Solved Trojan.agent svchost.exe

==================== One Month Modified Files and Folders =======

2014-02-23 17:31 - 2014-02-22 23:45 - 00027155 _____ () C:\Users\Kimberly\Desktop\FRST.txt
2014-02-23 17:30 - 2014-02-22 23:45 - 00000000 ____D () C:\FRST
2014-02-23 17:28 - 2011-01-20 20:16 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-23 17:28 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-23 17:28 - 2009-07-13 22:51 - 00060430 _____ () C:\Windows\setupact.log
2014-02-23 17:27 - 2010-06-01 02:41 - 02071931 _____ () C:\Windows\WindowsUpdate.log
2014-02-23 17:16 - 2011-05-14 18:05 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2067438776-955256638-4198274019-1001UA.job
2014-02-23 17:13 - 2011-01-20 20:16 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-23 16:42 - 2012-04-12 16:33 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-23 15:18 - 2010-08-08 17:19 - 00103208 _____ () C:\Users\Kimberly\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-23 15:17 - 2010-08-08 17:20 - 00000000 ___RD () C:\Users\Kimberly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-23 15:17 - 2010-08-08 17:20 - 00000000 ___RD () C:\Users\Kimberly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-02-23 15:17 - 2009-07-13 23:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-02-23 15:16 - 2010-08-08 17:20 - 00001413 _____ () C:\Users\Kimberly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-23 14:16 - 2011-05-14 18:05 - 00000868 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2067438776-955256638-4198274019-1001Core.job
2014-02-23 14:15 - 2009-07-13 23:13 - 00782336 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-23 14:15 - 2009-07-13 22:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-23 14:15 - 2009-07-13 22:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-23 14:07 - 2013-12-15 15:40 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-02-23 14:07 - 2013-12-15 15:40 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-02-23 14:07 - 2009-07-13 22:45 - 00395176 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-23 14:03 - 2009-07-13 23:32 - 00000000 ____D () C:\Program Files\Windows Defender
2014-02-23 14:03 - 2009-07-13 23:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-02-23 14:02 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK
2014-02-23 14:02 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR
2014-02-23 14:02 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\zh-HK
2014-02-23 14:02 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\tr-TR
2014-02-23 14:02 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-02-23 13:49 - 2014-02-23 13:49 - 00000000 ____D () C:\Users\Kimberly\Desktop\FRST-OlderVersion
2014-02-23 13:49 - 2014-02-22 23:44 - 02155520 _____ (Farbar) C:\Users\Kimberly\Desktop\FRST64.exe
2014-02-23 12:51 - 2010-10-23 13:06 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-02-23 12:50 - 2012-03-10 14:04 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-02-23 11:41 - 2014-02-23 11:41 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-23 11:27 - 2014-02-23 11:16 - 00006836 _____ () C:\Windows\IE11_main.log
2014-02-23 11:16 - 2010-04-25 11:49 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-23 10:25 - 2014-02-23 10:06 - 00009883 _____ () C:\Windows\IE10_main.log
2014-02-23 10:16 - 2014-02-23 10:16 - 19274240 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-23 10:16 - 2014-02-23 10:16 - 15403520 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-23 10:16 - 2014-02-23 10:16 - 14359040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-23 10:16 - 2014-02-23 10:16 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-23 10:16 - 2014-02-23 10:16 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-23 10:16 - 2014-02-23 10:16 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-23 10:16 - 2014-02-23 10:16 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-23 10:16 - 2014-02-23 10:16 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-23 10:16 - 2014-02-23 10:16 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-23 10:16 - 2014-02-23 10:16 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-23 10:16 - 2014-02-23 10:16 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-23 10:16 - 2014-02-23 10:16 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-23 10:16 - 2014-02-23 10:16 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-23 10:16 - 2014-02-23 10:16 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-23 10:16 - 2014-02-23 10:16 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-02-23 10:16 - 2014-02-23 10:16 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-02-23 10:16 - 2014-02-23 10:16 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-23 10:16 - 2014-02-23 10:16 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-23 10:16 - 2014-02-23 10:16 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-02-23 10:16 - 2014-02-23 10:16 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-02-23 10:16 - 2014-02-23 10:16 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-23 10:16 - 2014-02-23 10:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-23 10:16 - 2014-02-23 10:16 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-02-23 10:16 - 2014-02-23 10:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-23 10:16 - 2014-02-23 10:16 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-23 10:16 - 2014-02-23 10:16 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-23 10:16 - 2014-02-23 10:16 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-23 10:16 - 2014-02-23 10:16 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-23 10:16 - 2014-02-23 10:16 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-23 10:16 - 2014-02-23 10:16 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-23 10:16 - 2014-02-23 10:16 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-02-23 10:16 - 2014-02-23 10:16 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-02-23 10:16 - 2014-02-23 10:16 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-23 10:16 - 2014-02-23 10:16 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-02-23 10:16 - 2014-02-23 10:16 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-02-23 10:16 - 2014-02-23 10:16 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-02-23 10:16 - 2014-02-23 10:16 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-02-23 10:16 - 2014-02-23 10:16 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-02-23 10:16 - 2014-02-23 10:16 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-02-23 10:16 - 2014-02-23 10:16 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-23 10:16 - 2014-02-23 10:16 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-02-23 10:16 - 2014-02-23 10:16 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-02-23 10:16 - 2014-02-23 10:16 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-02-23 10:16 - 2014-02-23 10:16 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-02-23 10:16 - 2014-02-23 10:16 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-02-23 10:16 - 2014-02-23 10:16 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-23 10:16 - 2014-02-23 10:16 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-02-23 10:16 - 2014-02-23 10:16 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-23 10:16 - 2014-02-23 10:16 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-02-23 10:16 - 2014-02-23 10:16 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-23 10:16 - 2014-02-23 10:16 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-02-23 10:16 - 2014-02-23 10:16 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-02-23 10:16 - 2014-02-23 10:16 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-02-23 10:16 - 2014-02-23 10:16 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-02-23 10:16 - 2014-02-23 10:16 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-02-23 10:16 - 2014-02-23 10:16 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-23 10:16 - 2014-02-23 10:16 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-02-23 10:16 - 2014-02-23 10:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-02-23 10:16 - 2014-02-23 10:16 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-02-23 10:16 - 2014-02-23 10:16 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-02-23 10:16 - 2014-02-23 10:16 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-02-23 10:16 - 2014-02-23 10:16 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-02-23 10:16 - 2014-02-23 10:16 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-02-23 10:16 - 2014-02-23 10:16 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-02-23 10:16 - 2014-02-23 10:16 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-23 10:16 - 2014-02-23 10:16 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-02-23 10:16 - 2014-02-23 10:16 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-02-23 10:16 - 2014-02-23 10:16 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-02-23 10:16 - 2014-02-23 10:16 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-02-23 10:16 - 2014-02-23 10:16 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-02-23 10:16 - 2014-02-23 10:16 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-02-23 10:16 - 2014-02-23 10:16 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-02-23 10:16 - 2014-02-23 10:16 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-02-23 10:16 - 2014-02-23 10:16 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-02-23 10:16 - 2014-02-23 10:16 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-23 10:16 - 2014-02-23 10:16 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-02-23 10:16 - 2014-02-23 10:16 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-02-23 10:16 - 2014-02-23 10:16 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-23 10:16 - 2014-02-23 10:16 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-02-23 10:16 - 2014-02-23 10:16 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-23 10:16 - 2014-02-23 10:16 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-02-23 10:16 - 2014-02-23 10:16 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-23 10:16 - 2014-02-23 10:16 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-02-23 10:16 - 2014-02-23 10:16 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-02-23 10:16 - 2014-02-23 10:16 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-02-23 10:16 - 2014-02-23 10:16 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-02-23 10:16 - 2014-02-23 10:16 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-23 10:16 - 2014-02-23 10:16 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-23 10:16 - 2014-02-23 10:16 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-02-23 10:16 - 2014-02-23 10:16 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-23 10:16 - 2014-02-23 10:16 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-02-23 10:16 - 2014-02-23 10:16 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-02-23 10:16 - 2014-02-23 10:16 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-02-23 10:16 - 2014-02-23 10:16 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-02-23 10:16 - 2014-02-23 10:16 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-02-23 10:16 - 2014-02-23 10:16 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-02-23 10:10 - 2014-02-23 10:10 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-23 10:10 - 2014-02-23 10:10 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-23 10:10 - 2014-02-23 10:10 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-02-23 10:10 - 2014-02-23 10:10 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-23 10:10 - 2014-02-23 10:10 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-02-23 10:10 - 2014-02-23 10:10 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-23 10:10 - 2014-02-23 10:10 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2014-02-23 10:10 - 2014-02-23 10:10 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-02-23 10:10 - 2014-02-23 10:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-02-23 10:10 - 2014-02-23 10:10 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2014-02-23 10:10 - 2014-02-23 10:10 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2014-02-23 10:10 - 2014-02-23 10:10 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-02-23 10:10 - 2014-02-23 10:10 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2014-02-23 10:10 - 2014-02-23 10:10 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2014-02-23 10:10 - 2014-02-23 10:10 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2014-02-23 10:10 - 2014-02-23 10:10 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2014-02-23 10:10 - 2014-02-23 10:10 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2014-02-23 10:10 - 2014-02-23 10:10 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-02-23 10:10 - 2014-02-23 10:10 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-02-23 10:10 - 2014-02-23 10:10 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-02-23 10:10 - 2014-02-23 10:10 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-02-23 10:10 - 2014-02-23 10:10 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2014-02-23 10:10 - 2014-02-23 10:10 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2014-02-23 10:10 - 2014-02-23 10:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2014-02-23 10:10 - 2014-02-23 10:10 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2014-02-23 10:10 - 2014-02-23 10:10 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2014-02-23 10:10 - 2014-02-23 10:10 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2014-02-23 10:10 - 2014-02-23 10:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2014-02-23 10:10 - 2014-02-23 10:10 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2014-02-23 10:10 - 2014-02-23 10:10 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2014-02-23 10:10 - 2014-02-23 10:10 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2014-02-23 10:10 - 2014-02-23 10:10 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2014-02-23 10:10 - 2014-02-23 10:10 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2014-02-23 10:10 - 2014-02-23 10:10 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-02-23 10:10 - 2014-02-23 10:10 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-02-23 10:10 - 2014-02-23 10:10 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-02-23 10:10 - 2014-02-23 10:10 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-02-23 10:10 - 2014-02-23 10:10 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-02-23 10:10 - 2014-02-23 10:10 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-02-23 10:10 - 2014-02-23 10:10 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-02-23 10:10 - 2014-02-23 10:10 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-02-23 10:10 - 2014-02-23 10:10 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2014-02-23 10:10 - 2014-02-23 10:10 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-02-23 10:10 - 2014-02-23 10:10 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-02-23 10:10 - 2014-02-23 10:10 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-02-23 10:10 - 2014-02-23 10:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2014-02-23 10:10 - 2014-02-23 10:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-02-23 10:10 - 2014-02-23 10:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-02-23 10:10 - 2014-02-23 10:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-02-23 10:10 - 2014-02-23 10:10 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-02-23 10:10 - 2014-02-23 10:10 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-02-23 09:57 - 2013-12-15 15:11 - 00774950 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-23 09:38 - 2010-04-25 11:28 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works
2014-02-22 23:48 - 2014-02-22 23:47 - 00045366 _____ () C:\Users\Kimberly\Downloads\Addition.txt
2014-02-22 23:23 - 2014-02-22 23:23 - 04122976 _____ (Kaspersky Lab ZAO) C:\Users\Kimberly\Downloads\tdsskiller.exe
2014-02-22 23:05 - 2014-02-22 23:05 - 00003105 _____ () C:\Users\Kimberly\Desktop\RKreport[0]_D_02222014_230550.txt
2014-02-22 23:05 - 2014-02-22 21:00 - 00000000 ____D () C:\Users\Kimberly\Desktop\RK_Quarantine
2014-02-22 23:04 - 2014-02-22 23:04 - 00003185 _____ () C:\Users\Kimberly\Desktop\RKreport[0]_S_02222014_230433.txt
2014-02-22 22:47 - 2014-02-22 21:35 - 00000000 ____D () C:\Users\Kimberly\Desktop\mbar
2014-02-22 22:15 - 2014-02-22 21:36 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-22 22:10 - 2010-06-01 02:43 - 00549626 _____ () C:\Windows\PFRO.log
2014-02-22 21:35 - 2014-02-22 21:35 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Kimberly\Downloads\mbar-1.07.0.1009.exe
2014-02-22 21:00 - 2014-02-22 21:00 - 03817984 _____ () C:\Users\Kimberly\Downloads\RogueKiller.exe
2014-02-22 20:57 - 2014-02-22 20:57 - 00558888 _____ (Fusion Install ) C:\Users\Kimberly\Downloads\Setup.exe
2014-02-22 20:42 - 2014-02-22 14:42 - 17858952 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-02-22 19:28 - 2014-02-22 19:28 - 00077772 _____ () C:\Users\Kimberly\Desktop\MBAM2.txt
2014-02-22 19:04 - 2014-02-22 19:04 - 00024295 _____ () C:\Users\Kimberly\Desktop\dds.txt
2014-02-22 19:04 - 2014-02-22 19:04 - 00011255 _____ () C:\Users\Kimberly\Desktop\attach.txt
2014-02-22 19:01 - 2014-02-22 19:01 - 00688992 ____R (Swearware) C:\Users\Kimberly\Downloads\dds.com
2014-02-22 18:17 - 2014-02-22 18:17 - 00001503 _____ () C:\Users\Kimberly\Desktop\aswMBR.txt
2014-02-22 18:11 - 2014-01-16 18:39 - 00003204 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForKimberly
2014-02-22 18:11 - 2014-01-16 18:39 - 00000344 _____ () C:\Windows\Tasks\HPCeeScheduleForKimberly.job
2014-02-22 17:39 - 2014-02-22 17:39 - 04745728 _____ (AVAST Software) C:\Users\Kimberly\Downloads\aswMBR.exe
2014-02-22 17:30 - 2012-05-31 14:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-22 17:29 - 2013-08-22 22:25 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2014-02-22 17:29 - 2013-08-22 22:24 - 00000000 ____D () C:\Program Files (x86)\DefaultTab
2014-02-22 15:24 - 2014-01-16 18:28 - 00000000 ____D () C:\ProgramData\WPM
2014-02-22 15:24 - 2013-08-22 22:24 - 00000000 ____D () C:\Users\Kimberly\AppData\Roaming\DefaultTab
2014-02-22 15:24 - 2011-05-21 20:57 - 00000000 ____D () C:\Program Files (x86)\Inbox Toolbar
2014-02-22 15:23 - 2013-08-22 22:37 - 00000000 ____D () C:\Program Files (x86)\Tuguu SL
2014-02-22 15:18 - 2014-02-22 15:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-22 14:51 - 2011-05-12 21:00 - 00000000 ____D () C:\Program Files (x86)\Yontoo Layers Client
2014-02-22 14:42 - 2012-04-12 16:33 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-22 14:42 - 2012-04-12 16:33 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-22 14:37 - 2011-01-20 20:17 - 00002143 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-22 14:24 - 2010-04-25 12:02 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-02-22 14:20 - 2014-02-22 14:20 - 00001069 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-22 14:20 - 2014-02-22 14:20 - 00000000 ____D () C:\Users\Kimberly\AppData\Roaming\Malwarebytes
2014-02-22 14:20 - 2014-02-22 14:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-22 14:20 - 2014-02-22 14:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-22 14:17 - 2014-02-22 14:17 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Kimberly\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-22 14:17 - 2010-08-15 11:23 - 00000000 ____D () C:\Users\Kimberly\AppData\Roaming\Mozilla
2014-02-22 14:14 - 2010-08-08 17:32 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{0EE82060-B24D-41BA-80A4-1B5799415D26}
2014-02-22 14:11 - 2014-02-22 14:11 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-02-22 14:11 - 2011-05-14 18:05 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2067438776-955256638-4198274019-1001UA
2014-02-22 14:11 - 2011-05-14 18:05 - 00003500 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2067438776-955256638-4198274019-1001Core
2014-02-22 14:11 - 2010-10-24 12:55 - 00001931 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-02-22 14:08 - 2011-01-20 20:16 - 00003898 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-22 14:08 - 2011-01-20 20:16 - 00003646 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-07 21:36 - 2014-02-07 21:34 - 00000000 ____D () C:\Users\Kimberly\AppData\Local\HP
2014-02-07 21:34 - 2014-02-07 21:34 - 00002200 _____ () C:\Users\Public\Desktop\HP Officejet Pro 8600.lnk
2014-02-07 21:34 - 2014-02-07 21:34 - 00001152 _____ () C:\Users\Public\Desktop\Shop for Supplies - HP Officejet Pro 8600.lnk
2014-02-07 21:34 - 2014-02-07 21:34 - 00000057 _____ () C:\ProgramData\Ament.ini
2014-02-07 21:34 - 2014-02-07 21:34 - 00000000 ____D () C:\ProgramData\HP
2014-02-07 21:34 - 2014-02-07 21:34 - 00000000 ____D () C:\Program Files\HP
2014-02-07 21:34 - 2010-04-25 14:26 - 00000000 ____D () C:\Program Files (x86)\Hp
2014-02-07 21:33 - 2014-02-07 21:33 - 31455000 _____ () C:\Users\Kimberly\Downloads\OJ8600_Basicx64_1315.exe
2014-02-07 19:52 - 2011-01-26 01:29 - 00000000 ____D () C:\Users\Kimberly\AppData\Roaming\Template
2014-02-07 19:52 - 2009-07-13 23:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-02-07 18:23 - 2013-08-22 22:24 - 00000258 __RSH () C:\Users\Kimberly\ntuser.pol
2014-02-07 18:23 - 2010-08-08 17:12 - 00000000 ____D () C:\Users\Kimberly
2014-02-05 19:26 - 2014-02-05 19:26 - 00002177 _____ () C:\Users\Kimberly\Desktop\HP Support Assistant.lnk
2014-02-05 19:26 - 2010-04-25 10:41 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-02-05 19:25 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\Help
2014-02-05 19:22 - 2010-04-25 10:39 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-02-05 19:20 - 2010-10-23 15:58 - 00000000 ____D () C:\Users\Kimberly\AppData\Roaming\hpqLog
2014-02-05 19:18 - 2014-02-05 19:18 - 00000000 ____D () C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
2014-02-05 19:10 - 2009-09-06 18:40 - 00000000 ____D () C:\SwSetup
2014-02-04 19:09 - 2010-08-10 18:45 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-04 18:42 - 2012-04-12 16:33 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-04 18:40 - 2010-08-09 23:34 - 00000000 ____D () C:\Users\Kimberly\AppData\Local\CrashDumps

