Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

My browsers won't register my commission sales. [Closed]


  • This topic is locked This topic is locked

#1
prettything

prettything

    New Member

  • Member
  • Pip
  • 8 posts
It used to take me about ten minutes to load my browsers I deleted a bunch of stuff and now the browsers are a little faster but not really fast like they should be. But my links won't work on any of my browsers Chrome,IE, or Mozilla. It's like they disappear(or the commissions should I say) disappear into thin air but the clicks show up. I have changed affiliate links many times so that is not the problem. Thanks for any advise.




OTL logfile created on: 7/23/2013 9:21:02 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.86 Gb Total Physical Memory | 0.19 Gb Available Physical Memory | 10.16% Memory free
4.58 Gb Paging File | 1.23 Gb Available in Paging File | 26.89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.47 Gb Total Space | 223.79 Gb Free Space | 80.08% Space Free | Partition Type: NTFS
Drive D: | 14.46 Gb Total Space | 1.30 Gb Free Space | 8.96% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 1.08 Gb Free Space | 27.22% Space Free | Partition Type: FAT32

Computer Name: HOLLYS-HP | User Name: Holly's | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/23 09:20:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Downloads\OTL.exe
PRC - [2013/07/16 19:42:53 | 000,217,992 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
PRC - [2013/06/19 17:16:46 | 003,616,880 | ---- | M] (Hide My IP) -- C:\Program Files (x86)\Hide My IP\HideMyIpSrv.exe
PRC - [2013/06/19 17:16:44 | 000,950,896 | ---- | M] (www.hidemyip.com) -- C:\Program Files (x86)\Hide My IP\HideMyIP.exe
PRC - [2013/06/14 21:28:44 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/06/12 07:21:56 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
PRC - [2013/05/24 20:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Holly's\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/05/14 13:26:12 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/01/26 14:07:38 | 000,898,360 | ---- | M] (http://www.speedingupmypc.com/) -- C:\Program Files (x86)\SpeedingUpMyPC\SPMReminder.exe
PRC - [2012/11/13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2012/08/10 16:48:50 | 000,197,536 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2012/06/14 18:20:13 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/03/05 13:38:38 | 000,578,944 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2011/08/19 14:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2011/06/28 05:41:08 | 000,168,504 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
PRC - [2011/05/20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/05/20 10:10:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2011/05/13 10:33:04 | 000,933,944 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Setup Manager\hpDST.exe
PRC - [2010/12/30 23:44:00 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/12/30 23:43:00 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/12/27 19:30:00 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2006/08/21 00:24:46 | 002,068,527 | ---- | M] () -- C:\Program Files (x86)\Free Download Manager\fdm.exe


========== Modules (No Company Name) ==========

MOD - [2013/07/17 07:55:40 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\e1dbcd481119e5d0baf4cd19f226ef25\Microsoft.VisualBasic.ni.dll
MOD - [2013/07/17 07:54:00 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\6a05dd582cb834d512153583061cbdb2\CustomMarshalers.ni.dll
MOD - [2013/07/17 07:52:45 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\5287260c1c111cdbdc2745bcebd6e1c7\System.Management.ni.dll
MOD - [2013/07/17 07:52:43 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\97379bb54714115d38a443f44b53f10f\IAStorCommon.ni.dll
MOD - [2013/07/17 07:52:42 | 000,492,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\6a6a92284a0fdd83102de84c47647239\IAStorUtil.ni.dll
MOD - [2013/07/17 07:09:53 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\2899d51fc84700585a3ccc07b82f51a3\System.Xml.Linq.ni.dll
MOD - [2013/07/17 07:09:47 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\70d416f56882e2d9e2234af432bc9d00\System.Core.ni.dll
MOD - [2013/07/17 07:09:31 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ba13f10c426d3dfce1dd3fa6dfaa1e95\PresentationFramework.Aero.ni.dll
MOD - [2013/07/17 07:09:26 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\c5d1b587cb59c5426d7069c96b4d5846\System.ServiceProcess.ni.dll
MOD - [2013/07/17 07:08:58 | 011,914,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\158350659237a2cfe4828791f316354f\System.Web.ni.dll
MOD - [2013/07/17 07:08:41 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e9218fe64655082b96e540b625b1df83\System.Runtime.Remoting.ni.dll
MOD - [2013/07/17 07:07:54 | 001,658,368 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\e150b9ad3be1a98c27396f3868b78825\PresentationUI.ni.dll
MOD - [2013/07/17 07:07:35 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\20dbd7875ebaa8069293699f8cd5208d\PresentationFramework.ni.dll
MOD - [2013/07/17 07:06:55 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c1396f887447bc9b7881d7d965b1dd27\System.Windows.Forms.ni.dll
MOD - [2013/07/17 07:06:43 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\66aa3d0386fdf3fc8e5ad5f8d9e4e976\System.Drawing.ni.dll
MOD - [2013/07/17 07:06:39 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\4157807891d0a772a7a9584fba36a7a4\UIAutomationProvider.ni.dll
MOD - [2013/07/17 07:06:38 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\6cf21db74f85966a20b52ab9eefd3e64\Accessibility.ni.dll
MOD - [2013/07/17 07:06:33 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\e71055d31857b8246b9217ac120cdfba\System.Xml.ni.dll
MOD - [2013/07/17 07:06:27 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\8ca66b3ec2a3d16e8523bc727e7411fc\System.Configuration.ni.dll
MOD - [2013/07/17 07:06:24 | 012,238,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\08c7f9d56f82ea91a2faf37d3e9d387b\PresentationCore.ni.dll
MOD - [2013/07/17 07:06:06 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\22a91a579d675f257ac0469bd56c44d2\WindowsBase.ni.dll
MOD - [2013/07/17 07:06:02 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b7ca0ae2d6d1b6383e5bbf5eb327c1d5\System.ni.dll
MOD - [2013/07/17 07:05:35 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\90f888763fcc308fb0f73b95aceca195\mscorlib.ni.dll
MOD - [2013/06/14 21:28:42 | 000,393,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppgooglenaclpluginchrome.dll
MOD - [2013/06/14 21:28:41 | 013,140,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll
MOD - [2013/06/14 21:28:40 | 004,051,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll
MOD - [2013/06/14 21:27:51 | 000,599,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\libglesv2.dll
MOD - [2013/06/14 21:27:50 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\libegl.dll
MOD - [2013/06/14 21:27:48 | 001,597,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ffmpegsumo.dll
MOD - [2013/06/12 07:21:50 | 016,033,160 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
MOD - [2013/03/13 16:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Holly's\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013/01/11 03:17:32 | 000,105,984 | ---- | M] () -- C:\Program Files (x86)\Free Download Manager\fdmumsp.dll
MOD - [2012/11/13 19:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Holly's\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2012/06/14 18:20:15 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2010/11/20 23:24:01 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2006/08/21 00:24:46 | 002,068,527 | ---- | M] () -- C:\Program Files (x86)\Free Download Manager\fdm.exe
MOD - [2006/08/20 19:55:00 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\Free Download Manager\iefdmcks.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/01/27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012/07/11 14:54:58 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2010/10/11 05:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/11/17 21:14:00 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2013/06/19 17:16:46 | 003,616,880 | ---- | M] (Hide My IP) [On_Demand | Running] -- C:\Program Files (x86)\Hide My IP\HideMyIpSrv.exe -- (HideMyIpSRV)
SRV - [2013/06/12 07:22:06 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/03 13:09:19 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/14 13:26:12 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/05 13:40:32 | 002,625,800 | ---- | M] (iolo technologies, LLC) [On_Demand | Stopped] -- C:\Program Files (x86)\SafePCRepair\ioloToolService.exe -- (ioloService)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/12 08:03:22 | 000,342,608 | ---- | M] (PCRx.com, LLC) [Disabled | Stopped] -- C:\Program Files (x86)\24x7Help\App24x7Svc.exe -- (24x7HelpSvc)
SRV - [2012/09/27 12:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/08/10 16:48:50 | 000,197,536 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/09 01:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/06/11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/06/11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Disabled | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc)
SRV - [2012/03/05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011/05/20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/12/30 23:44:00 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/30 23:43:00 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/12/27 19:30:00 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010/10/22 14:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/06/20 21:07:16 | 000,046,792 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)
DRV:64bit: - [2013/06/19 17:26:06 | 000,030,056 | ---- | M] (Hide My IP) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hmip64.sys -- (hmip)
DRV:64bit: - [2013/05/14 11:05:09 | 012,231,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013/04/24 15:28:08 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/01/20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/12/18 10:33:44 | 000,088,600 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2012/11/29 12:56:50 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2012/11/29 12:56:30 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2012/08/01 14:13:40 | 000,038,632 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2012/07/22 11:29:46 | 000,878,184 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2012/06/01 07:31:54 | 001,863,720 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/15 13:29:42 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 23:06:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/07/12 23:06:46 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/06/09 22:19:54 | 001,451,056 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/05/20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/03/05 03:16:00 | 000,436,840 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/02/15 14:37:00 | 000,335,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2010/12/30 23:46:00 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/07/28 12:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 16:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.funmood...C&cr=1976401719
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{536006D7-3F6B-4B7C-A39B-43DF2361D88E}: "URL" = http://www.amazon.co...s={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.sweetpa...1-AC162D4F4783}
IE - HKLM\..\URLSearchHook: {6c3d3bd4-75f8-4283-bb97-1e22c4c090df} - No CLSID value found
IE - HKLM\..\URLSearchHook: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - No CLSID value found
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes,DefaultScope = {7D7B236C-7520-4DC6-9896-2B50E0E3D588}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...Date=30/06/2013
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.funmood...C&cr=1976401719

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.c...Date=30/06/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.c...Date=30/06/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.c...Date=30/06/2013
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes,DefaultScope = {7D7B236C-7520-4DC6-9896-2B50E0E3D588}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...Date=30/06/2013
IE - HKCU\..\SearchScopes\{7D7B236C-7520-4DC6-9896-2B50E0E3D588}: "URL" = http://search.condui...5541527966&UM=2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========



FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/10/12 23:19:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}: C:\Program Files\Updater By SweetPacks\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/07/17 07:17:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/10/12 23:19:47 | 000,000,000 | ---D | M]

