bob B\Downloads\rkill(1).exe
(Bleeping Computer, LLC) C:\Users\Bob B\Downloads\rkill(1)64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [384296 2010-04-05] (Alps Electric Co., Ltd.)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] - C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKLM-x32\...\Run: [ScanSnap WIA Service Checker] - C:\Windows\SSDriver\fi5110\SsWiaChecker.exe [86016 2009-09-30] (PFU LIMITED)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Carbonite Backup] - C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1056264 2013-10-10] (Carbonite, Inc.)
HKLM-x32\...\Run: [Search Protection] - C:\ProgramData\Search Protection\SearchProtection.exe
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-11-15] (Microsoft Corporation)
HKU\S-1-5-21-4004932578-999774799-4059474116-1000\...\Run: [AdobeBridge] - [X]
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [1351968 2014-02-24] (Conduit)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [1047328 2014-02-24] (Conduit)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...6AE15321C&SSPV=
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x696A59449638CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...rchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...rchTerms}&SSPV=
SearchScopes: HKCU - {1C5FFA2B-D111-41AB-873B-C152E4799460} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://securedsearch...q={searchTerms}
BHO: Plus-HD-7.5 - {11111111-1111-1111-1111-110511071176} - C:\Program Files (x86)\Plus-HD-7.5\Plus-HD-7.5-bho64.dll (Plus HD)
BHO-x32: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: Plus-HD-7.5 - {11111111-1111-1111-1111-110511071176} - C:\Program Files (x86)\Plus-HD-7.5\Plus-HD-7.5-bho.dll (Plus HD)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {C4401D0E-088C-4AD4-B14A-8D6B1181A5E4} -  No File
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{145E688C-0E1D-4FC7-9A28-29DFD35E263A}: [NameServer]8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{37B82EDE-6860-4854-ABB3-D03820104E1C}: [NameServer]8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer]8.8.8.8,8.8.4.4

FireFox:
========
FF ProfilePath: C:\Users\Bob B\AppData\Roaming\Mozilla\Firefox\Profiles\vp7u5c19.default
FF NewTab: hxxp://search.conduit.com/?ctid=CT3324317&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=&Lay=1&UM=4&UP=SP6DDFB950-B662-4136-877C-4286AE15321C
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF Homepage: hxxp://www.yahoo.com/
FF Keyword.URL: hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_8&idate=__installtime__&hsimp=yhs-lavasoft&ent=bs&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Bob B\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\adawaretb.xml
FF Extension: Plus-HD-7.5 - C:\Users\Bob B\AppData\Roaming\Mozilla\Firefox\Profiles\vp7u5c19.default\Extensions\18c66c1d-05d8-4e58-8b16-c4df04ed638e@e204c3e4-8076-4eb9-b628-0fe8abef45e2.com [2014-03-04]
FF HKCU\...\Firefox\Extensions: [sp2@sp.com] - C:\Program Files (x86)\Social Privacy\FF\

==================== Services (Whitelisted) =================

S4 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated)
S2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2363168 2014-02-24] (Conduit)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R2 NewPlayerUpdaterService; C:\Program Files (x86)\NewPlayer\NewPlayerUpdaterService.exe [11776 2014-02-25] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-04 11:14 - 2014-03-04 11:15 - 00013125 _____ () C:\Users\Bob B\Downloads\FRST.txt
2014-03-04 11:14 - 2014-03-04 11:14 - 00000000 ____D () C:\FRST
2014-03-04 11:09 - 2014-03-04 11:10 - 02156544 _____ (Farbar) C:\Users\Bob B\Downloads\FRST64.exe
2014-03-04 10:40 - 2014-03-04 10:40 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Bob B\Downloads\rkill(1)64.exe
2014-03-04 10:39 - 2014-03-04 10:40 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Bob B\Downloads\rkill(1).exe
2014-03-04 10:30 - 2014-03-04 10:43 - 00002152 _____ () C:\Users\Bob B\Desktop\Rkill.txt
2014-03-04 10:30 - 2014-03-04 10:30 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Bob B\Downloads\rkill64-12321.exe
2014-03-04 10:30 - 2014-03-04 10:30 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Bob B\Downloads\rkill64.exe
2014-03-04 10:29 - 2014-03-04 10:29 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Bob B\Downloads\rkill.exe
2014-03-04 09:43 - 2014-03-04 09:43 - 00844153 _____ () C:\Users\Bob B\Downloads\testleasetransaction.zip
2014-03-03 10:38 - 2014-03-04 10:25 - 00000000 ____D () C:\Users\Bob B\Documents\Personal Expenses
2014-03-03 09:01 - 2014-03-03 09:01 - 01244192 _____ () C:\Users\Bob B\Downloads\AdwCleaner(1).exe
2014-03-02 14:43 - 2014-03-02 14:43 - 00000000 ____D () C:\Users\Bob B\AppData\Roaming\LavasoftStatistics
2014-03-02 11:20 - 2014-03-02 11:20 - 00000000 ____D () C:\Users\Bob B\AppData\Roaming\SecureSearch
2014-03-02 11:19 - 2014-03-02 14:40 - 00000000 ____D () C:\Program Files (x86)\Lavasoft
2014-03-02 11:16 - 2014-03-02 11:16 - 01727624 _____ () C:\Users\Bob B\Downloads\Adaware_Installer.exe
2014-03-02 11:16 - 2014-03-02 11:16 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-03-01 14:14 - 2014-03-01 14:14 - 00000000 ____D () C:\Users\Bob B\AppData\Roaming\TuneUp Software
2014-03-01 14:12 - 2014-03-02 09:25 - 00000000 ____D () C:\ProgramData\AVG2014
2014-03-01 14:08 - 2014-03-02 09:25 - 00000000 ____D () C:\ProgramData\MFAData
2014-03-01 14:08 - 2014-03-01 14:08 - 04435328 _____ (AVG Technologies) C:\Users\Bob B\Downloads\avg_avct_stb_all_2014_4158_futuretest3.exe
2014-03-01 14:08 - 2014-03-01 14:08 - 00000000 ____D () C:\Users\Bob B\AppData\Local\MFAData
2014-03-01 13:24 - 2014-03-01 13:24 - 00000000 ____D () C:\Program Files\My Dell
2014-03-01 11:43 - 2014-03-01 13:22 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-03-01 11:42 - 2014-03-01 11:42 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Bob B\Downloads\SpyHunter-Installer(2).exe
2014-03-01 09:58 - 2014-03-01 09:58 - 00000000 ___RD () C:\Users\Bob B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-01 09:55 - 2014-03-01 09:55 - 00000000 ____D () C:\Users\Bob B\AppData\Local\Tuguu_SL
2014-03-01 09:09 - 2014-03-01 09:09 - 00000000 ____D () C:\Users\Bob B\AppData\Local\newplayer
2014-03-01 09:08 - 2014-03-04 10:33 - 00001594 _____ () C:\Windows\Tasks\MediaPlayerEnhance-updater.job
2014-03-01 09:08 - 2014-03-04 10:33 - 00001508 _____ () C:\Windows\Tasks\Plus-HD-7.5-updater.job
2014-03-01 09:08 - 2014-03-04 10:33 - 00001464 _____ () C:\Windows\Tasks\Plus-HD-7.5-codedownloader.job
2014-03-01 09:08 - 2014-03-04 10:33 - 00001448 _____ () C:\Windows\Tasks\MediaPlayerEnhance-enabler.job
2014-03-01 09:08 - 2014-03-04 10:33 - 00001362 _____ () C:\Windows\Tasks\Plus-HD-7.5-enabler.job
2014-03-01 09:08 - 2014-03-01 09:08 - 00004624 _____ () C:\Windows\System32\Tasks\MediaPlayerEnhance-updater
2014-03-01 09:08 - 2014-03-01 09:08 - 00004538 _____ () C:\Windows\System32\Tasks\Plus-HD-7.5-updater
2014-03-01 09:08 - 2014-03-01 09:08 - 00004494 _____ () C:\Windows\System32\Tasks\Plus-HD-7.5-codedownloader
2014-03-01 09:08 - 2014-03-01 09:08 - 00004478 _____ () C:\Windows\System32\Tasks\MediaPlayerEnhance-enabler
2014-03-01 09:08 - 2014-03-01 09:08 - 00004392 _____ () C:\Windows\System32\Tasks\Plus-HD-7.5-enabler
2014-03-01 09:08 - 2014-03-01 09:08 - 00001113 _____ () C:\Users\Public\Desktop\NewPlayer.lnk
2014-03-01 09:07 - 2014-03-04 10:33 - 00003120 _____ () C:\Windows\Tasks\MediaPlayerEnhance-chromeinstaller.job
2014-03-01 09:07 - 2014-03-04 10:33 - 00002394 _____ () C:\Windows\Tasks\MediaPlayerEnhance-firefoxinstaller.job
2014-03-01 09:07 - 2014-03-04 10:33 - 00002392 _____ () C:\Windows\Tasks\Plus-HD-7.5-validator.job
2014-03-01 09:07 - 2014-03-04 10:33 - 00002326 _____ () C:\Windows\Tasks\Plus-HD-7.5-firefoxinstaller.job
2014-03-01 09:07 - 2014-03-04 10:33 - 00001550 _____ () C:\Windows\Tasks\MediaPlayerEnhance-codedownloader.job
2014-03-01 09:07 - 2014-03-01 09:08 - 00004580 _____ () C:\Windows\System32\Tasks\MediaPlayerEnhance-codedownloader
2014-03-01 09:07 - 2014-03-01 09:08 - 00000000 ____D () C:\Program Files (x86)\NewPlayer
2014-03-01 09:07 - 2014-03-01 09:07 - 00005422 _____ () C:\Windows\System32\Tasks\Plus-HD-7.5-validator
2014-03-01 09:06 - 2014-03-01 14:52 - 00000000 ____D () C:\Program Files (x86)\MediaPlayerEnhance
2014-03-01 09:06 - 2014-03-01 13:21 - 00000000 ____D () C:\Program Files (x86)\Plus-HD-7.5
2014-03-01 09:06 - 2014-03-01 09:07 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-03-01 09:05 - 2014-03-01 09:08 - 00000000 _____ () C:\END
2014-03-01 09:05 - 2014-03-01 09:07 - 00000000 ____D () C:\Users\Bob B\AppData\Local\SearchProtect
2014-03-01 09:04 - 2014-03-01 09:04 - 00391576 _____ () C:\Users\Bob B\Downloads\Setup(2).exe
2014-02-28 17:57 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-02-28 17:57 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-02-28 17:57 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-02-28 17:57 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-02-28 17:56 - 2014-02-28 17:57 - 00005250 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-02-26 16:28 - 2014-02-26 16:33 - 00000000 ____D () C:\Users\Bob B\Desktop\New folder
2014-02-25 20:05 - 2014-02-25 20:08 - 00000000 ____D () C:\Users\Bob B\Desktop\Photography Info
2014-02-25 19:57 - 2014-02-26 16:30 - 00000000 ____D () C:\Users\Bob B\Desktop\iPhone pictures 2-25-14
2014-02-20 21:24 - 2014-02-20 21:27 - 06605814 _____ () C:\Users\Bob B\Desktop\Sawyer.psd
2014-02-18 06:58 - 2014-02-18 06:58 - 00149466 _____ () C:\Users\Bob B\Desktop\Dad_logo words 3.psd
2014-02-17 10:32 - 2014-02-17 10:32 - 00100124 _____ () C:\Users\Bob B\Desktop\Dad_logo-2-circle.psd
2014-02-17 06:56 - 2014-02-17 06:56 - 00351289 _____ () C:\Users\Bob B\Desktop\Dad_logo-1WhiteS.psd
2014-02-17 06:50 - 2014-02-17 06:50 - 00241578 _____ () C:\Users\Bob B\Desktop\Dad_logo-1White.psd
2014-02-17 06:41 - 2014-02-17 06:41 - 00242646 _____ () C:\Users\Bob B\Desktop\Dad_logo-1.psd
2014-02-16 20:45 - 2014-02-16 20:45 - 00017806 _____ () C:\Users\Bob B\Desktop\Dad_logo.jpf
2014-02-15 10:16 - 2014-02-15 10:16 - 00063488 _____ () C:\Users\Bob B\Downloads\Office2003_SP3Changes.exe
2014-02-15 10:15 - 2014-02-15 10:15 - 00000000 ____D () C:\Office2003SP3Changes
2014-02-06 19:35 - 2014-02-27 09:26 - 00000000 ____D () C:\Users\Bob B\Desktop\Website Pix