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-08 12:48

==================== End Of Log =======
 
Good :)

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
ComboFix 14-02-23.01 - Kimberly 02/23/2014 18:16:12.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.2168 [GMT -6:00]
Running from: c:\users\Kimberly\Downloads\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\program files (x86)\SBLite\SBLIte.dll
c:\programdata\Microsoft\Windows\DRM\59A1.tmp
c:\programdata\Microsoft\Windows\DRM\59A2.tmp
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kikjpgpbpnapbimplfcbcbakjacpgceb_0.localstorage-journal
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kikjpgpbpnapbimplfcbcbakjacpgceb_0.localstorage
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Kimberly\AppData\Roaming\506C.998
c:\users\Kimberly\g2mdlhlpx.exe
.
.
((((((((((((((((((((((((( Files Created from 2014-01-24 to 2014-02-24 )))))))))))))))))))))))))))))))
.
.
2014-02-24 00:29 . 2014-02-24 00:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-23 23:40 . 2014-02-23 23:40 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F0D2D797-3773-401F-8E5A-2543829E8FA9}\offreg.dll
2014-02-23 17:50 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2014-02-23 17:50 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2014-02-23 17:50 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2014-02-23 17:50 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2014-02-23 17:50 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
2014-02-23 17:41 . 2014-02-23 17:41 -------- d-----w- c:\windows\system32\MRT
2014-02-23 16:32 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2014-02-23 16:10 . 2014-02-23 16:10 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-02-23 15:26 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2014-02-23 15:26 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2014-02-23 15:26 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2014-02-23 15:26 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2014-02-23 15:26 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2014-02-23 15:26 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2014-02-23 15:26 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2014-02-23 05:45 . 2014-02-23 23:32 -------- d-----w- C:\FRST
2014-02-23 05:12 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll
2014-02-23 05:12 . 2013-10-30 02:19 301568 ----a-w- c:\windows\SysWow64\msieftp.dll
2014-02-23 05:12 . 2013-07-04 12:50 633856 ----a-w- c:\windows\system32\comctl32.dll
2014-02-23 05:12 . 2013-07-04 11:50 530432 ----a-w- c:\windows\SysWow64\comctl32.dll
2014-02-23 05:11 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2014-02-23 05:11 . 2012-10-09 17:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2014-02-23 05:11 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2014-02-23 05:11 . 2012-10-09 17:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2014-02-23 05:11 . 2013-02-15 06:06 3717632 ----a-w- c:\windows\system32\mstscax.dll
2014-02-23 05:11 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\SysWow64\mstscax.dll
2014-02-23 05:11 . 2013-02-15 06:02 158720 ----a-w- c:\windows\system32\aaclient.dll
2014-02-23 05:11 . 2013-02-15 04:34 131584 ----a-w- c:\windows\SysWow64\aaclient.dll
2014-02-23 05:11 . 2013-02-15 06:08 44032 ----a-w- c:\windows\system32\tsgqec.dll
2014-02-23 05:11 . 2013-02-15 03:25 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll
2014-02-23 05:11 . 2013-07-09 05:52 224256 ----a-w- c:\windows\system32\wintrust.dll
2014-02-23 05:11 . 2013-07-09 04:52 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
2014-02-23 05:09 . 2013-08-05 02:25 155584 ----a-w- c:\windows\system32\drivers\ataport.sys
2014-02-23 05:08 . 2013-08-02 02:15 1732032 ----a-w- c:\windows\system32\ntdll.dll
2014-02-23 05:07 . 2013-07-04 12:57 259584 ----a-w- c:\windows\system32\WebClnt.dll
2014-02-23 05:06 . 2013-11-26 11:40 376768 ----a-w- c:\windows\system32\drivers\netio.sys
2014-02-23 05:06 . 2013-09-08 02:30 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2014-02-23 05:06 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2014-02-23 05:06 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-02-23 05:04 . 2013-05-13 03:43 1192448 ----a-w- c:\windows\system32\certutil.exe
2014-02-23 05:03 . 2013-10-12 02:29 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
2014-02-23 05:03 . 2013-10-12 02:29 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2014-02-23 05:03 . 2013-10-12 02:30 830464 ----a-w- c:\windows\system32\nshwfp.dll
2014-02-23 05:03 . 2013-10-12 02:01 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
2014-02-23 05:03 . 2013-10-12 02:03 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll
2014-02-23 04:34 . 2013-08-28 01:12 461312 ----a-w- c:\windows\system32\scavengeui.dll
2014-02-23 04:33 . 2014-02-17 07:32 10536864 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F0D2D797-3773-401F-8E5A-2543829E8FA9}\mpengine.dll
2014-02-23 03:36 . 2014-02-23 04:15 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-02-22 20:42 . 2014-02-23 02:42 17858952 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-02-22 20:20 . 2014-02-22 20:20 -------- d-----w- c:\users\Kimberly\AppData\Roaming\Malwarebytes
2014-02-22 20:20 . 2014-02-22 20:20 -------- d-----w- c:\programdata\Malwarebytes
2014-02-22 20:20 . 2013-04-04 20:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-02-22 20:20 . 2014-02-22 20:20 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2014-02-22 20:11 . 2014-02-22 20:11 -------- d-----w- c:\program files\McAfee Security Scan
2014-02-08 03:34 . 2012-10-17 10:31 741480 ------w- c:\windows\system32\HPDiscoPM5912.dll
2014-02-08 03:34 . 2014-02-08 03:34 -------- d-----w- c:\programdata\HP
2014-02-08 03:34 . 2014-02-08 03:34 -------- d-----w- c:\program files\HP
2014-02-08 03:34 . 2014-02-08 03:36 -------- d-----w- c:\users\Kimberly\AppData\Local\HP
2014-02-06 01:18 . 2014-02-06 01:18 -------- d-----w- c:\programdata\{18165758-115C-4DC0-9EC2-FF89F725767F}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-22 20:42 . 2012-04-12 22:33 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-22 20:42 . 2012-04-12 22:33 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-05 01:09 . 2010-08-11 00:45 88567024 ----a-w- c:\windows\system32\MRT.exe
2013-12-18 12:13 . 2010-08-11 01:31 270496 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe" [2010-02-10 1712184]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-01-22 2363392]
"Akamai NetSession Interface"="c:\users\Kimberly\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 4489472]
"HP Officejet Pro 8600 (NET)"="c:\program files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-16 98304]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2009-12-22 1092872]
"Google Desktop Search"="c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-10 30192]
"InstallValidator.exe.FA87EC44_C38F_4148_93A1_FF4A64A2B707"="c:\program files (x86)\National Instruments\Shared\NIUninstaller\InstallValidator.exe" [2013-08-13 265608]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.141\SSScheduler.exe [2014-1-15 329944]
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2010-9-14 984352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
.
R1 plgniqvd;plgniqvd;c:\windows\system32\drivers\plgniqvd.sys;c:\windows\SYSNATIVE\drivers\plgniqvd.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe;c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.141\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.141\McCHSvc.exe [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 SMR311;Symantec SMR Utility Service 3.1.1;c:\windows\System32\drivers\SMR311.SYS;c:\windows\SYSNATIVE\drivers\SMR311.SYS [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1307010.005\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1307010.005\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120317.002\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [x]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1307010.005\ccSetx64.sys [x]
S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys;c:\windows\SYSNATIVE\DRIVERS\dvmio.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120321.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120321.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1307010.005\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1307010.005\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1307010.005\SYMNETS.SYS [x]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/06/01 01:46];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl;c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\AESTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [x]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\swsetup\QuickWeb\QW.SYS\config\DVMExportService.exe;c:\swsetup\QuickWeb\QW.SYS\config\DVMExportService.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe [x]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe;c:\windows\SYSNATIVE\vcsFPService.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-01-22 18:06 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-22 20:15 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.117\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 20:42]
.
2014-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-21 02:16]
.
2014-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-21 02:16]
.
2014-02-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2067438776-955256638-4198274019-1001Core.job
- c:\users\Kimberly\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-15 20:21]
.
2014-02-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2067438776-955256638-4198274019-1001UA.job
- c:\users\Kimberly\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-15 20:21]
.
2014-02-23 c:\windows\Tasks\HPCeeScheduleForKimberly.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 10:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-20 611896]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-01-18 451072]
"HPToneControl"="c:\program files\Hewlett-Packard\HPToneControl\HPTonectl.exe" [2009-08-19 107832]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-04-25 172032]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-01-27 8192]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-02-01 487424]
"MRT"="c:\windows\system32\MRT.exe" [2014-02-05 88567024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="c:\program files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2014-01-29 21720]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: intuit.com\community
TCP: DhcpNameServer = 10.0.1.1
FF - ProfilePath - c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\
FF - prefs.js: keyword.URL - hxxp://dts.search.ask.com/sr?src=ffb&gct=ds&appid=706&systemid=406&v=a9396-124&apn_dtid=BND406&apn_ptnrs=AG6&apn_uid=7466448302814054&o=APN10645&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 54525
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(extensions.BabylonToolbar_i.babTrack, affID=108714
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 727cf46c00000000000078e400d82e8d
FF - user.js: extensions.BabylonToolbar_i.hardId - 727cf46c00000000000078e400d82e8d
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15422
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.179:57
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{E155F23C-9931-47c6-A619-20E6FCA86D75} - c:\program files (x86)\SBLite\SBLite.dll
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-GameXN GO - c:\programdata\GameXN\GameXNGO.exe
Toolbar-10 - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-02-23 19:50:48
ComboFix-quarantined-files.txt 2014-02-24 01:50
.
Pre-Run: 385,016,172,544 bytes free
Post-Run: 386,454,056,960 bytes free
.
- - End Of File - - E882B37DD107BD0AE3CFB98991E4DA6E
9D47346C41296565D44EFB723608B19F
 
How do I get rid of Optimizer Pro. I am unable to uninstall it. It says File "C:\Program Files (x86)\Optimizer Pro\unins000.dat" does not exist. Cannot unistall
 
We'll take care of it in a moment...

redtarget.gif
Uninstall McAfee Security Scan Plus, typical foistware.

redtarget.gif

1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:
Driver::
plgniqvd

ClearJavaCache::


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
Combofix seems to be taking a long time preparing Log Report. It's been sitting there for 30-40 minutes and says not to run any program until ComboFix has finished. It rebooted on its own and then when it came back up, it was with the above messages. Do I keep waiting?
 