[2012/07/13 08:00:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Holly's\AppData\Roaming\mozilla\Extensions
[2013/07/23 09:19:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Holly's\AppData\Roaming\mozilla\Firefox\Profiles\b66034y8.default\extensions
[2013/06/18 22:44:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Holly's\AppData\Roaming\mozilla\Firefox\Profiles\c9hggb48.default\extensions
[2012/07/14 18:03:37 | 000,000,000 | ---D | M] (Bucksbee Loyalty Plugin - 100815) -- C:\Users\Holly's\AppData\Roaming\mozilla\Firefox\Profiles\c9hggb48.default\extensions\{758d6aeb-75e4-9f24-fd49-51b640add07f}
[2012/11/02 09:21:10 | 000,000,000 | ---D | M] (DownTango Launcher) -- C:\Users\Holly's\AppData\Roaming\mozilla\Firefox\Profiles\c9hggb48.default\extensions\{890a3e16-521d-4d00-bdf9-e07218d09c8d}
[2012/07/14 18:03:37 | 000,000,000 | ---D | M] (PriceGong) -- C:\Users\Holly's\AppData\Roaming\mozilla\Firefox\Profiles\c9hggb48.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
[2012/07/14 18:03:37 | 000,000,000 | ---D | M] ("Shopping Sidekick") -- C:\Users\Holly's\AppData\Roaming\mozilla\Firefox\Profiles\c9hggb48.default\extensions\[email protected]
[2012/07/14 18:03:37 | 000,000,000 | ---D | M] (Zoom Downloader) -- C:\Users\Holly's\AppData\Roaming\mozilla\Firefox\Profiles\c9hggb48.default\extensions\[email protected]
[2012/10/12 23:24:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Holly's\AppData\Roaming\mozilla\Firefox\Profiles\c9hggb48.default\extensions\staged
[2013/06/20 16:24:11 | 000,195,976 | ---- | M] () (No name found) -- C:\Users\Holly's\AppData\Roaming\mozilla\firefox\profiles\b66034y8.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
[2012/07/13 09:07:03 | 000,022,034 | ---- | M] () (No name found) -- C:\Users\Holly's\AppData\Roaming\mozilla\firefox\profiles\c9hggb48.default\extensions\[email protected]
[2013/06/20 16:22:50 | 000,001,793 | ---- | M] () -- C:\Users\Holly's\AppData\Roaming\mozilla\firefox\profiles\b66034y8.default\searchplugins\Bing.xml
[2013/07/01 16:44:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/07/17 06:54:50 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/06/30 18:41:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/07/17 06:54:50 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/06/28 08:42:23 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\[email protected]
[2013/05/26 07:40:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions
[2013/05/31 13:10:49 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/05/31 13:10:50 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions\[email protected]
[2013/05/26 07:40:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\browser\extensions
[2013/05/31 13:10:50 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\updated\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/05/26 07:40:33 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/06/14 18:20:49 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/14 18:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\Holly's\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Holly's\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Holly's\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Holly's\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: KeyBar 1.8 = C:\Users\Holly's\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpaiibklhaneknloaoccoidbaffjjlnb\10.16.70.501_0\
CHR - Extension: BrowserPlus1 = C:\Users\Holly's\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjjpeodeilefdpblgopdaoojammobcaf\10.16.70.501_0\
CHR - Extension: SafePCRepair = C:\Users\Holly's\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcedaelpajnipnmfhhboimfncpnickcn\4.95.1.31912_0\
CHR - Extension: Gmail = C:\Users\Holly's\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/07/10 12:38:07 | 000,449,908 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 15442 more lines...
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (SelectionLinks) - {878B8524-AED5-4870-9A96-A515440DAC75} - Reg Error: Value error. File not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdmcks.dll ()
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - Reg Error: Value error. File not found
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (ShopAtHome.com Toolbar) - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Users\Holly's\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll (ShopAtHome.com)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (ShopAtHome.com Toolbar) - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Users\Holly's\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll (ShopAtHome.com)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPQuickWebProxy] C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [SpeetItUpFree] C:\Program Files (x86)\SpeedItup Free\speeditupfree.exe (MicroSmarts LLC.)
O4 - HKCU..\Run: [Free Download Manager] C:\Program Files (x86)\Free Download Manager\fdm.exe ()
O4 - HKCU..\Run: [SpeedingUpMyPC] C:\Program Files (x86)\SpeedingUpMyPC\SPMLauncher.exe (http://www.speedingupmypc.com/)
O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Spyware Doctor with AntiVirus] C:\Users\Holly's\Desktop\Spybot-Spyware-Doctor-Install-rw.exe -min File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\Holly's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Holly's\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8:64bit: - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8:64bit: - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://etradeevents...nt/ieatgpc1.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2C5C3B43-AE1A-4F44-82B7-FC93E32FE0CE}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D0A9A0AC-0280-4AFC-B800-1C91E7379245}: NameServer = 8.8.8.8
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{95b86ea2-fe61-11e1-80f9-ac162d4f4783}\Shell - "" = AutoRun
O33 - MountPoints2\{95b86eb1-fe61-11e1-80f9-ac162d4f4783}\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/23 08:56:13 | 000,000,000 | ---D | C] -- C:\Users\Holly's\AppData\Local\Microsoft Games
[2013/07/17 07:35:32 | 000,000,000 | ---D | C] -- C:\Users\Holly's\AppData\Roaming\SpeedingUpMyPc
[2013/07/16 19:03:07 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/07/12 19:22:32 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2013/07/12 18:36:53 | 000,000,000 | ---D | C] -- C:\Users\Holly's\AppData\Local\LogMeIn Rescue Applet
[2013/07/12 18:19:34 | 000,000,000 | ---D | C] -- C:\Users\Holly's\AppData\Roaming\Foresight Software
[2013/07/12 18:19:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Foresight Software
[2013/07/10 19:34:58 | 000,000,000 | R--D | C] -- C:\Users\Holly's\Desktop\New folder
[2013/07/10 17:58:57 | 000,000,000 | ---D | C] -- C:\Downloads
[2013/07/03 17:56:22 | 000,000,000 | ---D | C] -- C:\Users\Holly's\AppData\Roaming\Free Download Manager
[2013/07/03 17:56:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Download Manager
[2013/07/03 17:56:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Download Manager
[2013/07/03 17:52:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\24x7Help
[2013/07/03 17:52:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PCFixSpeed
[2013/07/03 17:52:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2013/07/03 17:49:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OtShot
[2013/07/03 17:47:14 | 000,000,000 | ---D | C] -- C:\ProgramData\ZalmanInstaller_52330
[2013/07/03 16:27:32 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Optimizer Pro
[2013/07/03 16:12:25 | 000,000,000 | ---D | C] -- C:\Users\Holly's\AppData\Roaming\SpeedyPC Software
[2013/07/03 16:10:45 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2013/07/03 15:47:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedItup Free
[2013/07/03 15:28:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedingUpMyPC
[2013/07/02 20:47:08 | 000,000,000 | ---D | C] -- C:\Users\Holly's\AppData\Roaming\TeamViewer
[2013/07/02 17:50:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2013
[2013/07/02 17:49:54 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2013/07/02 17:49:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013/07/02 17:42:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DriverUpdate
[2013/07/02 17:42:45 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers
[2013/07/02 17:36:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
[2013/07/01 16:06:10 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013/07/01 15:42:35 | 000,000,000 | ---D | C] -- C:\ef58cb80733caf56eb1c5276d1fa71ab
[2013/07/01 12:11:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hide My IP
[2013/07/01 11:38:56 | 000,030,056 | ---- | C] (Hide My IP) -- C:\Windows\SysNative\drivers\hmip64.sys
[2013/07/01 11:28:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2013/07/01 11:26:14 | 000,000,000 | ---D | C] -- C:\Users\Holly's\AppData\Local\CRE
[2013/06/30 18:43:01 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/06/30 11:59:50 | 000,000,000 | ---D | C] -- C:\Program Files\ErrorEND
[2013/06/30 10:42:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Ride Games
[2013/06/29 21:41:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ParetoLogic
[2013/06/28 10:43:55 | 000,000,000 | ---D | C] -- C:\Users\Holly's\AppData\Roaming\ParetoLogic
[2013/06/28 10:43:55 | 000,000,000 | ---D | C] -- C:\Users\Holly's\AppData\Roaming\DriverCure
[2013/06/28 10:43:12 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2013/06/28 10:07:24 | 000,000,000 | ---D | C] -- C:\ProgramData\ErrorEND64
[2013/06/27 19:49:47 | 000,000,000 | ---D | C] -- C:\Users\Holly's\AppData\Local\iolo
[2013/06/27 19:49:47 | 000,000,000 | ---D | C] -- C:\ProgramData\iolo
[2013/06/27 19:49:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SafePCRepair
[2013/06/27 19:48:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SafePCRepair_89 Chrome Extension
[2013/06/27 19:30:00 | 000,000,000 | ---D | C] -- C:\Program Files\EasyFix Tools
[82 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/07/23 09:19:26 | 000,000,937 | ---- | M] () -- C:\Users\Holly's\Desktop\Free Download Manager.lnk
[2013/07/23 09:13:07 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/23 08:48:06 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/23 07:48:45 | 000,008,448 | ---- | M] () -- C:\Windows\SysWow64\HideMyIpSRV.ini
[2013/07/23 07:48:45 | 000,004,512 | ---- | M] () -- C:\Windows\SysWow64\HideMyIpSRVOff.ini
[2013/07/23 07:48:45 | 000,004,512 | ---- | M] () -- C:\Windows\SysNative\HideMyIpSRVOff.ini
[2013/07/23 07:29:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/22 19:48:08 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/22 18:00:01 | 000,000,496 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2013/07/20 16:12:52 | 000,092,749 | ---- | M] () -- C:\Users\Holly's\Documents\Meeting-Room-Application Hughes Library.pdf
[2013/07/20 16:03:57 | 000,073,050 | ---- | M] () -- C:\Users\Holly's\Documents\Meeting-Room-Application.pdf
[2013/07/20 15:30:35 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/20 15:30:35 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/20 15:24:34 | 000,000,468 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2013/07/20 15:24:31 | 000,000,424 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Pro.job
[2013/07/18 12:38:52 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\spmonitor.job
[2013/07/18 12:38:50 | 000,000,262 | ---- | M] () -- C:\Windows\tasks\SpeedUpMyPC.job
[2013/07/18 12:38:43 | 000,000,470 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Pro Startup.job
[2013/07/18 12:38:43 | 000,000,418 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro64 startups.job
[2013/07/18 12:38:42 | 000,000,520 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job
[2013/07/18 12:38:26 | 000,327,680 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2013/07/18 12:38:02 | 1494,110,208 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/17 06:47:09 | 000,384,752 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/16 19:03:06 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\License_Time.rdat
[2013/07/12 09:53:29 | 000,000,247 | ---- | M] () -- C:\nphssb.xpt
[2013/07/10 12:38:07 | 000,449,908 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/07/10 12:33:52 | 000,449,908 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130710-123806.backup
[2013/07/10 12:27:27 | 000,017,247 | ---- | M] () -- C:\Windows\wininit.ini
[2013/07/09 14:41:30 | 000,449,871 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130710-123349.backup
[2013/07/05 07:37:20 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForHolly's.job
[2013/07/03 15:48:07 | 000,001,098 | ---- | M] () -- C:\Users\Holly's\Application Data\Microsoft\Internet Explorer\Quick Launch\SpeedItup Free.lnk
[2013/07/03 09:53:50 | 000,449,908 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130703-125954.backup
[2013/07/03 09:53:50 | 000,449,908 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130709-144130.backup
[2013/07/02 17:36:45 | 000,001,174 | ---- | M] () -- C:\Users\Holly's\Application Data\Microsoft\Internet Explorer\Quick Launch\SpeedUpMyPC.lnk
[2013/07/02 12:04:08 | 000,449,871 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130703-095349.backup
[2013/07/02 11:27:42 | 000,449,871 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130702-120408.backup
[2013/07/02 11:21:46 | 000,449,871 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130702-112742.backup
[2013/07/02 09:43:26 | 000,449,871 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130702-094357.backup
[2013/07/02 09:43:26 | 000,449,871 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130702-112146.backup
[2013/07/02 09:43:08 | 000,449,871 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130702-094326.backup
[2013/07/02 09:42:45 | 000,449,871 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130702-094308.backup
[2013/07/02 09:42:24 | 000,449,871 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130702-094245.backup
[2013/07/02 09:41:43 | 000,449,871 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130702-094224.backup
[2013/07/02 09:07:49 | 000,449,871 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130702-094143.backup
[2013/07/01 19:06:52 | 000,449,871 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130702-090749.backup
[2013/07/01 18:19:09 | 000,449,871 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130701-190651.backup
[2013/07/01 18:06:43 | 000,449,908 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130701-181908.backup
[2013/07/01 17:45:07 | 000,449,908 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130701-180641.backup
[2013/07/01 17:06:54 | 000,449,908 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130701-174505.backup
[2013/07/01 17:00:04 | 000,449,908 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130701-170653.backup
[2013/07/01 16:57:38 | 000,449,908 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130701-170003.backup
[2013/07/01 16:49:25 | 000,449,908 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130701-165738.backup
[2013/07/01 16:43:19 | 000,449,908 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130701-164923.backup
[2013/07/01 12:11:55 | 000,001,045 | ---- | M] () -- C:\Users\Holly's\Application Data\Microsoft\Internet Explorer\Quick Launch\Hide My IP.lnk
[2013/06/30 20:14:39 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForHOLLYS-HP$.job
[2013/06/30 10:43:02 | 000,000,064 | ---- | M] () -- C:\Windows\GPlrLanc.dat
[2013/06/30 10:24:23 | 000,033,958 | ---- | M] () -- C:\ProgramData\uninstaller.exe
[2013/06/27 19:30:05 | 000,000,891 | ---- | M] () -- C:\Users\Holly's\Application Data\Microsoft\Internet Explorer\Quick Launch\EasyFix Tools.lnk
[82 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/07/23 09:19:26 | 000,000,937 | ---- | C] () -- C:\Users\Holly's\Desktop\Free Download Manager.lnk
[2013/07/20 16:03:57 | 000,073,050 | ---- | C] () -- C:\Users\Holly's\Documents\Meeting-Room-Application.pdf
[2013/07/18 17:04:30 | 000,092,749 | ---- | C] () -- C:\Users\Holly's\Documents\Meeting-Room-Application Hughes Library.pdf
[2013/07/16 19:03:06 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\License_Time.rdat
[2013/07/03 17:49:22 | 000,000,991 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OtShot.lnk
[2013/07/03 16:27:38 | 000,000,418 | ---- | C] () -- C:\Windows\tasks\PC Optimizer Pro64 startups.job
[2013/07/03 16:12:30 | 000,000,496 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2013/07/03 16:10:59 | 000,000,470 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Pro Startup.job
[2013/07/03 16:10:57 | 000,000,520 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job
[2013/07/03 16:10:57 | 000,000,468 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2013/07/03 16:10:51 | 000,000,424 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Pro.job
[2013/07/03 15:48:07 | 000,001,098 | ---- | C] () -- C:\Users\Holly's\Application Data\Microsoft\Internet Explorer\Quick Launch\SpeedItup Free.lnk
[2013/07/02 17:36:50 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\spmonitor.job
[2013/07/02 17:36:49 | 000,000,262 | ---- | C] () -- C:\Windows\tasks\SpeedUpMyPC.job
[2013/07/02 17:36:45 | 000,001,174 | ---- | C] () -- C:\Users\Holly's\Application Data\Microsoft\Internet Explorer\Quick Launch\SpeedUpMyPC.lnk
[2013/07/01 12:11:55 | 000,001,045 | ---- | C] () -- C:\Users\Holly's\Application Data\Microsoft\Internet Explorer\Quick Launch\Hide My IP.lnk
[2013/07/01 11:38:58 | 000,008,448 | ---- | C] () -- C:\Windows\SysWow64\HideMyIpSRV.ini
[2013/07/01 11:38:58 | 000,004,512 | ---- | C] () -- C:\Windows\SysWow64\HideMyIpSRVOff.ini
[2013/07/01 11:38:58 | 000,004,512 | ---- | C] () -- C:\Windows\SysNative\HideMyIpSRVOff.ini
[2013/06/30 19:20:38 | 000,002,356 | ---- | C] () -- C:\Users\Holly's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
[2013/06/30 10:43:02 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2013/06/30 10:24:23 | 000,033,958 | ---- | C] () -- C:\ProgramData\uninstaller.exe
[2013/06/27 19:30:05 | 000,000,891 | ---- | C] () -- C:\Users\Holly's\Application Data\Microsoft\Internet Explorer\Quick Launch\EasyFix Tools.lnk
[2013/06/18 22:44:34 | 000,017,247 | ---- | C] () -- C:\Windows\wininit.ini
[2013/05/22 11:21:06 | 004,325,376 | ---- | C] () -- C:\ProgramData\ReadOnlyInstaller.msi
[2013/05/14 11:06:57 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2013/05/14 11:06:53 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2013/05/14 11:06:45 | 013,899,776 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2013/01/11 21:17:34 | 000,778,492 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/12/19 10:56:51 | 000,000,538 | ---- | C] () -- C:\Users\Holly's\AppData\Roaming\com.zoosk.Desktop_state.xml
[2012/12/05 14:17:22 | 000,072,751 | ---- | C] () -- C:\Users\Holly's\Campaign8-Home-Decor.pdf
[2012/12/05 14:16:08 | 000,142,935 | ---- | C] () -- C:\Users\Holly's\Campaign7-Geek iphone pink.pdf
[2012/12/05 14:13:48 | 000,018,189 | ---- | C] () -- C:\Users\Holly's\Campaign6-Food.pdf
[2012/12/05 13:38:21 | 000,086,174 | ---- | C] () -- C:\Users\Holly's\Campaign5-Hair-and-Beauty.pdf
[2012/12/05 13:26:54 | 000,084,652 | ---- | C] () -- C:\Users\Holly's\Campaign1-Womens-Fashion.pdf
[2012/12/05 13:23:29 | 000,486,862 | ---- | C] () -- C:\Users\Holly's\Campaign4-Health-and-Fitness.pdf
[2012/12/05 13:22:43 | 000,511,826 | ---- | C] () -- C:\Users\Holly's\Campaign3-Travel.pdf
[2012/12/05 13:16:49 | 000,032,218 | ---- | C] () -- C:\Users\Holly's\Campaign2-Children.pdf
[2012/12/05 13:14:10 | 000,084,652 | ---- | C] () -- C:\Users\Holly's\Campaign1-Womens-Fashion (1).pdf
[2012/12/05 13:08:36 | 000,125,102 | ---- | C] () -- C:\Users\Holly's\pinprofitsquickstart.pdf
[2012/11/07 13:07:58 | 000,829,365 | ---- | C] () -- C:\Users\Holly's\AppData\Local\census.cache
[2012/11/07 13:06:57 | 000,113,351 | ---- | C] () -- C:\Users\Holly's\AppData\Local\ars.cache
[2012/11/07 12:50:49 | 000,000,036 | ---- | C] () -- C:\Users\Holly's\AppData\Local\housecall.guid.cache
[2012/11/04 08:50:02 | 000,003,584 | ---- | C] () -- C:\Users\Holly's\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/10/18 08:08:11 | 000,150,246 | ---- | C] () -- C:\Users\Holly's\IT_GIRLentry-formpdf bebe.pdf
[2012/10/11 10:27:10 | 000,022,319 | ---- | C] () -- C:\Users\Holly's\2424 thru Sept 28.pdf
[2012/10/11 10:20:39 | 000,042,875 | ---- | C] () -- C:\Users\Holly's\September.pdf
[2012/09/19 13:59:23 | 000,205,489 | ---- | C] () -- C:\Windows\hpwins26.dat
[2012/09/18 09:03:20 | 000,025,676 | ---- | C] () -- C:\Users\Holly's\march.pdf
[2012/09/17 13:13:48 | 000,021,942 | ---- | C] () -- C:\Users\Holly's\quarterly 2424.pdf
[2012/09/17 13:12:27 | 000,028,485 | ---- | C] () -- C:\Users\Holly's\april.pdf
[2012/09/17 13:11:53 | 000,034,381 | ---- | C] () -- C:\Users\Holly's\may.pdf
[2012/09/17 13:11:26 | 000,033,580 | ---- | C] () -- C:\Users\Holly's\june.pdf
[2012/09/17 13:10:33 | 000,031,968 | ---- | C] () -- C:\Users\Holly's\july.pdf
[2012/09/17 13:09:18 | 000,032,001 | ---- | C] () -- C:\Users\Holly's\aug.pdf
[2012/07/29 14:24:42 | 000,098,136 | ---- | C] () -- C:\Windows\gzip.exe
[2012/07/22 14:41:39 | 000,384,844 | ---- | C] () -- C:\Users\Holly's\AppData\Local\funmoods-speeddial.crx
[2012/07/20 08:03:59 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/06/01 07:31:34 | 000,026,024 | ---- | C] () -- C:\Windows\snuvcdsm.exe
[2012/04/23 04:42:59 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/11/12 10:20:44 | 000,000,000 | ---D | M] -- C:\Users\Holly's\AppData\Roaming\.strongvpn
[2012/10/19 20:54:39 | 000,000,000 | ---D | M] -- C:\Users\Holly's\AppData\Roaming\AVG
[2012/10/19 15:59:45 | 000,000,000 | ---D | M] -- C:\Users\Holly's\AppData\Roaming\AVG2013
[2012/11/03 19:43:58 | 000,000,000 | ---D | M] -- C:\Users\Holly's\AppData\Roaming\Blio
[2012/07/19 08:50:00 | 000,000,000 | ---D | M] -- C:\Users\Holly's\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2012/11/02 09:21:12 | 000,000,000 | ---D | M] -- C:\Users\Holly's\AppData\Roaming\DownTangoLauncherToolbar
[2013/06/28 10:43:55 | 000,000,000 | ---D | M] -- C:\Users\Holly's\AppData\Roaming\DriverCure
[2013/07/23 08:36:00 | 000,000,000 | ---D | M] -- C:\Users\Holly's\AppData\Roaming\Dropbox
[2012/07/13 09:45:43 | 000,000,000 | ---D | M] -- C:\Users\Holly's\AppData\Roaming\Fighters
[2013/07/12 18:19:34 | 000,000,000 | ---D | M] -- C:\Users\Holly's\AppData\Roaming\Foresight Software
[2013/07/23 09:37:43 | 000,000,000 | ---D | M] -- C:\Users\Holly's\AppData\Roaming\Free Download Manager
[2013/04/08 20:49:20 | 000,000,000 | ---D | M] -- C:\Users\Holly's\AppData\Roaming\Funmoods
[2012/10/31 15:19:01 | 000,000,000 | ---D | M] -- C:\Users\Holly's\AppData\Roaming\GSafe
[2013/04/24 13:04:47 | 000,000,000 | ---D | M] -- C:\Users\Holly's\AppData\Roaming\Nico Mak Computing
[2012/10/12 23:24:28 | 000,000,000 | ---D | M] -- C:\Users\Holly's\AppData\Roaming\OpenOffice.org
[2013/06/28 10:43:55 | 000,000,000 | ---D | M] -- C:\Users\Holly's\AppData\Roaming\ParetoLogic
[2012/11/02 09:21:10 | 000,000,000 | ---D | M] -- C:\Users\Holly's\AppData\Roaming\PFStaticIP
[2013/05/31 13:11:07 | 000,000,000 | ---D | M] -- C:\Users\Holly's\AppData\Roaming\ShopAtHome
[2013/07/17 07:35:32 | 000,000,000 | ---D | M] -- C:\Users\Holly's\AppData\Roaming\SpeedingUpMyPc
[2013/07/03 16:12:25 | 000,000,000 | ---D | M] -- C:\Users\Holly's\AppData\Roaming\SpeedyPC Software
[2012/07/13 06:57:10 | 000,000,000 | ---D | M] -- C:\Users\Holly's\AppData\Roaming\Synaptics
[2013/07/02 20:47:08 | 000,000,000 | ---D | M] -- C:\Users\Holly's\AppData\Roaming\TeamViewer
[2012/10/12 07:55:46 | 000,000,000 | ---D | M] -- C:\Users\Holly's\AppData\Roaming\TuneUp Software
[2012/10/31 15:29:22 | 000,000,000 | ---D | M] -- C:\Users\Holly's\AppData\Roaming\WeatherBug
[2013/04/22 14:07:07 | 000,000,000 | ---D | M] -- C:\Users\Holly's\AppData\Roaming\webex
[2012/07/13 14:21:03 | 000,000,000 | ---D | M] -- C:\Users\Holly's\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:025D1DF5
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:5C321E34
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >
  • 0

Advertisements


#2
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
Hi! My name is Jasmyne and Welcome to Geeks to Go!