==================== One Month Modified Files and Folders =======

2014-03-04 11:15 - 2014-03-04 11:14 - 00013125 _____ () C:\Users\Bob B\Downloads\FRST.txt
2014-03-04 11:14 - 2014-03-04 11:14 - 00000000 ____D () C:\FRST
2014-03-04 11:10 - 2014-03-04 11:09 - 02156544 _____ (Farbar) C:\Users\Bob B\Downloads\FRST64.exe
2014-03-04 10:46 - 2013-04-13 17:24 - 01544198 _____ () C:\Windows\WindowsUpdate.log
2014-03-04 10:43 - 2014-03-04 10:30 - 00002152 _____ () C:\Users\Bob B\Desktop\Rkill.txt
2014-03-04 10:41 - 2009-07-13 23:45 - 00019712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-04 10:41 - 2009-07-13 23:45 - 00019712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-04 10:40 - 2014-03-04 10:40 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Bob B\Downloads\rkill(1)64.exe
2014-03-04 10:40 - 2014-03-04 10:39 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Bob B\Downloads\rkill(1).exe
2014-03-04 10:33 - 2014-03-01 09:08 - 00001594 _____ () C:\Windows\Tasks\MediaPlayerEnhance-updater.job
2014-03-04 10:33 - 2014-03-01 09:08 - 00001508 _____ () C:\Windows\Tasks\Plus-HD-7.5-updater.job
2014-03-04 10:33 - 2014-03-01 09:08 - 00001464 _____ () C:\Windows\Tasks\Plus-HD-7.5-codedownloader.job
2014-03-04 10:33 - 2014-03-01 09:08 - 00001448 _____ () C:\Windows\Tasks\MediaPlayerEnhance-enabler.job
2014-03-04 10:33 - 2014-03-01 09:08 - 00001362 _____ () C:\Windows\Tasks\Plus-HD-7.5-enabler.job
2014-03-04 10:33 - 2014-03-01 09:07 - 00003120 _____ () C:\Windows\Tasks\MediaPlayerEnhance-chromeinstaller.job
2014-03-04 10:33 - 2014-03-01 09:07 - 00002394 _____ () C:\Windows\Tasks\MediaPlayerEnhance-firefoxinstaller.job
2014-03-04 10:33 - 2014-03-01 09:07 - 00002392 _____ () C:\Windows\Tasks\Plus-HD-7.5-validator.job
2014-03-04 10:33 - 2014-03-01 09:07 - 00002326 _____ () C:\Windows\Tasks\Plus-HD-7.5-firefoxinstaller.job
2014-03-04 10:33 - 2014-03-01 09:07 - 00001550 _____ () C:\Windows\Tasks\MediaPlayerEnhance-codedownloader.job
2014-03-04 10:33 - 2013-11-01 11:16 - 00004966 _____ () C:\Windows\setupact.log
2014-03-04 10:33 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-04 10:32 - 2013-11-01 11:15 - 00045196 _____ () C:\Windows\PFRO.log
2014-03-04 10:30 - 2014-03-04 10:30 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Bob B\Downloads\rkill64-12321.exe
2014-03-04 10:30 - 2014-03-04 10:30 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Bob B\Downloads\rkill64.exe
2014-03-04 10:29 - 2014-03-04 10:29 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Bob B\Downloads\rkill.exe
2014-03-04 10:25 - 2014-03-03 10:38 - 00000000 ____D () C:\Users\Bob B\Documents\Personal Expenses
2014-03-04 10:25 - 2012-07-12 14:40 - 00056832 _____ () C:\Users\Bob Burkhard.Dell-1.000\Desktop\PW.xls
2014-03-04 09:43 - 2014-03-04 09:43 - 00844153 _____ () C:\Users\Bob B\Downloads\testleasetransaction.zip
2014-03-03 09:05 - 2013-11-13 14:25 - 00000000 ____D () C:\AdwCleaner
2014-03-03 09:01 - 2014-03-03 09:01 - 01244192 _____ () C:\Users\Bob B\Downloads\AdwCleaner(1).exe
2014-03-02 14:43 - 2014-03-02 14:43 - 00000000 ____D () C:\Users\Bob B\AppData\Roaming\LavasoftStatistics
2014-03-02 14:40 - 2014-03-02 11:19 - 00000000 ____D () C:\Program Files (x86)\Lavasoft
2014-03-02 11:20 - 2014-03-02 11:20 - 00000000 ____D () C:\Users\Bob B\AppData\Roaming\SecureSearch
2014-03-02 11:16 - 2014-03-02 11:16 - 01727624 _____ () C:\Users\Bob B\Downloads\Adaware_Installer.exe
2014-03-02 11:16 - 2014-03-02 11:16 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-03-02 09:25 - 2014-03-01 14:12 - 00000000 ____D () C:\ProgramData\AVG2014
2014-03-02 09:25 - 2014-03-01 14:08 - 00000000 ____D () C:\ProgramData\MFAData
2014-03-01 14:52 - 2014-03-01 09:06 - 00000000 ____D () C:\Program Files (x86)\MediaPlayerEnhance
2014-03-01 14:16 - 2013-04-16 06:07 - 00000000 ____D () C:\Users\Bob B\Desktop\Real Estate
2014-03-01 14:14 - 2014-03-01 14:14 - 00000000 ____D () C:\Users\Bob B\AppData\Roaming\TuneUp Software
2014-03-01 14:14 - 2013-06-20 18:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-01 14:08 - 2014-03-01 14:08 - 04435328 _____ (AVG Technologies) C:\Users\Bob B\Downloads\avg_avct_stb_all_2014_4158_futuretest3.exe
2014-03-01 14:08 - 2014-03-01 14:08 - 00000000 ____D () C:\Users\Bob B\AppData\Local\MFAData
2014-03-01 13:36 - 2013-04-30 10:16 - 00000000 ____D () C:\Users\Bob B\AppData\Local\Citrix
2014-03-01 13:24 - 2014-03-01 13:24 - 00000000 ____D () C:\Program Files\My Dell
2014-03-01 13:22 - 2014-03-01 11:43 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-03-01 13:21 - 2014-03-01 09:06 - 00000000 ____D () C:\Program Files (x86)\Plus-HD-7.5
2014-03-01 11:42 - 2014-03-01 11:42 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Bob B\Downloads\SpyHunter-Installer(2).exe
2014-03-01 11:41 - 2013-12-26 12:19 - 00000000 ____D () C:\Program Files (x86)\SlimCleaner
2014-03-01 09:58 - 2014-03-01 09:58 - 00000000 ___RD () C:\Users\Bob B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-01 09:55 - 2014-03-01 09:55 - 00000000 ____D () C:\Users\Bob B\AppData\Local\Tuguu_SL
2014-03-01 09:09 - 2014-03-01 09:09 - 00000000 ____D () C:\Users\Bob B\AppData\Local\newplayer
2014-03-01 09:08 - 2014-03-01 09:08 - 00004624 _____ () C:\Windows\System32\Tasks\MediaPlayerEnhance-updater
2014-03-01 09:08 - 2014-03-01 09:08 - 00004538 _____ () C:\Windows\System32\Tasks\Plus-HD-7.5-updater
2014-03-01 09:08 - 2014-03-01 09:08 - 00004494 _____ () C:\Windows\System32\Tasks\Plus-HD-7.5-codedownloader
2014-03-01 09:08 - 2014-03-01 09:08 - 00004478 _____ () C:\Windows\System32\Tasks\MediaPlayerEnhance-enabler
2014-03-01 09:08 - 2014-03-01 09:08 - 00004392 _____ () C:\Windows\System32\Tasks\Plus-HD-7.5-enabler
2014-03-01 09:08 - 2014-03-01 09:08 - 00001113 _____ () C:\Users\Public\Desktop\NewPlayer.lnk
2014-03-01 09:08 - 2014-03-01 09:07 - 00004580 _____ () C:\Windows\System32\Tasks\MediaPlayerEnhance-codedownloader
2014-03-01 09:08 - 2014-03-01 09:07 - 00000000 ____D () C:\Program Files (x86)\NewPlayer
2014-03-01 09:08 - 2014-03-01 09:05 - 00000000 _____ () C:\END
2014-03-01 09:07 - 2014-03-01 09:07 - 00005422 _____ () C:\Windows\System32\Tasks\Plus-HD-7.5-validator
2014-03-01 09:07 - 2014-03-01 09:06 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-03-01 09:07 - 2014-03-01 09:05 - 00000000 ____D () C:\Users\Bob B\AppData\Local\SearchProtect
2014-03-01 09:04 - 2014-03-01 09:04 - 00391576 _____ () C:\Users\Bob B\Downloads\Setup(2).exe
2014-02-28 19:55 - 2013-04-15 06:52 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-28 19:55 - 2013-04-15 06:52 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-28 19:54 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-02-28 18:12 - 2013-10-16 10:54 - 00000000 ____D () C:\ProgramData\Oracle
2014-02-28 17:57 - 2014-02-28 17:56 - 00005250 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-02-28 17:57 - 2013-07-20 19:36 - 00000000 ____D () C:\Program Files (x86)\Java
2014-02-28 08:53 - 2013-08-25 19:11 - 00000000 ____D () C:\Users\Bob B\Documents\Fax
2014-02-28 08:53 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-02-27 09:26 - 2014-02-06 19:35 - 00000000 ____D () C:\Users\Bob B\Desktop\Website Pix
2014-02-26 16:33 - 2014-02-26 16:28 - 00000000 ____D () C:\Users\Bob B\Desktop\New folder
2014-02-26 16:30 - 2014-02-25 19:57 - 00000000 ____D () C:\Users\Bob B\Desktop\iPhone pictures 2-25-14
2014-02-26 09:05 - 2014-01-21 08:43 - 00000000 ____D () C:\Users\Bob B\Desktop\Bob Iphone 1-21-14
2014-02-25 20:08 - 2014-02-25 20:05 - 00000000 ____D () C:\Users\Bob B\Desktop\Photography Info
2014-02-25 19:44 - 2013-04-13 15:26 - 00000000 ___RD () C:\Users\Bob B\Desktop\Dropbox
2014-02-20 21:27 - 2014-02-20 21:24 - 06605814 _____ () C:\Users\Bob B\Desktop\Sawyer.psd
2014-02-20 13:09 - 2013-04-21 13:01 - 00000000 ____D () C:\ProgramData\PCDr
2014-02-19 08:42 - 2013-04-14 06:57 - 00000000 ____D () C:\Users\Bob B\AppData\Local\Microsoft Help
2014-02-18 06:58 - 2014-02-18 06:58 - 00149466 _____ () C:\Users\Bob B\Desktop\Dad_logo words 3.psd
2014-02-17 10:32 - 2014-02-17 10:32 - 00100124 _____ () C:\Users\Bob B\Desktop\Dad_logo-2-circle.psd
2014-02-17 06:56 - 2014-02-17 06:56 - 00351289 _____ () C:\Users\Bob B\Desktop\Dad_logo-1WhiteS.psd
2014-02-17 06:50 - 2014-02-17 06:50 - 00241578 _____ () C:\Users\Bob B\Desktop\Dad_logo-1White.psd
2014-02-17 06:41 - 2014-02-17 06:41 - 00242646 _____ () C:\Users\Bob B\Desktop\Dad_logo-1.psd
2014-02-16 20:45 - 2014-02-16 20:45 - 00017806 _____ () C:\Users\Bob B\Desktop\Dad_logo.jpf
2014-02-16 20:45 - 2013-04-13 17:25 - 00000000 ____D () C:\Users\Bob B\AppData\Local\VirtualStore
2014-02-15 10:16 - 2014-02-15 10:16 - 00063488 _____ () C:\Users\Bob B\Downloads\Office2003_SP3Changes.exe
2014-02-15 10:15 - 2014-02-15 10:15 - 00000000 ____D () C:\Office2003SP3Changes
2014-02-11 12:34 - 2013-12-23 14:16 - 00000000 ____D () C:\Users\Bob B\Desktop\Adobe
2014-02-07 18:03 - 2014-01-02 09:42 - 00000000 ____D () C:\Users\Bob B\Desktop\HOUSE TEST
2014-02-04 15:52 - 2013-12-17 09:58 - 00018432 ___SH () C:\Users\Bob B\Thumbs.db
2014-02-03 21:21 - 2009-07-14 00:13 - 00778834 _____ () C:\Windows\system32\PerfStringBackup.INI

Some content of TEMP:
====================
C:\Users\Bob B\AppData\Local\Temp\00471d4b-2d28-4ab3-adb8-d40d09c7db03.exe
C:\Users\Bob B\AppData\Local\Temp\BackupSetup.exe
C:\Users\Bob B\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Bob B\AppData\Local\Temp\nsgE613.exe
C:\Users\Bob B\AppData\Local\Temp\nsl263A.exe
C:\Users\Bob B\AppData\Local\Temp\nsw1AE4.exe
C:\Users\Bob B\AppData\Local\Temp\nswE058.exe
C:\Users\Bob B\AppData\Local\Temp\oi_{35A42747-C9FC-4842-BA06-BB38A11406CA}.exe
C:\Users\Bob B\AppData\Local\Temp\SHSetup.exe
C:\Users\Bob B\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Bob B\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\Bob B\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-28 08:32

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-03-2014
Ran by Bob B at 2014-03-04 11:15:48
Running from C:\Users\Bob B\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

Adobe Photoshop Lightroom 5.3 64-bit (HKLM\...\{2DD71ACB-552D-402C-9529-7906ACB95C30}) (Version: 5.3.1 - Adobe Systems Incorporated)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MF4500 Series (HKLM\...\{D00E997B-D651-4ec9-B02A-BC8F867CA98C}) (Version: 3.8.0.0 - Canon Inc.)
Canon MG5300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.06 - Piriform)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1107.115.102 - ALPS ELECTRIC CO., LTD.)
Dropbox (HKCU\...\Dropbox) (Version: 2.0.22 - Dropbox, Inc.)
iTunes (HKLM\...\{A535111D-95C8-487F-869E-CE4C239972D2}) (Version: 11.1.1.11 - Apple Inc.)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Photomatix Pro version 4.2.7 (HKLM\...\PhotomatixPro42x64_is1) (Version: 4.2.7 - HDRsoft Ltd)
Windows Driver Package - SCM Microsystems Inc. (S3XXx64) SmartCardReader  (06/21/2012 4.58.00.00) (HKLM\...\57841905894C3347E9668291702274F7FE786AB8) (Version: 06/21/2012 4.58.00.00 - SCM Microsystems Inc.)