ComboFix 14-02-23.01 - Kimberly 02/23/2014 20:52:13.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.1937 [GMT -6:00]
Running from: c:\users\Kimberly\Downloads\ComboFix.exe
Command switches used :: c:\users\Kimberly\Desktop\CFScript.txt
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_kikjpgpbpnapbimplfcbcbakjacpgceb_0
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_kikjpgpbpnapbimplfcbcbakjacpgceb_0\1
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\background.html
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\crossriderManifest.json
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\manifest.xml
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins.json
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\1_base.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\102_dealply_m.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\103_intext_5_m.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\104_jollywallet_m.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\105_corticas_m.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\108_icm_m.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\117_coupons_intext_ads_5_m.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\119_similar_web_m.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\120_luck_m.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\123_intext_adv_m.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\124_superfish_no_search_no_coupons_m.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\125_arcadi2_m.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\126_revizer_ws_m.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\127_revizer_p_m.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\128_superfish_pricora_m.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\13_CrossriderAppUtils.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\135_arcadi3_m.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\138_getdeal_m.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\14_CrossriderUtils.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\141_corticas_ru_m.js.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\142_intext_fa_m.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\155_ibario_pops_m.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\158_50onred_ads_only_no_fb_m.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\159_cortica_rollover_m.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\17_jQuery.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\171_arcadi2_sourceID_m.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\175_coolmirage_m.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\178_revizer_ws_dynamic_m.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\179_revizer_p_dynamic_m.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\180_bpo_serp_m.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\184_noproblemppc_m.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\189_active_sanity.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\19_CHAppAPIWrapper.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\190_pops_5_m.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\191_ciuvo_m.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\192_revizer_ws_dynamic_b2b_m.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\193_revizer_p_dynamic_b2b_m.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\194_retargeting_bi_m.js.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\21_debug.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\22_resources.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\28_initializer.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\4_jquery_1_7_1.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\47_resources_background.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\5_notifications.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\64_appApiMessage.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\7_hooks.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\72_appApiValidation.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\78_CrossriderInfo.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\80_CHPopupAppAPI.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\87_ginyas_wrapper.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\9_search_engine_hook.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\91_monetizationLoader.js.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\93_superfish_no_coupons_m.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\97_resourceApiWrapper.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\userCode\background.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\userCode\extension.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\icons\actions\1.png
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\icons\icon128.png
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\icons\icon16.png
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\icons\icon48.png
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\api\chrome.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\api\cookie.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\api\message.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\api\pageAction.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\api\pageActionBG.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\background.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\lib\app_api.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\lib\bg_app_api.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\lib\consts.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\lib\cookie_store.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\lib\crossriderAPI.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\lib\delegate.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\lib\events.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\lib\extensionDataStore.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\lib\installer.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\lib\logFile.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\lib\logging.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\lib\onBGDocumentLoad.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\lib\popupResource\newPopup.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\lib\popupResource\popup.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\lib\reports.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\lib\storageWrapper.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\lib\updateManager.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\lib\util.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\lib\xhr.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\main.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\manifest.json
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\popup.html
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.71_0\background.html
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.71_0\crossriderManifest.json
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.71_0\extensionData\manifest.xml
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.71_0\extensionData\plugins.json
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.71_0\extensionData\plugins\1_base.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.71_0\extensionData\plugins\102_dealply_m.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.71_0\extensionData\plugins\103_intext_5_m.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.71_0\extensionData\plugins\104_jollywallet_m.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.71_0\extensionData\plugins\105_corticas_m.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.71_0\extensionData\plugins\126_revizer_ws_m.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.71_0\extensionData\plugins\127_revizer_p_m.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.71_0\extensionData\plugins\13_CrossriderAppUtils.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.71_0\extensionData\plugins\14_CrossriderUtils.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.71_0\extensionData\plugins\155_ibario_pops_m.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.71_0\extensionData\plugins\17_jQuery.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.71_0\extensionData\plugins\177_crossriderDashboard.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.71_0\extensionData\plugins\182_openUrl.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.71_0\extensionData\plugins\183_tabsWrapper.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.71_0\extensionData\plugins\184_noproblemppc_m.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.71_0\extensionData\plugins\189_active_sanity.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.71_0\extensionData\plugins\19_CHAppAPIWrapper.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.71_0\extensionData\plugins\191_ciuvo_m.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.71_0\extensionData\plugins\207_dbWrapper.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.71_0\extensionData\plugins\21_debug.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.71_0\extensionData\plugins\22_resources.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.71_0\extensionData\plugins\28_initializer.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.71_0\extensionData\plugins\4_jquery_1_7_1.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.71_0\extensionData\plugins\47_resources_background.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.71_0\extensionData\plugins\5_notifications.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.71_0\extensionData\plugins\64_appApiMessage.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.71_0\extensionData\plugins\7_hooks.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.71_0\extensionData\plugins\72_appApiValidation.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.71_0\extensionData\plugins\78_CrossriderInfo.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.71_0\extensionData\plugins\79_CrossriderDailyPing.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.71_0\extensionData\plugins\80_CHPopupAppAPI.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.71_0\extensionData\plugins\9_search_engine_hook.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.71_0\extensionData\plugins\91_monetizationLoader.js.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.71_0\extensionData\plugins\93_superfish_no_coupons_m.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.71_0\extensionData\plugins\97_resourceApiWrapper.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.71_0\extensionData\userCode\background.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.71_0\extensionData\userCode\extension.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.71_0\icons\actions\1.png
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.71_0\icons\icon128.png
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.71_0\icons\icon16.png
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.71_0\icons\icon48.png
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.71_0\js\api\chrome.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.71_0\js\api\cookie.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.71_0\js\api\message.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.71_0\js\api\monitor.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.71_0\js\api\pageAction.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.71_0\js\api\pageActionBG.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.71_0\js\background.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.71_0\js\lib\app_api.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.71_0\js\lib\bg_app_api.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.71_0\js\lib\consts.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.71_0\js\lib\cookie_store.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.71_0\js\lib\crossriderAPI.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.71_0\js\lib\delegate.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.71_0\js\lib\events.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.71_0\js\lib\extensionDataStore.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.71_0\js\lib\installer.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.71_0\js\lib\logFile.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.71_0\js\lib\logging.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.71_0\js\lib\onBGDocumentLoad.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.71_0\js\lib\popupResource\newPopup.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.71_0\js\lib\popupResource\popup.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.71_0\js\lib\reports.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.71_0\js\lib\storageWrapper.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.71_0\js\lib\updateManager.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.71_0\js\lib\util.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.71_0\js\lib\xhr.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.71_0\js\main.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.71_0\js\platformVersion.js
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.71_0\manifest.json
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.71_0\popup.html
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kikjpgpbpnapbimplfcbcbakjacpgceb
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kikjpgpbpnapbimplfcbcbakjacpgceb\000003.log
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kikjpgpbpnapbimplfcbcbakjacpgceb\CURRENT
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kikjpgpbpnapbimplfcbcbakjacpgceb\LOCK
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kikjpgpbpnapbimplfcbcbakjacpgceb\LOG
c:\users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kikjpgpbpnapbimplfcbcbakjacpgceb\MANIFEST-000002
c:\users\Kimberly\AppData\Roaming\337
 
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome.manifest
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\asyncDB.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\background.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\browserAction.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\contextMenu.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\dbManager.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\dom_bg.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\fileManager.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\firefox.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\firefoxNotifications.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\firefoxOmnibox.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\message.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\pageAction.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\request.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\tabs.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\webRequest.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\background.html
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\baseObject.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\browser.xul
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\console.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\consts.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\delegate.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\extensionDataStore.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\folderIOWrapper.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\httpObserver.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\IDBWrapper.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\installer.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\logFile.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\prefs.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\progressListenerObserver.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\registry.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\reloadObserver.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\reports.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\requestObject.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\searchSettings.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\uninstallObserver.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\updateManager.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\utils.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\xhr.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\dialog.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\main.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\options.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\options.xul
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\search_dialog.xul
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\defaults\preferences\prefs.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\manifest.xml
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins.json
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\1_base.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\102_dealply_m.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\103_intext_5_m.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\104_jollywallet_m.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\105_corticas_m.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\108_icm_m.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\117_coupons_intext_ads_5_m.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\119_similar_web_m.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\120_luck_m.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\123_intext_adv_m.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\124_superfish_no_search_no_coupons_m.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\125_arcadi2_m.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\126_revizer_ws_m.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\127_revizer_p_m.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\128_superfish_pricora_m.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\13_CrossriderAppUtils.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\135_arcadi3_m.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\138_getdeal_m.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\14_CrossriderUtils.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\141_corticas_ru_m.js.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\142_intext_fa_m.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\155_ibario_pops_m.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\158_50onred_ads_only_no_fb_m.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\159_cortica_rollover_m.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\16_FFAppAPIWrapper.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\17_jQuery.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\171_arcadi2_sourceID_m.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\175_coolmirage_m.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\177_crossriderDashboard.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\178_revizer_ws_dynamic_m.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\179_revizer_p_dynamic_m.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\180_bpo_serp_m.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\182_openUrl.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\183_tabsWrapper.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\184_noproblemppc_m.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\189_active_sanity.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\190_pops_5_m.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\191_ciuvo_m.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\192_revizer_ws_dynamic_b2b_m.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\193_revizer_p_dynamic_b2b_m.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\194_retargeting_bi_m.js.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\195_icm_convertmedia_m.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\197_kreapixel_pops_m.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\198_superfish_no_search_no_coupons_plushd_m.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\199_superfish_no_coupons_plushd_m.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\200_foxydeal_m.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\204_pricedetect_m.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\207_dbWrapper.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\21_debug.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\22_resources.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\28_initializer.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\4_jquery_1_7_1.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\47_resources_background.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\5_notifications.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\64_appApiMessage.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\7_hooks.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\72_appApiValidation.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\78_CrossriderInfo.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\79_CrossriderDailyPing.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\87_ginyas_wrapper.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\9_search_engine_hook.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\91_monetizationLoader.js.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\93_superfish_no_coupons_m.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\98_omniCommands.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\userCode\background.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\userCode\extension.js
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\install.rdf
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\locale\en-US\translations.dtd
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\skin\button1.png
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\skin\button2.png
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\skin\button3.png
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\skin\button4.png
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\skin\button5.png
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\skin\crossrider_statusbar.png
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\skin\icon128.png
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\skin\icon16.png
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\skin\icon24.png
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\skin\icon48.png
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\skin\panelarrow-up.png
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\skin\popup.html
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\skin\skin.css
c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\skin\update.css
.
 