I'm sorry you are having issues with your computer but I will do my best to resolve them as quickly as possible. I know having an infected computer is frustrating because I was once where you are now!

Please be patient with me as I am currently in training, and all of my responses to you have to be reviewed by my instructor before I post them. Just keep in mind that you get the advantage as you have 2 people examining your issue.

  • You may want to print out these instructions, or copy them to a text file so that will have a copy in case you loose your connection to the internet during a removal process.
  • Please make sure to carefully read any instruction that I give you and in perform them in the order they are posted. If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask! Never be afraid to ask questions! :)
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • Please note that there is no "Quick & Easy Fix" to most malware infections and we may need to use several different tools to get your system clean.
  • Please stick with me until I tell you that your machine is clean. If you don't see any symptoms it does not mean your system is clear of malware
  • Please don't run any other scans or other software unless I ask you to, as it will make this repair more difficult.
  • Please reply within 3 days. Topics with no reply in 4 days are closed!

With that all stated, let's get started! :)

While I am going over your posted OTL log could you please look in this folder: C:\Downloads for a file called Extras.txt and paste it's contents here. Also will you move OTL to your desktop.

Thank you,

Jasmyne
  • 0

#3
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
I have a few scans for you, let me know how things are running when your finished.

Step 1 - Run RogueKiller

  • Download RogueKiller and save it on your desktop.
    If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.com

    NOTE: If using IE8 or better Smartscreen Filter will need to be disabled
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
Posted Image

  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.
Posted Image
  • The report has been created on the desktop.

  • Next click on the ShortcutsFix
Posted Image
  • The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.

Step 2 - Run adwCleaner

  • Download AdwCleaner from here or here and save it to your desktop.
  • Run AdwCleaner and select Delete

    Posted Image
  • Once it has completed it will ask to reboot the computer, please allow it to so.
  • After the computer reboots, a log will be produced. Please attach that log to your next post.

Step 3 - Run Junkware Removal Tool
Posted Image Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 4 - Fresh OTL Scan