==================== Restore Points  =========================

02-03-2014 14:16:52 Removed AVG 2014
02-03-2014 14:21:17 Removed AVG 2014
02-03-2014 14:22:24 Removed Visual Studio 2012 x64 Redistributables
02-03-2014 14:22:48 Removed Visual Studio 2012 x86 Redistributables
02-03-2014 16:16:14 AA11
02-03-2014 19:41:06 AA11
02-03-2014 19:41:58 AA11
02-03-2014 19:49:25 Removed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

==================== Hosts content: ==========================

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0685DAD1-92B3-47AE-99BD-746C53869E5F} - System32\Tasks\SlimCleaner Run => C:\Program Files (x86)\SlimCleaner\SlimCleaner.exe [2013-07-10] (SlimWare Utilities, Inc.)
Task: {068A25AA-63F7-41F5-83A1-A1B3D12D6154} - System32\Tasks\MediaPlayerEnhance-firefoxinstaller => C:\Program Files (x86)\MediaPlayerEnhance\MediaPlayerEnhance-firefoxinstaller.exe
Task: {279F6C26-2557-46AC-90B6-7540AE327D99} - System32\Tasks\MediaPlayerEnhance-updater => C:\Program Files (x86)\MediaPlayerEnhance\MediaPlayerEnhance-updater.exe
Task: {31C86C96-EAC3-4E48-8BE1-4462AE34FE30} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {37FD70D6-45C2-43EA-8638-D2E392C18391} - System32\Tasks\Plus-HD-7.5-codedownloader => C:\Program Files (x86)\Plus-HD-7.5\Plus-HD-7.5-codedownloader.exe [2014-03-01] (Plus HD) <==== ATTENTION
Task: {45EEC164-387E-4575-AFD1-FD44B004A226} - System32\Tasks\AdobeAAMUpdater-1.0-Dell-1-Bob B => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-06-16] (Adobe Systems Incorporated)
Task: {6BE1324C-1EB6-4885-9E8A-02344ED4FFCE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {836A6F65-65E5-4F31-A78A-9A585D7EF3B3} - System32\Tasks\Plus-HD-7.5-enabler => C:\Program Files (x86)\Plus-HD-7.5\Plus-HD-7.5-enabler.exe [2014-03-01] (Plus HD) <==== ATTENTION
Task: {8C298BBE-76FA-4BD5-8D48-3961567CEB2A} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe
Task: {9D097619-CE15-4508-8212-FE41C16008C1} - System32\Tasks\MediaPlayerEnhance-codedownloader => C:\Program Files (x86)\MediaPlayerEnhance\MediaPlayerEnhance-codedownloader.exe
Task: {9EB909E1-29C2-42EF-94AE-08FAC47C8D20} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {A799C132-9C58-4271-B241-997F1A49AA83} - System32\Tasks\Plus-HD-7.5-firefoxinstaller => C:\Program Files (x86)\Plus-HD-7.5\Plus-HD-7.5-firefoxinstaller.exe [2014-03-01] (Plus HD) <==== ATTENTION
Task: {AB4435F7-A725-4E46-A5F1-4AF127C6B715} - System32\Tasks\Plus-HD-7.5-validator => C:\Program Files (x86)\Plus-HD-7.5\Plus-HD-7.5-validator.exe [2014-03-01] (Plus HD) <==== ATTENTION
Task: {E9BA0428-36AA-4B79-9113-B5A82F3618F2} - System32\Tasks\MediaPlayerEnhance-enabler => C:\Program Files (x86)\MediaPlayerEnhance\MediaPlayerEnhance-enabler.exe <==== ATTENTION
Task: {E9D17E4A-ABC3-410C-9FBF-35C6DDC3E12E} - System32\Tasks\MediaPlayerEnhance-chromeinstaller => C:\Program Files (x86)\MediaPlayerEnhance\MediaPlayerEnhance-chromeinstaller.exe
Task: {F27FF8C1-5A60-4C63-A35D-5A4BA9BF97C2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: {FE5A3025-87F2-431D-997E-56EDE7DC8848} - System32\Tasks\Plus-HD-7.5-updater => C:\Program Files (x86)\Plus-HD-7.5\Plus-HD-7.5-updater.exe [2014-03-01] (Plus HD) <==== ATTENTION
Task: C:\Windows\Tasks\MediaPlayerEnhance-chromeinstaller.job => C:\Program Files (x86)\MediaPlayerEnhance\MediaPlayerEnhance-chromeinstaller.exe
Task: C:\Windows\Tasks\MediaPlayerEnhance-codedownloader.job => C:\Program Files (x86)\MediaPlayerEnhance\MediaPlayerEnhance-codedownloader.exe
Task: C:\Windows\Tasks\MediaPlayerEnhance-enabler.job => C:\Program Files (x86)\MediaPlayerEnhance\MediaPlayerEnhance-enabler.exe <==== ATTENTION
Task: C:\Windows\Tasks\MediaPlayerEnhance-firefoxinstaller.job => C:\Program Files (x86)\MediaPlayerEnhance\MediaPlayerEnhance-firefoxinstaller.exe
Task: C:\Windows\Tasks\MediaPlayerEnhance-updater.job => C:\Program Files (x86)\MediaPlayerEnhance\MediaPlayerEnhance-updater.exe
Task: C:\Windows\Tasks\Plus-HD-7.5-codedownloader.job => C:\Program Files (x86)\Plus-HD-7.5\Plus-HD-7.5-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-7.5-enabler.job => C:\Program Files (x86)\Plus-HD-7.5\Plus-HD-7.5-enabler.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-7.5-firefoxinstaller.job => C:\Program Files (x86)\Plus-HD-7.5\Plus-HD-7.5-firefoxinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-7.5-updater.job => C:\Program Files (x86)\Plus-HD-7.5\Plus-HD-7.5-updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-7.5-validator.job => C:\Program Files (x86)\Plus-HD-7.5\Plus-HD-7.5-validator.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2014-02-25 10:00 - 2014-02-25 10:00 - 00011776 _____ () C:\Program Files (x86)\NewPlayer\NewPlayerUpdaterService.exe
2013-01-28 15:08 - 2013-01-28 15:08 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-01-28 15:08 - 2013-01-28 15:08 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-11-13 15:29 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-11-13 15:29 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-04-19 20:29 - 2003-03-26 17:46 - 00135168 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsImgIO.dll
2013-04-19 20:29 - 2006-10-12 14:14 - 00036864 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuUpdater.dll
2013-04-19 20:29 - 2007-06-26 19:27 - 00167936 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\SSsltsa.dll
2013-11-13 15:29 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-11-13 15:29 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-11-13 15:29 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-11-13 14:55 - 2014-02-15 10:07 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-12-05 09:17 - 2013-12-05 09:17 - 16237448 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: AdobeActiveFileMonitor11.0 => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\startupfolder: C:^Users^Bob B^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: AVG_UI => "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
MSCONFIG\startupreg: CanonSolutionMenuEx => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/03/2014 08:03:27 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_stisvc, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: CNCLSI38a.DLL_unloaded, version: 0.0.0.0, time stamp: 0x4c457265
Exception code: 0xc0000005
Fault offset: 0x00000000012771b3
Faulting process id: 0x5f8
Faulting application start time: 0xsvchost.exe_stisvc0
Faulting application path: svchost.exe_stisvc1
Faulting module path: svchost.exe_stisvc2
Report Id: svchost.exe_stisvc3

Error: (03/02/2014 02:41:35 PM) (Source: MsiInstaller) (User: Dell-1)
Description: Product: AdAwareUpdater -- Error 2203. Database: C:\Windows\Installer\121c8e0.ipi. Cannot open database file. System error -2147287035.

Error: (03/02/2014 09:24:45 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070013, The media is write protected.
.

Error: (03/02/2014 09:24:45 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x80070013, The media is write protected.
]

Error: (03/02/2014 09:24:45 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070013, The media is write protected.
.

Error: (03/02/2014 09:24:45 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x80070013, The media is write protected.
]

Error: (03/02/2014 08:46:32 AM) (Source: Application Error) (User: )
Description: Faulting application name: firefox.exe, version: 27.0.1.5156, time stamp: 0x52fc0faa
Faulting module name: xul.dll, version: 27.0.1.5156, time stamp: 0x52fc0f79
Exception code: 0xc0000005
Fault offset: 0x001560c7
Faulting process id: 0x5dc
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3

Error: (03/02/2014 08:22:12 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_stisvc, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: CNCL4500.DLL_unloaded, version: 0.0.0.0, time stamp: 0x4c4571fc
Exception code: 0xc0000005
Fault offset: 0x00000000002b4ec0
Faulting process id: 0xcd0
Faulting application start time: 0xsvchost.exe_stisvc0
Faulting application path: svchost.exe_stisvc1
Faulting module path: svchost.exe_stisvc2
Report Id: svchost.exe_stisvc3

Error: (03/01/2014 01:22:50 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.16428, time stamp: 0x525b664c
Faulting module name: AcroIEFavClient.dll, version: 8.0.0.0, time stamp: 0x453c6d32
Exception code: 0xc0000005
Fault offset: 0x00014465
Faulting process id: 0x1c20
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (02/28/2014 01:57:38 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_stisvc, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: CNCL4500.DLL_unloaded, version: 0.0.0.0, time stamp: 0x4c4571fc
Exception code: 0xc0000005
Fault offset: 0x0000000000684ec0
Faulting process id: 0x1288
Faulting application start time: 0xsvchost.exe_stisvc0
Faulting application path: svchost.exe_stisvc1
Faulting module path: svchost.exe_stisvc2
Report Id: svchost.exe_stisvc3


System errors:
=============
Error: (03/04/2014 10:34:36 AM) (Source: Service Control Manager) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053

Error: (03/04/2014 10:34:36 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (03/03/2014 01:24:38 PM) (Source: DCOM) (User: )
Description: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

Error: (03/03/2014 08:03:36 AM) (Source: Service Control Manager) (User: )
Description: The Windows Image Acquisition (WIA) service terminated unexpectedly.  It has done this 1 time(s).

Error: (03/02/2014 08:51:28 AM) (Source: Service Control Manager) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053

Error: (03/02/2014 08:51:28 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (03/02/2014 08:22:21 AM) (Source: Service Control Manager) (User: )
Description: The Windows Image Acquisition (WIA) service terminated unexpectedly.  It has done this 1 time(s).

Error: (03/02/2014 08:22:06 AM) (Source: Server) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{37B82EDE-6860-4854-ABB3-D03820104E1C} because another computer on the network has the same name.  The server could not start.

Error: (03/01/2014 02:17:57 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 2:16:36 PM on ‎3/‎1/‎2014 was unexpected.