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_plgniqvd
.
.
((((((((((((((((((((((((( Files Created from 2014-01-24 to 2014-02-24 )))))))))))))))))))))))))))))))
.
.
2014-02-24 03:06 . 2014-02-24 03:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-23 17:50 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2014-02-23 17:50 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2014-02-23 17:50 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2014-02-23 17:50 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2014-02-23 17:50 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
2014-02-23 17:41 . 2014-02-23 17:41 -------- d-----w- c:\windows\system32\MRT
2014-02-23 16:32 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2014-02-23 16:10 . 2014-02-23 16:10 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-02-23 15:26 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2014-02-23 15:26 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2014-02-23 15:26 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2014-02-23 15:26 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2014-02-23 15:26 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2014-02-23 15:26 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2014-02-23 15:26 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2014-02-23 05:45 . 2014-02-23 23:32 -------- d-----w- C:\FRST
2014-02-23 05:12 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll
2014-02-23 05:12 . 2013-10-30 02:19 301568 ----a-w- c:\windows\SysWow64\msieftp.dll
2014-02-23 05:12 . 2013-07-04 12:50 633856 ----a-w- c:\windows\system32\comctl32.dll
2014-02-23 05:12 . 2013-07-04 11:50 530432 ----a-w- c:\windows\SysWow64\comctl32.dll
2014-02-23 05:11 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2014-02-23 05:11 . 2012-10-09 17:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2014-02-23 05:11 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2014-02-23 05:11 . 2012-10-09 17:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2014-02-23 05:11 . 2013-02-15 06:06 3717632 ----a-w- c:\windows\system32\mstscax.dll
2014-02-23 05:11 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\SysWow64\mstscax.dll
2014-02-23 05:11 . 2013-02-15 06:02 158720 ----a-w- c:\windows\system32\aaclient.dll
2014-02-23 05:11 . 2013-02-15 04:34 131584 ----a-w- c:\windows\SysWow64\aaclient.dll
2014-02-23 05:11 . 2013-02-15 06:08 44032 ----a-w- c:\windows\system32\tsgqec.dll
2014-02-23 05:11 . 2013-02-15 03:25 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll
2014-02-23 05:11 . 2013-07-09 05:52 224256 ----a-w- c:\windows\system32\wintrust.dll
2014-02-23 05:11 . 2013-07-09 04:52 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
2014-02-23 05:09 . 2013-08-05 02:25 155584 ----a-w- c:\windows\system32\drivers\ataport.sys
2014-02-23 05:08 . 2013-08-02 02:15 1732032 ----a-w- c:\windows\system32\ntdll.dll
2014-02-23 05:07 . 2013-07-04 12:57 259584 ----a-w- c:\windows\system32\WebClnt.dll
2014-02-23 05:06 . 2013-11-26 11:40 376768 ----a-w- c:\windows\system32\drivers\netio.sys
2014-02-23 05:06 . 2013-09-08 02:30 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2014-02-23 05:06 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2014-02-23 05:06 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-02-23 05:04 . 2013-05-13 03:43 1192448 ----a-w- c:\windows\system32\certutil.exe
2014-02-23 05:03 . 2013-10-12 02:29 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
2014-02-23 05:03 . 2013-10-12 02:29 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2014-02-23 05:03 . 2013-10-12 02:30 830464 ----a-w- c:\windows\system32\nshwfp.dll
2014-02-23 05:03 . 2013-10-12 02:01 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
2014-02-23 05:03 . 2013-10-12 02:03 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll
2014-02-23 04:34 . 2013-08-28 01:12 461312 ----a-w- c:\windows\system32\scavengeui.dll
2014-02-23 04:33 . 2014-02-17 07:32 10536864 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F0D2D797-3773-401F-8E5A-2543829E8FA9}\mpengine.dll
2014-02-23 03:36 . 2014-02-23 04:15 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-02-22 20:42 . 2014-02-23 02:42 17858952 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-02-22 20:20 . 2014-02-22 20:20 -------- d-----w- c:\users\Kimberly\AppData\Roaming\Malwarebytes
2014-02-22 20:20 . 2014-02-22 20:20 -------- d-----w- c:\programdata\Malwarebytes
2014-02-22 20:20 . 2013-04-04 20:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-02-22 20:20 . 2014-02-22 20:20 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2014-02-08 03:34 . 2012-10-17 10:31 741480 ------w- c:\windows\system32\HPDiscoPM5912.dll
2014-02-08 03:34 . 2014-02-08 03:34 -------- d-----w- c:\programdata\HP
2014-02-08 03:34 . 2014-02-08 03:34 -------- d-----w- c:\program files\HP
2014-02-08 03:34 . 2014-02-08 03:36 -------- d-----w- c:\users\Kimberly\AppData\Local\HP
2014-02-06 01:18 . 2014-02-06 01:18 -------- d-----w- c:\programdata\{18165758-115C-4DC0-9EC2-FF89F725767F}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-22 20:42 . 2012-04-12 22:33 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-22 20:42 . 2012-04-12 22:33 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-05 01:09 . 2010-08-11 00:45 88567024 ----a-w- c:\windows\system32\MRT.exe
2014-01-16 00:42 . 2014-01-16 00:42 608032 ----a-w- C:\SecurityScanner.dll
2013-12-18 12:13 . 2010-08-11 01:31 270496 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{E155F23C-9931-47c6-A619-20E6FCA86D75}]
c:\program files (x86)\SBLite\SBLite.dll [BU]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe" [2010-02-10 1712184]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-01-22 2363392]
"Akamai NetSession Interface"="c:\users\Kimberly\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 4489472]
"HP Officejet Pro 8600 (NET)"="c:\program files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-16 98304]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2009-12-22 1092872]
"Google Desktop Search"="c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-10 30192]
"InstallValidator.exe.FA87EC44_C38F_4148_93A1_FF4A64A2B707"="c:\program files (x86)\National Instruments\Shared\NIUninstaller\InstallValidator.exe" [2013-08-13 265608]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2010-9-14 984352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
.
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe;c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 SMR311;Symantec SMR Utility Service 3.1.1;c:\windows\System32\drivers\SMR311.SYS;c:\windows\SYSNATIVE\drivers\SMR311.SYS [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1307010.005\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1307010.005\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120317.002\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [x]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1307010.005\ccSetx64.sys [x]
S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys;c:\windows\SYSNATIVE\DRIVERS\dvmio.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120321.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120321.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1307010.005\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1307010.005\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1307010.005\SYMNETS.SYS [x]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/06/01 01:46];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl;c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\AESTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\swsetup\QuickWeb\QW.SYS\config\DVMExportService.exe;c:\swsetup\QuickWeb\QW.SYS\config\DVMExportService.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe [x]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe;c:\windows\SYSNATIVE\vcsFPService.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-01-22 18:06 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-22 20:15 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.117\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 20:42]
.
2014-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-21 02:16]
.
2014-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-21 02:16]
.
2014-02-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2067438776-955256638-4198274019-1001Core.job
- c:\users\Kimberly\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-15 20:21]
.
2014-02-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2067438776-955256638-4198274019-1001UA.job
- c:\users\Kimberly\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-15 20:21]
.
2014-02-23 c:\windows\Tasks\HPCeeScheduleForKimberly.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 10:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-20 611896]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-01-18 451072]
"HPToneControl"="c:\program files\Hewlett-Packard\HPToneControl\HPTonectl.exe" [2009-08-19 107832]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-04-25 172032]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-01-27 8192]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-02-01 487424]
"MRT"="c:\windows\system32\MRT.exe" [2014-02-05 88567024]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: intuit.com\community
TCP: DhcpNameServer = 10.0.1.1
FF - ProfilePath - c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\
FF - prefs.js: keyword.URL - hxxp://dts.search.ask.com/sr?src=ffb&gct=ds&appid=706&systemid=406&v=a9396-124&apn_dtid=BND406&apn_ptnrs=AG6&apn_uid=7466448302814054&o=APN10645&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 54525
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(extensions.BabylonToolbar_i.babTrack, affID=108714
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 727cf46c00000000000078e400d82e8d
FF - user.js: extensions.BabylonToolbar_i.hardId - 727cf46c00000000000078e400d82e8d
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15422
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.179:57
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atibtmon.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
.
**************************************************************************
.
Completion time: 2014-02-23 22:06:57 - machine was rebooted
ComboFix-quarantined-files.txt 2014-02-24 04:06
ComboFix2.txt 2014-02-24 01:50
.
Pre-Run: 388,508,889,088 bytes free
Post-Run: 388,222,357,504 bytes free
.
- - End Of File - - 871F329FBB8E3A480DCC19CAB29D7FA4
9D47346C41296565D44EFB723608B19F
 
Good :)

redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

redtarget.gif
Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
# AdwCleaner v3.019 - Report created 23/02/2014 at 22:32:13
# Updated 17/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Kimberly - HP-LAPTOP
# Running from : C:\Users\Kimberly\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\AI_RecycleBin
Folder Deleted : C:\Searchprotect
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
[#] Folder Deleted : C:\ProgramData\BitGuard
[#] Folder Deleted : C:\ProgramData\Browser Manager
[#] Folder Deleted : C:\ProgramData\BrowserProtect
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\ProgramData\WPM
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\uniblue
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\DefaultTab
Folder Deleted : C:\Program Files (x86)\Free Offers from Freeze.com
Folder Deleted : C:\Program Files (x86)\Inbox Toolbar
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\optimizer pro
Folder Deleted : C:\Program Files (x86)\registry mechanic
Folder Deleted : C:\Program Files (x86)\tuguu sl
Folder Deleted : C:\Program Files (x86)\uniblue
Folder Deleted : C:\Program Files (x86)\WinZipper
Folder Deleted : C:\Program Files (x86)\Yontoo Layers Client
Folder Deleted : C:\Program Files (x86)\Common Files\337
Folder Deleted : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Folder Deleted : C:\Windows\SysWOW64\AI_RecycleBin
Folder Deleted : C:\Windows\SysWOW64\Searchprotect
Folder Deleted : C:\Users\Kimberly\AppData\Local\apn
Folder Deleted : C:\Users\Kimberly\AppData\Local\Babylon
Folder Deleted : C:\Users\Kimberly\AppData\Local\Conduit
Folder Deleted : C:\Users\Kimberly\AppData\Local\OpenCandy
Folder Deleted : C:\Users\Kimberly\AppData\Local\Searchprotect
Folder Deleted : C:\Users\Kimberly\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Kimberly\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Kimberly\AppData\LocalLow\FunWebProducts
Folder Deleted : C:\Users\Kimberly\AppData\LocalLow\ilividmoviestoolbardla
Folder Deleted : C:\Users\Kimberly\AppData\LocalLow\Inbox Toolbar
Folder Deleted : C:\Users\Kimberly\AppData\LocalLow\MyWebSearch
Folder Deleted : C:\Users\Kimberly\AppData\LocalLow\searchresultstb
Folder Deleted : C:\Users\Kimberly\AppData\LocalLow\weDownload Manager Pro
Folder Deleted : C:\Users\Kimberly\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Kimberly\AppData\Roaming\DefaultTab
Folder Deleted : C:\Users\Kimberly\AppData\Roaming\Omiga Plus
Folder Deleted : C:\Users\Kimberly\AppData\Roaming\registry mechanic
Folder Deleted : C:\Users\Kimberly\AppData\Roaming\WinZipper
Folder Deleted : C:\Users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\FCTB
Folder Deleted : C:\Users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Users\Kimberly\Desktop\Optimizer Pro.lnk
File Deleted : C:\Users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\defaulttab.config
File Deleted : C:\Users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\searchplugins\Ask.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\Ask.xml
File Deleted : C:\Users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\searchplugins\safesearch.xml
File Deleted : C:\Users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\searchplugins\vafmusic2-customized-web-search.xml
File Deleted : C:\Users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\searchplugins\web-search.xml
File Deleted : C:\Users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\ujue22md.default-1354504057506\user.js
File Deleted : C:\Users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\user.js
File Deleted : C:\Users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ifohbjbgfchkkfhphahclmkpgejiplfo_0.localstorage

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [m3ffxtbr@mywebsearch.com]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\babylon.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\wajam.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.ThirdPartyInstaller
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.ThirdPartyInstaller.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll
Key Deleted : HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
Key Deleted : HKLM\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin
Key Deleted : HKLM\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\desk365_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\desk365_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\VAFMusic Conduit_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\VAFMusic Conduit_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\weDownload Manager Pro-codedownloader_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\weDownload Manager Pro-codedownloader_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows Media\Wmsdk\Sources [F3PopularScreenSavers]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\post platform [FunWebProducts]
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3294791
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_skype_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_skype_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{25560540-9571-4D7B-9389-0F166788785A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67FA02C4-AB30-4E77-A640-78EE8EC8673B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7473D292-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7473D296-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{799391D3-EB86-4BAC-9BD3-CBFEA58A0E15}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4730EBE-43A6-443E-9776-36915D323AD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9571378-68A1-443D-B082-284F960C6D17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D858DAFC-9573-4811-B323-7011A3AA7E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422362228}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01947140-417F-46B6-8751-A3A2B8345E1A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466366628}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8FFDF636-0D87-4B33-B9E9-79A53F6E1DAE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48DD-9B6D-7A13A3E42127}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40FD-8DAE-FF14757F60C7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422362228}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{01947140-417F-46B6-8751-A3A2B8345E1A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466366628}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\APN DTX
Key Deleted : HKCU\Software\caphyon
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DefaultTab
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\tuguu sl
Key Deleted : HKCU\Software\V9
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products
Key Deleted : HKCU\Software\AppDataLow\Software\FunWebProducts
Key Deleted : HKCU\Software\AppDataLow\Software\Lyrics_Monkey
Key Deleted : HKCU\Software\AppDataLow\Software\MyWebSearch
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\weDownload Manager Pro
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\caphyon
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\DefaultTab
Key Deleted : HKLM\Software\Desksvc
Key Deleted : HKLM\Software\DeviceVM
Key Deleted : HKLM\Software\FocusInteractive
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\Fun Web Products
Key Deleted : HKLM\Software\hdcode
Key Deleted : HKLM\Software\MyWebSearch
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\supWPM
Key Deleted : HKLM\Software\Trymedia Systems
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\Software\V9
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EBE677C0-CBCB-4EBF-8098-E27E1B5271CF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mywebsearch bar uninstall
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Key Deleted : [x64] HKLM\SOFTWARE\DeviceVM
Key Deleted : [x64] HKLM\SOFTWARE\DomaIQ
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\Software\Classes\Installer\Features\0C776EBEBCBCFBE408892EE7B12517FC
Key Deleted : HKLM\Software\Classes\Installer\Products\0C776EBEBCBCFBE408892EE7B12517FC
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - 127.0.0.1:9421;<local>

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16798


-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\prefs.js ]