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please check the box next to Scan All Users.
  • Make sure Use SafeList is selected under Extra Registry.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    dir C:\ /S /A:L /C
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

~~~~~~~~~~~~~~~~~~~~ Things Needed for Your Next Post ~~~~~~~~~~~~~~~~~~~~
1. RogueKiller Logs
2. adwCleaner Log
3. Junkware Removal Log
4. OTL Scan
5. Extras.txt
6. How is your computer running now?
  • 0

#4
prettything

prettything

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
OTL Extras logfile created on: 7/23/2013 9:21:02 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.86 Gb Total Physical Memory | 0.19 Gb Available Physical Memory | 10.16% Memory free
4.58 Gb Paging File | 1.23 Gb Available in Paging File | 26.89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.47 Gb Total Space | 223.79 Gb Free Space | 80.08% Space Free | Partition Type: NTFS
Drive D: | 14.46 Gb Total Space | 1.30 Gb Free Space | 8.96% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 1.08 Gb Free Space | 27.22% Space Free | Partition Type: FAT32

Computer Name: HOLLYS-HP | User Name: Holly's | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03298213-3802-4DFB-8D3C-713907DC2CB3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0D3745E5-8524-4B5A-A2D0-E7BF3AEAA6BF}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19D1B183-601D-4BD5-8CC9-D76981465668}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2BA342E8-444B-4AC5-AD07-80A5C51CA692}" = lport=139 | protocol=6 | dir=in | app=system |
"{33FE1BDF-3DD3-41FB-B2A2-D0F91AB69B13}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{34BB47E9-3AA7-4E7C-968A-145975396FB9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{37C5584A-6F2B-4526-8C55-1BB3E8580E83}" = rport=138 | protocol=17 | dir=out | app=system |
"{4855E4B0-CD9C-4F4E-90F3-C6925ADE3BBF}" = lport=138 | protocol=17 | dir=in | app=system |
"{4ACBD333-5A9A-435B-98F1-71E1C986575A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5BE5C5EE-49BC-438E-8C63-A8C9BC84BA0D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{666AF7BC-7ED8-4AE0-AD0C-BDCBC2F2FD61}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{68A0EF8E-1AAE-448E-994A-A71D03C98852}" = rport=137 | protocol=17 | dir=out | app=system |
"{6D905D42-7400-41FD-B0A1-2C99DFB59D41}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7BF1667D-A776-4DA6-9133-6A6874857982}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{7DD896AC-6E08-4C0F-9C47-308684C59F0A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8677E882-4D29-423E-B810-FA79312BEA87}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8B97C794-5526-4D2C-A3D8-2F3A251E4F97}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{9FAA7D10-3D39-412B-BA55-550CE6704F30}" = lport=137 | protocol=17 | dir=in | app=system |
"{AB64C84E-B54D-46B5-9FAA-A8C91FB54A62}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AB918AB1-1184-4ADB-90C2-1B03043D3884}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B75452E1-DAA6-4EC6-9E9C-2F3911346392}" = rport=445 | protocol=6 | dir=out | app=system |
"{BF36769D-EE4A-4DD1-ABE6-3CF03AE856BB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C0AD213D-2515-4190-8F2E-D6FFCBB99CCA}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C3F55960-8B1C-40DC-91F7-63C6DD1F5460}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C9C3E788-C050-4A9E-BA05-376CAA65BAAC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CE308BD3-DC5A-40C5-9DF0-AAF67753891D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D06A26BE-B3B5-4FE5-BB77-6C33D06ED7F4}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{D87628A4-C7B6-4D03-A493-F2DA7A380868}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{DC7A9F9B-8719-455D-A35B-8A3B6D6E1B9E}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E0860FE5-84B2-42F9-9F17-A608AF3B4CAF}" = rport=139 | protocol=6 | dir=out | app=system |
"{E6941839-4044-4A89-8C42-CAC7D66ABF5A}" = lport=445 | protocol=6 | dir=in | app=system |
"{EF443870-D2E9-4642-A96E-B274B61CA134}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FF8ADBE2-C29A-49B0-87F0-FA0B447CC217}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04F49ADD-8569-43A2-85FC-97F99BA80384}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
"{0582B8AB-D8AB-4AE4-948E-86FCF6FF9852}" = protocol=1 | dir=in | [email protected],-28543 |
"{05B22D6D-10EF-4E8A-A9FB-F7A208BF79BB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{08797C5A-43D8-4988-AAAA-7FADEBF47338}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
"{088DB0D3-506C-4D7F-A958-10891AF3B094}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{0C02F4BB-531E-4045-B387-62C4EA85AD4A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{0C5A9EA6-53DD-40CB-9FAF-FB39D64D9B05}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0F78DAD9-6502-46D1-9ABE-5ECCDA1EFCEE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{144C2A3F-B451-48F9-9503-C5F4E8314227}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{15059C71-0426-4BD1-AD10-29466C5EFD93}" = protocol=6 | dir=out | app=system |
"{1B6A7B23-BC24-4496-9117-7869BC941611}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{274E8D77-CCAF-4E01-9FD4-BAE8E0B10F73}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{27A2D4B8-6BA8-4DB5-A65C-944522E2BC1F}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{296DCC97-8081-458F-A5B4-65E00F9306F2}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{29A64666-A853-4B22-883B-9E14D16D3612}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2AB5D1CC-423A-4BE9-9406-762DFB8848F7}" = protocol=6 | dir=in | app=c:\users\holly's\appdata\roaming\dropbox\bin\dropbox.exe |
"{2C1D4850-3DA0-4C38-A506-2535B3DA7A60}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{307AF152-9652-4427-845C-A7D12EAACC45}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
"{3311F27B-5064-491D-B408-DEC71BB36413}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{3DCC01AB-C87A-4C33-B1AD-A113B5B1F2CB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
"{40DC741F-B19E-4DD1-8BA3-AC436D416199}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
"{41B3D50A-ED76-4BD7-A3EB-8DB03E421DF6}" = protocol=6 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
"{462BF462-2C2E-4A9A-B5AE-B14A769E2B77}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{4D6D82F9-3F7B-4AD9-8449-75404012422F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{55CAEED3-32A7-42C0-B501-1BB531827AF2}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{60A23E6F-E607-4CF0-9863-D60B3789DCF5}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{633DB809-5F67-40CA-930D-C704E03CFE36}" = protocol=58 | dir=out | [email protected],-28546 |
"{63DAC05A-00C9-4200-9577-84E7071FF09B}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{662B749A-683E-4EF4-842F-36D6D8A789F2}" = protocol=1 | dir=out | [email protected],-28544 |
"{6E3810ED-033A-4EA9-B4E2-E6DBFEC798A0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{71973575-5C54-4163-9D3B-122F902EA404}" = protocol=58 | dir=in | [email protected],-28545 |
"{7285B9F6-092A-4C26-962B-C655E0C90CBB}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{7AD95B28-A604-4ABB-83F4-8FDFDD9A9223}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{810E66DE-782C-437D-AB22-886CED38A369}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{86CDF24D-A6CC-4A62-B96B-57EB7269EFC5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{9923FED6-A388-42AB-90A0-4BEDBBE84F2D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9957464E-8A6A-459E-8746-27348B81168F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{A4E3ED84-17EA-465F-B4B8-5369E12E40A6}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{A67AB661-25BF-4F34-9E81-9C54AD6A92E8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{AE85DC08-0F83-4757-82DF-FF8D1D878952}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{B44207A0-0415-4DC6-8251-13B6FA815876}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{B9ABA99B-227B-4981-AFCD-DEBA07A9852B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BBF90B77-137E-4704-BE93-B887F880F786}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BD3D72C4-4075-4AB4-9972-AFEE10464FC9}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{BF1A453A-8E52-4C9F-A59A-D652F6D993A2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C43EBDB4-2925-4E44-95DA-986A57BC8826}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{C59DB22D-BF74-4D32-B0E7-D696BA511159}" = protocol=17 | dir=in | app=c:\users\holly's\appdata\roaming\dropbox\bin\dropbox.exe |
"{C5E411AF-33B6-4EBF-9262-C62761CB900A}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{CB673106-AE73-422D-A96F-9B87F9CFC7E1}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{CE2B7890-30EB-44D4-9C4B-D891A7F67E1F}" = protocol=17 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
"{CE3B1AA1-00BD-477C-ACB6-3A977085037C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3A26E1A-F7D6-4E29-8D31-B816B83E7FA8}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{D775194E-D7AA-42EC-A8F1-DFE50BA3D7FE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{D824D8D2-F5E2-4627-BBFC-1FDC7E27F559}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe |
"{D9B5F0F8-0171-41ED-B85E-A6E63395776F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{DC5360F0-3A6F-4CA8-8380-1ED88ECA15D5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DD76455E-9659-4EF3-903E-51BD95012BEA}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{DFA0FB9E-4636-4B53-862E-2D378734A99C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{E386582B-B512-4BE0-A854-113B4C4D56C5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{E7072F34-F647-42FD-970C-3E06ADB5E653}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{F3EDE1BF-9B0D-467D-A2D7-60894B0F9313}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F4F27EBD-23D6-42E2-91B0-CC5752A90225}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{FCC16847-56BC-4846-9739-BAB00E2EC27F}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{FCCB5B40-7225-428D-B94C-4DD6A3741FA6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{FEA48EC2-D342-4BEC-B39E-A2F4D0F23AC5}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{0D117D35-A4DB-46AC-A4B1-72D4F10948D6}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"TCP Query User{C18F7E66-7782-4ED2-9502-9057FFDB6EAC}C:\users\holly's\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\holly's\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{5A2760BD-3DB5-4E7E-B8C0-7C46D9741D13}C:\users\holly's\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\holly's\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{FA8DBBA4-F231-4208-85DD-198777130691}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java™ 7 Update 5 (64-bit)
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5A847522-375C-4D05-BD3D-88C450CC047F}" = HP Launch Box
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A4DDB2AB-ECCD-4C3A-8633-77D5A1A0E542}" = Network64
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E5083D57-D93F-404C-A91F-1C50D67C2BEB}" = HP Officejet 4500 G510g-m
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"EasyFix Tools_is1" = EasyFix Tools v1.0
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft Security Client" = Microsoft Security Essentials
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics TouchPad Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{28379381-B56A-43e1-B505-3098D82B1C30}" = 4500G510gm_Software_Min
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{5036764A-435D-40C9-869C-31085A3D741D}" = HP Setup
"{51071D66-D034-4239-94E0-723FCA10B6FE}" = OpenOffice.org 3.4
"{53B17A98-5BF0-40BC-AAFF-850A357975AC}" = HP Quick Launch
"{570D8D7F-9609-753D-D0B2-7057966D7792}" = Zoosk Messenger
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{68A55875-B6DD-41E8-8CF6-F193D9C47051}" = HP Documentation
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7E799992-5DA0-4A1A-9443-B1836B063FEC}" = HP Power Manager
"{835B275B-F29B-464B-BD4B-097FD55FAB0A}" = HP Software Framework
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{850A14FC-F410-47F7-94E4-38F4D3F270D4}" = DriverUpdate
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8B52057C-15DB-433E-957C-E279BC7D07E3}" = HP QuickWeb
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4123-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A6F5703D-A4B1-4857-9EDD-DC0ABBBB0D96}" = TuneUp Utilities Language Pack (en-US)
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A957F04C-49F4-4375-8C8A-D04B769EFE47}_is1" = 24x7 Help
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.7) MUI
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = Compaq Setup Manager
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE0D4271-69C9-4f28-AD9B-BB33D126A30E}" = 4500G510gm
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF0B357C-5874-47D0-81E7-79AA890B0CE0}" = 4500_G510gm_Help
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1" = SpeedUpMyPC
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E96CAA2A-0244-4A2A-8403-0C3C9534778B}" = ESU for Microsoft Windows 7 SP1
"{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"Free Download Manager_is1" = Free Download Manager 2.1 - Rasheed Jamal Edition
"Google Chrome" = Google Chrome
"HMIP50_is1" = Hide My IP 5.4
"Homestead SiteBuilder" = Homestead SiteBuilder
"Hotspot_Shield Toolbar" = Hotspot Shield Toolbar
"HotspotShield" = Hotspot Shield 3.09
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"MixiDJ_V42 Toolbar" = MixiDJ V42 Toolbar
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"PhotoStitch" = Canon Utilities PhotoStitch
"Produtools_Manuals_2.1_B Toolbar" = Produtools Manuals 2.1 B Toolbar
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SafePCRepair_89 Chrome Extension Uninstall" = SafePCRepair Toolbar Chrome Extension
"SearchProtect" = Search Protect by conduit
"SpeedingUpMyPC_is1" = SpeedingUpMyPC v3.1
"SpeedItup Free_is1" = SpeedItup Free 7.70
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"WEB Partner" = WEB Partner
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WTA-0ec51801-033d-4617-a050-728e77631270" = Polar Bowler
"WTA-227c80a2-21c7-4185-a0b0-a747053828d1" = Cradle of Rome 2
"WTA-28c40a23-2cb0-4857-93ac-3ae881416080" = Governor of Poker 2 Premium Edition
"WTA-40436781-0771-43e9-90f1-f0b21871e7c7" = Namco All-Stars: PAC-MAN
"WTA-4321a835-a749-4fc6-9097-d1516a02a344" = Virtual Villagers 5 - New Believers
"WTA-5f7cb5e7-e662-4dd4-ae4b-cb001ab0ed67" = Poker Superstars III
"WTA-61144ec7-9623-40f1-916b-a08b810a39ff" = Bounce Symphony
"WTA-654b1f4c-49e0-4a89-9c31-880e05927973" = Mystery of Mortlake Mansion
"WTA-657aa79f-4740-4ffd-9d42-7443fee74ca9" = Cake Mania
"WTA-87609f51-e7c2-4747-a175-99957dc2679b" = Polar Golfer
"WTA-887c9daf-c718-423e-9d37-2bf81aae537f" = Mah Jong Medley
"WTA-89c8791f-2f2c-4afe-aa76-918bcf703b33" = Plants vs. Zombies - Game of the Year
"WTA-9c483297-2c0b-4e52-8714-3b478983a0f6" = Penguins!
"WTA-a201309e-54cb-471b-b2b2-cb08d6e23a57" = Slingo Supreme
"WTA-adece886-22ed-47b6-bba0-9ec02042ca6f" = Agatha Christie - Peril at End House
"WTA-bee71dbf-9875-4bd0-9f51-2863426d06d3" = FATE
"WTA-c005653b-ab05-4da1-9723-a638f23175ee" = Chuzzle Deluxe
"WTA-c6c46fe9-d8cd-47fd-bdde-a0231815943f" = Zuma Deluxe
"WTA-cc617191-81c5-4649-8255-3d37d9d6141b" = Bejeweled 3
"WTA-cf9d7d2b-16a6-477e-af0e-f37c0373f8ff" = Blasterball 3
"WTA-e5a22790-5f26-46b4-bd19-f0b3a53ae654" = Vacation Quest - The Hawaiian Islands
"WTA-f745116d-0448-476d-aa2a-f3d3a85f096d" = Blackhawk Striker 2
"WTA-fe2f2ce9-ea5d-4ff8-bc0c-8f0f98a5259a" = Chronicles of Albian
"WTA-fe6c4247-8a9d-46b0-a840-2b2f416b3657" = Jewel Quest: The Sleepless Star - Collector's Edition
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{e67620c7-f705-4a83-8232-354918c8562f}" = Snap.Do Engine
"Dropbox" = Dropbox
"GoToMeeting" = GoToMeeting 5.5.0.1132

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/12/2013 4:59:08 PM | Computer Name = Hollys-HP | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 7/12/2013 6:29:09 PM | Computer Name = Hollys-HP | Source = WinMgmt | ID = 10
Description =

Error - 7/12/2013 6:43:29 PM | Computer Name = Hollys-HP | Source = SecurityCenter | ID = 3
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus, AntiSpyware and Firewall.

Error - 7/12/2013 6:44:34 PM | Computer Name = Hollys-HP | Source = WinMgmt | ID = 10
Description =

Error - 7/12/2013 6:44:55 PM | Computer Name = Hollys-HP | Source = Application Error | ID = 1000
Description = Faulting application name: HPWMISVC.exe, version: 2.7.1.0, time stamp:
0x4f544fe9 Faulting module name: HPWMISVC.exe, version: 2.7.1.0, time stamp: 0x4f544fe9
Exception
code: 0xc0000005 Fault offset: 0x000018ae Faulting process id: 0x710 Faulting application
start time: 0x01ce7f5135534c67 Faulting application path: C:\Program Files (x86)\Hewlett-Packard\HP
Quick Launch\HPWMISVC.exe Faulting module path: C:\Program Files (x86)\Hewlett-Packard\HP
Quick Launch\HPWMISVC.exe Report Id: abbe2d2a-eb44-11e2-8e3b-ac162d4f4783

Error - 7/12/2013 7:18:39 PM | Computer Name = Hollys-HP | Source = Application Error | ID = 1000
Description = Faulting application name: uninstall.exe_Internet Explorer Toolbar,
version: 4.3.0.19, time stamp: 0x507f1283 Faulting module name: ntdll.dll, version:
6.1.7601.17725, time stamp: 0x4ec49b8f Exception code: 0xc0000374 Fault offset: 0x000ce6c3
Faulting
process id: 0x1154 Faulting application start time: 0x01ce7f562055c2e6 Faulting application
path: C:\Users\Holly's\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\uninstall.exe
Faulting
module path: C:\Windows\SysWOW64\ntdll.dll Report Id: 61ec7119-eb49-11e2-8e3b-ac162d4f4783

Error - 7/12/2013 7:22:11 PM | Computer Name = Hollys-HP | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary SASKUTIL. System Error: The system cannot find the file specified. .

Error - 7/12/2013 7:23:51 PM | Computer Name = Hollys-HP | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary SASKUTIL. System Error: The system cannot find the file specified. .

Error - 7/12/2013 7:26:44 PM | Computer Name = Hollys-HP | Source = SecurityCenter | ID = 3
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus, AntiSpyware and Firewall.

Error - 7/12/2013 7:27:07 PM | Computer Name = Hollys-HP | Source = Application Error | ID = 1000
Description = Faulting application name: HPWMISVC.exe, version: 2.7.1.0, time stamp:
0x4f544fe9 Faulting module name: HPWMISVC.exe, version: 2.7.1.0, time stamp: 0x4f544fe9
Exception
code: 0xc0000005 Fault offset: 0x000018ae Faulting process id: 0x6f0 Faulting application
start time: 0x01ce7f5744f4e3a4 Faulting application path: C:\Program Files (x86)\Hewlett-Packard\HP
Quick Launch\HPWMISVC.exe Faulting module path: C:\Program Files (x86)\Hewlett-Packard\HP
Quick Launch\HPWMISVC.exe Report Id: 90c73198-eb4a-11e2-b66f-ac162d4f4783

Error - 7/12/2013 7:27:31 PM | Computer Name = Hollys-HP | Source = WinMgmt | ID = 10
Description =

[ Hewlett-Packard Events ]
Error - 12/11/2012 10:38:31 AM | Computer Name = Hollys-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSASession.AddNavigationProperties()
Message:
Object reference not set to an instance of an object. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSASession.AddNavigationProperties()
Source:
HP.SupportAssistant.Common Name: HPSF.exe Version: 06.00.01.01 Path: C:\Program Files
(x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 1899 Ram Utilization:
90 TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()


Error - 12/11/2012 11:09:34 AM | Computer Name = Hollys-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 12/11/2012 11:11:14 AM | Computer Name = Hollys-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 1899 Ram Utilization: 90 TargetSite: Void UpdateAndDetect()

Error - 12/11/2012 11:15:52 AM | Computer Name = Hollys-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 12/11/2012 11:15:52 AM | Computer Name = Hollys-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 12/11/2012 11:15:56 AM | Computer Name = Hollys-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 12/16/2012 10:46:00 PM | Computer Name = Hollys-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 12/16/2012 10:47:04 PM | Computer Name = Hollys-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 1899 Ram Utilization: 90 TargetSite: Void UpdateAndDetect()

Error - 12/16/2012 10:48:30 PM | Computer Name = Hollys-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 12/16/2012 10:48:30 PM | Computer Name = Hollys-HP | Source = HPSF.exe | ID = 4000
Description =

[ HP Software Framework Events ]
Error - 12/3/2012 5:52:01 PM | Computer Name = Hollys-HP | Source = CaslWmi | ID = 5