Error: (03/01/2014 02:16:34 PM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 44%
Total physical RAM: 4056.36 MB
Available physical RAM: 2268.89 MB
Total Pagefile: 8110.91 MB
Available Pagefile: 6143.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:253.51 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 399C3867)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#4 Juliet

Juliet

    SuperHelper

  • Classroom Teacher
  • 7,063 posts
  • Interests:Boo!....
  • MVP

Posted 04 March 2014 - 11:06 AM

yes, it's correct.

Please go to add/remove programs and remove
NewPlayer

~~~~~~~~~~
Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)
 

start
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [Search Protection] - C:\ProgramData\Search Protection\SearchProtection.exe
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [1351968 2014-02-24] (Conduit)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [1047328 2014-02-24] (Conduit)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...6AE15321C&SSPV=
SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...rchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...rchTerms}&SSPV=
SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://securedsearch...q={searchTerms}
BHO: Plus-HD-7.5 - {11111111-1111-1111-1111-110511071176} - C:\Program Files (x86)\Plus-HD-7.5\Plus-HD-7.5-bho64.dll (Plus HD)
BHO-x32: No Name - {C4401D0E-088C-4AD4-B14A-8D6B1181A5E4} - No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
FF NewTab: hxxp://search.conduit.com/?ctid=CT3324317&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=&Lay=1&UM=4&UP=SP6DDFB950-B662-4136-877C-4286AE15321C
FF Keyword.URL: hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_8&idate=__installtime__&hsimp=yhs-lavasoft&ent=bs&q=
FF HKCU\...\Firefox\Extensions: [sp2@sp.com] - C:\Program Files (x86)\Social Privacy\FF\
S2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2363168 2014-02-24] (Conduit)
R2 NewPlayerUpdaterService; C:\Program Files (x86)\NewPlayer\NewPlayerUpdaterService.exe [11776 2014-02-25] ()
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
2014-03-01 09:09 - 2014-03-01 09:09 - 00000000 ____D () C:\Users\Bob B\AppData\Local\newplayer
C:\Users\Public\Desktop\NewPlayer.lnk
C:\Program Files (x86)\SearchProtect
014-03-01 09:05 - 2014-03-01 09:07 - 00000000 ____D () C:\Users\Bob B\AppData\Local\SearchProtect
C:\Users\Bob B\AppData\Local\Temp\00471d4b-2d28-4ab3-adb8-d40d09c7db03.exe
C:\Users\Bob B\AppData\Local\Temp\BackupSetup.exe
C:\Users\Bob B\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Bob B\AppData\Local\Temp\nsgE613.exe
C:\Users\Bob B\AppData\Local\Temp\nsl263A.exe
C:\Users\Bob B\AppData\Local\Temp\nsw1AE4.exe
C:\Users\Bob B\AppData\Local\Temp\nswE058.exe
C:\Users\Bob B\AppData\Local\Temp\oi_{35A42747-C9FC-4842-BA06-BB38A11406CA}.exe
C:\Users\Bob B\AppData\Local\Temp\SHSetup.exe
C:\Users\Bob B\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Bob B\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\Bob B\AppData\Local\Temp\vcredist_x64.exe
Task: {37FD70D6-45C2-43EA-8638-D2E392C18391} - System32\Tasks\Plus-HD-7.5-codedownloader => C:\Program Files (x86)\Plus-HD-7.5\Plus-HD-7.5-codedownloader.exe [2014-03-01] (Plus HD) <==== ATTENTION
Task: {836A6F65-65E5-4F31-A78A-9A585D7EF3B3} - System32\Tasks\Plus-HD-7.5-enabler => C:\Program Files (x86)\Plus-HD-7.5\Plus-HD-7.5-enabler.exe [2014-03-01] (Plus HD) <==== ATTENTION
Task: {A799C132-9C58-4271-B241-997F1A49AA83} - System32\Tasks\Plus-HD-7.5-firefoxinstaller => C:\Program Files (x86)\Plus-HD-7.5\Plus-HD-7.5-firefoxinstaller.exe [2014-03-01] (Plus HD) <==== ATTENTION
Task: {AB4435F7-A725-4E46-A5F1-4AF127C6B715} - System32\Tasks\Plus-HD-7.5-validator => C:\Program Files (x86)\Plus-HD-7.5\Plus-HD-7.5-validator.exe [2014-03-01] (Plus HD) <==== ATTENTION
Task: {E9BA0428-36AA-4B79-9113-B5A82F3618F2} - System32\Tasks\MediaPlayerEnhance-enabler => C:\Program Files (x86)\MediaPlayerEnhance\MediaPlayerEnhance-enabler.exe <==== ATTENTION
Task: {FE5A3025-87F2-431D-997E-56EDE7DC8848} - System32\Tasks\Plus-HD-7.5-updater => C:\Program Files (x86)\Plus-HD-7.5\Plus-HD-7.5-updater.exe [2014-03-01] (Plus HD) <==== ATTENTION
Task: C:\Windows\Tasks\MediaPlayerEnhance-enabler.job => C:\Program Files (x86)\MediaPlayerEnhance\MediaPlayerEnhance-enabler.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-7.5-codedownloader.job => C:\Program Files (x86)\Plus-HD-7.5\Plus-HD-7.5-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-7.5-enabler.job => C:\Program Files (x86)\Plus-HD-7.5\Plus-HD-7.5-enabler.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-7.5-firefoxinstaller.job => C:\Program Files (x86)\Plus-HD-7.5\Plus-HD-7.5-firefoxinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-7.5-updater.job => C:\Program Files (x86)\Plus-HD-7.5\Plus-HD-7.5-updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-7.5-validator.job => C:\Program Files (x86)\Plus-HD-7.5\Plus-HD-7.5-validator.exe <==== ATTENTION
2014-02-25 10:00 - 2014-02-25 10:00 - 00011776 _____ () C:\Program Files (x86)\NewPlayer\NewPlayerUpdaterService.exe
Reboot:
end


Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system


~~~~~~~~~~~~~~~~~~~~~~~~~

-AdwCleaner-by Xplode

Click on this link to download : ADWCleaner
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

Do not click on any links in the top Advertisment.


adwcleaner_download.png
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


thisisujrt.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Please post:
Fixlog.txt
C:\AdwCleaner.txt
JRT.txt
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...

Want to help others? Join the ClassRoom and learn how.
MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#5 bobburk3

bobburk3

    Authentic Member

  • Authentic Member
  • PipPip
  • 35 posts

Posted 04 March 2014 - 12:01 PM

I want to make sure I do this correctly. Are you saying to past the contents of the box over the top or the contents currently in the notepad file (overwrite the current file), or below it?



#6 Juliet

Juliet

    SuperHelper

  • Classroom Teacher
  • 7,063 posts
  • Interests:Boo!....
  • MVP

Posted 04 March 2014 - 01:22 PM

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

First, re-locate your download of FRST to desktop (because you had run it from your downloads folder)
then, copy and paste the script I created in the quote box from my previous reply and save it, when it ask save as type in fixlist.txt, look for where you can save it to and designate desktop.
Then locate the FRST icon on your desktop and place the fixlist.txt beside it
Then open FRST and click on the Fix button just once and wait.
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...

Want to help others? Join the ClassRoom and learn how.
MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#7 bobburk3

bobburk3

    Authentic Member

  • Authentic Member
  • PipPip
  • 35 posts

Posted 05 March 2014 - 09:09 AM

I'm sorry. I'm still not clear on the directions. I have copied the box contents to notepad and then saved it to my desktop as fixlist.txt. The FRST icon is in the system tray at the bottom of my computer screen and I don't know how to copy it to my desktop (if that's what you are asking me to do). FRST64.exe is still in my downloads also. I slso don't understand what you mean by placing fixlist.txt beside the FRST icon.



#8 bobburk3

bobburk3

    Authentic Member

  • Authentic Member
  • PipPip
  • 35 posts

Posted 05 March 2014 - 09:17 AM

OK, I finally figured out how to get the FRST64 icon onto my desktop and I placed it next to fixlist.txt on the desktop.



#9 bobburk3

bobburk3

    Authentic Member

  • Authentic Member
  • PipPip
  • 35 posts

Posted 05 March 2014 - 09:45 AM

Log generated after scan:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-03-2014
Ran by Bob B (administrator) on DELL-1 on 05-03-2014 10:19:43
Running from C:\Users\Bob B\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
() C:\Program Files (x86)\NewPlayer\NewPlayerUpdaterService.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE
(Microsoft Corporation) C:\Windows\system32\calc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [384296 2010-04-05] (Alps Electric Co., Ltd.)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] - C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKLM-x32\...\Run: [ScanSnap WIA Service Checker] - C:\Windows\SSDriver\fi5110\SsWiaChecker.exe [86016 2009-09-30] (PFU LIMITED)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Carbonite Backup] - C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1056264 2013-10-10] (Carbonite, Inc.)
HKLM-x32\...\Run: [Search Protection] - C:\ProgramData\Search Protection\SearchProtection.exe
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-11-15] (Microsoft Corporation)
HKU\S-1-5-21-4004932578-999774799-4059474116-1000\...\Run: [AdobeBridge] - [X]
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [1351968 2014-02-24] (Conduit)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [1047328 2014-02-24] (Conduit)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...6AE15321C&SSPV=
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x696A59449638CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...rchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...rchTerms}&SSPV=
SearchScopes: HKCU - {1C5FFA2B-D111-41AB-873B-C152E4799460} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://securedsearch...q={searchTerms}
BHO: Plus-HD-7.5 - {11111111-1111-1111-1111-110511071176} - C:\Program Files (x86)\Plus-HD-7.5\Plus-HD-7.5-bho64.dll (Plus HD)
BHO-x32: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: Plus-HD-7.5 - {11111111-1111-1111-1111-110511071176} - C:\Program Files (x86)\Plus-HD-7.5\Plus-HD-7.5-bho.dll (Plus HD)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {C4401D0E-088C-4AD4-B14A-8D6B1181A5E4} -  No File
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{145E688C-0E1D-4FC7-9A28-29DFD35E263A}: [NameServer]8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{37B82EDE-6860-4854-ABB3-D03820104E1C}: [NameServer]8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer]8.8.8.8,8.8.4.4

FireFox:
========
FF ProfilePath: C:\Users\Bob B\AppData\Roaming\Mozilla\Firefox\Profiles\vp7u5c19.default
FF NewTab: hxxp://search.conduit.com/?ctid=CT3324317&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=&Lay=1&UM=4&UP=SP6DDFB950-B662-4136-877C-4286AE15321C
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF Homepage: hxxp://www.yahoo.com/
FF Keyword.URL: hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_8&idate=__installtime__&hsimp=yhs-lavasoft&ent=bs&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Bob B\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\adawaretb.xml
FF Extension: Plus-HD-7.5 - C:\Users\Bob B\AppData\Roaming\Mozilla\Firefox\Profiles\vp7u5c19.default\Extensions\18c66c1d-05d8-4e58-8b16-c4df04ed638e@e204c3e4-8076-4eb9-b628-0fe8abef45e2.com [2014-03-04]
FF Extension: No Name - C:\Users\Bob B\AppData\Roaming\Mozilla\Firefox\Profiles\vp7u5c19.default\Extensions\staged [2014-03-04]
FF HKCU\...\Firefox\Extensions: [sp2@sp.com] - C:\Program Files (x86)\Social Privacy\FF\