Line Deleted : user_pref("CT3294791_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1377232351188,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3294791&octid=CT3294791&SearchSource=61&CUI=UN29272984232113624&UM=2&UP=SPEBC6ED9E-A799-4D4F-AED1-4E83D4DD5036");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=GRxdm021YYUS&ptnrS=GRxdm021YYUS&ptb=fc3VhsRI6bIAYESeGRN5TA&ind=2011041013&n=77de0cf5&psa=&[...]
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3294791");
Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Line Deleted : user_pref("browser.search.order.1", "Ask.com");
Line Deleted : user_pref("dom.ipc.plugins.enabled.npmywebs.dll", false);
Line Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=108714");
Line Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "727cf46c00000000000078e400d82e8d");
Line Deleted : user_pref("extensions.BabylonToolbar_i.id", "727cf46c00000000000078e400d82e8d");
Line Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15422");
Line Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Line Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Line Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Line Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Line Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Line Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.179:57:24");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.description", "Enhance your search results with direct download links and information for apps and[...]
Line Deleted : user_pref("extensions.crossrider.bic", "142f805a296c06ade43055362f500372");
Line Deleted : user_pref("extensions.defaulttab.config", "{\"status\": \"ok\", \"config\": {\"dns_error_handling\": \"Scenario_1,Scenario_2\", \"set_default_search\": \"Search|Conduit\", \"window_content\": \"<html>[...]
Line Deleted : user_pref("extensions.defaulttab.homepage.original", "hxxp://www.search.ask.com/?o=APN10645A&gct=hp&d=406-706&v=a9396-124&t=4");
Line Deleted : user_pref("extensions.enabledItems", "vshare@toolbar:1.0.0,{BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0,otis@digitalpersona.com:5.0.0.4248,{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.6,m3ffxtbr@mywebsearch[...]
Line Deleted : user_pref("extensions.mywebsearch.openSearchURL", "hxxp://search.mywebsearch.com/mywebsearch/opensearch.jhtml?id=GRxdm021YYUS&ptnrS=GRxdm021YYUS&ptb=fc3VhsRI6bIAYESeGRN5TA&ind=2011041013&n=77de0cf5&os[...]
Line Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Line Deleted : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=");
Line Deleted : user_pref("extensions.wajam.affiliate_id", "3556");
Line Deleted : user_pref("extensions.wajam.firstrun", "false");
Line Deleted : user_pref("extensions.wajam.log_info_only_error", "false");
Line Deleted : user_pref("extensions.wajam.log_send_info", "false");
Line Deleted : user_pref("extensions.wajam.mappingListJsonString", "{\"version\":\"0.21087\",\"supported_sites\":{\"google\":{\"patterns\":[\"^hxxp\\\\:\\/\\/www\\\\.google\\\\..{2,3}(|\\\\\\/ig|\\\\\\/firefox)\",\"[...]
Line Deleted : user_pref("extensions.wajam.no_trace", "false");
Line Deleted : user_pref("extensions.wajam.server_current_mapping_version", "0.21087");
Line Deleted : user_pref("extensions.wajam.supported_sites.imdb.wajam_se_js", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam';window['W[...]
Line Deleted : user_pref("extensions.wajam.supported_sites.yahoo.wajam_se_js", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam';window['[...]
Line Deleted : user_pref("extensions.wajam.trace_log", "1334527525787 - onFlagInfoReceived - Same server mapping version, don't update\n1334527525788 - onFlagInfoReceived - Saving server mapping version\n13345275257[...]
Line Deleted : user_pref("extensions.wajam.unique_id", "3DD18CDF5FDF2D36ACBFF24B69656C2D");
Line Deleted : user_pref("extensions.wajam.user_current_mapping_version", "0");
Line Deleted : user_pref("extensions.wajam.version", "1.24");
Line Deleted : user_pref("extensions.wajam.website_version", "1.00274.0");
Line Deleted : user_pref("extentions.y2layers.installId", "FC2408CE-E96D-C15F-180C-60101AB1A32F");
Line Deleted : user_pref("extentions.y2layers.lastDnsTest", 368929);
Line Deleted : user_pref("freecause5835466c49af4cbeb102a8c8b6313749.DNSCatch", false);
Line Deleted : user_pref("freecause5835466c49af4cbeb102a8c8b6313749.FirstLaunchShown", true);
Line Deleted : user_pref("freecause5835466c49af4cbeb102a8c8b6313749.LastDate", 23);
Line Deleted : user_pref("freecause5835466c49af4cbeb102a8c8b6313749.customNewTab", false);
Line Deleted : user_pref("freecause5835466c49af4cbeb102a8c8b6313749.processAddrBar", false);
Line Deleted : user_pref("freecause5835466c49af4cbeb102a8c8b6313749.session", "5E7229A8D970439CACDB1EA0761FDC978589B6045BCCB6F4E5CF6F0856E4D1C6A5A52EFADF43820E8A2674431C81AC9059FF508706DA8903C99A9B4BDA2793AB020D1AC4[...]
Line Deleted : user_pref("freecause5835466c49af4cbeb102a8c8b6313749.tb_lang", "en");
Line Deleted : user_pref("freecause5835466c49af4cbeb102a8c8b6313749.user_id", "31955475");
Line Deleted : user_pref("freecause5835466c49af4cbeb102a8c8b6313749.vars.disablecuidinject", "1");
Line Deleted : user_pref("freecause5835466c49af4cbeb102a8c8b6313749.vars.lastcheck", "Fri%20Dec%2016%202011%2014%3A07%3A32%20GMT-0600%20%28Central%20Standard%20Time%29");
Line Deleted : user_pref("freecause5835466c49af4cbeb102a8c8b6313749.yahooSearch", false);
Line Deleted : user_pref("keyword.URL", "hxxp://dts.search.ask.com/sr?src=ffb&gct=ds&appid=706&systemid=406&v=a9396-124&apn_dtid=BND406&apn_ptnrs=AG6&apn_uid=7466448302814054&o=APN10645&q=");
Line Deleted : user_pref("smartbar.machineId", "Z4P3CPDCVJQTCE0IOBAPT5FZYSL0NLOLTNW4MZM0RTYMKQ11QOHXSI0V6VCOS8IHOG/HUBUFCPIJOGD82561CQ");
Line Deleted : user_pref("surfcanyon.ad_status", "1");
Line Deleted : user_pref("surfcanyon.amazon_results_enabled", true);
Line Deleted : user_pref("surfcanyon.daily_code", "scIsOnSearchEngineDomain = function() {\nreturn contains(scCurrentPageDomain, '.surfcanyon.') || contains(scCurrentPageDomain, '.google.') || contains(scCurrentPage[...]
Line Deleted : user_pref("surfcanyon.daily_code_timestamp", "1322003717950");
Line Deleted : user_pref("surfcanyon.display_similar_product_images", true);
Line Deleted : user_pref("surfcanyon.hourly_code", "scHourlyCodeRevision = '337a';\nscGetDocument = function() {\nreturn scIsFF ? content.document : document;\n};\n\nscExtractUrlFromSpanTag = function(spanTag) {\nva[...]
Line Deleted : user_pref("surfcanyon.hourly_code2", "scEnableGoogle_hourly = function() {\nvar args = window.location.search;\nvar path = window.location.pathname;\nvar isGoogleSearchDomain = (contains(scCurrentPage[...]
Line Deleted : user_pref("surfcanyon.hourly_code_timestamp", "1328203683113");
Line Deleted : user_pref("surfcanyon.initialized_amazon_results", true);
Line Deleted : user_pref("surfcanyon.initialized_price_trace", true);
Line Deleted : user_pref("surfcanyon.initialized_roaming_suggestions", true);
Line Deleted : user_pref("surfcanyon.initialized_search_links", true);
Line Deleted : user_pref("surfcanyon.initialized_similar_product_images", true);
Line Deleted : user_pref("surfcanyon.inst_id", "281783787941173594753728732082");
Line Deleted : user_pref("surfcanyon.inst_timestamp", "1305255701363");
Line Deleted : user_pref("surfcanyon.last_seen_splash", "337");
Line Deleted : user_pref("surfcanyon.num_recs_clicked", "8");
Line Deleted : user_pref("surfcanyon.num_results_clicked", "230");
Line Deleted : user_pref("surfcanyon.num_results_clicked_when_recs_available", "60");
Line Deleted : user_pref("surfcanyon.num_searches", "258");
Line Deleted : user_pref("surfcanyon.partner_code", "WTIFFUSA");
Line Deleted : user_pref("surfcanyon.price_trace_enabled", true);
Line Deleted : user_pref("surfcanyon.refinements_cache", "sweet genius/sweet genius:food network:pastry chefs^sweet genius full episodes/chefs:food network:episode list:dark genius^google images/google images:featur[...]
Line Deleted : user_pref("surfcanyon.roaming_suggestions_enabled", true);
Line Deleted : user_pref("surfcanyon.search_links_enabled", true);
Line Deleted : user_pref("vshare.install.date", "1287878400000");
Line Deleted : user_pref("vshare.install.finished", "1.0.0");
Line Deleted : user_pref("vshare.install.guid", "{89144927-5aaf-4f48-9088-85ac95e06181}");
Line Deleted : user_pref("vshare.install.isHidden", true);
Line Deleted : user_pref("vshare.install.istoolbarhp", true);
Line Deleted : user_pref("vshare.install.istoolbarsearch", true);
Line Deleted : user_pref("vshare.install.laststatreq", "1307577600000");
Line Deleted : user_pref("vshare.install.newtab", false);

*************************

AdwCleaner[R0].txt - [36893 octets] - [23/02/2014 22:29:59]
AdwCleaner[S0].txt - [36924 octets] - [23/02/2014 22:32:13]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [36985 octets] ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Home Premium x64
Ran by Kimberly on Sun 02/23/2014 at 22:39:09.93
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\vafplayer
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2067438776-955256638-4198274019-1001\Software\wajam
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\strongvaultapp_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\strongvaultapp_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\YontooSetup-DropDownDeals-SilentInstaller-5334_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\YontooSetup-DropDownDeals-SilentInstaller-5334_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetup-r706-n-bf_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetup-r706-n-bf_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SetupDataMngr_iLivid_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SetupDataMngr_iLivid_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\YontooSetup-DropDownDeals-SilentInstaller-5334_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\YontooSetup-DropDownDeals-SilentInstaller-5334_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetup-r706-n-bf_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetup-r706-n-bf_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SetupDataMngr_iLivid_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SetupDataMngr_iLivid_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3FB43F15-065F-4C8E-B068-0141C455814C}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\big fish games"
Successfully deleted: [Folder] "C:\ProgramData\searchdonkey"
Successfully deleted: [Folder] "C:\Users\Kimberly\AppData\Roaming\netassistant"
Successfully deleted: [Folder] "C:\Users\Kimberly\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\Kimberly\appdata\locallow\datamngr"



~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\\{1266764d-fc4f-4fa7-b63b-884d53b1680f}
Successfully deleted the following from C:\Users\Kimberly\AppData\Roaming\mozilla\firefox\profiles\wytp5qmo.default\prefs.js