Description = 2012/12/03 16:52:01.235|000002C8|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 12/11/2012 11:10:42 AM | Computer Name = Hollys-HP | Source = CaslWmi | ID = 5
Description = 2012/12/11 10:10:42.202|00000320|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 12/11/2012 11:15:35 AM | Computer Name = Hollys-HP | Source = CaslWmi | ID = 5
Description = 2012/12/11 10:15:35.190|00001164|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 12/11/2012 11:15:51 AM | Computer Name = Hollys-HP | Source = CaslWmi | ID = 5
Description = 2012/12/11 10:15:51.134|00001DA8|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 12/11/2012 11:17:01 AM | Computer Name = Hollys-HP | Source = CaslWmi | ID = 5
Description = 2012/12/11 10:17:01.953|00002BBC|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 12/11/2012 11:17:10 AM | Computer Name = Hollys-HP | Source = CaslWmi | ID = 5
Description = 2012/12/11 10:17:10.253|00002624|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 12/11/2012 11:17:24 AM | Computer Name = Hollys-HP | Source = CaslWmi | ID = 5
Description = 2012/12/11 10:17:24.669|00001138|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 12/16/2012 10:49:16 PM | Computer Name = Hollys-HP | Source = CaslWmi | ID = 5
Description = 2012/12/16 21:49:16.886|00001B0C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 12/16/2012 10:49:45 PM | Computer Name = Hollys-HP | Source = CaslWmi | ID = 5
Description = 2012/12/16 21:49:45.462|000003E4|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 7/6/2013 8:14:54 AM | Computer Name = Hollys-HP | Source = hpqWmiEx | ID = 5
Description = 2013/07/06 08:14:54.625|00001A68|Error |ChpqWmiExModule::Run|Run
error.

[ Media Center Events ]
Error - 2/15/2013 6:59:15 AM | Computer Name = Hollys-HP | Source = MCUpdate | ID = 0
Description = 5:54:14 AM - Failed to retrieve SportsV2 (Error: The request was aborted:
The request was canceled.)

Error - 2/20/2013 8:28:07 AM | Computer Name = Hollys-HP | Source = MCUpdate | ID = 0
Description = 7:21:09 AM - Error connecting to the internet. 7:21:18 AM - Unable
to contact server..

Error - 2/26/2013 12:38:27 PM | Computer Name = Hollys-HP | Source = MCUpdate | ID = 0
Description = 11:38:02 AM - Failed to retrieve Directory (Error: The request was
aborted: The request was canceled.)

Error - 2/28/2013 12:27:23 PM | Computer Name = Hollys-HP | Source = MCUpdate | ID = 0
Description = 11:26:40 AM - Failed to retrieve Directory (Error: The operation has
timed out)

Error - 3/1/2013 7:15:34 PM | Computer Name = Hollys-HP | Source = MCUpdate | ID = 0
Description = 6:15:27 PM - Error connecting to the internet. 6:15:27 PM - Unable
to contact server..

Error - 4/8/2013 7:09:13 AM | Computer Name = Hollys-HP | Source = MCUpdate | ID = 0
Description = 7:09:01 AM - Error connecting to the internet. 7:09:01 AM - Unable
to contact server..

Error - 4/9/2013 8:03:21 PM | Computer Name = Hollys-HP | Source = MCUpdate | ID = 0
Description = 8:03:21 PM - Error connecting to the internet. 8:03:21 PM - Unable
to contact server..

Error - 4/9/2013 8:03:34 PM | Computer Name = Hollys-HP | Source = MCUpdate | ID = 0
Description = 8:03:27 PM - Error connecting to the internet. 8:03:27 PM - Unable
to contact server..

Error - 4/10/2013 8:13:54 AM | Computer Name = Hollys-HP | Source = MCUpdate | ID = 0
Description = 8:13:54 AM - Error connecting to the internet. 8:13:54 AM - Unable
to contact server..

Error - 4/10/2013 8:14:05 AM | Computer Name = Hollys-HP | Source = MCUpdate | ID = 0
Description = 8:14:00 AM - Error connecting to the internet. 8:14:00 AM - Unable
to contact server..

[ Spybot - Search and Destroy Events ]
Error - 7/8/2013 4:45:56 PM | Computer Name = Hollys-HP | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

Error - 7/8/2013 4:49:05 PM | Computer Name = Hollys-HP | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

Error - 7/8/2013 4:50:43 PM | Computer Name = Hollys-HP | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

Error - 7/9/2013 6:25:41 AM | Computer Name = Hollys-HP | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

Error - 7/9/2013 9:42:12 AM | Computer Name = Hollys-HP | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

Error - 7/9/2013 9:42:45 AM | Computer Name = Hollys-HP | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

Error - 7/9/2013 11:19:17 AM | Computer Name = Hollys-HP | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

Error - 7/10/2013 12:28:16 PM | Computer Name = Hollys-HP | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

Error - 7/10/2013 12:32:26 PM | Computer Name = Hollys-HP | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

Error - 7/10/2013 12:32:33 PM | Computer Name = Hollys-HP | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

[ System Events ]
Error - 3/28/2013 9:21:51 AM | Computer Name = Hollys-HP | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.147.479.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9302.0 Error
code: 0x80072f76 Error description: The requested header was not found

Error - 3/28/2013 3:10:11 PM | Computer Name = Hollys-HP | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.147.479.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9302.0 Error
code: 0x80072f76 Error description: The requested header was not found

Error - 3/30/2013 1:54:11 PM | Computer Name = Hollys-HP | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Dnscache service.

Error - 3/30/2013 1:54:41 PM | Computer Name = Hollys-HP | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Dnscache service.

Error - 3/30/2013 1:55:23 PM | Computer Name = Hollys-HP | Source = Service Control Manager | ID = 7031
Description = The Hotspot Shield Service service terminated unexpectedly. It has
done this 2 time(s). The following corrective action will be taken in 0 milliseconds:
Restart the service.

Error - 3/30/2013 3:09:13 PM | Computer Name = Hollys-HP | Source = EventLog | ID = 6008
Description = The previous system shutdown at 3:07:37 PM on ?3/?30/?2013 was unexpected.

Error - 3/30/2013 3:09:14 PM | Computer Name = Hollys-HP | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\Rtlihvs.dll
Error
Code: 126

Error - 3/30/2013 3:09:26 PM | Computer Name = Hollys-HP | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 3/30/2013 3:09:26 PM | Computer Name = Hollys-HP | Source = Service Control Manager | ID = 7024
Description = The AVGIDSAgent service terminated with service-specific error %%-536753636.

Error - 3/30/2013 3:09:28 PM | Computer Name = Hollys-HP | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5


< End of report >
  • 0

#5
prettything

prettything

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Post from RK reports

RogueKiller V8.6.3 [Jul 17 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.co...es/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Holly's [Admin rights]
Mode : Scan -- Date : 07/23/2013 16:49:11
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 9 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Spyware Doctor with AntiVirus (C:\Users\Holly's\Desktop\Spybot-Spyware-Doctor-Install-rw.exe -min [x]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-3372406639-2438607955-469169158-1001\[...]\Run : Spyware Doctor with AntiVirus (C:\Users\Holly's\Desktop\Spybot-Spyware-Doctor-Install-rw.exe -min [x]) -> FOUND
[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 1 ¤¤¤
[V2][SUSP PATH] TidyNetwork Update : C:\Users\Holly's\AppData\Local\TidyNetwork.com\tidy2update.exe [x] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 33d19e5a08834a3bb301c37b00a2b52c
[BSP] ce126a6b1cce517aad9d50e229359747 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 286179 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 586504192 | Size: 14802 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 616818688 | Size: 4063 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_07232013_164911.txt >>


--------------------------------------------------------------------------------------

RogueKiller V8.6.3 [Jul 17 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.co...es/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Holly's [Admin rights]
Mode : Remove -- Date : 07/23/2013 16:49:38
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 9 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Spyware Doctor with AntiVirus (C:\Users\Holly's\Desktop\Spybot-Spyware-Doctor-Install-rw.exe -min [x]) -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-21-3372406639-2438607955-469169158-1001\[...]\Run : Spyware Doctor with AntiVirus (C:\Users\Holly's\Desktop\Spybot-Spyware-Doctor-Install-rw.exe -min [x]) -> [0x2] The system cannot find the file specified.
[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ POL] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 1 ¤¤¤
[V2][SUSP PATH] TidyNetwork Update : C:\Users\Holly's\AppData\Local\TidyNetwork.com\tidy2update.exe [x] -> DELETED

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 33d19e5a08834a3bb301c37b00a2b52c
[BSP] ce126a6b1cce517aad9d50e229359747 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 286179 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 586504192 | Size: 14802 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 616818688 | Size: 4063 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_07232013_164938.txt >>
RKreport[0]_S_07232013_164911.txt



-------------------------------------------------------------------------------------
RogueKiller V8.6.3 [Jul 17 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.co...es/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Holly's [Admin rights]
Mode : Shortcuts HJfix -- Date : 07/23/2013 16:50:38
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 0 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 8 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 1 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 8 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[E:] \Device\HarddiskVolume4 -- 0x3 --> Restored
[F:] \Device\CdRom0 -- 0x5 --> Skipped

¤¤¤ Infection : ¤¤¤

Finished : << RKreport[0]_SC_07232013_165038.txt >>
RKreport[0]_D_07232013_164938.txt;RKreport[0]_S_07232013_164911.txt
  • 0

#6
prettything

prettything

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
ADW

# AdwCleaner v2.306 - Logfile created 07/23/2013 at 16:55:16
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Holly's - HOLLYS-HP
# Boot Mode : Normal
# Running from : C:\Users\Holly's\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****

Found : 24x7HelpSvc
Found : CltMngSvc

***** [Files / Folders] *****

File Found : C:\Users\Holly's\AppData\Local\funmoods-speeddial.crx
File Found : C:\Users\Holly's\AppData\Roaming\Mozilla\Firefox\Profiles\b66034y8.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
File Found : C:\Users\Holly's\AppData\Roaming\Mozilla\Firefox\Profiles\c9hggb48.default\extensions\[email protected]
File Found : C:\Users\Holly's\AppData\Roaming\Mozilla\Firefox\Profiles\c9hggb48.default\extensions\[email protected]
File Found : C:\Users\Holly's\AppData\Roaming\Mozilla\Firefox\Profiles\c9hggb48.default\searchplugins\search.xml
File Found : C:\Users\Holly's\AppData\Roaming\Mozilla\Firefox\Profiles\c9hggb48.default\searchplugins\search-here.xml
File Found : C:\Users\Holly's\AppData\Roaming\Mozilla\Firefox\Profiles\c9hggb48.default\searchplugins\search-the-web.xml
File Found : C:\Windows\Tasks\SpeedUpMyPC.job
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\DownTangoLauncherToolbar
Folder Found : C:\Program Files (x86)\Free Ride Games
Folder Found : C:\Program Files (x86)\ParetoLogic
Folder Found : C:\Program Files (x86)\Protected Search
Folder Found : C:\Program Files (x86)\Red Sky
Folder Found : C:\Program Files (x86)\SearchProtect
Folder Found : C:\Program Files (x86)\SweetIM
Folder Found : C:\Program Files (x86)\Zoom Downloader
Folder Found : C:\ProgramData\APN
Folder Found : C:\ProgramData\ParetoLogic
Folder Found : C:\ProgramData\PC Optimizer Pro
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Users\Holly's\AppData\Local\APN
Folder Found : C:\Users\Holly's\AppData\Local\DownTango
Folder Found : C:\Users\Holly's\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpaiibklhaneknloaoccoidbaffjjlnb
Folder Found : C:\Users\Holly's\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpaiibklhaneknloaoccoidbaffjjlnb
Folder Found : C:\Users\Holly's\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjjpeodeilefdpblgopdaoojammobcaf
Folder Found : C:\Users\Holly's\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjjpeodeilefdpblgopdaoojammobcaf
Folder Found : C:\Users\Holly's\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Holly's\AppData\LocalLow\Conduit
Folder Found : C:\Users\Holly's\AppData\LocalLow\DownTangoLauncherToolbar
Folder Found : C:\Users\Holly's\AppData\LocalLow\Hotspot_Shield
Folder Found : C:\Users\Holly's\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Holly's\AppData\LocalLow\SimplyTech
Folder Found : C:\Users\Holly's\AppData\Roaming\DownTangoLauncherToolbar
Folder Found : C:\Users\Holly's\AppData\Roaming\DriverCure
Folder Found : C:\Users\Holly's\AppData\Roaming\Funmoods
Folder Found : C:\Users\Holly's\AppData\Roaming\Mozilla\Firefox\Profiles\b66034y8.default\Smartbar
Folder Found : C:\Users\Holly's\AppData\Roaming\Mozilla\Firefox\Profiles\b66034y8.default\SweetPacksToolbarData
Folder Found : C:\Users\Holly's\AppData\Roaming\Mozilla\Firefox\Profiles\c9hggb48.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
Folder Found : C:\Users\Holly's\AppData\Roaming\Mozilla\Firefox\Profiles\c9hggb48.default\extensions\[email protected]
Folder Found : C:\Users\Holly's\AppData\Roaming\Mozilla\Firefox\Profiles\c9hggb48.default\extensions\[email protected]
Folder Found : C:\Users\Holly's\AppData\Roaming\Mozilla\Firefox\Profiles\c9hggb48.default\extensions\staged
Folder Found : C:\Users\Holly's\AppData\Roaming\Mozilla\Firefox\Profiles\c9hggb48.default\FCTB
Folder Found : C:\Users\Holly's\AppData\Roaming\ParetoLogic

***** [Registry] *****

Key Found : HKCU\Software\24x7HELP
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\Google\Chrome\Extensions\gpaiibklhaneknloaoccoidbaffjjlnb
Key Found : HKCU\Software\Google\Chrome\Extensions\gpaiibklhaneknloaoccoidbaffjjlnb
Key Found : HKCU\Software\Google\Chrome\Extensions\kjjpeodeilefdpblgopdaoojammobcaf
Key Found : HKCU\Software\Google\Chrome\Extensions\kjjpeodeilefdpblgopdaoojammobcaf
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Found : HKCU\Software\pc optimizer pro
Key Found : HKCU\Software\SearchProtect
Key Found : HKCU\Software\SmartBar
Key Found : HKCU\Software\wecarereminder
Key Found : HKCU\Software\WNLT
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Found : HKLM\Software\24x7HELP
Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Found : HKLM\Software\Classes\Installer\Features\90C64EA18BA25EE488BF80DCF07F2FFD
Key Found : HKLM\Software\Classes\Installer\Features\FB6D58DD787439A4995AF3C00FEA8843
Key Found : HKLM\Software\Classes\Installer\Products\90C64EA18BA25EE488BF80DCF07F2FFD
Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3286042
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3295465
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\InstallIQ
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{87EAB409-97D7-4889-ACFA-C548FC6F3ECF}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\Software\SearchProtect
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gpaiibklhaneknloaoccoidbaffjjlnb
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gpaiibklhaneknloaoccoidbaffjjlnb
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kjjpeodeilefdpblgopdaoojammobcaf
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kjjpeodeilefdpblgopdaoojammobcaf
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A957F04C-49F4-4375-8C8A-D04B769EFE47}_is1
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Found : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Found : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Found : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : HKLM\SOFTWARE\Tarma Installer
Key Found : HKU\S-1-5-21-3372406639-2438607955-469169158-1001\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={0B4FAC17-D9E7-11E2-B771-AC162D4F4783}

-\\ Mozilla Firefox v13.0.1 (en-US)

File : C:\Users\Holly's\AppData\Roaming\Mozilla\Firefox\Profiles\b66034y8.default\prefs.js

Found : user_pref("extensions.funmoods.aflt", "axl");
Found : user_pref("extensions.funmoods.autoRvrt", false);
Found : user_pref("extensions.funmoods.dfltLng", "");
Found : user_pref("extensions.funmoods.dfltSrch", true);
Found : user_pref("extensions.funmoods.dnsErr", true);
Found : user_pref("extensions.funmoods.envrmnt", "production");
Found : user_pref("extensions.funmoods.excTlbr", false);
Found : user_pref("extensions.funmoods.hmpg", true);
Found : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2[...]
Found : user_pref("extensions.funmoods.id", "AC162D4F4783B27A");
Found : user_pref("extensions.funmoods.instlDay", "15543");
Found : user_pref("extensions.funmoods.instlRef", "axl");
Found : user_pref("extensions.funmoods.isdcmntcmplt", true);
Found : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Found : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzuyEt[...]
Found : user_pref("extensions.funmoods.prdct", "funmoods");
Found : user_pref("extensions.funmoods.prtnrId", "funmoods");
Found : user_pref("extensions.funmoods.srchPrvdr", "Search");
Found : user_pref("extensions.funmoods.tlbrId", "base");
Found : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/?f=3&a=axl&chnl=axl&cd=2Xzuy[...]
Found : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Found : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Found : user_pref("extensions.funmoods_i.newTab", true);
Found : user_pref("extensions.funmoods_i.smplGrp", "none");
Found : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2214:41:25");

-\\ Google Chrome v27.0.1453.116

File : C:\Users\Holly's\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [17345 octets] - [23/07/2013 16:55:16]

########## EOF - C:\AdwCleaner[R1].txt - [17406 octets] ##########



---------------------------------------------------------------
  • 0

#7
prettything

prettything

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Repairing Shortcuts Fixed


--- Backup : No backup found ---
--- Desktop ---
--- Desktop ---
[UNHIDDEN][FOLDER] C:\Users\Public\Desktop
--- Quick launch ---
[UNHIDDEN][FOLDER] C:\Users\Holly's\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
--- Programs ---
[UNHIDDEN][FOLDER] C:\Program Files\Uninstall Information
--- Programs ---
[UNHIDDEN][FOLDER] C:\Program Files (x86)\InstallShield Installation Information
[UNHIDDEN][FOLDER] C:\Program Files (x86)\Temp
[UNHIDDEN][FOLDER] C:\Program Files (x86)\Uninstall Information
--- Start menu ---
--- My documents ---
[UNHIDDEN][FOLDER] C:\Users\Holly's\Documents\cache
--- My documents ---
--- My documents ---
--- My music ---
--- My pictures ---
[UNHIDDEN][FILE] C:\Users\Holly's\Pictures\ZbThumbnail.info
--- My videos ---
--- User folder ---
[UNHIDDEN][FOLDER] C:\Users\Holly's\AppData
--- User folder ---
[UNHIDDEN][FOLDER] C:\Users\Holly's\AppData\Roaming\Microsoft\Windows\Cookies
[UNHIDDEN][FILE] C:\Users\Holly's\AppData\Roaming\Microsoft\Windows\Cookies\container.dat
[UNHIDDEN][FOLDER] C:\Users\Holly's\AppData\Roaming\Microsoft\Windows\IECompatCache
[UNHIDDEN][FILE] C:\Users\Holly's\AppData\Roaming\Microsoft\Windows\IECompatCache\container.dat
[UNHIDDEN][FOLDER] C:\Users\Holly's\AppData\Roaming\Microsoft\Windows\IECompatCache\Low
[UNHIDDEN][FILE] C:\Users\Holly's\AppData\Roaming\Microsoft\Windows\IECompatCache\Low\container.dat
[UNHIDDEN][FOLDER] C:\Users\Holly's\AppData\Roaming\Microsoft\Windows\IECompatUACache
[UNHIDDEN][FILE] C:\Users\Holly's\AppData\Roaming\Microsoft\Windows\IECompatUACache\container.dat
[UNHIDDEN][FOLDER] C:\Users\Holly's\AppData\Roaming\Microsoft\Windows\IECompatUACache\Low
[UNHIDDEN][FILE] C:\Users\Holly's\AppData\Roaming\Microsoft\Windows\IECompatUACache\Low\container.dat
[UNHIDDEN][FOLDER] C:\Users\Holly's\AppData\Roaming\Microsoft\Windows\IEDownloadHistory
[UNHIDDEN][FILE] C:\Users\Holly's\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\container.dat
[UNHIDDEN][FOLDER] C:\Users\Holly's\AppData\Roaming\Microsoft\Windows\IETldCache
[UNHIDDEN][FOLDER] C:\Users\Holly's\AppData\Roaming\Microsoft\Windows\IETldCache\Low
[UNHIDDEN][FOLDER] C:\Users\Holly's\AppData\Roaming\Microsoft\Windows\PrivacIE
[UNHIDDEN][FILE] C:\Users\Holly's\AppData\Roaming\Microsoft\Windows\PrivacIE\container.dat