==================== Services (Whitelisted) =================

S4 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated)
S2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2363168 2014-02-24] (Conduit)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R2 NewPlayerUpdaterService; C:\Program Files (x86)\NewPlayer\NewPlayerUpdaterService.exe [11776 2014-02-25] ()
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-05 10:19 - 2014-03-05 10:19 - 00013379 _____ () C:\Users\Bob B\Desktop\FRST.txt
2014-03-05 10:14 - 2014-03-05 09:56 - 02157056 _____ (Farbar) C:\Users\Bob B\Desktop\FRST64.exe
2014-03-05 09:56 - 2014-03-05 09:56 - 00000000 ____D () C:\Users\Bob B\Downloads\FRST-OlderVersion
2014-03-05 09:51 - 2014-03-05 09:51 - 00005051 _____ () C:\Users\Bob B\Desktop\fixlist.txt
2014-03-04 11:15 - 2014-03-04 11:16 - 00018500 _____ () C:\Users\Bob B\Downloads\Addition.txt
2014-03-04 11:14 - 2014-03-05 10:19 - 00000000 ____D () C:\FRST
2014-03-04 11:14 - 2014-03-04 11:16 - 00031498 _____ () C:\Users\Bob B\Downloads\FRST.txt
2014-03-04 11:09 - 2014-03-05 09:56 - 02157056 _____ (Farbar) C:\Users\Bob B\Downloads\FRST64.exe
2014-03-04 10:39 - 2014-03-04 10:40 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Bob B\Downloads\rkill(1).exe
2014-03-04 10:30 - 2014-03-04 10:43 - 00002152 _____ () C:\Users\Bob B\Desktop\Rkill.txt
2014-03-04 10:30 - 2014-03-04 10:30 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Bob B\Downloads\rkill64-12321.exe
2014-03-04 10:30 - 2014-03-04 10:30 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Bob B\Downloads\rkill64.exe
2014-03-04 10:29 - 2014-03-04 10:29 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Bob B\Downloads\rkill.exe
2014-03-04 09:43 - 2014-03-04 09:43 - 00844153 _____ () C:\Users\Bob B\Downloads\testleasetransaction.zip
2014-03-03 10:38 - 2014-03-04 20:46 - 00000000 ____D () C:\Users\Bob B\Documents\Personal Expenses
2014-03-03 09:01 - 2014-03-03 09:01 - 01244192 _____ () C:\Users\Bob B\Downloads\AdwCleaner(1).exe
2014-03-02 14:43 - 2014-03-02 14:43 - 00000000 ____D () C:\Users\Bob B\AppData\Roaming\LavasoftStatistics
2014-03-02 11:20 - 2014-03-02 11:20 - 00000000 ____D () C:\Users\Bob B\AppData\Roaming\SecureSearch
2014-03-02 11:19 - 2014-03-02 14:40 - 00000000 ____D () C:\Program Files (x86)\Lavasoft
2014-03-02 11:16 - 2014-03-02 11:16 - 01727624 _____ () C:\Users\Bob B\Downloads\Adaware_Installer.exe
2014-03-02 11:16 - 2014-03-02 11:16 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-03-01 14:14 - 2014-03-01 14:14 - 00000000 ____D () C:\Users\Bob B\AppData\Roaming\TuneUp Software
2014-03-01 14:12 - 2014-03-02 09:25 - 00000000 ____D () C:\ProgramData\AVG2014
2014-03-01 14:08 - 2014-03-02 09:25 - 00000000 ____D () C:\ProgramData\MFAData
2014-03-01 14:08 - 2014-03-01 14:08 - 04435328 _____ (AVG Technologies) C:\Users\Bob B\Downloads\avg_avct_stb_all_2014_4158_futuretest3.exe
2014-03-01 14:08 - 2014-03-01 14:08 - 00000000 ____D () C:\Users\Bob B\AppData\Local\MFAData
2014-03-01 13:24 - 2014-03-01 13:24 - 00000000 ____D () C:\Program Files\My Dell
2014-03-01 11:43 - 2014-03-01 13:22 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-03-01 11:42 - 2014-03-01 11:42 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Bob B\Downloads\SpyHunter-Installer(2).exe
2014-03-01 09:58 - 2014-03-01 09:58 - 00000000 ___RD () C:\Users\Bob B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-01 09:55 - 2014-03-01 09:55 - 00000000 ____D () C:\Users\Bob B\AppData\Local\Tuguu_SL
2014-03-01 09:09 - 2014-03-01 09:09 - 00000000 ____D () C:\Users\Bob B\AppData\Local\newplayer
2014-03-01 09:08 - 2014-03-05 09:08 - 00001594 _____ () C:\Windows\Tasks\MediaPlayerEnhance-updater.job
2014-03-01 09:08 - 2014-03-05 09:08 - 00001508 _____ () C:\Windows\Tasks\Plus-HD-7.5-updater.job
2014-03-01 09:08 - 2014-03-05 09:08 - 00001464 _____ () C:\Windows\Tasks\Plus-HD-7.5-codedownloader.job
2014-03-01 09:08 - 2014-03-05 09:08 - 00001448 _____ () C:\Windows\Tasks\MediaPlayerEnhance-enabler.job
2014-03-01 09:08 - 2014-03-05 09:08 - 00001362 _____ () C:\Windows\Tasks\Plus-HD-7.5-enabler.job
2014-03-01 09:08 - 2014-03-01 09:08 - 00004624 _____ () C:\Windows\System32\Tasks\MediaPlayerEnhance-updater
2014-03-01 09:08 - 2014-03-01 09:08 - 00004538 _____ () C:\Windows\System32\Tasks\Plus-HD-7.5-updater
2014-03-01 09:08 - 2014-03-01 09:08 - 00004494 _____ () C:\Windows\System32\Tasks\Plus-HD-7.5-codedownloader
2014-03-01 09:08 - 2014-03-01 09:08 - 00004478 _____ () C:\Windows\System32\Tasks\MediaPlayerEnhance-enabler
2014-03-01 09:08 - 2014-03-01 09:08 - 00004392 _____ () C:\Windows\System32\Tasks\Plus-HD-7.5-enabler
2014-03-01 09:07 - 2014-03-05 09:12 - 00002326 _____ () C:\Windows\Tasks\Plus-HD-7.5-firefoxinstaller.job
2014-03-01 09:07 - 2014-03-05 09:08 - 00001550 _____ () C:\Windows\Tasks\MediaPlayerEnhance-codedownloader.job
2014-03-01 09:07 - 2014-03-05 09:07 - 00003120 _____ () C:\Windows\Tasks\MediaPlayerEnhance-chromeinstaller.job
2014-03-01 09:07 - 2014-03-05 09:07 - 00002394 _____ () C:\Windows\Tasks\MediaPlayerEnhance-firefoxinstaller.job
2014-03-01 09:07 - 2014-03-05 09:07 - 00002392 _____ () C:\Windows\Tasks\Plus-HD-7.5-validator.job
2014-03-01 09:07 - 2014-03-01 09:08 - 00004580 _____ () C:\Windows\System32\Tasks\MediaPlayerEnhance-codedownloader
2014-03-01 09:07 - 2014-03-01 09:08 - 00000000 ____D () C:\Program Files (x86)\NewPlayer
2014-03-01 09:07 - 2014-03-01 09:07 - 00005422 _____ () C:\Windows\System32\Tasks\Plus-HD-7.5-validator
2014-03-01 09:06 - 2014-03-01 14:52 - 00000000 ____D () C:\Program Files (x86)\MediaPlayerEnhance
2014-03-01 09:06 - 2014-03-01 13:21 - 00000000 ____D () C:\Program Files (x86)\Plus-HD-7.5
2014-03-01 09:06 - 2014-03-01 09:07 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-03-01 09:05 - 2014-03-01 09:08 - 00000000 _____ () C:\END
2014-03-01 09:05 - 2014-03-01 09:07 - 00000000 ____D () C:\Users\Bob B\AppData\Local\SearchProtect
2014-03-01 09:04 - 2014-03-01 09:04 - 00391576 _____ () C:\Users\Bob B\Downloads\Setup(2).exe
2014-02-28 17:57 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-02-28 17:57 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-02-28 17:57 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-02-28 17:57 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-02-28 17:56 - 2014-02-28 17:57 - 00005250 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-02-26 16:28 - 2014-02-26 16:33 - 00000000 ____D () C:\Users\Bob B\Desktop\New folder
2014-02-25 20:05 - 2014-02-25 20:08 - 00000000 ____D () C:\Users\Bob B\Desktop\Photography Info
2014-02-25 19:57 - 2014-02-26 16:30 - 00000000 ____D () C:\Users\Bob B\Desktop\iPhone pictures 2-25-14
2014-02-20 21:24 - 2014-02-20 21:27 - 06605814 _____ () C:\Users\Bob B\Desktop\Sawyer.psd
2014-02-18 06:58 - 2014-02-18 06:58 - 00149466 _____ () C:\Users\Bob B\Desktop\Dad_logo words 3.psd
2014-02-17 10:32 - 2014-02-17 10:32 - 00100124 _____ () C:\Users\Bob B\Desktop\Dad_logo-2-circle.psd
2014-02-17 06:56 - 2014-02-17 06:56 - 00351289 _____ () C:\Users\Bob B\Desktop\Dad_logo-1WhiteS.psd
2014-02-17 06:50 - 2014-02-17 06:50 - 00241578 _____ () C:\Users\Bob B\Desktop\Dad_logo-1White.psd
2014-02-17 06:41 - 2014-02-17 06:41 - 00242646 _____ () C:\Users\Bob B\Desktop\Dad_logo-1.psd
2014-02-16 20:45 - 2014-02-16 20:45 - 00017806 _____ () C:\Users\Bob B\Desktop\Dad_logo.jpf
2014-02-15 10:16 - 2014-02-15 10:16 - 00063488 _____ () C:\Users\Bob B\Downloads\Office2003_SP3Changes.exe
2014-02-15 10:15 - 2014-02-15 10:15 - 00000000 ____D () C:\Office2003SP3Changes
2014-02-06 19:35 - 2014-02-27 09:26 - 00000000 ____D () C:\Users\Bob B\Desktop\Website Pix