user_pref("extensions.defaulttab.installdate", 1377232349);
user_pref("extensions.defaulttab.useNewTabWhiteList", false);
Emptied folder: C:\Users\Kimberly\AppData\Roaming\mozilla\firefox\profiles\wytp5qmo.default\minidumps [6 files]



~~~ Chrome

Dumping contents of C:\Users\Kimberly\appdata\local\Google\Chrome\User Data\Default\Default
C:\Users\Kimberly\appdata\local\Google\Chrome\User Data\Default\Default\aadidigcgcdcdbdfggdjggdddeddggdg
C:\Users\Kimberly\appdata\local\Google\Chrome\User Data\Default\Default\aapenkoohebogjdjndiekclhechihhbo
C:\Users\Kimberly\appdata\local\Google\Chrome\User Data\Default\Default\aadidigcgcdcdbdfggdjggdddeddggdg\background.html
C:\Users\Kimberly\appdata\local\Google\Chrome\User Data\Default\Default\aadidigcgcdcdbdfggdjggdddeddggdg\ContentScript.js
C:\Users\Kimberly\appdata\local\Google\Chrome\User Data\Default\Default\aadidigcgcdcdbdfggdjggdddeddggdg\manifest.json
C:\Users\Kimberly\appdata\local\Google\Chrome\User Data\Default\Default\aapenkoohebogjdjndiekclhechihhbo\background.html
C:\Users\Kimberly\appdata\local\Google\Chrome\User Data\Default\Default\aapenkoohebogjdjndiekclhechihhbo\ContentScript.js
C:\Users\Kimberly\appdata\local\Google\Chrome\User Data\Default\Default\aapenkoohebogjdjndiekclhechihhbo\manifest.json

Successfully deleted: [Folder] C:\Users\Kimberly\appdata\local\Google\Chrome\User Data\Default\Default [Default Extension 1.0]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 02/23/2014 at 22:53:43.80
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
OTL logfile created on: 2/23/2014 10:56:36 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kimberly\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16798)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.75 Gb Total Physical Memory | 2.53 Gb Available Physical Memory | 67.53% Memory free
7.49 Gb Paging File | 5.92 Gb Available in Paging File | 79.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 443.54 Gb Total Space | 361.67 Gb Free Space | 81.54% Space Free | Partition Type: NTFS
Drive D: | 21.92 Gb Total Space | 3.20 Gb Free Space | 14.58% Space Free | Partition Type: NTFS
Drive E: | 99.02 Mb Total Space | 89.05 Mb Free Space | 89.93% Space Free | Partition Type: FAT32
Computer Name: HP-LAPTOP | User Name: Kimberly | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - File not found --
PRC - [2014/02/23 22:28:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kimberly\Desktop\OTL.exe
PRC - [2013/06/05 00:01:52 | 004,489,472 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Kimberly\AppData\Local\Akamai\netsession_win.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/03/27 17:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccsvchst.exe
PRC - [2010/09/14 13:45:30 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2010/03/05 22:12:48 | 000,338,168 | -H-- | M] (DeviceVM, Inc.) -- C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe
PRC - [2010/02/26 17:27:16 | 000,127,984 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
========== Modules (No Company Name) ==========
MOD - [2014/02/23 17:49:16 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\4412bbbb473c356b5ea3e1ea13b25f52\System.Management.ni.dll
MOD - [2014/02/23 14:14:40 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\72284863df9bea3f081ae98996400619\PresentationFramework.Aero.ni.dll
MOD - [2014/02/23 14:14:08 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\59312674865dc2a19c27f9f460b1673b\System.Runtime.Remoting.ni.dll
MOD - [2014/02/23 14:14:04 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\ef909f20859b8301201b10a84ab14803\System.Data.ni.dll
MOD - [2014/02/23 14:13:40 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f703846404bb66a4ae03ef8133755007\PresentationFramework.ni.dll
MOD - [2014/02/23 14:13:06 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/02/23 14:12:54 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/02/23 14:12:40 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014/02/23 14:12:27 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
MOD - [2014/02/23 14:12:23 | 012,238,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\660ac5d6da77df8e86fb26f05c6a9816\PresentationCore.ni.dll
MOD - [2014/02/23 14:12:06 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll
MOD - [2014/02/23 14:12:01 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/02/23 14:11:49 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2014/02/05 19:22:19 | 000,037,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2010/11/04 19:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/02/09 19:58:30 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2010/02/09 19:58:28 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2010/02/09 19:58:24 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2010/02/09 19:58:24 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2010/02/09 19:58:22 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2010/02/09 19:58:22 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2010/02/09 19:58:18 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2010/02/09 19:58:14 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
MOD - [2010/01/22 11:30:00 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2010/01/22 11:29:58 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2010/01/22 11:29:58 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
========== Services (SafeList) ==========
SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/09/20 01:56:00 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/07/16 14:03:58 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2010/02/01 03:29:34 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/01/27 15:01:04 | 000,102,968 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010/01/18 16:04:08 | 000,020,480 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV:64bit: - [2010/01/06 02:14:28 | 002,184,496 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService)
SRV:64bit: - [2009/12/30 13:22:12 | 000,444,680 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
SRV:64bit: - [2009/03/03 04:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\AESTSr64.exe -- (AESTFilters)
SRV - [2014/02/22 15:18:56 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/02/22 14:42:45 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/11/04 18:31:56 | 000,092,160 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/03/27 17:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe -- (NIS)
SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/14 13:45:30 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2010/03/05 22:12:48 | 000,338,168 | -H-- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2010/02/26 17:27:16 | 000,127,984 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2010/02/01 03:29:34 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\STacSV64.exe -- (STacSV)
SRV - [2010/01/06 01:53:54 | 001,791,280 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/03 04:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\AESTSr64.exe -- (AESTFilters)
SRV - [2008/11/18 14:45:28 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/12/06 17:59:46 | 000,095,392 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SMR311.SYS -- (SMR311)
DRV:64bit: - [2012/03/29 00:28:38 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1307010.005\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/03/29 00:28:30 | 001,092,728 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1307010.005\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/03/29 00:06:25 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1307010.005\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/03/29 00:03:27 | 000,737,912 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1307010.005\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/03/29 00:03:27 | 000,037,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1307010.005\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/03/23 09:17:28 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/29 16:44:29 | 000,167,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1307010.005\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2011/07/25 20:18:35 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1307010.005\symds64.sys -- (SymDS)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 03:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/26 20:15:22 | 002,374,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/09/20 02:14:16 | 007,767,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/09/20 01:21:04 | 000,279,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/07/16 14:04:04 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2010/07/16 14:03:48 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2010/05/27 14:32:56 | 000,320,560 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/02/08 23:57:22 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/02/01 03:29:34 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/01/28 12:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/12/22 03:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/11/27 19:45:06 | 000,295,424 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/11/11 14:09:32 | 000,020,056 | -H-- | M] (DeviceVM, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dvmio.sys -- (DVMIO)
DRV:64bit: - [2009/08/23 19:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 15:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 15:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 15:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 14:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 14:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 14:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012/03/21 20:14:24 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120321.008\ex64.sys -- (NAVEX15)
DRV - [2012/03/21 20:14:24 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120321.008\eng64.sys -- (NAVENG)
DRV - [2012/03/05 04:57:54 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120321.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/03/02 12:58:01 | 001,157,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120317.002\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/02/16 14:50:21 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010/02/22 18:23:46 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/06/01 01:46:42] [Kernel | Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{BF6FB75C-5999-457A-AB6E-BADE0AF7FAFF}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKLM\..\SearchScopes\{CA7858D7-1FAD-403D-AC06-667FADF0B3E4}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2067438776-955256638-4198274019-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-2067438776-955256638-4198274019-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2067438776-955256638-4198274019-1001\..\SearchScopes\{BF6FB75C-5999-457A-AB6E-BADE0AF7FAFF}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKU\S-1-5-21-2067438776-955256638-4198274019-1001\..\SearchScopes\{CA7858D7-1FAD-403D-AC06-667FADF0B3E4}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-2067438776-955256638-4198274019-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2067438776-955256638-4198274019-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - prefs.js..browser.search.order.2: ""
FF - prefs.js..browser.search.param.yahoo-fr: "w3i&type=W3i_DS,157,0_0,Search,20110520,6902,0,16,0"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 54525
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Kimberly\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Kimberly\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Kimberly\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Kimberly\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Kimberly\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\IPSFFPlgn\ [2012/03/17 17:28:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2010/06/01 03:11:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\coFFPlgn\ [2012/11/02 13:49:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/02/22 15:18:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/02/22 15:18:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/02/22 15:18:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/02/22 15:18:46 | 000,000,000 | ---D | M]
[2010/08/15 11:23:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kimberly\AppData\Roaming\Mozilla\Extensions
[2012/12/02 21:20:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\ujue22md.default-1354504057506\extensions
[2014/02/23 21:05:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions
[2013/12/15 14:48:04 | 000,000,000 | ---D | M] (SBLite) -- C:\Users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\{83aace32-eca0-4c3a-b4d6-9ad594496b48}
[2014/01/05 20:09:32 | 000,000,000 | ---D | M] (SearchDonkey) -- C:\Users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\wytp5qmo.default\extensions\support@searchdonkeyapp.com
[2014/02/22 15:18:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/02/22 15:18:45 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2014/02/22 15:18:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2014/02/22 15:18:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2014/02/22 15:18:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/02/22 15:18:57 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/07/21 17:18:13 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
 
O1 HOSTS File: ([2014/02/23 21:08:43 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (HP SimplePass Identity Protection Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (HP SimplePass Identity Protection Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SBLite) - {E155F23C-9931-47c6-A619-20E6FCA86D75} - C:\Program Files (x86)\SBLite\SBLite.dll File not found
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:64bit: - HKLM..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
O4:64bit: - HKLM..\Run: [HPToneControl] C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe (Hewlett-Packard )
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [InstallValidator.exe.FA87EC44_C38F_4148_93A1_FF4A64A2B707] C:\Program Files (x86)\National Instruments\Shared\NIUninstaller\InstallValidator.exe ()
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-2067438776-955256638-4198274019-1001..\Run: [Akamai NetSession Interface] C:\Users\Kimberly\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-2067438776-955256638-4198274019-1001..\Run: [HP Officejet Pro 8600 (NET)] C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKU\S-1-5-21-2067438776-955256638-4198274019-1001..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2067438776-955256638-4198274019-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2067438776-955256638-4198274019-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2067438776-955256638-4198274019-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2067438776-955256638-4198274019-1001\..Trusted Domains: intuit.com ([community] https in Trusted sites)
O15 - HKU\S-1-5-21-2067438776-955256638-4198274019-1001\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-2067438776-955256638-4198274019-1001\..Trusted Ranges: GD ([http] in Local intranet)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Nanny%20Mania/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/Nanny%20Mania/Images/armhelper.ocx (ArmHelper Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3E3E4D37-55AF-4923-9AEC-0DEF1423AED2}: DhcpNameServer = 10.0.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2014/02/23 22:39:06 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/02/23 22:34:01 | 000,000,000 | -H-D | C] -- C:\dvmexp