[UNHIDDEN][FOLDER] C:\Users\Holly's\AppData\Roaming\Microsoft\Windows\PrivacIE\Low
[UNHIDDEN][FILE] C:\Users\Holly's\AppData\Roaming\Microsoft\Windows\PrivacIE\Low\container.dat

Drives found : [C:D:E:F:]
--- [C:] \Device\HarddiskVolume2 -- 0x3 --> Restoring... ---
[UNHIDDEN][FOLDER] C:\$AVG
[UNHIDDEN][FOLDER] C:\boot
[UNHIDDEN][FILE] C:\boot\BCD.LOG
[UNHIDDEN][FILE] C:\boot\BCD.LOG1
[UNHIDDEN][FILE] C:\boot\BCD.LOG2
[UNHIDDEN][FILE] C:\bootmgr
[UNHIDDEN][FOLDER] C:\HP
[UNHIDDEN][FOLDER] C:\ProgramData
[UNHIDDEN][FOLDER] C:\ProgramData\Common Files
[UNHIDDEN][FILE] C:\ProgramData\Common Files\EC7F0F7A-F321-8729-6480-0522084EFA3B.dat
[UNHIDDEN][FOLDER] C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[UNHIDDEN][FOLDER] C:\SYSTEM.SAV
--- [D:] \Device\HarddiskVolume3 -- 0x3 --> Restoring... ---
[UNHIDDEN][FOLDER] D:
[UNHIDDEN][FOLDER] D:\boot
[UNHIDDEN][FILE] D:\boot\BCD.LOG
[UNHIDDEN][FILE] D:\bootmgr
[UNHIDDEN][FOLDER] D:\FactoryUpdate
[UNHIDDEN][FOLDER] D:\hp
[UNHIDDEN][FILE] D:\HP_WSD.dat
[UNHIDDEN][FOLDER] D:\preload
[UNHIDDEN][FOLDER] D:\RM_Reserve
--- [E:] \Device\HarddiskVolume4 -- 0x3 --> Restoring... ---
--- [F:] \Device\CdRom0 -- 0x5 --> Skipped. ---
  • 0

#8
prettything

prettything

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
AdWcleaner reboot



# AdwCleaner v2.306 - Logfile created 07/23/2013 at 17:02:15
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Holly's - HOLLYS-HP
# Boot Mode : Normal
# Running from : C:\Users\Holly's\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : 24x7HelpSvc
Stopped & Deleted : CltMngSvc

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\SweetIM
Deleted on reboot : C:\Users\Holly's\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpaiibklhaneknloaoccoidbaffjjlnb
Deleted on reboot : C:\Users\Holly's\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjjpeodeilefdpblgopdaoojammobcaf
File Deleted : C:\Users\Holly's\AppData\Local\funmoods-speeddial.crx
File Deleted : C:\Users\Holly's\AppData\Roaming\Mozilla\Firefox\Profiles\b66034y8.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
File Deleted : C:\Users\Holly's\AppData\Roaming\Mozilla\Firefox\Profiles\c9hggb48.default\extensions\[email protected]
File Deleted : C:\Users\Holly's\AppData\Roaming\Mozilla\Firefox\Profiles\c9hggb48.default\searchplugins\search.xml
File Deleted : C:\Users\Holly's\AppData\Roaming\Mozilla\Firefox\Profiles\c9hggb48.default\searchplugins\search-here.xml
File Deleted : C:\Users\Holly's\AppData\Roaming\Mozilla\Firefox\Profiles\c9hggb48.default\searchplugins\search-the-web.xml
File Deleted : C:\Windows\Tasks\SpeedUpMyPC.job
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\DownTangoLauncherToolbar
Folder Deleted : C:\Program Files (x86)\Free Ride Games
Folder Deleted : C:\Program Files (x86)\ParetoLogic
Folder Deleted : C:\Program Files (x86)\Protected Search
Folder Deleted : C:\Program Files (x86)\Red Sky
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Program Files (x86)\Zoom Downloader
Folder Deleted : C:\ProgramData\APN
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\ProgramData\PC Optimizer Pro
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Holly's\AppData\Local\APN
Folder Deleted : C:\Users\Holly's\AppData\Local\DownTango
Folder Deleted : C:\Users\Holly's\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpaiibklhaneknloaoccoidbaffjjlnb
Folder Deleted : C:\Users\Holly's\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjjpeodeilefdpblgopdaoojammobcaf
Folder Deleted : C:\Users\Holly's\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Holly's\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Holly's\AppData\LocalLow\DownTangoLauncherToolbar
Folder Deleted : C:\Users\Holly's\AppData\LocalLow\Hotspot_Shield
Folder Deleted : C:\Users\Holly's\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Holly's\AppData\LocalLow\SimplyTech
Folder Deleted : C:\Users\Holly's\AppData\Roaming\DownTangoLauncherToolbar
Folder Deleted : C:\Users\Holly's\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Holly's\AppData\Roaming\Funmoods
Folder Deleted : C:\Users\Holly's\AppData\Roaming\Mozilla\Firefox\Profiles\b66034y8.default\Smartbar
Folder Deleted : C:\Users\Holly's\AppData\Roaming\Mozilla\Firefox\Profiles\b66034y8.default\SweetPacksToolbarData
Folder Deleted : C:\Users\Holly's\AppData\Roaming\Mozilla\Firefox\Profiles\c9hggb48.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
Folder Deleted : C:\Users\Holly's\AppData\Roaming\Mozilla\Firefox\Profiles\c9hggb48.default\extensions\[email protected]
Folder Deleted : C:\Users\Holly's\AppData\Roaming\Mozilla\Firefox\Profiles\c9hggb48.default\extensions\[email protected]
Folder Deleted : C:\Users\Holly's\AppData\Roaming\Mozilla\Firefox\Profiles\c9hggb48.default\extensions\staged
Folder Deleted : C:\Users\Holly's\AppData\Roaming\Mozilla\Firefox\Profiles\c9hggb48.default\FCTB
Folder Deleted : C:\Users\Holly's\AppData\Roaming\ParetoLogic

***** [Registry] *****

Key Deleted : HKCU\Software\24x7HELP
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\Google\Chrome\Extensions\gpaiibklhaneknloaoccoidbaffjjlnb
Key Deleted : HKCU\Software\Google\Chrome\Extensions\kjjpeodeilefdpblgopdaoojammobcaf
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKCU\Software\pc optimizer pro
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKCU\Software\WNLT
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKLM\Software\24x7HELP
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Deleted : HKLM\Software\Classes\Installer\Features\90C64EA18BA25EE488BF80DCF07F2FFD
Key Deleted : HKLM\Software\Classes\Installer\Features\FB6D58DD787439A4995AF3C00FEA8843
Key Deleted : HKLM\Software\Classes\Installer\Products\90C64EA18BA25EE488BF80DCF07F2FFD
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3286042
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3295465
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{87EAB409-97D7-4889-ACFA-C548FC6F3ECF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gpaiibklhaneknloaoccoidbaffjjlnb
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kjjpeodeilefdpblgopdaoojammobcaf
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A957F04C-49F4-4375-8C8A-D04B769EFE47}_is1
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Tarma Installer

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

Replaced : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={0B4FAC17-D9E7-11E2-B771-AC162D4F4783} --> hxxp://www.google.com

-\\ Mozilla Firefox v13.0.1 (en-US)

File : C:\Users\Holly's\AppData\Roaming\Mozilla\Firefox\Profiles\b66034y8.default\prefs.js

C:\Users\Holly's\AppData\Roaming\Mozilla\Firefox\Profiles\b66034y8.default\user.js ... Deleted !

Deleted : user_pref("extensions.funmoods.aflt", "axl");
Deleted : user_pref("extensions.funmoods.autoRvrt", false);
Deleted : user_pref("extensions.funmoods.dfltLng", "");
Deleted : user_pref("extensions.funmoods.dfltSrch", true);
Deleted : user_pref("extensions.funmoods.dnsErr", true);
Deleted : user_pref("extensions.funmoods.envrmnt", "production");
Deleted : user_pref("extensions.funmoods.excTlbr", false);
Deleted : user_pref("extensions.funmoods.hmpg", true);
Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2[...]
Deleted : user_pref("extensions.funmoods.id", "AC162D4F4783B27A");
Deleted : user_pref("extensions.funmoods.instlDay", "15543");
Deleted : user_pref("extensions.funmoods.instlRef", "axl");
Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);
Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzuyEt[...]
Deleted : user_pref("extensions.funmoods.prdct", "funmoods");
Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");
Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search");
Deleted : user_pref("extensions.funmoods.tlbrId", "base");
Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/?f=3&a=axl&chnl=axl&cd=2Xzuy[...]
Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Deleted : user_pref("extensions.funmoods_i.newTab", true);
Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2214:41:25");

-\\ Google Chrome v27.0.1453.116

File : C:\Users\Holly's\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [17422 octets] - [23/07/2013 16:55:16]
AdwCleaner[R2].txt - [17483 octets] - [23/07/2013 17:01:58]
AdwCleaner[S1].txt - [17384 octets] - [23/07/2013 17:02:15]

########## EOF - C:\AdwCleaner[S1].txt - [17445 octets] ##########
  • 0

#9
prettything

prettything

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi Jasmyne it wont let me download the junkfiler it says it has unauthorized author and could harm my computer. I have done everything else you asked me too working on last otl scan. Thanks but so far nothing. Any other suggestions besides out of the box?

Thanks,

Holly
  • 0

#10
prettything

prettything

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
OTL.txt file


OTL logfile created on: 7/23/2013 5:57:44 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Downloads\Software
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.86 Gb Total Physical Memory | 0.39 Gb Available Physical Memory | 21.23% Memory free
3.71 Gb Paging File | 1.11 Gb Available in Paging File | 29.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.47 Gb Total Space | 223.80 Gb Free Space | 80.08% Space Free | Partition Type: NTFS
Drive D: | 14.46 Gb Total Space | 1.30 Gb Free Space | 8.96% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 1.08 Gb Free Space | 27.22% Space Free | Partition Type: FAT32
Drive F: | 0.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: HOLLYS-HP | User Name: Holly's | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/23 17:24:21 | 000,107,520 | ---- | M] () -- C:\Users\Holly's\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
PRC - [2013/07/23 16:44:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Downloads\Software\OTL.exe
PRC - [2013/07/16 19:42:53 | 000,217,992 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
PRC - [2013/06/14 21:28:44 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/05/24 20:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Holly's\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/05/23 05:09:59 | 002,827,728 | ---- | M] () -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
PRC - [2013/05/14 13:26:12 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/05/08 02:18:34 | 002,852,640 | ---- | M] (Conduit) -- C:\Users\Holly's\AppData\Roaming\SearchProtect\bin\cltmng.exe
PRC - [2013/05/08 02:18:34 | 000,097,056 | ---- | M] (Conduit) -- C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/08/10 16:48:50 | 000,197,536 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2012/03/05 13:38:38 | 000,578,944 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2011/08/19 14:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2011/06/28 05:41:08 | 000,168,504 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
PRC - [2011/06/15 20:58:28 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/05/20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/05/20 10:10:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/12/30 23:44:00 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/12/30 23:43:00 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/12/27 19:30:00 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
PRC - [2010/11/20 23:23:51 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\schtasks.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (No Company Name) ==========

MOD - [2013/07/17 07:52:43 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\97379bb54714115d38a443f44b53f10f\IAStorCommon.ni.dll
MOD - [2013/07/17 07:52:42 | 000,492,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\6a6a92284a0fdd83102de84c47647239\IAStorUtil.ni.dll
MOD - [2013/07/17 07:08:58 | 011,914,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\158350659237a2cfe4828791f316354f\System.Web.ni.dll
MOD - [2013/07/17 07:08:41 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e9218fe64655082b96e540b625b1df83\System.Runtime.Remoting.ni.dll
MOD - [2013/07/17 07:06:55 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c1396f887447bc9b7881d7d965b1dd27\System.Windows.Forms.ni.dll
MOD - [2013/07/17 07:06:43 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\66aa3d0386fdf3fc8e5ad5f8d9e4e976\System.Drawing.ni.dll
MOD - [2013/07/17 07:06:33 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\e71055d31857b8246b9217ac120cdfba\System.Xml.ni.dll
MOD - [2013/07/17 07:06:27 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\8ca66b3ec2a3d16e8523bc727e7411fc\System.Configuration.ni.dll
MOD - [2013/07/17 07:06:06 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\22a91a579d675f257ac0469bd56c44d2\WindowsBase.ni.dll
MOD - [2013/07/17 07:06:02 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b7ca0ae2d6d1b6383e5bbf5eb327c1d5\System.ni.dll
MOD - [2013/07/17 07:05:35 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\90f888763fcc308fb0f73b95aceca195\mscorlib.ni.dll
MOD - [2013/06/14 21:28:42 | 000,393,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppgooglenaclpluginchrome.dll
MOD - [2013/06/14 21:28:41 | 013,140,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll
MOD - [2013/06/14 21:28:40 | 004,051,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll
MOD - [2013/06/14 21:27:51 | 000,599,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\libglesv2.dll
MOD - [2013/06/14 21:27:50 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\libegl.dll
MOD - [2013/06/14 21:27:48 | 001,597,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ffmpegsumo.dll
MOD - [2013/05/23 05:09:59 | 002,827,728 | ---- | M] () -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
MOD - [2013/05/23 05:09:01 | 002,521,040 | ---- | M] () -- c:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll
MOD - [2013/03/13 16:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Holly's\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012/11/13 19:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Holly's\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/07/11 14:54:58 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2010/10/11 05:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/11/17 21:14:00 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2013/07/23 17:24:21 | 000,107,520 | ---- | M] () [Auto | Running] -- C:\Users\Holly's\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe -- (DefaultTabUpdate)
SRV - [2013/06/19 17:16:46 | 003,616,880 | ---- | M] (Hide My IP) [On_Demand | Stopped] -- C:\Program Files (x86)\Hide My IP\HideMyIpSrv.exe -- (HideMyIpSRV)
SRV - [2013/06/12 07:22:06 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/03 13:09:19 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/23 05:09:59 | 002,827,728 | ---- | M] () [Auto | Running] -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe -- (BrowserDefendert)
SRV - [2013/05/14 13:26:12 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/05/08 02:18:34 | 000,097,056 | ---- | M] (Conduit) [Auto | Running] -- C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe -- (CltMngSvc)
SRV - [2013/04/05 13:40:32 | 002,625,800 | ---- | M] (iolo technologies, LLC) [On_Demand | Stopped] -- C:\Program Files (x86)\SafePCRepair\ioloToolService.exe -- (ioloService)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/27 12:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/08/10 16:48:50 | 000,197,536 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/09 01:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/06/11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/06/11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Disabled | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc)
SRV - [2012/03/05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011/05/20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/12/30 23:44:00 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/30 23:43:00 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/12/27 19:30:00 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010/10/22 14:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/06/20 21:07:16 | 000,046,792 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)
DRV:64bit: - [2013/06/19 17:26:06 | 000,030,056 | ---- | M] (Hide My IP) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hmip64.sys -- (hmip)
DRV:64bit: - [2013/05/14 11:05:09 | 012,231,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013/04/24 15:28:08 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/12/18 10:33:44 | 000,088,600 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2012/11/29 12:56:50 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2012/11/29 12:56:30 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2012/08/01 14:13:40 | 000,038,632 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2012/07/26 01:32:22 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/22 11:29:46 | 000,878,184 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2012/06/01 07:31:54 | 001,863,720 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/15 13:29:42 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 23:06:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/07/12 23:06:46 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/06/09 22:19:54 | 001,451,056 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/05/20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/03/05 03:16:00 | 000,436,840 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/02/15 14:37:00 | 000,335,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2010/12/30 23:46:00 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/07/28 12:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 16:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.funmood...C&cr=1976401719
IE:64bit: - HKLM\..\SearchScopes\{536006D7-3F6B-4B7C-A39B-43DF2361D88E}: "URL" = http://www.amazon.co...s={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\URLSearchHook: {6c3d3bd4-75f8-4283-bb97-1e22c4c090df} - No CLSID value found
IE - HKLM\..\URLSearchHook: {739df940-c5ee-4bab-9d7e-270894ae687a} - C:\Program Files (x86)\WhiteSmoke_New\prxtbWhit.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - No CLSID value found
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.funmood...C&cr=1976401719

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www1.delta-se...119351&tsp=4952
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.c...Date=30/06/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...PV=SSPV_AB_IE_2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.c...Date=30/06/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.c...Date=30/06/2013
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU\..\URLSearchHook: {739df940-c5ee-4bab-9d7e-270894ae687a} - C:\Program Files (x86)\WhiteSmoke_New\prxtbWhit.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www1.delta-se...119351&tsp=4952
IE - HKCU\..\SearchScopes\{7D5798E4-A98D-48BB-9292-EAD72E4D759C}: "URL" = www.buenosearch.com?babsrc=ext_WinjNw&affID=123486&q={searchTerms}
IE - HKCU\..\SearchScopes\{7D7B236C-7520-4DC6-9896-2B50E0E3D588}: "URL" = http://search.condui...5541527966&UM=2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www1.delta-se...19351&tsp=4952"
FF - prefs.js..browser.search.selectedEngine: "Delta Search"


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/10/12 23:19:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}: C:\Program Files\Updater By SweetPacks\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/07/17 07:17:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/10/12 23:19:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\LyriXeeker\125.xpi [2013/07/23 17:20:31 | 000,007,101 | ---- | M] ()
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\LyricsContainer\125.xpi [2013/07/23 17:40:37 | 000,007,246 | ---- | M] ()

[2012/07/13 08:00:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Holly's\AppData\Roaming\mozilla\Extensions
[2013/07/23 17:40:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Holly's\AppData\Roaming\mozilla\Firefox\Profiles\b66034y8.default\extensions
[2013/07/23 17:40:01 | 000,000,000 | ---D | M] (LyricsContainer) -- C:\Users\Holly's\AppData\Roaming\mozilla\Firefox\Profiles\b66034y8.default\extensions\122
[2013/07/23 17:25:43 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Users\Holly's\AppData\Roaming\mozilla\Firefox\Profiles\b66034y8.default\extensions\[email protected]
[2013/07/23 17:40:33 | 000,000,000 | ---D | M] (getsav-in) -- C:\Users\Holly's\AppData\Roaming\mozilla\Firefox\Profiles\b66034y8.default\extensions\[email protected]