==================== One Month Modified Files and Folders =======

2014-03-05 10:19 - 2014-03-05 10:19 - 00013379 _____ () C:\Users\Bob B\Desktop\FRST.txt
2014-03-05 10:19 - 2014-03-04 11:14 - 00000000 ____D () C:\FRST
2014-03-05 09:56 - 2014-03-05 10:14 - 02157056 _____ (Farbar) C:\Users\Bob B\Desktop\FRST64.exe
2014-03-05 09:56 - 2014-03-05 09:56 - 00000000 ____D () C:\Users\Bob B\Downloads\FRST-OlderVersion
2014-03-05 09:56 - 2014-03-04 11:09 - 02157056 _____ (Farbar) C:\Users\Bob B\Downloads\FRST64.exe
2014-03-05 09:51 - 2014-03-05 09:51 - 00005051 _____ () C:\Users\Bob B\Desktop\fixlist.txt
2014-03-05 09:12 - 2014-03-01 09:07 - 00002326 _____ () C:\Windows\Tasks\Plus-HD-7.5-firefoxinstaller.job
2014-03-05 09:08 - 2014-03-01 09:08 - 00001594 _____ () C:\Windows\Tasks\MediaPlayerEnhance-updater.job
2014-03-05 09:08 - 2014-03-01 09:08 - 00001508 _____ () C:\Windows\Tasks\Plus-HD-7.5-updater.job
2014-03-05 09:08 - 2014-03-01 09:08 - 00001464 _____ () C:\Windows\Tasks\Plus-HD-7.5-codedownloader.job
2014-03-05 09:08 - 2014-03-01 09:08 - 00001448 _____ () C:\Windows\Tasks\MediaPlayerEnhance-enabler.job
2014-03-05 09:08 - 2014-03-01 09:08 - 00001362 _____ () C:\Windows\Tasks\Plus-HD-7.5-enabler.job
2014-03-05 09:08 - 2014-03-01 09:07 - 00001550 _____ () C:\Windows\Tasks\MediaPlayerEnhance-codedownloader.job
2014-03-05 09:07 - 2014-03-01 09:07 - 00003120 _____ () C:\Windows\Tasks\MediaPlayerEnhance-chromeinstaller.job
2014-03-05 09:07 - 2014-03-01 09:07 - 00002394 _____ () C:\Windows\Tasks\MediaPlayerEnhance-firefoxinstaller.job
2014-03-05 09:07 - 2014-03-01 09:07 - 00002392 _____ () C:\Windows\Tasks\Plus-HD-7.5-validator.job
2014-03-05 08:43 - 2013-04-13 17:24 - 01558131 _____ () C:\Windows\WindowsUpdate.log
2014-03-04 20:46 - 2014-03-03 10:38 - 00000000 ____D () C:\Users\Bob B\Documents\Personal Expenses
2014-03-04 16:09 - 2013-04-13 15:25 - 00000000 ____D () C:\Users\Bob B\Documents\Scott's Folder
2014-03-04 11:16 - 2014-03-04 11:15 - 00018500 _____ () C:\Users\Bob B\Downloads\Addition.txt
2014-03-04 11:16 - 2014-03-04 11:14 - 00031498 _____ () C:\Users\Bob B\Downloads\FRST.txt
2014-03-04 10:43 - 2014-03-04 10:30 - 00002152 _____ () C:\Users\Bob B\Desktop\Rkill.txt
2014-03-04 10:41 - 2009-07-13 23:45 - 00019712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-04 10:41 - 2009-07-13 23:45 - 00019712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-04 10:40 - 2014-03-04 10:39 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Bob B\Downloads\rkill(1).exe
2014-03-04 10:33 - 2013-11-01 11:16 - 00004966 _____ () C:\Windows\setupact.log
2014-03-04 10:33 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-04 10:32 - 2013-11-01 11:15 - 00045196 _____ () C:\Windows\PFRO.log
2014-03-04 10:30 - 2014-03-04 10:30 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Bob B\Downloads\rkill64-12321.exe
2014-03-04 10:30 - 2014-03-04 10:30 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Bob B\Downloads\rkill64.exe
2014-03-04 10:29 - 2014-03-04 10:29 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Bob B\Downloads\rkill.exe
2014-03-04 10:25 - 2012-07-12 14:40 - 00056832 _____ () C:\Users\Bob Burkhard.Dell-1.000\Desktop\PW.xls
2014-03-04 09:43 - 2014-03-04 09:43 - 00844153 _____ () C:\Users\Bob B\Downloads\testleasetransaction.zip
2014-03-03 09:05 - 2013-11-13 14:25 - 00000000 ____D () C:\AdwCleaner
2014-03-03 09:01 - 2014-03-03 09:01 - 01244192 _____ () C:\Users\Bob B\Downloads\AdwCleaner(1).exe
2014-03-02 14:43 - 2014-03-02 14:43 - 00000000 ____D () C:\Users\Bob B\AppData\Roaming\LavasoftStatistics
2014-03-02 14:40 - 2014-03-02 11:19 - 00000000 ____D () C:\Program Files (x86)\Lavasoft
2014-03-02 11:20 - 2014-03-02 11:20 - 00000000 ____D () C:\Users\Bob B\AppData\Roaming\SecureSearch
2014-03-02 11:16 - 2014-03-02 11:16 - 01727624 _____ () C:\Users\Bob B\Downloads\Adaware_Installer.exe
2014-03-02 11:16 - 2014-03-02 11:16 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-03-02 09:25 - 2014-03-01 14:12 - 00000000 ____D () C:\ProgramData\AVG2014
2014-03-02 09:25 - 2014-03-01 14:08 - 00000000 ____D () C:\ProgramData\MFAData
2014-03-01 14:52 - 2014-03-01 09:06 - 00000000 ____D () C:\Program Files (x86)\MediaPlayerEnhance
2014-03-01 14:16 - 2013-04-16 06:07 - 00000000 ____D () C:\Users\Bob B\Desktop\Real Estate
2014-03-01 14:14 - 2014-03-01 14:14 - 00000000 ____D () C:\Users\Bob B\AppData\Roaming\TuneUp Software
2014-03-01 14:14 - 2013-06-20 18:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-01 14:08 - 2014-03-01 14:08 - 04435328 _____ (AVG Technologies) C:\Users\Bob B\Downloads\avg_avct_stb_all_2014_4158_futuretest3.exe
2014-03-01 14:08 - 2014-03-01 14:08 - 00000000 ____D () C:\Users\Bob B\AppData\Local\MFAData
2014-03-01 13:36 - 2013-04-30 10:16 - 00000000 ____D () C:\Users\Bob B\AppData\Local\Citrix
2014-03-01 13:24 - 2014-03-01 13:24 - 00000000 ____D () C:\Program Files\My Dell
2014-03-01 13:22 - 2014-03-01 11:43 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-03-01 13:21 - 2014-03-01 09:06 - 00000000 ____D () C:\Program Files (x86)\Plus-HD-7.5
2014-03-01 11:42 - 2014-03-01 11:42 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Bob B\Downloads\SpyHunter-Installer(2).exe
2014-03-01 11:41 - 2013-12-26 12:19 - 00000000 ____D () C:\Program Files (x86)\SlimCleaner
2014-03-01 09:58 - 2014-03-01 09:58 - 00000000 ___RD () C:\Users\Bob B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-01 09:55 - 2014-03-01 09:55 - 00000000 ____D () C:\Users\Bob B\AppData\Local\Tuguu_SL
2014-03-01 09:09 - 2014-03-01 09:09 - 00000000 ____D () C:\Users\Bob B\AppData\Local\newplayer
2014-03-01 09:08 - 2014-03-01 09:08 - 00004624 _____ () C:\Windows\System32\Tasks\MediaPlayerEnhance-updater
2014-03-01 09:08 - 2014-03-01 09:08 - 00004538 _____ () C:\Windows\System32\Tasks\Plus-HD-7.5-updater
2014-03-01 09:08 - 2014-03-01 09:08 - 00004494 _____ () C:\Windows\System32\Tasks\Plus-HD-7.5-codedownloader
2014-03-01 09:08 - 2014-03-01 09:08 - 00004478 _____ () C:\Windows\System32\Tasks\MediaPlayerEnhance-enabler
2014-03-01 09:08 - 2014-03-01 09:08 - 00004392 _____ () C:\Windows\System32\Tasks\Plus-HD-7.5-enabler
2014-03-01 09:08 - 2014-03-01 09:07 - 00004580 _____ () C:\Windows\System32\Tasks\MediaPlayerEnhance-codedownloader
2014-03-01 09:08 - 2014-03-01 09:07 - 00000000 ____D () C:\Program Files (x86)\NewPlayer
2014-03-01 09:08 - 2014-03-01 09:05 - 00000000 _____ () C:\END
2014-03-01 09:07 - 2014-03-01 09:07 - 00005422 _____ () C:\Windows\System32\Tasks\Plus-HD-7.5-validator
2014-03-01 09:07 - 2014-03-01 09:06 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-03-01 09:07 - 2014-03-01 09:05 - 00000000 ____D () C:\Users\Bob B\AppData\Local\SearchProtect
2014-03-01 09:04 - 2014-03-01 09:04 - 00391576 _____ () C:\Users\Bob B\Downloads\Setup(2).exe
2014-02-28 19:55 - 2013-04-15 06:52 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-28 19:55 - 2013-04-15 06:52 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-28 19:54 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-02-28 18:12 - 2013-10-16 10:54 - 00000000 ____D () C:\ProgramData\Oracle
2014-02-28 17:57 - 2014-02-28 17:56 - 00005250 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-02-28 17:57 - 2013-07-20 19:36 - 00000000 ____D () C:\Program Files (x86)\Java
2014-02-28 08:53 - 2013-08-25 19:11 - 00000000 ____D () C:\Users\Bob B\Documents\Fax
2014-02-28 08:53 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-02-27 09:26 - 2014-02-06 19:35 - 00000000 ____D () C:\Users\Bob B\Desktop\Website Pix
2014-02-26 16:33 - 2014-02-26 16:28 - 00000000 ____D () C:\Users\Bob B\Desktop\New folder
2014-02-26 16:30 - 2014-02-25 19:57 - 00000000 ____D () C:\Users\Bob B\Desktop\iPhone pictures 2-25-14
2014-02-26 09:05 - 2014-01-21 08:43 - 00000000 ____D () C:\Users\Bob B\Desktop\Bob Iphone 1-21-14
2014-02-25 20:08 - 2014-02-25 20:05 - 00000000 ____D () C:\Users\Bob B\Desktop\Photography Info
2014-02-25 19:44 - 2013-04-13 15:26 - 00000000 ___RD () C:\Users\Bob B\Desktop\Dropbox
2014-02-20 21:27 - 2014-02-20 21:24 - 06605814 _____ () C:\Users\Bob B\Desktop\Sawyer.psd
2014-02-20 13:09 - 2013-04-21 13:01 - 00000000 ____D () C:\ProgramData\PCDr
2014-02-19 08:42 - 2013-04-14 06:57 - 00000000 ____D () C:\Users\Bob B\AppData\Local\Microsoft Help
2014-02-18 06:58 - 2014-02-18 06:58 - 00149466 _____ () C:\Users\Bob B\Desktop\Dad_logo words 3.psd
2014-02-17 10:32 - 2014-02-17 10:32 - 00100124 _____ () C:\Users\Bob B\Desktop\Dad_logo-2-circle.psd
2014-02-17 06:56 - 2014-02-17 06:56 - 00351289 _____ () C:\Users\Bob B\Desktop\Dad_logo-1WhiteS.psd
2014-02-17 06:50 - 2014-02-17 06:50 - 00241578 _____ () C:\Users\Bob B\Desktop\Dad_logo-1White.psd
2014-02-17 06:41 - 2014-02-17 06:41 - 00242646 _____ () C:\Users\Bob B\Desktop\Dad_logo-1.psd
2014-02-16 20:45 - 2014-02-16 20:45 - 00017806 _____ () C:\Users\Bob B\Desktop\Dad_logo.jpf
2014-02-16 20:45 - 2013-04-13 17:25 - 00000000 ____D () C:\Users\Bob B\AppData\Local\VirtualStore
2014-02-15 10:16 - 2014-02-15 10:16 - 00063488 _____ () C:\Users\Bob B\Downloads\Office2003_SP3Changes.exe
2014-02-15 10:15 - 2014-02-15 10:15 - 00000000 ____D () C:\Office2003SP3Changes
2014-02-11 12:34 - 2013-12-23 14:16 - 00000000 ____D () C:\Users\Bob B\Desktop\Adobe
2014-02-07 18:03 - 2014-01-02 09:42 - 00000000 ____D () C:\Users\Bob B\Desktop\HOUSE TEST
2014-02-04 15:52 - 2013-12-17 09:58 - 00018432 ___SH () C:\Users\Bob B\Thumbs.db
2014-02-03 21:21 - 2009-07-14 00:13 - 00778834 _____ () C:\Windows\system32\PerfStringBackup.INI

Some content of TEMP:
====================
C:\Users\Bob B\AppData\Local\Temp\00471d4b-2d28-4ab3-adb8-d40d09c7db03.exe
C:\Users\Bob B\AppData\Local\Temp\BackupSetup.exe
C:\Users\Bob B\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Bob B\AppData\Local\Temp\nsgE613.exe
C:\Users\Bob B\AppData\Local\Temp\nsl263A.exe
C:\Users\Bob B\AppData\Local\Temp\nsw1AE4.exe
C:\Users\Bob B\AppData\Local\Temp\nswE058.exe
C:\Users\Bob B\AppData\Local\Temp\oi_{35A42747-C9FC-4842-BA06-BB38A11406CA}.exe
C:\Users\Bob B\AppData\Local\Temp\SHSetup.exe
C:\Users\Bob B\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Bob B\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\Bob B\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-28 08:32

==================== End Of Log ============================



#10 Juliet

Juliet

    SuperHelper

  • Classroom Teacher
  • 7,063 posts
  • Interests:Boo!....
  • MVP

Posted 05 March 2014 - 10:30 AM

Were you able to run AdwCleaner and JRT?
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...

Want to help others? Join the ClassRoom and learn how.
MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

    Advertisements

Register to Remove


#11 bobburk3

bobburk3

    Authentic Member

  • Authentic Member
  • PipPip
  • 35 posts

Posted 05 March 2014 - 11:24 AM

Yes, here is the JRT.txt file:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Home Premium x64
Ran by Bob B on Wed 03/05/2014 at 11:14:59.81
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dynconie.dynconieobject
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dynconie.dynconieobject.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2830488C-079B-45C2-88B6-AFE4EAA2DF85}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{781CA792-9B6E-400B-B36F-15C097D2CA54}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4004932578-999774799-4059474116-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{1C5FFA2B-D111-41AB-873B-C152E4799460}



~~~ Files

Successfully deleted: [File] C:\Windows\Tasks\Plus-HD-7.5-validator.job



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\ustechsupport"
Successfully deleted: [Folder] "C:\Users\Bob B\AppData\Roaming\ustechsupport"
Successfully deleted: [Folder] "C:\Program Files (x86)\ustechsupport"



~~~ FireFox

Successfully deleted the following from C:\Users\Bob B\AppData\Roaming\mozilla\firefox\profiles\vp7u5c19.default\prefs.js

user_pref("extensions.crossrider.bic", "1449302137323082ad34c5499b52f355");
user_pref("keyword.URL", "hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_8&idate=__installtime__&hsimp=yhs-lavasoft&ent=bs&q=");
Emptied folder: C:\Users\Bob B\AppData\Roaming\mozilla\firefox\profiles\vp7u5c19.default\minidumps [63 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 03/05/2014 at 11:23:15.63
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#12 bobburk3

bobburk3

    Authentic Member

  • Authentic Member
  • PipPip
  • 35 posts

Posted 05 March 2014 - 11:33 AM

I noticed that when I open a new tab now, I don't get the Conduit Search page.



#13 Juliet

Juliet

    SuperHelper

  • Classroom Teacher
  • 7,063 posts
  • Interests:Boo!....
  • MVP

Posted 05 March 2014 - 11:39 AM

Were you able to run AdwCleaner?
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...