[2014/02/23 22:32:43 | 000,000,000 | ---D | C] -- C:\temp
[2014/02/23 22:29:55 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/02/23 22:27:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kimberly\Desktop\OTL.exe
[2014/02/23 22:26:56 | 001,037,734 | ---- | C] (Thisisu) -- C:\Users\Kimberly\Desktop\JRT.exe
[2014/02/23 22:07:00 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2014/02/23 21:08:48 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/02/23 18:05:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/02/23 18:05:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/02/23 18:05:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/02/23 18:05:25 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/02/23 18:04:49 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/02/23 13:49:50 | 000,000,000 | ---D | C] -- C:\Users\Kimberly\Desktop\FRST-OlderVersion
[2014/02/23 11:41:14 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2014/02/22 23:45:29 | 000,000,000 | ---D | C] -- C:\FRST
[2014/02/22 23:44:43 | 002,155,520 | ---- | C] (Farbar) -- C:\Users\Kimberly\Desktop\FRST64.exe
[2014/02/22 21:36:31 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/02/22 21:35:49 | 000,000,000 | ---D | C] -- C:\Users\Kimberly\Desktop\mbar
[2014/02/22 21:00:23 | 000,000,000 | ---D | C] -- C:\Users\Kimberly\Desktop\RK_Quarantine
[2014/02/22 15:18:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/02/22 14:20:38 | 000,000,000 | ---D | C] -- C:\Users\Kimberly\AppData\Roaming\Malwarebytes
[2014/02/22 14:20:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/02/22 14:20:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/02/22 14:20:24 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/02/22 14:20:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014/02/07 21:34:34 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2014/02/07 21:34:32 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2014/02/07 21:34:16 | 000,000,000 | ---D | C] -- C:\Users\Kimberly\AppData\Local\HP
[2014/02/05 19:26:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
[2014/02/05 19:18:29 | 000,000,000 | ---D | C] -- C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/02/23 22:42:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/23 22:41:27 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/23 22:41:27 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/23 22:39:29 | 000,782,336 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/02/23 22:39:29 | 000,662,650 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/02/23 22:39:29 | 000,122,486 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/02/23 22:34:20 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/23 22:34:04 | 000,000,012 | -H-- | M] () -- C:\dvmexp.idx
[2014/02/23 22:33:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/23 22:33:35 | 3015,888,896 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/23 22:28:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kimberly\Desktop\OTL.exe
[2014/02/23 22:27:01 | 001,037,734 | ---- | M] (Thisisu) -- C:\Users\Kimberly\Desktop\JRT.exe
[2014/02/23 22:25:27 | 001,241,834 | ---- | M] () -- C:\Users\Kimberly\Desktop\adwcleaner.exe
[2014/02/23 22:16:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2067438776-955256638-4198274019-1001UA.job
[2014/02/23 22:13:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/23 21:08:43 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/02/23 20:49:05 | 000,001,168 | ---- | M] () -- C:\Users\Kimberly\Desktop\ComboFix - Shortcut.lnk
[2014/02/23 14:16:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2067438776-955256638-4198274019-1001Core.job
[2014/02/23 14:07:47 | 000,395,176 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/02/23 13:49:50 | 002,155,520 | ---- | M] (Farbar) -- C:\Users\Kimberly\Desktop\FRST64.exe
[2014/02/23 10:16:16 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2014/02/23 10:16:16 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2014/02/23 09:57:21 | 000,774,950 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/02/22 22:15:33 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/02/22 18:11:07 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForKimberly.job
[2014/02/22 15:26:06 | 000,002,044 | ---- | M] () -- C:\Users\Kimberly\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/02/22 14:37:28 | 000,002,143 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/02/22 14:20:26 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/02/22 14:11:10 | 000,000,426 | ---- | M] () -- C:\AVScanner.ini
[2014/02/07 21:34:56 | 000,002,200 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet Pro 8600.lnk
[2014/02/07 21:34:56 | 000,001,152 | ---- | M] () -- C:\Users\Public\Desktop\Shop for Supplies - HP Officejet Pro 8600.lnk
[2014/02/07 21:34:24 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[2014/02/07 18:23:02 | 000,000,258 | RHS- | M] () -- C:\Users\Kimberly\ntuser.pol
[2014/02/05 19:26:15 | 000,002,177 | ---- | M] () -- C:\Users\Kimberly\Desktop\HP Support Assistant.lnk
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/02/23 22:34:04 | 000,000,012 | -H-- | C] () -- C:\dvmexp.idx
[2014/02/23 22:25:22 | 001,241,834 | ---- | C] () -- C:\Users\Kimberly\Desktop\adwcleaner.exe
[2014/02/23 20:49:05 | 000,001,168 | ---- | C] () -- C:\Users\Kimberly\Desktop\ComboFix - Shortcut.lnk
[2014/02/23 20:43:09 | 000,000,426 | ---- | C] () -- C:\AVScanner.ini
[2014/02/23 18:05:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/02/23 18:05:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/02/23 18:05:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/02/23 18:05:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/02/23 18:05:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/02/23 10:16:16 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2014/02/23 10:16:16 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2014/02/23 09:26:48 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2014/02/22 23:08:48 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2014/02/22 14:20:26 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/02/07 21:34:56 | 000,002,200 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet Pro 8600.lnk
[2014/02/07 21:34:56 | 000,001,152 | ---- | C] () -- C:\Users\Public\Desktop\Shop for Supplies - HP Officejet Pro 8600.lnk
[2014/02/07 21:34:24 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2014/02/05 19:26:15 | 000,002,177 | ---- | C] () -- C:\Users\Kimberly\Desktop\HP Support Assistant.lnk
[2013/12/15 15:11:35 | 000,774,950 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/08/22 22:24:46 | 000,000,258 | RHS- | C] () -- C:\Users\Kimberly\ntuser.pol
[2012/03/23 08:58:12 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/03/23 08:58:12 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/05/12 10:55:28 | 000,001,854 | ---- | C] () -- C:\Users\Kimberly\AppData\Roaming\GhostObjGAFix.xml
[2011/01/26 01:29:02 | 000,000,000 | ---- | C] () -- C:\Users\Kimberly\AppData\Roaming\wklnhst.dat
[2011/01/20 20:23:39 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
========== ZeroAccess Check ==========
[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 20:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013/10/08 19:09:31 | 000,000,000 | ---D | M] -- C:\Users\Kimberly\AppData\Roaming\337 Wallpaper
[2011/01/30 21:25:01 | 000,000,000 | ---D | M] -- C:\Users\Kimberly\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/08/08 17:12:46 | 000,000,000 | ---D | M] -- C:\Users\Kimberly\AppData\Roaming\DigitalPersona
[2010/08/10 13:53:43 | 000,000,000 | ---D | M] -- C:\Users\Kimberly\AppData\Roaming\Elluminate
[2011/05/28 12:39:34 | 000,000,000 | ---D | M] -- C:\Users\Kimberly\AppData\Roaming\InImages
[2013/01/08 08:51:04 | 000,000,000 | ---D | M] -- C:\Users\Kimberly\AppData\Roaming\IObit
[2012/11/15 09:55:48 | 000,000,000 | ---D | M] -- C:\Users\Kimberly\AppData\Roaming\iPodtoComputer
[2013/12/02 16:21:31 | 000,000,000 | ---D | M] -- C:\Users\Kimberly\AppData\Roaming\player
[2011/05/24 19:22:15 | 000,000,000 | ---D | M] -- C:\Users\Kimberly\AppData\Roaming\PlayFirst
[2013/01/09 12:49:19 | 000,000,000 | ---D | M] -- C:\Users\Kimberly\AppData\Roaming\Product_RM
[2013/12/15 14:48:04 | 000,000,000 | ---D | M] -- C:\Users\Kimberly\AppData\Roaming\SBLite for Chrome
[2011/05/12 20:53:20 | 000,000,000 | ---D | M] -- C:\Users\Kimberly\AppData\Roaming\SpinTop
[2012/10/12 15:02:38 | 000,000,000 | ---D | M] -- C:\Users\Kimberly\AppData\Roaming\Spotify
[2011/05/25 09:09:57 | 000,000,000 | ---D | M] -- C:\Users\Kimberly\AppData\Roaming\Supermarket Mania 2
[2014/02/07 19:52:42 | 000,000,000 | ---D | M] -- C:\Users\Kimberly\AppData\Roaming\Template
[2012/09/26 16:27:17 | 000,000,000 | ---D | M] -- C:\Users\Kimberly\AppData\Roaming\UpdateTemp36909649
[2014/01/07 21:18:29 | 000,000,000 | ---D | M] -- C:\Users\Kimberly\AppData\Roaming\WildTangent
========== Purity Check ==========

< End of report >
 
OTL Extras logfile created on: 2/23/2014 10:56:36 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kimberly\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16798)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.75 Gb Total Physical Memory | 2.53 Gb Available Physical Memory | 67.53% Memory free
7.49 Gb Paging File | 5.92 Gb Available in Paging File | 79.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 443.54 Gb Total Space | 361.67 Gb Free Space | 81.54% Space Free | Partition Type: NTFS
Drive D: | 21.92 Gb Total Space | 3.20 Gb Free Space | 14.58% Space Free | Partition Type: NTFS
Drive E: | 99.02 Mb Total Space | 89.05 Mb Free Space | 89.93% Space Free | Partition Type: FAT32
Computer Name: HP-LAPTOP | User Name: Kimberly | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_USERS\S-1-5-21-2067438776-955256638-4198274019-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with Corel PaintShop Photo Pro X3] -- "c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with Corel PaintShop Photo Pro X3] -- "c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{E30C283E-1A74-4D5A-AC81-72B3FE31E091}" = protocol=17 | dir=in | app=c:\program files (x86)\lego software\lego mindstorms edu ev3\mindstormsev3.exe |
"{FBA1322D-7723-478A-A163-BE443A921C1A}" = protocol=6 | dir=in | app=c:\program files (x86)\lego software\lego mindstorms edu ev3\mindstormsev3.exe |
"TCP Query User{09438BB8-DFD6-45DF-9705-BA0A3061C92E}C:\users\kimberly\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\kimberly\appdata\local\akamai\netsession_win.exe |
"TCP Query User{58CC46F0-24CF-47C5-A023-7425B1E0D7A1}C:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe |
"UDP Query User{4760FFA9-BAB3-4CEE-B8D9-839D501839AF}C:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe |
"UDP Query User{A4651260-3A1D-4E6D-B68F-14BE4A5EEB60}C:\users\kimberly\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\kimberly\appdata\local\akamai\netsession_win.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{07E00E94-7A78-40FA-9BEF-71C190E98041}" = NI VC2008MSMs x64
"{10F539B1-31AF-43BF-9F0C-0EB66E918922}" = HP Quick Launch
"{11A4D79B-672C-7FFF-B5F7-B4409B1194EF}" = ATI Catalyst Install Manager
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java(TM) 6 Update 17 (64-bit)
"{4B4E2FA2-3B1E-4147-99DB-5033981D8C2F}" = HP MediaSmart Movies and TV
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{731A1D36-BF17-4C76-B7E7-CC055AF8C54E}" = HP MediaSmart SmartMenu
"{791A06E2-340F-43B0-8FAB-62D151339362}" = HP Officejet Pro 8600 Basic Device Software
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{85A42FF0-F0D0-44A3-B226-C124D6E8B1D5}" = HP 3D DriveGuard
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9207D4A1-586E-49CA-A002-FC9F475AB1A3}" = HP Tone Control
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A0831C28-A6FA-49A3-86AE-B5AE3C9EE19C}" = LEGO MINDSTORMS NXT x64 Driver
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E2BDBC42-A7F5-BE3C-CAE7-672461BADFBB}" = ccc-utility64
"{E6BC696E-5E96-4C1B-9371-379AF3A46B6B}" = HP Wireless Assistant
"{EE5017A6-7525-4EE9-99DA-2EF1F6C16B1B}" = Validity Sensors DDK
"{F20DF0CA-5929-4C26-A501-FDB19FDF0A50}" = HP SimplePass Identity Protection
"{F6246243-CF06-4E40-8A37-C3B537695C36}" = Share64
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{D1AEB5DB-04FA-489D-94EF-8600898B93EE}" = Corel PaintShop Photo Pro X3
"_{F072CA07-A781-45E4-9975-C033A73019CF}" = Corel VideoStudio Pro X3
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{06C75F9A-97AD-5248-E32E-DF614E74CB30}" = CCC Help English
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = Roxio CinemaNow 2.0
"{1266764D-FC4F-4FA7-B63B-884D53B1680F}" = NetAssistant
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{17AAFDC8-0126-8325-99C3-BA94ECC88719}" = CCC Help Chinese Standard
"{1C7D54A1-3EAF-1FA6-865A-5BD68563978F}" = Catalyst Control Center Graphics Previews Vista
"{1E74EDAD-1EE1-420E-A293-C0F030BB07E9}" = NI EulaDepot
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20F57D95-033E-4540-BE99-8CC197945FEA}" = NI MDF Support
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2469F651-772F-53D7-66D6-EC065F786E38}" = CCC Help French
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 51
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2E228408-8C07-BF2B-E3BE-6FE3226D0557}" = Catalyst Control Center Graphics Full Existing
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"{3418A50C-5B73-420F-A617-B680D778573C}" = CCC Help Greek
"{35021DFB-F9CA-402A-89A2-47F91E506465}" = HP MediaSmart/TouchSmart Netflix
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{394FA67A-FF0A-4356-BB77-D85E5A300BDE}" = HP QuickWeb Installer
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3BCD0085-B478-48B3-8323-77E8BD493062}" = Microsoft Silverlight 5.1
"{3CE8DBEF-2A88-F180-F62C-43AA930D6D47}" = CCC Help Korean
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{41101F0C-DBD9-321C-A6B1-E0689B495A4E}" = Google Talk Plugin
"{43C189A4-D61F-F7C7-F4BC-C3FE800FF7BB}" = ccc-core-static
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{527B2D1F-0129-70C1-3D8E-D7C13994F3D8}" = Catalyst Control Center Graphics Previews Common
"{5911C3EB-2E4F-80CC-4A1F-65DD5BFFEA0D}" = CCC Help German
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5F3092B9-4240-4037-A287-BF6F9A2996BC}" = LEGO MINDSTORMS EV3 Uninstaller
"{639BDAFA-4A48-62A1-E2D9-13A84E9582FE}" = CCC Help Polish
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6B6A1FFD-AF4B-2348-1854-1BBDD6A4E852}" = CCC Help Chinese Traditional
"{6C122441-1861-4CD7-B1C5-A163A6984E12}" = CinemaNow Media Manager
"{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.2.3
"{702F632F-E80E-4FCD-98BB-261D3CD3C2C5}" = NI Uninstaller
"{705893E4-960A-E551-4825-B63B7BE8959A}" = CCC Help Czech
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{766BF6D1-A746-9B26-EC0B-E76DF6D5DE07}" = CCC Help Norwegian
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{783C5B03-DF9C-30B0-BC32-066150B77F19}" = CCC Help Japanese
"{7D2B5801-18A1-428D-A601-EE0D30CCF060}" = HP User Guides 0188
"{7EBBF60A-90DF-4B4D-83A8-CEB2C89921A2}" = LEGO MINDSTORMS Education EV3 Content
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{83853D8B-E9F1-1E35-2F1B-4210D2875A8C}" = CCC Help Spanish
"{8448A578-5C2C-4591-8AA1-CD0844FE654C}" = LEGO MINDSTORMS Education EV3 English Support
"{845E9545-2A7F-FFCB-D2FA-A292B0137325}" = CCC Help Hungarian
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8C6E13F3-44FB-A8A6-D9F5-2AF030A47F2C}" = CCC Help Portuguese