[2013/07/23 17:24:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Holly's\AppData\Roaming\mozilla\Firefox\Profiles\c9hggb48.default\extensions
[2012/07/14 18:03:37 | 000,000,000 | ---D | M] (Bucksbee Loyalty Plugin - 100815) -- C:\Users\Holly's\AppData\Roaming\mozilla\Firefox\Profiles\c9hggb48.default\extensions\{758d6aeb-75e4-9f24-fd49-51b640add07f}
[2012/11/02 09:21:10 | 000,000,000 | ---D | M] (DownTango Launcher) -- C:\Users\Holly's\AppData\Roaming\mozilla\Firefox\Profiles\c9hggb48.default\extensions\{890a3e16-521d-4d00-bdf9-e07218d09c8d}
[2013/07/23 17:24:20 | 000,029,620 | ---- | M] () (No name found) -- C:\Users\Holly's\AppData\Roaming\mozilla\firefox\profiles\c9hggb48.default\extensions\[email protected]
[2013/07/23 17:21:59 | 000,006,507 | ---- | M] () -- C:\Users\Holly's\AppData\Roaming\mozilla\firefox\profiles\b66034y8.default\searchplugins\babylon.xml
[2013/06/20 16:22:50 | 000,001,793 | ---- | M] () -- C:\Users\Holly's\AppData\Roaming\mozilla\firefox\profiles\b66034y8.default\searchplugins\Bing.xml
[2013/07/23 17:25:44 | 000,001,294 | ---- | M] () -- C:\Users\Holly's\AppData\Roaming\mozilla\firefox\profiles\b66034y8.default\searchplugins\delta.xml
[2013/07/23 17:25:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/07/17 06:54:50 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/07/23 17:25:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2013/06/30 18:41:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/07/17 06:54:50 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/06/28 08:42:23 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\[email protected]
[2013/05/26 07:40:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions
[2013/05/31 13:10:49 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/05/31 13:10:50 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions\[email protected]
[2013/05/26 07:40:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\browser\extensions
[2013/05/31 13:10:50 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\updated\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/05/26 07:40:33 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/06/14 18:20:49 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/14 18:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://search.condui...1321893731&UM=2
CHR - Extension: No name found = C:\Users\Holly's\AppData\Local\Google\Chrome\User Data\Default\Extensions\abfmigjiaapipflmopkaaooigcjjdojh\1.125_0\
CHR - Extension: No name found = C:\Users\Holly's\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: No name found = C:\Users\Holly's\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Holly's\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Holly's\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Holly's\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.4_0\
CHR - Extension: No name found = C:\Users\Holly's\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.70.1\
CHR - Extension: No name found = C:\Users\Holly's\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.70.1_0\
CHR - Extension: No name found = C:\Users\Holly's\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjildcbkilmkddbbpbjljljdmmlfeppl\5.0_0\
CHR - Extension: No name found = C:\Users\Holly's\AppData\Local\Google\Chrome\User Data\Default\Extensions\odnofacmifkjndflfmmplhckcbfjckhj\1.125_0\
CHR - Extension: No name found = C:\Users\Holly's\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcedaelpajnipnmfhhboimfncpnickcn\4.95.1.31912_1\
CHR - Extension: No name found = C:\Users\Holly's\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/07/10 12:38:07 | 000,449,908 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 15442 more lines...
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (getsav-in 5.0) - {050E650F-D4ED-4DC6-9901-1D9B099BBC15} - C:\Users\Holly's\AppData\Local\getsav-in\ie\getsav-in_1374615301.dll ()
O2 - BHO: (LyricXeeker) - {17E58097-6CA5-448B-830F-2A19678248FB} - C:\Program Files (x86)\LyriXeeker\125.dll (LyriXeeker Tech)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (WhiteSmoke New Toolbar) - {739df940-c5ee-4bab-9d7e-270894ae687a} - C:\Program Files (x86)\WhiteSmoke_New\prxtbWhit.dll (Conduit Ltd.)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Holly's\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
O2 - BHO: (SelectionLinks) - {878B8524-AED5-4870-9A96-A515440DAC75} - Reg Error: Value error. File not found
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.21.5\bh\delta.dll (Delta-search.com)
O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
O2 - BHO: (LyricsContainer) - {DA3D98A6-868D-4E1B-BB78-0887230DA405} - C:\Program Files (x86)\LyricsContainer\125.dll (RYD Software)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (ShopAtHome.com Toolbar) - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Users\Holly's\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll (ShopAtHome.com)
O3 - HKLM\..\Toolbar: (WhiteSmoke New Toolbar) - {739df940-c5ee-4bab-9d7e-270894ae687a} - C:\Program Files (x86)\WhiteSmoke_New\prxtbWhit.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.21.5\deltaTlbr.dll (Delta-search.com)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (ShopAtHome.com Toolbar) - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Users\Holly's\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll (ShopAtHome.com)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPQuickWebProxy] C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [SearchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe (Conduit)
O4 - HKLM..\Run: [SpeetItUpFree] C:\Program Files (x86)\SpeedItup Free\speeditupfree.exe (MicroSmarts LLC.)
O4 - HKCU..\Run: [ConduitFloatingPlugin_klibnahbojhkanfgaglnlalfkgpcppfi] C:\Program Files (x86)\Conduit\CT3289847\plugins\TBVerifier.dll (Conduit Ltd.)
O4 - HKCU..\Run: [Free Download Manager] C:\Program Files (x86)\Free Download Manager\fdm.exe (FreeDownloadManager.ORG)
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_64B87BB8FF6F8215EB77F4AB2525317A] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [SearchProtect] C:\Users\Holly's\AppData\Roaming\SearchProtect\bin\cltmng.exe (Conduit)
O4 - HKCU..\Run: [SpeedingUpMyPC] C:\Program Files (x86)\SpeedingUpMyPC\SPMLauncher.exe (http://www.speedingupmypc.com/)
O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Spyware Doctor with AntiVirus] C:\Users\Holly's\Desktop\Spybot-Spyware-Doctor-Install-rw.exe -min File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: [Del856273] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [Del856273] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Holly's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Holly's\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8:64bit: - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8:64bit: - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8:64bit: - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://etradeevents...nt/ieatgpc1.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2C5C3B43-AE1A-4F44-82B7-FC93E32FE0CE}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D0A9A0AC-0280-4AFC-B800-1C91E7379245}: NameServer = 8.8.8.8
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261339~1.144\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll ()
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{95b86ea2-fe61-11e1-80f9-ac162d4f4783}\Shell - "" = AutoRun
O33 - MountPoints2\{95b86eb1-fe61-11e1-80f9-ac162d4f4783}\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/23 18:03:02 | 000,000,000 | ---D | C] -- C:\Users\Holly's\AppData\Local\Babylon
[2013/07/23 17:45:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2013/07/23 17:44:40 | 000,000,000 | ---D | C] -- C:\Users\Holly's\AppData\Roaming\SearchProtect
[2013/07/23 17:44:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WhiteSmoke_New
[2013/07/23 17:44:25 | 000,000,000 | ---D | C] -- C:\Users\Holly's\AppData\Local\Conduit
[2013/07/23 17:44:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2013/07/23 17:40:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LyricsContainer
[2013/07/23 17:40:20 | 000,000,000 | ---D | C] -- C:\Users\Holly's\AppData\Local\getsav-in
[2013/07/23 17:40:18 | 000,000,000 | ---D | C] -- C:\Users\Holly's\AppData\Local\SwvUpdater
[2013/07/23 17:26:24 | 000,000,000 | ---D | C] -- C:\Users\Holly's\AppData\Roaming\Zip Opener Packages
[2013/07/23 17:26:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Open It!
[2013/07/23 17:26:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenIt
[2013/07/23 17:26:06 | 000,000,000 | ---D | C] -- C:\Users\Holly's\AppData\Roaming\BabSolution
[2013/07/23 17:25:52 | 000,000,000 | ---D | C] -- C:\Users\Holly's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
[2013/07/23 17:25:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Delta
[2013/07/23 17:25:41 | 000,000,000 | ---D | C] -- C:\Users\Holly's\AppData\Roaming\Delta
[2013/07/23 17:25:03 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserDefender
[2013/07/23 17:24:21 | 000,000,000 | ---D | C] -- C:\Users\Holly's\AppData\Roaming\DefaultTab
[2013/07/23 17:21:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013/07/23 17:21:06 | 000,000,000 | ---D | C] -- C:\Users\Holly's\AppData\Roaming\Babylon
[2013/07/23 17:20:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LyriXeeker
[2013/07/23 17:19:41 | 000,000,000 | ---D | C] -- C:\Users\Holly's\AppData\Roaming\DSite
[2013/07/23 16:46:37 | 000,000,000 | ---D | C] -- C:\Users\Holly's\Desktop\RK_Quarantine
[2013/07/23 16:26:23 | 000,000,000 | ---D | C] -- C:\Users\Holly's\AppData\Roaming\Free Download Manager
[2013/07/23 16:26:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Download Manager
[2013/07/23 12:39:49 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2013/07/23 12:39:13 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NBRTWizardx64
[2013/07/23 12:39:13 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NBRTWizardx64\0501000.01A
[2013/07/23 12:39:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard
[2013/07/23 12:39:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Bootable Recovery Tool Wizard
[2013/07/23 11:46:56 | 000,000,000 | ---D | C] -- C:\Users\Holly's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2013/07/23 10:33:21 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2013/07/23 08:56:13 | 000,000,000 | ---D | C] -- C:\Users\Holly's\AppData\Local\Microsoft Games
[2013/07/17 07:35:32 | 000,000,000 | ---D | C] -- C:\Users\Holly's\AppData\Roaming\SpeedingUpMyPc
[2013/07/16 19:03:07 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/07/12 19:22:32 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2013/07/12 18:36:53 | 000,000,000 | ---D | C] -- C:\Users\Holly's\AppData\Local\LogMeIn Rescue Applet
[2013/07/12 18:19:34 | 000,000,000 | ---D | C] -- C:\Users\Holly's\AppData\Roaming\Foresight Software
[2013/07/12 18:19:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Foresight Software
[2013/07/10 19:34:58 | 000,000,000 | R--D | C] -- C:\Users\Holly's\Desktop\New folder
[2013/07/10 17:58:57 | 000,000,000 | ---D | C] -- C:\Downloads
[2013/07/03 17:56:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Download Manager
[2013/07/03 17:52:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\24x7Help
[2013/07/03 17:52:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PCFixSpeed
[2013/07/03 17:49:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OtShot
[2013/07/03 17:47:14 | 000,000,000 | ---D | C] -- C:\ProgramData\ZalmanInstaller_52330
[2013/07/03 16:12:25 | 000,000,000 | ---D | C] -- C:\Users\Holly's\AppData\Roaming\SpeedyPC Software
[2013/07/03 16:10:45 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2013/07/03 15:47:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedItup Free
[2013/07/03 15:28:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedingUpMyPC
[2013/07/02 20:47:08 | 000,000,000 | ---D | C] -- C:\Users\Holly's\AppData\Roaming\TeamViewer
[2013/07/02 17:50:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2013
[2013/07/02 17:49:54 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2013/07/02 17:49:33 | 000,000,000 | --SD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013/07/02 17:42:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DriverUpdate
[2013/07/02 17:42:45 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers
[2013/07/02 17:36:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
[2013/07/01 16:06:10 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013/07/01 15:42:35 | 000,000,000 | ---D | C] -- C:\ef58cb80733caf56eb1c5276d1fa71ab
[2013/07/01 12:11:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hide My IP
[2013/07/01 11:38:56 | 000,030,056 | ---- | C] (Hide My IP) -- C:\Windows\SysNative\drivers\hmip64.sys
[2013/07/01 11:26:14 | 000,000,000 | ---D | C] -- C:\Users\Holly's\AppData\Local\CRE
[2013/06/30 18:43:01 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/06/30 11:59:50 | 000,000,000 | ---D | C] -- C:\Program Files\ErrorEND
[2013/06/28 10:07:24 | 000,000,000 | ---D | C] -- C:\ProgramData\ErrorEND64
[2013/06/27 19:49:47 | 000,000,000 | ---D | C] -- C:\Users\Holly's\AppData\Local\iolo
[2013/06/27 19:49:47 | 000,000,000 | ---D | C] -- C:\ProgramData\iolo
[2013/06/27 19:49:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SafePCRepair
[2013/06/27 19:48:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SafePCRepair_89 Chrome Extension
[2013/06/27 19:30:00 | 000,000,000 | ---D | C] -- C:\Program Files\EasyFix Tools
[82 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/07/23 18:07:36 | 000,001,192 | ---- | M] () -- C:\Windows\tasks\Safe Saver-updater.job
[2013/07/23 18:07:33 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\Safe Saver-enabler.job
[2013/07/23 18:07:27 | 000,001,196 | ---- | M] () -- C:\Windows\tasks\Safe Saver-codedownloader.job
[2013/07/23 18:05:39 | 000,001,826 | ---- | M] () -- C:\Windows\tasks\Safe Saver-firefoxinstaller.job
[2013/07/23 18:05:35 | 000,001,902 | ---- | M] () -- C:\Windows\tasks\Safe Saver-chromeinstaller.job
[2013/07/23 18:00:01 | 000,000,496 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2013/07/23 17:48:01 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/23 17:45:03 | 000,000,009 | ---- | M] () -- C:\END
[2013/07/23 17:40:20 | 000,000,364 | ---- | M] () -- C:\Windows\tasks\AmiUpdXp.job
[2013/07/23 17:40:01 | 000,000,412 | ---- | M] () -- C:\Windows\tasks\LyricsContainer Update.job
[2013/07/23 17:26:19 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\Open It!.lnk
[2013/07/23 17:24:27 | 000,000,258 | RHS- | M] () -- C:\Users\Holly's\ntuser.pol
[2013/07/23 17:20:31 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\LyricXeeker Update.job
[2013/07/23 17:19:42 | 000,000,294 | ---- | M] () -- C:\Windows\tasks\DSite.job
[2013/07/23 17:14:18 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/23 17:14:18 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/23 17:13:08 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/23 17:07:03 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\spmonitor.job
[2013/07/23 17:06:58 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/23 17:06:57 | 000,000,520 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job
[2013/07/23 17:06:57 | 000,000,470 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Pro Startup.job
[2013/07/23 17:06:57 | 000,000,418 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro64 startups.job
[2013/07/23 17:06:26 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2013/07/23 17:06:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/23 17:06:21 | 1494,110,208 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/23 17:03:11 | 000,000,342 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013/07/23 16:28:11 | 000,001,375 | ---- | M] () -- C:\Users\Holly's\Desktop\Norton Installation Files.lnk
[2013/07/23 16:26:18 | 000,001,027 | ---- | M] () -- C:\Users\Holly's\Desktop\Free Download Manager.lnk
[2013/07/23 11:18:40 | 000,000,468 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2013/07/23 10:41:27 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/07/23 07:48:45 | 000,008,448 | ---- | M] () -- C:\Windows\SysWow64\HideMyIpSRV.ini
[2013/07/23 07:48:45 | 000,004,512 | ---- | M] () -- C:\Windows\SysWow64\HideMyIpSRVOff.ini
[2013/07/23 07:48:45 | 000,004,512 | ---- | M] () -- C:\Windows\SysNative\HideMyIpSRVOff.ini
[2013/07/20 16:12:52 | 000,092,749 | ---- | M] () -- C:\Users\Holly's\Documents\Meeting-Room-Application Hughes Library.pdf
[2013/07/20 16:03:57 | 000,073,050 | ---- | M] () -- C:\Users\Holly's\Documents\Meeting-Room-Application.pdf
[2013/07/20 15:24:31 | 000,000,424 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Pro.job
[2013/07/17 06:47:09 | 000,384,752 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/16 19:03:06 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\License_Time.rdat
[2013/07/12 09:53:29 | 000,000,247 | ---- | M] () -- C:\nphssb.xpt
[2013/07/10 12:38:07 | 000,449,908 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/07/10 12:33:52 | 000,449,908 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130710-123806.backup
[2013/07/10 12:27:27 | 000,017,247 | ---- | M] () -- C:\Windows\wininit.ini
[2013/07/09 14:41:30 | 000,449,871 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130710-123349.backup
[2013/07/05 07:37:20 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForHolly's.job
[2013/07/03 15:48:07 | 000,001,098 | ---- | M] () -- C:\Users\Holly's\Application Data\Microsoft\Internet Explorer\Quick Launch\SpeedItup Free.lnk
[2013/07/03 09:53:50 | 000,449,908 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130703-125954.backup
[2013/07/03 09:53:50 | 000,449,908 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130709-144130.backup
[2013/07/02 17:36:45 | 000,001,174 | ---- | M] () -- C:\Users\Holly's\Application Data\Microsoft\Internet Explorer\Quick Launch\SpeedUpMyPC.lnk
[2013/07/02 12:04:08 | 000,449,871 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130703-095349.backup
[2013/07/02 11:27:42 | 000,449,871 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130702-120408.backup
[2013/07/02 11:21:46 | 000,449,871 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130702-112742.backup
[2013/07/02 09:43:26 | 000,449,871 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130702-094357.backup
[2013/07/02 09:43:26 | 000,449,871 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130702-112146.backup
[2013/07/02 09:43:08 | 000,449,871 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130702-094326.backup
[2013/07/02 09:42:45 | 000,449,871 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130702-094308.backup
[2013/07/02 09:42:24 | 000,449,871 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130702-094245.backup
[2013/07/02 09:41:43 | 000,449,871 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130702-094224.backup
[2013/07/02 09:07:49 | 000,449,871 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130702-094143.backup
[2013/07/01 19:06:52 | 000,449,871 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130702-090749.backup
[2013/07/01 18:19:09 | 000,449,871 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130701-190651.backup
[2013/07/01 18:06:43 | 000,449,908 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130701-181908.backup
[2013/07/01 17:45:07 | 000,449,908 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130701-180641.backup
[2013/07/01 17:06:54 | 000,449,908 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130701-174505.backup
[2013/07/01 17:00:04 | 000,449,908 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130701-170653.backup
[2013/07/01 16:57:38 | 000,449,908 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130701-170003.backup
[2013/07/01 16:49:25 | 000,449,908 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130701-165738.backup
[2013/07/01 16:43:19 | 000,449,908 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130701-164923.backup
[2013/07/01 12:11:55 | 000,001,045 | ---- | M] () -- C:\Users\Holly's\Application Data\Microsoft\Internet Explorer\Quick Launch\Hide My IP.lnk
[2013/06/30 20:14:39 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForHOLLYS-HP$.job
[2013/06/30 10:43:02 | 000,000,064 | ---- | M] () -- C:\Windows\GPlrLanc.dat
[2013/06/30 10:24:23 | 000,033,958 | ---- | M] () -- C:\ProgramData\uninstaller.exe
[2013/06/27 19:30:05 | 000,000,891 | ---- | M] () -- C:\Users\Holly's\Application Data\Microsoft\Internet Explorer\Quick Launch\EasyFix Tools.lnk
[82 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/07/23 17:44:55 | 000,000,009 | ---- | C] () -- C:\END
[2013/07/23 17:40:20 | 000,000,364 | ---- | C] () -- C:\Windows\tasks\AmiUpdXp.job