Want to help others? Join the ClassRoom and learn how.
MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#14 bobburk3

bobburk3

    Authentic Member

  • Authentic Member
  • PipPip
  • 35 posts

Posted 05 March 2014 - 12:03 PM

Yes, here is AdwCleaner[S1].txt:

 

# AdwCleaner v3.020 - Report created 05/03/2014 at 11:00:05
# Updated 27/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Bob B - DELL-1
# Running from : C:\Users\Bob B\Desktop\AdwCleaner(2).exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : CltMngSvc

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\NewPlayer
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Program Files (x86)\MediaPlayerEnhance
Folder Deleted : C:\Program Files (x86)\Plus-HD-7.5
Folder Deleted : C:\Users\Bob B\AppData\Local\BrowserSafeguard
Folder Deleted : C:\Users\Bob B\AppData\Local\NewPlayer
Folder Deleted : C:\Users\Bob B\AppData\Local\SearchProtect
Folder Deleted : C:\Users\Bob B\AppData\LocalLow\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Bob B\AppData\Roaming\Mozilla\Firefox\Profiles\vp7u5c19.default\Extensions\18c66c1d-05d8-4e58-8b16-c4df04ed638e@e204c3e4-8076-4eb9-b628-0fe8abef45e2.com
File Deleted : C:\END
File Deleted : C:\Users\BOBB~1\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\adawaretb.xml
File Deleted : C:\Windows\Tasks\MediaPlayerEnhance-chromeinstaller.job
File Deleted : C:\Windows\System32\Tasks\MediaPlayerEnhance-chromeinstaller
File Deleted : C:\Windows\Tasks\MediaPlayerEnhance-codedownloader.job
File Deleted : C:\Windows\System32\Tasks\MediaPlayerEnhance-codedownloader
File Deleted : C:\Windows\Tasks\MediaPlayerEnhance-enabler.job
File Deleted : C:\Windows\System32\Tasks\MediaPlayerEnhance-enabler
File Deleted : C:\Windows\Tasks\MediaPlayerEnhance-firefoxinstaller.job
File Deleted : C:\Windows\System32\Tasks\MediaPlayerEnhance-firefoxinstaller
File Deleted : C:\Windows\Tasks\MediaPlayerEnhance-updater.job
File Deleted : C:\Windows\System32\Tasks\MediaPlayerEnhance-updater
File Deleted : C:\Windows\Tasks\Plus-HD-7.5-codedownloader.job
File Deleted : C:\Windows\System32\Tasks\Plus-HD-7.5-codedownloader
File Deleted : C:\Windows\Tasks\Plus-HD-7.5-enabler.job
File Deleted : C:\Windows\System32\Tasks\Plus-HD-7.5-enabler
File Deleted : C:\Windows\Tasks\Plus-HD-7.5-firefoxinstaller.job
File Deleted : C:\Windows\System32\Tasks\Plus-HD-7.5-firefoxinstaller
File Deleted : C:\Windows\Tasks\Plus-HD-7.5-updater.job
File Deleted : C:\Windows\System32\Tasks\Plus-HD-7.5-updater

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Search Protection]
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0044150.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0044150.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0044150.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0044150.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0050776.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0050776.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0050776.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0050776.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411411150}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511071176}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422412250}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522072276}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455415550}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555075576}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466416650}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566076676}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440444414450}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544074476}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511071176}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110411411150}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110511071176}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c95b251b-7567-4d60-abbc-8abfcade4bb0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{daf7e0a7-c1ef-4f95-856f-ae568128a39f}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0b1e3db8-9521-444a-ad6a-033a43ab31ca}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{54765974-2282-4142-9303-bb7fc68715e7}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511071176}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422412250}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522072276}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455415550}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555075576}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466416650}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566076676}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511071176}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c95b251b-7567-4d60-abbc-8abfcade4bb0}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{daf7e0a7-c1ef-4f95-856f-ae568128a39f}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0b1e3db8-9521-444a-ad6a-033a43ab31ca}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{54765974-2282-4142-9303-bb7fc68715e7}
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
Key Deleted : HKCU\Software\AppDataLow\Software\MediaPlayerEnhance
Key Deleted : HKCU\Software\AppDataLow\Software\Plus-HD-7.5
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\Software\MediaPlayerEnhance
Key Deleted : HKLM\Software\Plus-HD-7.5
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\Bob B\AppData\Roaming\Mozilla\Firefox\Profiles\vp7u5c19.default\prefs.js ]

Line Deleted : user_pref("browser.newtab.url", "hxxp://search.conduit.com/?ctid=CT3324317&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=&Lay=1&UM=4&UP=SP6DDFB950-B662-4136-877C-4286AE15321C");
Line Deleted : user_pref("extensions.a18c66c1d05d84e588b16c4df04ed638ee204c3e480764eb9b6280fe8abef45e2com50776.50776.InstallationThankYouPage", false);
Line Deleted : user_pref("extensions.a18c66c1d05d84e588b16c4df04ed638ee204c3e480764eb9b6280fe8abef45e2com50776.50776.InstallationTime", 1393682793);
Line Deleted : user_pref("extensions.a18c66c1d05d84e588b16c4df04ed638ee204c3e480764eb9b6280fe8abef45e2com50776.50776.active", true);
Line Deleted : user_pref("extensions.a18c66c1d05d84e588b16c4df04ed638ee204c3e480764eb9b6280fe8abef45e2com50776.50776.addressbar", "NA");
Line Deleted : user_pref("extensions.a18c66c1d05d84e588b16c4df04ed638ee204c3e480764eb9b6280fe8abef45e2com50776.50776.addressbarenhanced", "");
Line Deleted : user_pref("extensions.a18c66c1d05d84e588b16c4df04ed638ee204c3e480764eb9b6280fe8abef45e2com50776.50776.asyncdb.was_copied", "true");
Line Deleted : user_pref("extensions.a18c66c1d05d84e588b16c4df04ed638ee204c3e480764eb9b6280fe8abef45e2com50776.50776.asyncdb_dbWasSet", true);
Line Deleted : user_pref("extensions.a18c66c1d05d84e588b16c4df04ed638ee204c3e480764eb9b6280fe8abef45e2com50776.50776.asyncdb_dbWasSet_FF25_FIX", true);
Line Deleted : user_pref("extensions.a18c66c1d05d84e588b16c4df04ed638ee204c3e480764eb9b6280fe8abef45e2com50776.50776.asyncinternaldb.was_copied", "true");
Line Deleted : user_pref("extensions.a18c66c1d05d84e588b16c4df04ed638ee204c3e480764eb9b6280fe8abef45e2com50776.50776.asyncinternaldb_dbWasSet", true);
Line Deleted : user_pref("extensions.a18c66c1d05d84e588b16c4df04ed638ee204c3e480764eb9b6280fe8abef45e2com50776.50776.asyncinternaldb_dbWasSet_FF25_FIX", true);
Line Deleted : user_pref("extensions.a18c66c1d05d84e588b16c4df04ed638ee204c3e480764eb9b6280fe8abef45e2com50776.50776.backgroundver", 1);
Line Deleted : user_pref("extensions.a18c66c1d05d84e588b16c4df04ed638ee204c3e480764eb9b6280fe8abef45e2com50776.50776.certdomaininstaller", "");
Line Deleted : user_pref("extensions.a18c66c1d05d84e588b16c4df04ed638ee204c3e480764eb9b6280fe8abef45e2com50776.50776.changeprevious", false);
Line Deleted : user_pref("extensions.a18c66c1d05d84e588b16c4df04ed638ee204c3e480764eb9b6280fe8abef45e2com50776.50776.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.a18c66c1d05d84e588b16c4df04ed638ee204c3e480764eb9b6280fe8abef45e2com50776.50776.cookie.InstallationTime.value", "%221393682793%22");
Line Deleted : user_pref("extensions.a18c66c1d05d84e588b16c4df04ed638ee204c3e480764eb9b6280fe8abef45e2com50776.50776.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.a18c66c1d05d84e588b16c4df04ed638ee204c3e480764eb9b6280fe8abef45e2com50776.50776.cookie.InstallerParams.value", "%7B%22source_id%22%3A%22001143%22%2C%22sub_id%22%3A%220%22%2C%22uz[...]
Line Deleted : user_pref("extensions.a18c66c1d05d84e588b16c4df04ed638ee204c3e480764eb9b6280fe8abef45e2com50776.50776.cookie.jw_token.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.a18c66c1d05d84e588b16c4df04ed638ee204c3e480764eb9b6280fe8abef45e2com50776.50776.cookie.jw_token.value", "%22ddaac01d-d32e-7f28-02c2-6cd23119e4af%22");
Line Deleted : user_pref("extensions.a18c66c1d05d84e588b16c4df04ed638ee204c3e480764eb9b6280fe8abef45e2com50776.50776.description", "Turn YouTube videos to High Definition by default");
Line Deleted : user_pref("extensions.a18c66c1d05d84e588b16c4df04ed638ee204c3e480764eb9b6280fe8abef45e2com50776.50776.domain", "");
Line Deleted : user_pref("extensions.a18c66c1d05d84e588b16c4df04ed638ee204c3e480764eb9b6280fe8abef45e2com50776.50776.enablesearch", false);
Line Deleted : user_pref("extensions.a18c66c1d05d84e588b16c4df04ed638ee204c3e480764eb9b6280fe8abef45e2com50776.50776.homepage", "");
Line Deleted : user_pref("extensions.a18c66c1d05d84e588b16c4df04ed638ee204c3e480764eb9b6280fe8abef45e2com50776.50776.iframe", false);
Line Deleted : user_pref("extensions.a18c66c1d05d84e588b16c4df04ed638ee204c3e480764eb9b6280fe8abef45e2com50776.50776.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard [...]
Line Deleted : user_pref("extensions.a18c66c1d05d84e588b16c4df04ed638ee204c3e480764eb9b6280fe8abef45e2com50776.50776.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%2252EA028EBF1F4C4B8F1284172C9E1[...]
Line Deleted : user_pref("extensions.a18c66c1d05d84e588b16c4df04ed638ee204c3e480764eb9b6280fe8abef45e2com50776.50776.internaldb.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)[...]
Line Deleted : user_pref("extensions.a18c66c1d05d84e588b16c4df04ed638ee204c3e480764eb9b6280fe8abef45e2com50776.50776.internaldb.InstallerParams.value", "%7B%22source_id%22%3A%22001143%22%2C%22sub_id%22%3A%220%22%2C%[...]
Line Deleted : user_pref("extensions.a18c66c1d05d84e588b16c4df04ed638ee204c3e480764eb9b6280fe8abef45e2com50776.50776.internaldb.InstallerParamsCache.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard [...]
Line Deleted : user_pref("extensions.a18c66c1d05d84e588b16c4df04ed638ee204c3e480764eb9b6280fe8abef45e2com50776.50776.internaldb.InstallerParamsCache.value", "%7B%22source_id%22%3A%22001143%22%2C%22sub_id%22%3A%220%2[...]
Line Deleted : user_pref("extensions.a18c66c1d05d84e588b16c4df04ed638ee204c3e480764eb9b6280fe8abef45e2com50776.50776.internaldb.InstallerUserIdentifiersCache.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern [...]
Line Deleted : user_pref("extensions.a18c66c1d05d84e588b16c4df04ed638ee204c3e480764eb9b6280fe8abef45e2com50776.50776.internaldb.InstallerUserIdentifiersCache.value", "%7B%22installer_bic%22%3A%2252EA028EBF1F4C4B8F12[...]
Line Deleted : user_pref("extensions.a18c66c1d05d84e588b16c4df04ed638ee204c3e480764eb9b6280fe8abef45e2com50776.50776.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time[...]
Line Deleted : user_pref("extensions.a18c66c1d05d84e588b16c4df04ed638ee204c3e480764eb9b6280fe8abef45e2com50776.50776.internaldb.Resources_appVer.value", "35");
Line Deleted : user_pref("extensions.a18c66c1d05d84e588b16c4df04ed638ee204c3e480764eb9b6280fe8abef45e2com50776.50776.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard[...]
Line Deleted : user_pref("extensions.a18c66c1d05d84e588b16c4df04ed638ee204c3e480764eb9b6280fe8abef45e2com50776.50776.internaldb.Resources_lastVersion.value", "1");
Line Deleted : user_pref("extensions.a18c66c1d05d84e588b16c4df04ed638ee204c3e480764eb9b6280fe8abef45e2com50776.50776.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)"[...]
Line Deleted : user_pref("extensions.a18c66c1d05d84e588b16c4df04ed638ee204c3e480764eb9b6280fe8abef45e2com50776.50776.internaldb.Resources_meta.value", "%7B%7D");
Line Deleted : user_pref("extensions.a18c66c1d05d84e588b16c4df04ed638ee204c3e480764eb9b6280fe8abef45e2com50776.50776.internaldb.Resources_nextCheck.expiration", "Wed Mar 05 2014 13:56:27 GMT-0500 (Eastern Standard T[...]
Line Deleted : user_pref("extensions.a18c66c1d05d84e588b16c4df04ed638ee204c3e480764eb9b6280fe8abef45e2com50776.50776.internaldb.Resources_nextCheck.value", "true");
Line Deleted : user_pref("extensions.a18c66c1d05d84e588b16c4df04ed638ee204c3e480764eb9b6280fe8abef45e2com50776.50776.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)[...]
Line Deleted : user_pref("extensions.a18c66c1d05d84e588b16c4df04ed638ee204c3e480764eb9b6280fe8abef45e2com50776.50776.internaldb.Resources_queue.value", "%7B%7D");
Line Deleted : user_pref("extensions.a18c66c1d05d84e588b16c4df04ed638ee204c3e480764eb9b6280fe8abef45e2com50776.50776.internaldb.Resources_remote_resources.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Sta[...]
Line Deleted : user_pref("extensions.a18c66c1d05d84e588b16c4df04ed638ee204c3e480764eb9b6280fe8abef45e2com50776.50776.internaldb.Resources_remote_resources.value", "%7B%22remoteId%22%3A0%7D");
Line Deleted : user_pref("extensions.a18c66c1d05d84e588b16c4df04ed638ee204c3e480764eb9b6280fe8abef45e2com50776.50776.internaldb.__defualt_browser__.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard T[...]
Line Deleted : user_pref("extensions.a18c66c1d05d84e588b16c4df04ed638ee204c3e480764eb9b6280fe8abef45e2com50776.50776.internaldb.__defualt_browser__.value", "%22ff%22");
Line Deleted : user_pref("extensions.a18c66c1d05d84e588b16c4df04ed638ee204c3e480764eb9b6280fe8abef45e2com50776.50776.internaldb.installer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.a18c66c1d05d84e588b16c4df04ed638ee204c3e480764eb9b6280fe8abef45e2com50776.50776.internaldb.installer.value", "%7B%22InstallerIdentifiers%22%3A%7B%22installer_bic%22%3A%2252EA028E[...]
Line Deleted : user_pref("extensions.a18c66c1d05d84e588b16c4df04ed638ee204c3e480764eb9b6280fe8abef45e2com50776.50776.internaldb.monetization_plugin_bundledUrls.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Easter[...]
Line Deleted : user_pref("extensions.a18c66c1d05d84e588b16c4df04ed638ee204c3e480764eb9b6280fe8abef45e2com50776.50776.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
Line Deleted : user_pref("extensions.a18c66c1d05d84e588b16c4df04ed638ee204c3e480764eb9b6280fe8abef45e2com50776.50776.internaldb.monetization_plugin_bundledWithHash.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Ea[...]
Line Deleted : user_pref("extensions.a18c66c1d05d84e588b16c4df04ed638ee204c3e480764eb9b6280fe8abef45e2com50776.50776.internaldb.monetization_plugin_bundledWithHash.value", "null");
Line Deleted : user_pref("extensions.a18c66c1d05d84e588b16c4df04ed638ee204c3e480764eb9b6280fe8abef45e2com50776.50776.internaldb.monetization_plugin_last_executable_request.expiration", "Wed Mar 05 2014 22:49:07 GMT-[...]
Line Deleted : user_pref("extensions.a18c66c1d05d84e588b16c4df04ed638ee204c3e480764eb9b6280fe8abef45e2com50776.50776.internaldb.monetization_plugin_last_executable_request.value", "%22hxxp%3A//download.bleepingcompu[...]
Line Deleted : user_pref("extensions.a18c66c1d05d84e588b16c4df04ed638ee204c3e480764eb9b6280fe8abef45e2com50776.50776.internaldb.monetization_plugin_notBundledArr_.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eas[...]
Line Deleted : user_pref("extensions.a18c66c1d05d84e588b16c4df04ed638ee204c3e480764eb9b6280fe8abef45e2com50776.50776.internaldb.monetization_plugin_notBundledArr_.value", "%5B%5D");
Line Deleted : user_pref("extensions.a18c66c1d05d84e588b16c4df04ed638ee204c3e480764eb9b6280fe8abef45e2com50776.50776.lastDailyReport", "1394021649140");
Line Deleted : user_pref("extensions.a18c66c1d05d84e588b16c4df04ed638ee204c3e480764eb9b6280fe8abef45e2com50776.50776.lastUpdate", "1394024187821");
Line Deleted : user_pref("extensions.a18c66c1d05d84e588b16c4df04ed638ee204c3e480764eb9b6280fe8abef45e2com50776.50776.manifesturl", "");
Line Deleted : user_pref("extensions.a18c66c1d05d84e588b16c4df04ed638ee204c3e480764eb9b6280fe8abef45e2com50776.50776.name", "Plus-HD-7.5");
Line Deleted : user_pref("extensions.a18c66c1d05d84e588b16c4df04ed638ee204c3e480764eb9b6280fe8abef45e2com50776.50776.newtab", "");
Line Deleted : user_pref("extensions.a18c66c1d05d84e588b16c4df04ed638ee204c3e480764eb9b6280fe8abef45e2com50776.50776.opensearch", "");
Line Deleted : user_pref("extensions.a18c66c1d05d84e588b16c4df04ed638ee204c3e480764eb9b6280fe8abef45e2com50776.50776.pluginsurl", "hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/apps/50776/plugins/093/ff/plugins.json");
Line Deleted : user_pref("extensions.a18c66c1d05d84e588b16c4df04ed638ee204c3e480764eb9b6280fe8abef45e2com50776.50776.pluginsversion", 31);
Line Deleted : user_pref("extensions.a18c66c1d05d84e588b16c4df04ed638ee204c3e480764eb9b6280fe8abef45e2com50776.50776.publisher", "Plus HD");
Line Deleted : user_pref("extensions.a18c66c1d05d84e588b16c4df04ed638ee204c3e480764eb9b6280fe8abef45e2com50776.50776.searchstatus", 0);
Line Deleted : user_pref("extensions.a18c66c1d05d84e588b16c4df04ed638ee204c3e480764eb9b6280fe8abef45e2com50776.50776.setnewtab", false);
Line Deleted : user_pref("extensions.a18c66c1d05d84e588b16c4df04ed638ee204c3e480764eb9b6280fe8abef45e2com50776.50776.thankyou", "");
Line Deleted : user_pref("extensions.a18c66c1d05d84e588b16c4df04ed638ee204c3e480764eb9b6280fe8abef45e2com50776.50776.updateinterval", 360);
Line Deleted : user_pref("extensions.a18c66c1d05d84e588b16c4df04ed638ee204c3e480764eb9b6280fe8abef45e2com50776.50776.ver", 35);
Line Deleted : user_pref("extensions.a18c66c1d05d84e588b16c4df04ed638ee204c3e480764eb9b6280fe8abef45e2com50776.FilesValidatorDueTime", "1394021649106");
Line Deleted : user_pref("extensions.a18c66c1d05d84e588b16c4df04ed638ee204c3e480764eb9b6280fe8abef45e2com50776.apps", "50776");
Line Deleted : user_pref("extensions.a18c66c1d05d84e588b16c4df04ed638ee204c3e480764eb9b6280fe8abef45e2com50776.bic", "1447df9ca8ea0e90fb360d4204843280");
Line Deleted : user_pref("extensions.a18c66c1d05d84e588b16c4df04ed638ee204c3e480764eb9b6280fe8abef45e2com50776.cid", 50776);
Line Deleted : user_pref("extensions.a18c66c1d05d84e588b16c4df04ed638ee204c3e480764eb9b6280fe8abef45e2com50776.firstrun", false);
Line Deleted : user_pref("extensions.a18c66c1d05d84e588b16c4df04ed638ee204c3e480764eb9b6280fe8abef45e2com50776.hadappinstalled", true);
Line Deleted : user_pref("extensions.a18c66c1d05d84e588b16c4df04ed638ee204c3e480764eb9b6280fe8abef45e2com50776.installationdate", 1393947474);
Line Deleted : user_pref("extensions.a18c66c1d05d84e588b16c4df04ed638ee204c3e480764eb9b6280fe8abef45e2com50776.modetype", "production");
Line Deleted : user_pref("extensions.a18c66c1d05d84e588b16c4df04ed638ee204c3e480764eb9b6280fe8abef45e2com50776.reportInstall", true);
Line Deleted : user_pref("extensions.a18c66c1d05d84e588b16c4df04ed638ee204c3e480764eb9b6280fe8abef45e2com50776.statsDailyCounter", 3);
Line Deleted : user_pref("extensions.crossrider.bic", "1447df9ca8ea0e90fb360d4204843280");
Line Deleted : user_pref("extensions.dynconff.cache.addons.mozilla.org.content", "<package expire=\"3600\" es=\"914\" pcdids=\"_1520_1164_1524_1146_1169_1348_1482_1493_1521\"><content id=\"MB_P1\">\r\n <newjs>\r\n <[...]
Line Deleted : user_pref("extensions.dynconff.cache.answers.yahoo.com.content", "<package expire=\"3600\" es=\"914\" pcdids=\"_1520_1581_1164_1524_1146_1169_1348_1482_1493_1521\"><content id=\"MB_P1\">\r\n <newjs>\r[...]
Line Deleted : user_pref("extensions.dynconff.cache.browsersafeguard.com.content", "<package expire=\"3600\" es=\"914\" pcdids=\"_1520_1164_1524_1146_1169_1348_1482_1493_1521\"><content id=\"MB_P1\">\r\n <newjs>\r\n[...]
Line Deleted : user_pref("extensions.dynconff.cache.mrislistings.mris.com.content", "<package expire=\"3600\" es=\"914\" pcdids=\"_1520_1164_1524_1146_1169_1348_1482_1493_1521\"><content id=\"MB_P1\">\r\n <newjs>\r\[...]
Line Deleted : user_pref("extensions.dynconff.cache.my.yahoo.com.content", "<package expire=\"3600\" es=\"914\" pcdids=\"_1520_1581_1164_1524_1146_1169_1348_1482_1493_1521\"><content id=\"MB_P1\">\r\n <newjs>\r\n <![...]
Line Deleted : user_pref("extensions.dynconff.cache.www.docusign.com.content", "<package expire=\"3600\" es=\"914\" pcdids=\"_1520_1164_1524_1146_1169_1348_1482_1493_1521\"><content id=\"MB_P1\">\r\n <newjs>\r\n <![[...]
Line Deleted : user_pref("extensions.dynconff.cache.www.docusign.net.content", "<package expire=\"3600\" es=\"914\" pcdids=\"_1520_1164_1524_1146_1169_1348_1482_1493_1521\"><content id=\"MB_P1\">\r\n <newjs>\r\n <![[...]
Line Deleted : user_pref("extensions.dynconff.cache.www.mdrealtor.org.content", "<package expire=\"3600\" es=\"914\" pcdids=\"_1520_1164_1524_1146_1169_1348_1482_1493_1521\"><content id=\"MB_P1\">\r\n <newjs>\r\n <![...]
Line Deleted : user_pref("extensions.dynconff.cache.www.topix.com.content", "<package expire=\"3600\" es=\"914\" pcdids=\"_1520_1164_1524_1146_1169_1348_1482_1493_1521\"><content id=\"MB_P1\">\r\n <newjs>\r\n <![CDA[...]
Line Deleted : user_pref("extensions.dynconff.cache.www.zipformonline.com.content", "<package expire=\"3600\" es=\"914\" pcdids=\"_1520_1164_1524_1146_1169_1348_1482_1493_1521\"><content id=\"MB_P1\">\r\n <newjs>\r\[...]

[ File : C:\Users\Bob Burkhard.Dell-1.000\AppData\Roaming\Mozilla\Firefox\Profiles\zyq4lsx3.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [9599 octets] - [13/11/2013 14:25:39]
AdwCleaner[R1].txt - [13078 octets] - [03/03/2014 09:01:22]
AdwCleaner[R2].txt - [27193 octets] - [05/03/2014 10:51:23]
AdwCleaner[S0].txt - [8693 octets] - [13/11/2013 14:28:20]
AdwCleaner[S1].txt - [24838 octets] - [05/03/2014 11:00:05]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [24899 octets] ##########
 



#15 bobburk3

bobburk3

    Authentic Member

  • Authentic Member
  • PipPip
  • 35 posts

Posted 05 March 2014 - 12:11 PM

when in the forums.whatthetech.com site I keep getting popup ads for "NP Call for Great Tech Support Call computer support 1-855-465-3840...brought to you by Plus-HD-7.5"


Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users