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MediaSmart CinemaNow 2.0
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{996FF46F-797F-AFE4-2932-3F391B5BB4A5}" = CCC Help Thai
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A2F0810-3622-4E86-9072-973FBE1679C5}" = QuickBooks Pro 2009
"{9A2F0810-369F-4E86-9072-973FBE1679C5}" = QuickBooks
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3A11F6C-E573-4D1C-A9D4-701D7551544B}" = NI .NET Framework 4
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA11D798-A4C3-F2BF-E9C8-584D1AA7C891}" = Catalyst Control Center Graphics Full New
"{AB14AFDF-990F-C0FD-DDDF-6113BD111593}" = Catalyst Control Center Localization All
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.5 MUI
"{AEBFE622-2807-E0D5-E7E2-0D5AA4977B48}" = CCC Help Danish
"{B34FE99A-48DD-3564-761E-6BB78FBE5DB9}" = Catalyst Control Center InstallProxy
"{B7F60A16-7A7B-41FB-9AE3-DE9E324FBA06}" = HP Software Framework
"{BFC1210F-19B0-A7F0-B027-82AD610DA5B7}" = CCC Help Italian
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"{D1612A3D-0DCC-4055-BB6A-0036F31158A0}" = Setup
"{D1AEB5DB-04FA-489D-94EF-8600898B93EE}" = ICA
"{D1F80EFD-A032-4E8E-A367-70C44AD4DCE0}" = ISCOM
"{D2D49B64-FBC1-15EE-5734-97BB457F197E}" = Catalyst Control Center Core Implementation
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D5EA734C-2DEC-76F6-9D98-97D57A6F61CE}" = CCC Help Swedish
"{D6569FE7-BBFF-4994-9AE2-35BB03E0BECB}" = LEGO MINDSTORMS Education EV3
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player
"{DA4BF4BE-3CDC-43B5-BBDA-DDDA73103111}" = Corel PaintShop Photo Pro X3
"{DB6A09A0-34B0-BFE5-7026-C91829ED879D}" = CCC Help Turkish
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DCD941B6-F2E7-4FAF-B102-F7D4DE5FF99A}" = IPM_PSP_Pro
"{DCF1928A-FC01-48E7-A7E6-4651D42EF6A1}" = PSPPRO_DCRAW
"{DF8B9311-ADE7-4EDE-B121-326CAA3D225D}" = PSPPContent
"{E1600759-7AB3-A146-5ED4-4A50E743D3D3}" = CCC Help Russian
"{E22B38FA-7A08-3CEE-EB31-970C4CF2AA54}" = CCC Help Dutch
"{E2831862-F131-4327-B9CC-FA30F587EB6C}" = HP Setup
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}" = HP Support Assistant
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E84997A1-4D6F-4C0B-B60D-F85B360D2666}" = NI VC2008MSMs x86
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F069C491-69E6-4D9B-9A0C-B7894A1FA97C}" = Setup
"{F072CA07-A781-45E4-9975-C033A73019CF}" = ICA
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F206FEC3-F5DD-43FD-A8CF-9C46B8A6A92C}" = VSPro
"{F3620D5D-B046-41F0-AB8D-3C56A36AFD60}" = Catalyst Control Center - Branding
"{F4E9851F-765E-40B7-9859-237C2724E62C}" = DeviceIO
"{F55BB217-BB0F-4A7A-A499-8A0C34D842E2}" = Catalyst Control Center Graphics Light
"{F6A76E9C-C299-4CFA-AD2A-57FE9DD68B70}" = Contents
"{F6B6A150-08FA-46D5-808A-EB638269551D}" = HP Power Plan Utility
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8423392-2296-4748-9B66-344432459632}" = PureHD
"{F909BD3C-8684-4ACF-B7C3-33F4F9F901B7}" = Share
"{F95C8C1F-25BB-44EC-A7E6-5C17ABC6BC71}" = VIO
"{FA8BFB25-BF48-4F8B-8859-B30810745190}" = LightScribe System Software
"{FB0B6DDD-DF3E-4CD6-927C-724AB854E322}" = VSClassic
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"{FD67D9F3-FED6-4A2E-9D6C-8C8C44DEF8FF}" = IPM_VS_Pro
"{FE39FB6F-05FB-4B09-4DE7-6E2BEC08427D}" = CCC Help Finnish
"{FE661711-E392-4B3F-A4A7-02C747C09134}" = ISCOM
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AnalogX AutoTune" = AnalogX AutoTune
"Diner Dash 2: Restaurant Rescue™" = Diner Dash 2: Restaurant Rescue™
"DMUninstaller" = DMUninstaller
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP DVB-T TV Tuner" = HP DVB-T TV Tuner 8.0.64.43
"HP Photo Creations" = HP Photo Creations
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"LEGO_SW.{5B0CB826-E499-4E6B-94F0-75B6327ED934}" = LEGO MINDSTORMS EV3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Mozilla Firefox 27.0.1 (x86 en-US)" = Mozilla Firefox 27.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NIS" = Norton Internet Security
"SBLite" = SBLite
"WildTangent hp Master Uninstall" = HP Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite_Wave3" = Windows Live Essentials
"WT082122" = Blackhawk Striker 2
"WT082124" = Blasterball 3
"WT082133" = Dora's Carnival Adventure
"WT082141" = FATE
"WT082168" = Penguins!
"WT082170" = Plants vs. Zombies
"WT082171" = Poker Superstars III
"WT082172" = Polar Bowler
"WT082173" = Polar Golfer
"WT082188" = Virtual Families
"WT082189" = Wheel of Fortune 2
"WT082192" = Bejeweled 2 Deluxe
"WT082200" = Chuzzle Deluxe
"WT082241" = Virtual Villagers - The Secret City
"WT082396" = Diner Dash 2 Restaurant Rescue
"WT082438" = Build-a-lot 2
"WT082442" = Faerie Solitaire
"WT082443" = Jewel Quest 3
"WT082456" = Mystery P.I. - The New York Fortune
"WT082463" = Zuma's Revenge
"WT082468" = Jewel Quest Solitaire 2
"WT083477" = Cake Mania
"WT083484" = Escape Rosecliff Island
"WT083491" = TextTwist 2
"WTA-1230e6ab-9e0a-4af1-8a93-e065edf66fb8" = Cooking Dash
"WTA-1eb6ff7f-f4f2-4244-a750-7814512db357" = Cooking Dash - DinerTown Studios
"WTA-22fd4065-5a54-41cd-9540-deacaac8c316" = Diner Dash Hometown Hero
"WTA-2becd03a-c870-4d2f-8b6d-29fbb4a5f1ef" = Nanny Mania
"WTA-2fa293fd-2fcc-4033-8b78-6887c72be672" = Diner Dash - Flo Through Time
"WTA-31a9802c-feac-462d-ab18-2d1af0f28719" = Diner Dash - Flo on the Go
"WTA-32b28a4a-eced-4612-bd48-e946c1faac22" = Summer Resort Mogul
"WTA-512ac9f6-58d7-4f49-b2c2-27638d50f021" = Soap Opera Dash
"WTA-8f6fd179-6d7c-4884-a338-5e03bc87cdd5" = Fashionista
"WTA-9cb34c2d-cd86-4d61-b360-4220414e1136" = Babysitting Mania
"WTA-a6650740-4c39-4605-9b36-ad4a4ddfb89a" = Cooking Dash 3: Thrills and Spills
"WTA-ac91e10b-04b2-4630-810b-a3d8cf63784e" = Hotel Dash - Suite Success
"WTA-ad9c89a7-a3c6-4abf-9f11-46f61ae97d1e" = Supermarket Mania 2
"WTA-c5dc9ba2-392c-4f7f-81f3-65af34d01b14" = Diner Dash - Seasonal Snack Pack
"WTA-ec1f8117-3ac4-45fd-9dfa-d94b0e86ce6d" = Aveyond: The Darkthrop Prophecy
"WTA-fd58161c-9711-4705-88c7-4014c3e97642" = Diner Dash 5 - Boom! The Collector's Edition
"Wubi" = Ubuntu
"Xvid Video Codec 1.3.1" = Xvid Video Codec
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2067438776-955256638-4198274019-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"GoToMeeting" = GoToMeeting 4.5.0.457
"NetAssistant" = NetAssistant for Firefox
========== Last 20 Event Log Errors ==========
[ Hewlett-Packard Events ]
Error - 1/16/2014 8:37:25 PM | Computer Name = HP-Laptop | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3834 Ram Utilization: 60 TargetSite: Void UpdateAndDetect()
Error - 1/17/2014 9:53:47 PM | Computer Name = HP-Laptop | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3834 Ram Utilization: 60 TargetSite: Void UpdateAndDetect()
Error - 1/18/2014 3:01:54 AM | Computer Name = HP-Laptop | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3834 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()
Error - 1/20/2014 3:38:19 PM | Computer Name = HP-Laptop | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3834 Ram Utilization: TargetSite: Void UpdateAndDetect()
Error - 1/25/2014 2:26:44 PM | Computer Name = HP-Laptop | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3834 Ram Utilization: 60 TargetSite: Void UpdateAndDetect()
Error - 1/26/2014 5:19:48 PM | Computer Name = HP-Laptop | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3834 Ram Utilization: 40 TargetSite: Void UpdateAndDetect()
Error - 1/27/2014 8:51:54 PM | Computer Name = HP-Laptop | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3834 Ram Utilization: TargetSite: Void UpdateAndDetect()
Error - 1/31/2014 8:48:03 PM | Computer Name = HP-Laptop | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3834 Ram Utilization: 40 TargetSite: Void UpdateAndDetect()
Error - 2/1/2014 3:19:53 PM | Computer Name = HP-Laptop | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3834 Ram Utilization: 40 TargetSite: Void UpdateAndDetect()
Error - 2/4/2014 8:16:45 PM | Computer Name = HP-Laptop | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3834 Ram Utilization: 40 TargetSite: Void UpdateAndDetect()
[ HP Wireless Assistant Events ]
Error - 11/10/2012 12:38:34 AM | Computer Name = HP-Laptop | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE
Error - 11/10/2012 3:28:08 PM | Computer Name = HP-Laptop | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE
Error - 11/10/2012 3:34:45 PM | Computer Name = HP-Laptop | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE
Error - 11/11/2012 2:18:13 AM | Computer Name = HP-Laptop | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE
Error - 11/11/2012 4:46:21 AM | Computer Name = HP-Laptop | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE
Error - 11/11/2012 8:43:00 AM | Computer Name = HP-Laptop | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE
Error - 11/11/2012 8:44:52 AM | Computer Name = HP-Laptop | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE
Error - 11/11/2012 8:44:52 AM | Computer Name = HP-Laptop | Source = HP WA Service | ID = 0
Description = Unable to access panel brightness tables.
Error - 11/11/2012 11:41:46 AM | Computer Name = HP-Laptop | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE
Error - 11/14/2012 1:53:49 AM | Computer Name = HP-Laptop | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE
< End of report >
 
redtarget.gif

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
Code:
:OTL
IE - HKU\S-1-5-21-2067438776-955256638-4198274019-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll File not found
O2 - BHO: (SBLite) - {E155F23C-9931-47c6-A619-20E6FCA86D75} - C:\Program Files (x86)\SBLite\SBLite.dll File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O15 - HKU\S-1-5-21-2067438776-955256638-4198274019-1001\..Trusted Domains: intuit.com ([community] https in Trusted sites)
O15 - HKU\S-1-5-21-2067438776-955256638-4198274019-1001\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-2067438776-955256638-4198274019-1001\..Trusted Ranges: GD ([http] in Local intranet)


:Services

:Reg

:Files
C:\FRST

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

redtarget.gif
Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Click on "Run ESET Online Scanner" button.
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
All processes killed
========== OTL ==========
HKU\S-1-5-21-2067438776-955256638-4198274019-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E155F23C-9931-47c6-A619-20E6FCA86D75}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E155F23C-9931-47c6-A619-20E6FCA86D75}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2067438776-955256638-4198274019-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\intuit.com\community\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2067438776-955256638-4198274019-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2067438776-955256638-4198274019-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\GD\\http deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\FRST\Quarantine\Player_Setup.exe23-02-2014_13-50-27\8a482fc41dc941d49efc52eb6dc12f07\temp folder moved successfully.
C:\FRST\Quarantine\Player_Setup.exe23-02-2014_13-50-27\8a482fc41dc941d49efc52eb6dc12f07\software folder moved successfully.
C:\FRST\Quarantine\Player_Setup.exe23-02-2014_13-50-27\8a482fc41dc941d49efc52eb6dc12f07\bin\VAFMusic Conduit folder moved successfully.
C:\FRST\Quarantine\Player_Setup.exe23-02-2014_13-50-27\8a482fc41dc941d49efc52eb6dc12f07\bin\Strongvault folder moved successfully.
C:\FRST\Quarantine\Player_Setup.exe23-02-2014_13-50-27\8a482fc41dc941d49efc52eb6dc12f07\bin\Snapdo folder moved successfully.
C:\FRST\Quarantine\Player_Setup.exe23-02-2014_13-50-27\8a482fc41dc941d49efc52eb6dc12f07\bin\OptimizerPro folder moved successfully.
C:\FRST\Quarantine\Player_Setup.exe23-02-2014_13-50-27\8a482fc41dc941d49efc52eb6dc12f07\bin\MyBackupPc folder moved successfully.
C:\FRST\Quarantine\Player_Setup.exe23-02-2014_13-50-27\8a482fc41dc941d49efc52eb6dc12f07\bin\exe folder moved successfully.
C:\FRST\Quarantine\Player_Setup.exe23-02-2014_13-50-27\8a482fc41dc941d49efc52eb6dc12f07\bin\Desk365 folder moved successfully.
C:\FRST\Quarantine\Player_Setup.exe23-02-2014_13-50-27\8a482fc41dc941d49efc52eb6dc12f07\bin\DefaultTab US folder moved successfully.
C:\FRST\Quarantine\Player_Setup.exe23-02-2014_13-50-27\8a482fc41dc941d49efc52eb6dc12f07\bin\css\images folder moved successfully.
C:\FRST\Quarantine\Player_Setup.exe23-02-2014_13-50-27\8a482fc41dc941d49efc52eb6dc12f07\bin\css folder moved successfully.
C:\FRST\Quarantine\Player_Setup.exe23-02-2014_13-50-27\8a482fc41dc941d49efc52eb6dc12f07\bin\Addlyrics folder moved successfully.
C:\FRST\Quarantine\Player_Setup.exe23-02-2014_13-50-27\8a482fc41dc941d49efc52eb6dc12f07\bin folder moved successfully.
C:\FRST\Quarantine\Player_Setup.exe23-02-2014_13-50-27\8a482fc41dc941d49efc52eb6dc12f07 folder moved successfully.
C:\FRST\Quarantine\Player_Setup.exe23-02-2014_13-50-27 folder moved successfully.
C:\FRST\Quarantine\MyWebSearch23-02-2014_13-50-08\bar\icons folder moved successfully.
C:\FRST\Quarantine\MyWebSearch23-02-2014_13-50-08\bar\History folder moved successfully.
C:\FRST\Quarantine\MyWebSearch23-02-2014_13-50-08\bar\1.bin folder moved successfully.
C:\FRST\Quarantine\MyWebSearch23-02-2014_13-50-08\bar folder moved successfully.
C:\FRST\Quarantine\MyWebSearch23-02-2014_13-50-08 folder moved successfully.
Folder move failed. C:\FRST\Quarantine scheduled to be moved on reboot.
C:\FRST\Logs folder moved successfully.
C:\FRST\Hives\Users\00000002 folder moved successfully.
C:\FRST\Hives\Users\00000001 folder moved successfully.
C:\FRST\Hives\Users folder moved successfully.
C:\FRST\Hives folder moved successfully.
C:\FRST folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Kimberly
->Temp folder emptied: 2357361 bytes
->Temporary Internet Files folder emptied: 47168012 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 413212025 bytes
->Google Chrome cache emptied: 14600010 bytes
->Flash cache emptied: 53782 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 1918464 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5540 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 226670076 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 899 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 126039309 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 793.00 mb
[EMPTYJAVA]
User: Administrator
User: All Users
User: Default
User: Default User
User: Kimberly
->Java cache emptied: 0 bytes
User: Public
Total Java Files Cleaned = 0.00 mb
[EMPTYFLASH]
User: Administrator
User: All Users
User: Default
User: Default User
User: Kimberly
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 02232014_232604

Files\Folders moved on Reboot...
File\Folder C:\FRST\Quarantine not found!
C:\Users\Kimberly\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 
Results of screen317's Security Check version 0.99.79
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Firewall Disabled!
Norton Internet Security
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 51
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 12.0.0.70 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (27.0.1)
Google Chrome 32.0.1700.107
Google Chrome 33.0.1750.117
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````
 
Farbar Service Scanner Version: 16-02-2014
Ran by Kimberly (administrator) on 23-02-2014 at 23:43:48
Running from "C:\Users\Kimberly\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
 
The ESET is only at 18% so I will send the log tomorrow as I can't keep my eyes open. So far it has found 3 infected files. Thank you and good night :)
 
Back