[2013/07/23 17:40:01 | 000,000,412 | ---- | C] () -- C:\Windows\tasks\LyricsContainer Update.job
[2013/07/23 17:26:19 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\Open It!.lnk
[2013/07/23 17:24:27 | 000,000,258 | RHS- | C] () -- C:\Users\Holly's\ntuser.pol
[2013/07/23 17:20:31 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\LyricXeeker Update.job
[2013/07/23 17:19:42 | 000,000,294 | ---- | C] () -- C:\Windows\tasks\DSite.job
[2013/07/23 17:02:42 | 000,000,342 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013/07/23 16:26:18 | 000,001,027 | ---- | C] () -- C:\Users\Holly's\Desktop\Free Download Manager.lnk
[2013/07/23 12:39:13 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NBRTWizardx64\0501000.01A\isolate.ini
[2013/07/23 11:46:56 | 000,001,375 | ---- | C] () -- C:\Users\Holly's\Desktop\Norton Installation Files.lnk
[2013/07/20 16:03:57 | 000,073,050 | ---- | C] () -- C:\Users\Holly's\Documents\Meeting-Room-Application.pdf
[2013/07/18 17:04:30 | 000,092,749 | ---- | C] () -- C:\Users\Holly's\Documents\Meeting-Room-Application Hughes Library.pdf
[2013/07/16 19:03:06 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\License_Time.rdat
[2013/07/03 16:27:38 | 000,000,418 | ---- | C] () -- C:\Windows\tasks\PC Optimizer Pro64 startups.job
[2013/07/03 16:12:30 | 000,000,496 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2013/07/03 16:10:59 | 000,000,470 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Pro Startup.job
[2013/07/03 16:10:57 | 000,000,520 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job
[2013/07/03 16:10:57 | 000,000,468 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2013/07/03 16:10:51 | 000,000,424 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Pro.job
[2013/07/03 15:48:07 | 000,001,098 | ---- | C] () -- C:\Users\Holly's\Application Data\Microsoft\Internet Explorer\Quick Launch\SpeedItup Free.lnk
[2013/07/02 17:36:50 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\spmonitor.job
[2013/07/02 17:36:45 | 000,001,174 | ---- | C] () -- C:\Users\Holly's\Application Data\Microsoft\Internet Explorer\Quick Launch\SpeedUpMyPC.lnk
[2013/07/01 12:11:55 | 000,001,045 | ---- | C] () -- C:\Users\Holly's\Application Data\Microsoft\Internet Explorer\Quick Launch\Hide My IP.lnk
[2013/07/01 11:38:58 | 000,008,448 | ---- | C] () -- C:\Windows\SysWow64\HideMyIpSRV.ini
[2013/07/01 11:38:58 | 000,004,512 | ---- | C] () -- C:\Windows\SysWow64\HideMyIpSRVOff.ini
[2013/07/01 11:38:58 | 000,004,512 | ---- | C] () -- C:\Windows\SysNative\HideMyIpSRVOff.ini
[2013/06/30 19:20:38 | 000,002,356 | ---- | C] () -- C:\Users\Holly's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
[2013/06/30 10:43:02 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2013/06/30 10:24:23 | 000,033,958 | ---- | C] () -- C:\ProgramData\uninstaller.exe
[2013/06/27 19:30:05 | 000,000,891 | ---- | C] () -- C:\Users\Holly's\Application Data\Microsoft\Internet Explorer\Quick Launch\EasyFix Tools.lnk
[2013/06/18 22:44:34 | 000,017,247 | ---- | C] () -- C:\Windows\wininit.ini
[2013/05/22 11:21:06 | 004,325,376 | ---- | C] () -- C:\ProgramData\ReadOnlyInstaller.msi
[2013/05/14 11:06:57 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2013/05/14 11:06:53 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2013/05/14 11:06:45 | 013,899,776 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2013/01/11 21:17:34 | 000,778,492 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/12/19 10:56:51 | 000,000,538 | ---- | C] () -- C:\Users\Holly's\AppData\Roaming\com.zoosk.Desktop_state.xml
[2012/12/05 14:17:22 | 000,072,751 | ---- | C] () -- C:\Users\Holly's\Campaign8-Home-Decor.pdf
[2012/12/05 14:16:08 | 000,142,935 | ---- | C] () -- C:\Users\Holly's\Campaign7-Geek iphone pink.pdf
[2012/12/05 14:13:48 | 000,018,189 | ---- | C] () -- C:\Users\Holly's\Campaign6-Food.pdf
[2012/12/05 13:38:21 | 000,086,174 | ---- | C] () -- C:\Users\Holly's\Campaign5-Hair-and-Beauty.pdf
[2012/12/05 13:26:54 | 000,084,652 | ---- | C] () -- C:\Users\Holly's\Campaign1-Womens-Fashion.pdf
[2012/12/05 13:23:29 | 000,486,862 | ---- | C] () -- C:\Users\Holly's\Campaign4-Health-and-Fitness.pdf
[2012/12/05 13:22:43 | 000,511,826 | ---- | C] () -- C:\Users\Holly's\Campaign3-Travel.pdf
[2012/12/05 13:16:49 | 000,032,218 | ---- | C] () -- C:\Users\Holly's\Campaign2-Children.pdf
[2012/12/05 13:14:10 | 000,084,652 | ---- | C] () -- C:\Users\Holly's\Campaign1-Womens-Fashion (1).pdf
[2012/12/05 13:08:36 | 000,125,102 | ---- | C] () -- C:\Users\Holly's\pinprofitsquickstart.pdf
[2012/11/07 13:07:58 | 000,829,365 | ---- | C] () -- C:\Users\Holly's\AppData\Local\census.cache
[2012/11/07 13:06:57 | 000,113,351 | ---- | C] () -- C:\Users\Holly's\AppData\Local\ars.cache
[2012/11/07 12:50:49 | 000,000,036 | ---- | C] () -- C:\Users\Holly's\AppData\Local\housecall.guid.cache
[2012/11/04 08:50:02 | 000,003,584 | ---- | C] () -- C:\Users\Holly's\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/10/18 08:08:11 | 000,150,246 | ---- | C] () -- C:\Users\Holly's\IT_GIRLentry-formpdf bebe.pdf
[2012/10/11 10:27:10 | 000,022,319 | ---- | C] () -- C:\Users\Holly's\2424 thru Sept 28.pdf
[2012/10/11 10:20:39 | 000,042,875 | ---- | C] () -- C:\Users\Holly's\September.pdf
[2012/09/19 13:59:23 | 000,205,489 | ---- | C] () -- C:\Windows\hpwins26.dat
[2012/09/18 09:03:20 | 000,025,676 | ---- | C] () -- C:\Users\Holly's\march.pdf
[2012/09/17 13:13:48 | 000,021,942 | ---- | C] () -- C:\Users\Holly's\quarterly 2424.pdf
[2012/09/17 13:12:27 | 000,028,485 | ---- | C] () -- C:\Users\Holly's\april.pdf
[2012/09/17 13:11:53 | 000,034,381 | ---- | C] () -- C:\Users\Holly's\may.pdf
[2012/09/17 13:11:26 | 000,033,580 | ---- | C] () -- C:\Users\Holly's\june.pdf
[2012/09/17 13:10:33 | 000,031,968 | ---- | C] () -- C:\Users\Holly's\july.pdf
[2012/09/17 13:09:18 | 000,032,001 | ---- | C] () -- C:\Users\Holly's\aug.pdf
[2012/07/29 14:24:42 | 000,098,136 | ---- | C] () -- C:\Windows\gzip.exe
[2012/07/20 08:03:59 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/06/01 07:31:34 | 000,026,024 | ---- | C] () -- C:\Windows\snuvcdsm.exe
[2012/04/23 04:42:59 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/11/12 10:20:44 | 000,000,000 | ---D | M] -- C:\Users\Holly's\AppData\Roaming\.strongvpn
[2012/10/19 20:54:39 | 000,000,000 | ---D | M] -- C:\Users\Holly's\AppData\Roaming\AVG
[2012/10/19 15:59:45 | 000,000,000 | ---D | M] -- C:\Users\Holly's\AppData\Roaming\AVG2013
[2013/07/23 17:26:07 | 000,000,000 | ---D | M] -- C:\Users\Holly's\AppData\Roaming\BabSolution
[2013/07/23 17:21:06 | 000,000,000 | ---D | M] -- C:\Users\Holly's\AppData\Roaming\Babylon
[2012/11/03 19:43:58 | 000,000,000 | ---D | M] -- C:\Users\Holly's\AppData\Roaming\Blio
[2012/07/19 08:50:00 | 000,000,000 | ---D | M] -- C:\Users\Holly's\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2013/07/23 17:24:21 | 000,000,000 | ---D | M] -- C:\Users\Holly's\AppData\Roaming\DefaultTab
[2013/07/23 17:25:41 | 000,000,000 | ---D | M] -- C:\Users\Holly's\AppData\Roaming\Delta
[2013/07/23 17:08:05 | 000,000,000 | ---D | M] -- C:\Users\Holly's\AppData\Roaming\Dropbox
[2013/07/23 17:19:41 | 000,000,000 | ---D | M] -- C:\Users\Holly's\AppData\Roaming\DSite
[2012/07/13 09:45:43 | 000,000,000 | ---D | M] -- C:\Users\Holly's\AppData\Roaming\Fighters
[2013/07/12 18:19:34 | 000,000,000 | ---D | M] -- C:\Users\Holly's\AppData\Roaming\Foresight Software
[2013/07/23 16:47:26 | 000,000,000 | ---D | M] -- C:\Users\Holly's\AppData\Roaming\Free Download Manager
[2012/10/31 15:19:01 | 000,000,000 | ---D | M] -- C:\Users\Holly's\AppData\Roaming\GSafe
[2013/04/24 13:04:47 | 000,000,000 | ---D | M] -- C:\Users\Holly's\AppData\Roaming\Nico Mak Computing
[2012/10/12 23:24:28 | 000,000,000 | ---D | M] -- C:\Users\Holly's\AppData\Roaming\OpenOffice.org
[2012/11/02 09:21:10 | 000,000,000 | ---D | M] -- C:\Users\Holly's\AppData\Roaming\PFStaticIP
[2013/07/23 17:52:19 | 000,000,000 | ---D | M] -- C:\Users\Holly's\AppData\Roaming\SearchProtect
[2013/05/31 13:11:07 | 000,000,000 | ---D | M] -- C:\Users\Holly's\AppData\Roaming\ShopAtHome
[2013/07/17 07:35:32 | 000,000,000 | ---D | M] -- C:\Users\Holly's\AppData\Roaming\SpeedingUpMyPc
[2013/07/03 16:12:25 | 000,000,000 | ---D | M] -- C:\Users\Holly's\AppData\Roaming\SpeedyPC Software
[2012/07/13 06:57:10 | 000,000,000 | ---D | M] -- C:\Users\Holly's\AppData\Roaming\Synaptics
[2013/07/02 20:47:08 | 000,000,000 | ---D | M] -- C:\Users\Holly's\AppData\Roaming\TeamViewer
[2012/10/12 07:55:46 | 000,000,000 | ---D | M] -- C:\Users\Holly's\AppData\Roaming\TuneUp Software
[2012/10/31 15:29:22 | 000,000,000 | ---D | M] -- C:\Users\Holly's\AppData\Roaming\WeatherBug
[2013/04/22 14:07:07 | 000,000,000 | ---D | M] -- C:\Users\Holly's\AppData\Roaming\webex
[2012/07/13 14:21:03 | 000,000,000 | ---D | M] -- C:\Users\Holly's\AppData\Roaming\Windows Live Writer
[2013/07/23 17:26:24 | 000,000,000 | ---D | M] -- C:\Users\Holly's\AppData\Roaming\Zip Opener Packages

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:025D1DF5
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:5C321E34
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >
  • 0

#11
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts

Hi Jasmyne it wont let me download the junkfiler it says it has unauthorized author and could harm my computer. I have done everything else you asked me too working on last otl scan. Thanks but so far nothing. Any other suggestions besides out of the box?

Thanks,

Holly


Holly,

Some of our tools can give that warning, but I promise I'll never ask you to download anything that could harm your computer. You can go ahead and skip it for now, we can remove anything that is left with OTL later. These scans started getting rid of a lot of the adware on your computer. I will go through your new OTL log and after getting approval will post more instructions for you. :)

Jasmyne
  • 0

#12
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
I have a few more steps for you. Please be refrain if at all possible from downloading new software until we are finished with the removal process unless I have asked you to download it. After running AdwCleaner previously, other downloads were made that reinstalled much of the adware (Babylon and Conduit are a few) and well as additional adware (Snap.do and Delta are a few) this makes the process longer for both of us. I appreciate your patience in waiting for instructions in between scans. Thank you.

Step 1 - Uninstall Programs

!! Registry Cleaner Warning !!
A registry cleaner will not increase your system's speed or performance, and has the potential to break your registry to the point that your PC is no longer bootable.
At Geeks to Go we strongly advise that people stay away from any of the registry cleaners out there. Go here to get more information about why registry cleaners aren't needed. Technet blog also discusses this issue as well as Ed Bott.

You have many programs that technically are legitimate programs, that contain registry cleaners and promise to speed up your computer. Many of these also only will do so if you pay for them but also additionally bog down your computer making it run slower so I'd recommend that you remove them. These optional Removals are in listed in orange. Any others listed please remove as they are considered adware.

  • Open Programs and Features by clicking the Start button Posted Image, clicking Control Panel, clicking Programs, and then clicking Programs and Features.
  • Select a program, and then click Uninstall.

  • Hotspot Shield Toolbar
  • EasyFix Tools v1.0
  • SafePCRepair Toolbar Chrome Extension
  • Search Protect by conduit
  • SpeedingUpMyPC v3.1
  • SpeedItup Free 7.70
  • TuneUp Utilities 2013
  • Snap.Do Engine

Step 2- AdwCleaner

Please delete your current copy of AdwCleaner by opening it and pressing Uninstall.

  • Download a new copy of AdwCleaner from here or here and save it to your desktop.
  • Run AdwCleaner and select Delete

    Posted Image
  • Once it has completed it will ask to reboot the computer, please allow it to so.
  • After the computer reboots, a log will be produced. Please attach that log to your next post.

Step 3 - OTL Fix

Before running this fix, please move OTL to your desktop.

Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the code box below. To do this, highlight everything
inside the code box, right click and click Copy.

:Commands
[createrestorepoint]

:OTL
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.funmood...C&cr=1976401719
IE - HKLM\..\URLSearchHook: {6c3d3bd4-75f8-4283-bb97-1e22c4c090df} - No CLSID value found
IE - HKLM\..\URLSearchHook: {739df940-c5ee-4bab-9d7e-270894ae687a} - C:\Program Files (x86)\WhiteSmoke_New\prxtbWhit.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - No CLSID value found
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.funmood...C&cr=1976401719
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www1.delta-se...119351&tsp=4952
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.c...Date=30/06/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...PV=SSPV_AB_IE_2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.c...Date=30/06/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.c...Date=30/06/2013
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www1.delta-se...119351&tsp=4952
IE - HKCU\..\SearchScopes\{7D5798E4-A98D-48BB-9292-EAD72E4D759C}: "URL" = www.buenosearch.com?babsrc=ext_WinjNw&affID=123486&q={searchTerms}
IE - HKCU\..\SearchScopes\{7D7B236C-7520-4DC6-9896-2B50E0E3D588}: "URL" = http://search.condui...5541527966&UM=2
FF - prefs.js..browser.startup.homepage: "http://www1.delta-search.com/?babsrc=HP_ss&mntrId=145F00FFD0A9A0AC&affID=119351&tsp=4952"
FF - prefs.js..browser.search.selectedEngine: "Delta Search"
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}: C:\Program Files\Updater By SweetPacks\Firefox
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\LyriXeeker\125.xpi [2013/07/23 17:20:31 | 000,007,101 | ---- | M] ()
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\LyricsContainer\125.xpi [2013/07/23 17:40:37 | 000,007,246 | ---- | M] ()
[2013/07/23 17:25:43 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Users\Holly's\AppData\Roaming\mozilla\Firefox\Profiles\b66034y8.default\extensions\[email protected]
[2013/07/23 17:40:33 | 000,000,000 | ---D | M] (getsav-in) -- C:\Users\Holly's\AppData\Roaming\mozilla\Firefox\Profiles\b66034y8.default\extensions\[email protected]
[2013/07/23 17:24:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Holly's\AppData\Roaming\mozilla\Firefox\Profiles\c9hggb48.default\extensions
[2012/07/14 18:03:37 | 000,000,000 | ---D | M] (Bucksbee Loyalty Plugin - 100815) -- C:\Users\Holly's\AppData\Roaming\mozilla\Firefox\Profiles\c9hggb48.default\extensions\{758d6aeb-75e4-9f24-fd49-51b640add07f}
[2012/11/02 09:21:10 | 000,000,000 | ---D | M] (DownTango Launcher) -- C:\Users\Holly's\AppData\Roaming\mozilla\Firefox\Profiles\c9hggb48.default\extensions\{890a3e16-521d-4d00-bdf9-e07218d09c8d}
[2013/07/23 17:24:20 | 000,029,620 | ---- | M] () (No name found) -- C:\Users\Holly's\AppData\Roaming\mozilla\firefox\profiles\c9hggb48.default\extensions\[email protected]
[2013/07/23 17:21:59 | 000,006,507 | ---- | M] () -- C:\Users\Holly's\AppData\Roaming\mozilla\firefox\profiles\b66034y8.default\searchplugins\babylon.xml
[2013/07/23 17:25:44 | 000,001,294 | ---- | M] () -- C:\Users\Holly's\AppData\Roaming\mozilla\firefox\profiles\b66034y8.default\searchplugins\delta.xml
[2013/07/23 17:25:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2013/06/28 08:42:23 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\[email protected]
[2013/05/31 13:10:50 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions\[email protected]
O2 - BHO: (getsav-in 5.0) - {050E650F-D4ED-4DC6-9901-1D9B099BBC15} - C:\Users\Holly's\AppData\Local\getsav-in\ie\getsav-in_1374615301.dll ()
O2 - BHO: (WhiteSmoke New Toolbar) - {739df940-c5ee-4bab-9d7e-270894ae687a} - C:\Program Files (x86)\WhiteSmoke_New\prxtbWhit.dll (Conduit Ltd.)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Holly's\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
O2 - BHO: (SelectionLinks) - {878B8524-AED5-4870-9A96-A515440DAC75} - Reg Error: Value error. File not found
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.21.5\bh\delta.dll (Delta-search.com)
O2 - BHO: (LyricsContainer) - {DA3D98A6-868D-4E1B-BB78-0887230DA405} - C:\Program Files (x86)\LyricsContainer\125.dll (RYD Software)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (ShopAtHome.com Toolbar) - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Users\Holly's\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll (ShopAtHome.com)
O3 - HKLM\..\Toolbar: (WhiteSmoke New Toolbar) - {739df940-c5ee-4bab-9d7e-270894ae687a} - C:\Program Files (x86)\WhiteSmoke_New\prxtbWhit.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.21.5\deltaTlbr.dll (Delta-search.com)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (ShopAtHome.com Toolbar) - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Users\Holly's\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll (ShopAtHome.com)
O4 - HKLM..\Run: [SearchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe (Conduit)
O4 - HKCU..\Run: [ConduitFloatingPlugin_klibnahbojhkanfgaglnlalfkgpcppfi] C:\Program Files (x86)\Conduit\CT3289847\plugins\TBVerifier.dll (Conduit Ltd.)
O4 - HKCU..\Run: [SearchProtect] C:\Users\Holly's\AppData\Roaming\SearchProtect\bin\cltmng.exe (Conduit)
[2013/07/23 18:03:02 | 000,000,000 | ---D | C] -- C:\Users\Holly's\AppData\Local\Babylon
[2013/07/23 17:45:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2013/07/23 17:44:40 | 000,000,000 | ---D | C] -- C:\Users\Holly's\AppData\Roaming\SearchProtect
[2013/07/23 17:44:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WhiteSmoke_New
[2013/07/23 17:44:25 | 000,000,000 | ---D | C] -- C:\Users\Holly's\AppData\Local\Conduit
[2013/07/23 17:44:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2013/07/23 17:40:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LyricsContainer
[2013/07/23 17:40:20 | 000,000,000 | ---D | C] -- C:\Users\Holly's\AppData\Local\getsav-in
[2013/07/23 17:40:18 | 000,000,000 | ---D | C] -- C:\Users\Holly's\AppData\Local\SwvUpdater
[2013/07/23 17:26:24 | 000,000,000 | ---D | C] -- C:\Users\Holly's\AppData\Roaming\Zip Opener Packages
[2013/07/23 17:26:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Open It!
[2013/07/23 17:26:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenIt
[2013/07/23 17:26:06 | 000,000,000 | ---D | C] -- C:\Users\Holly's\AppData\Roaming\BabSolution
[2013/07/23 17:25:52 | 000,000,000 | ---D | C] -- C:\Users\Holly's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
[2013/07/23 17:25:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Delta
[2013/07/23 17:25:41 | 000,000,000 | ---D | C] -- C:\Users\Holly's\AppData\Roaming\Delta
[2013/07/23 17:25:03 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserDefender
[2013/07/23 17:24:21 | 000,000,000 | ---D | C] -- C:\Users\Holly's\AppData\Roaming\DefaultTab
[2013/07/23 17:21:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013/07/23 17:21:06 | 000,000,000 | ---D | C] -- C:\Users\Holly's\AppData\Roaming\Babylon
[2013/07/23 17:20:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LyriXeeker
 [2013/07/23 17:19:41 | 000,000,000 | ---D | C] -- C:\Users\Holly's\AppData\Roaming\DSite
[2013/07/03 17:52:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\24x7Help
[2013/07/03 17:49:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OtShot
[2013/07/03 17:47:14 | 000,000,000 | ---D | C] -- C:\ProgramData\ZalmanInstaller_52330
[2013/07/23 17:20:31 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\LyricXeeker Update.job
[2013/07/23 17:19:42 | 000,000,294 | ---- | M] () -- C:\Windows\tasks\DSite.job
[2013/07/03 16:27:38 | 000,000,418 | ---- | C] () -- C:\Windows\tasks\PC Optimizer Pro64 startups.job
[2013/05/31 13:11:07 | 000,000,000 | ---D | M] -- C:\Users\Holly's\AppData\Roaming\ShopAtHome

:Files
C:\ProgramData\BrowserDefender

:Commands
[emptytemp]
2. Please re-open Posted Image on your desktop.
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).
10. Run OTL again:
  • Please check the box next to Scan All Users
  • Make sure Use SafeList is selected under Extra Registry.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    dir C:\ /S /A:L /C
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic


~~~~~~~~~~~~~~~~~~~~ Things Needed for Your Next Post ~~~~~~~~~~~~~~~~~~~~
1. adwCleaner Log
2. OTL Fix Log
3. New OTL Log with Custom Scan
4. New Extras.txt
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP