[tdjone813]

I think my daughters computer has a virus or something on it. It's been running really slow and freezing up continuously. Any help would be greatly appreciated. She's a junion in high school and in honors classes and uses her laptop alot.

[Advertisements]

Hello and welcome to Geeks to Go! My nickname is Pystryker , and I will be helping you with your issue today.

Please note: I am currently in training and all my fixes must be approved by my teacher before being posted. This gives you the advantage of having two people working to solve your problems.

Before we get started, I have a few things I need to go over with you

• Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  
• Please subscribe to this topic. By subscribing, the board will notify you when a new reply is added to your topic. You can find instructions on how to do that by clicking here.

• If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  
  
• Please read through my instructions carefully and completely before executing them.
  
• Please make sure that all the programs I ask you to download are downloaded to and run from your Desktop.
  
• Please make sure you print out these instructions so that you will be able to refer to them while working on your machine. Part of the solution(s) to your problem may involve us working in Safe Mode and you will need them to go by.
  
• Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  
• Please read through my instructions carefully and make sure you complete them from start to finish. I will make sure that I lay the instructions out in a step by step order to make them easy to follow
  
• This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  
• Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  
• Please make sure you reply within 3 days to my responses, if there is no reply within 3 days, the topic will be closed and you will need to request the topic be reopened.
  
• Before we get started, please remember we will do our best to get your machine repaired. However, there are some cases where the only solution is a reformat and reinstall of the operating system. This is a worst case scenario though.
  
• It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  
• If possible, please have your original Windows installation disks handy, just in case.
  
• If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  
• If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  
• Please copy and paste the contents of any requested logs in your replies. Do not attach the log files in your replies unless requested to do so.
  
• Please remember, the fixes are for your machine and your machine ONLY!

Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future

Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way.

Now, let's get started, shall we?


Hello Let's run some scans a get a look at what's going on.

Please follow the instructions below.


Step 1: OTL Scan


Download OTL

Download OTL to your desktop by clicking here. If for some reason, that link is working, please click here for a secondary site.

• Close any open windows and then double click (Vists, Windows 7, 8, right click and then click Run as Administrator) the icon to start OTL.
  
• Please make sure the following boxes are checked.
  
• Scan All Users
• Use Company-Name WhiteList
• Skip Microsoft Files
• Use No-Company-Name Whitelist
• LOP Check
• Purity Check
  
• Please check Use Safelist is checked under Extra Registry.
  
• Copy the contents of the quote box below Do not copy the word quote! and paste them into the Custom Scans/Fixes box at the bottom of OTL's control panel.
  
  

  %SYSTEMDRIVE%\*.exe
  /md5start
  services.*
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  /md5stop
  dir "%systemdrive%\*" /S /A:L /C
  

• Click the Run Scan button.

• Please do not interrupt the scanning process. It may take a while to complete the scan, so please be patient.
  
• When the scan is finished, it will generate 2 logs, OTL.txt and Extras.txt, each in a Notepad window. Both of these logs are saved in the same location as OTL. In this case, on your desktop.
  
• Please post each log in your next reply.

Step 2: aswMBR Scan

• Please download aswMBR.exe to your desktop.
  
• Double click the file to run it.
  
• It will ask if you want to download the latest Avast! virus definitions, please answer yes.

• Click the Scan button to begin the scan.

• Once the scan has finished, click on Save Log, save it to your desktop as asw.txt, and please post it in your next reply.
  
• Click Exit

Things I need to see in your next post

OTL Scan Log

OTL Extras Log

aswMBR Log

[pystryker]

Hello and welcome to Geeks to Go! My nickname is Pystryker , and I will be helping you with your issue today.

Please note: I am currently in training and all my fixes must be approved by my teacher before being posted. This gives you the advantage of having two people working to solve your problems.

Before we get started, I have a few things I need to go over with you

• Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  
• Please subscribe to this topic. By subscribing, the board will notify you when a new reply is added to your topic. You can find instructions on how to do that by clicking here.

• If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  
  
• Please read through my instructions carefully and completely before executing them.
  
• Please make sure that all the programs I ask you to download are downloaded to and run from your Desktop.
  
• Please make sure you print out these instructions so that you will be able to refer to them while working on your machine. Part of the solution(s) to your problem may involve us working in Safe Mode and you will need them to go by.
  
• Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  
• Please read through my instructions carefully and make sure you complete them from start to finish. I will make sure that I lay the instructions out in a step by step order to make them easy to follow
  
• This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  
• Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  
• Please make sure you reply within 3 days to my responses, if there is no reply within 3 days, the topic will be closed and you will need to request the topic be reopened.
  
• Before we get started, please remember we will do our best to get your machine repaired. However, there are some cases where the only solution is a reformat and reinstall of the operating system. This is a worst case scenario though.
  
• It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  
• If possible, please have your original Windows installation disks handy, just in case.
  
• If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  
• If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  
• Please copy and paste the contents of any requested logs in your replies. Do not attach the log files in your replies unless requested to do so.
  
• Please remember, the fixes are for your machine and your machine ONLY!

Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future

Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way.

Now, let's get started, shall we?


Hello Let's run some scans a get a look at what's going on.

Please follow the instructions below.


Step 1: OTL Scan


Download OTL

Download OTL to your desktop by clicking here. If for some reason, that link is working, please click here for a secondary site.

• Close any open windows and then double click (Vists, Windows 7, 8, right click and then click Run as Administrator) the icon to start OTL.
  
• Please make sure the following boxes are checked.
  
• Scan All Users
• Use Company-Name WhiteList
• Skip Microsoft Files
• Use No-Company-Name Whitelist
• LOP Check
• Purity Check
  
• Please check Use Safelist is checked under Extra Registry.
  
• Copy the contents of the quote box below Do not copy the word quote! and paste them into the Custom Scans/Fixes box at the bottom of OTL's control panel.
  
  

  %SYSTEMDRIVE%\*.exe
  /md5start
  services.*
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  /md5stop
  dir "%systemdrive%\*" /S /A:L /C
  

• Click the Run Scan button.

• Please do not interrupt the scanning process. It may take a while to complete the scan, so please be patient.
  
• When the scan is finished, it will generate 2 logs, OTL.txt and Extras.txt, each in a Notepad window. Both of these logs are saved in the same location as OTL. In this case, on your desktop.
  
• Please post each log in your next reply.

Step 2: aswMBR Scan

• Please download aswMBR.exe to your desktop.
  
• Double click the file to run it.
  
• It will ask if you want to download the latest Avast! virus definitions, please answer yes.

• Click the Scan button to begin the scan.

• Once the scan has finished, click on Save Log, save it to your desktop as asw.txt, and please post it in your next reply.
  
• Click Exit

Things I need to see in your next post

OTL Scan Log

OTL Extras Log

aswMBR Log

[tdjone813]

Otl report

OTL logfile created on: 10/14/2013 8:04:56 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sarah\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.60 Gb Total Physical Memory | 0.08 Gb Available Physical Memory | 4.68% Memory free
3.21 Gb Paging File | 0.58 Gb Available in Paging File | 18.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 214.16 Gb Total Space | 159.34 Gb Free Space | 74.40% Space Free | Partition Type: NTFS
Drive D: | 14.56 Gb Total Space | 1.62 Gb Free Space | 11.12% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 1.08 Gb Free Space | 27.38% Space Free | Partition Type: FAT32

Computer Name: SARAH-HP | User Name: Sarah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/14 20:01:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sarah\Downloads\OTL.exe
PRC - [2013/10/14 19:53:30 | 000,116,648 | ---- | M] (Google Inc.) -- C:\Users\Sarah\AppData\Local\Temp\GUMFC52.tmp\GoogleUpdate.exe
PRC - [2013/10/14 19:52:13 | 000,065,312 | ---- | M] (SaltarSmart) -- C:\Program Files (x86)\SaltarSmart\bin\utilSaltarSmart.exe
PRC - [2013/10/09 14:50:56 | 000,107,520 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\defaulttab\defaulttab\dtupdate.exe
PRC - [2013/10/03 16:59:46 | 000,065,312 | ---- | M] (SaltarSmart) -- C:\Program Files (x86)\SaltarSmart\updateSaltarSmart.exe
PRC - [2013/09/24 18:40:00 | 000,818,968 | ---- | M] (Google Inc.) -- C:\Users\Sarah\AppData\Local\Google\Update\Install\{DF52963E-1B58-4415-A529-8F817D38D476}\GoogleUpdateSetup.exe
PRC - [2013/09/16 10:03:46 | 000,573,952 | ---- | M] () -- C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe
PRC - [2013/07/09 01:02:42 | 000,348,384 | ---- | M] () -- C:\Users\Sarah\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsApp.exe
PRC - [2013/05/21 00:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ccsvchst.exe
PRC - [2013/05/08 02:18:34 | 002,852,640 | ---- | M] (Conduit) -- C:\Users\Sarah\AppData\Roaming\SearchProtect\bin\cltmng.exe
PRC - [2013/05/08 02:18:34 | 000,097,056 | ---- | M] (Conduit) -- C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe
PRC - [2013/04/02 13:41:44 | 037,904,960 | ---- | M] (ooVoo LLC) -- C:\Program Files (x86)\ooVoo\ooVoo.exe
PRC - [2012/11/09 16:33:42 | 001,817,864 | ---- | M] (Trusted Software ApS) -- C:\Program Files (x86)\File Type Assistant\tsassist.exe
PRC - [2012/10/19 14:51:08 | 000,395,200 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2012/10/15 11:58:22 | 000,779,200 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
PRC - [2012/02/15 12:58:00 | 000,577,408 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2012/02/15 12:58:00 | 000,034,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/08/19 14:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2011/06/28 05:41:08 | 000,168,504 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
PRC - [2011/06/01 17:57:16 | 000,561,984 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
PRC - [2011/02/25 13:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/12/27 19:30:00 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
PRC - [2010/11/26 10:09:12 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
PRC - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2009/04/23 07:29:18 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2009/04/23 07:29:14 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe


========== Modules (No Company Name) ==========

MOD - [2013/09/02 16:35:56 | 000,410,576 | ---- | M] () -- C:\Users\Sarah\AppData\Local\Google\Chrome\Application\29.0.1547.66\ppgooglenaclpluginchrome.dll
MOD - [2013/09/02 16:35:54 | 004,053,456 | ---- | M] () -- C:\Users\Sarah\AppData\Local\Google\Chrome\Application\29.0.1547.66\pdf.dll
MOD - [2013/09/02 16:35:01 | 001,604,560 | ---- | M] () -- C:\Users\Sarah\AppData\Local\Google\Chrome\Application\29.0.1547.66\ffmpegsumo.dll
MOD - [2013/09/02 12:59:16 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\764054efc88f51b54c8d7e44df26b671\System.Data.ni.dll
MOD - [2013/09/02 12:56:38 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\28ea347a952d20959ac6ae02d7457d39\System.Windows.Forms.ni.dll
MOD - [2013/09/02 12:56:01 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/09/02 12:54:27 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/09/02 12:53:19 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\8f7d83126a3cf283e5ac97f2d6d99f12\System.Configuration.ni.dll
MOD - [2013/09/02 12:53:15 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/07/15 21:57:08 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\8c20095bd7d46cdfa7933eb258a07daa\Accessibility.ni.dll
MOD - [2013/07/15 21:54:56 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/07/09 01:02:42 | 000,348,384 | ---- | M] () -- C:\Users\Sarah\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsApp.exe
MOD - [2013/01/28 13:08:56 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/01/28 13:08:28 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/05/30 10:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\wincfi39.dll
MOD - [2010/11/20 23:24:25 | 000,385,024 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2010/11/20 23:24:08 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009/04/16 14:02:16 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/06/17 02:05:20 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/06/17 01:20:20 | 000,365,568 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2010/10/11 05:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/11/17 21:14:00 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2013/10/14 19:52:13 | 000,065,312 | ---- | M] (SaltarSmart) [Auto | Running] -- C:\Program Files (x86)\SaltarSmart\bin\utilSaltarSmart.exe -- (Util SaltarSmart)
SRV - [2013/10/09 14:50:56 | 000,107,520 | ---- | M] () [Auto | Running] -- C:\Users\Sarah\AppData\Roaming\defaulttab\defaulttab\dtupdate.exe -- (DefaultTabUpdate)
SRV - [2013/10/03 16:59:46 | 000,065,312 | ---- | M] (SaltarSmart) [Auto | Running] -- C:\Program Files (x86)\SaltarSmart\updateSaltarSmart.exe -- (Update SaltarSmart)
SRV - [2013/09/16 10:03:46 | 000,573,952 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe -- (DefaultTabSearch)
SRV - [2013/08/14 13:55:29 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/21 00:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe -- (N360)
SRV - [2013/05/08 02:18:34 | 000,097,056 | ---- | M] (Conduit) [Auto | Running] -- C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe -- (CltMngSvc)
SRV - [2012/10/19 14:51:08 | 000,395,200 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2012/10/15 11:58:22 | 000,779,200 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/15 12:58:00 | 000,034,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/03/02 00:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 13:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/12/27 19:30:00 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010/11/26 10:09:12 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/07/17 20:42:57 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/05/23 01:25:28 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symefa64.sys -- (SymEFA)
DRV:64bit: - [2013/05/21 01:02:00 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symds64.sys -- (SymDS)
DRV:64bit: - [2013/05/16 01:02:14 | 000,796,760 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013/04/24 20:43:56 | 000,433,752 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symnets.sys -- (SymNetS)
DRV:64bit: - [2013/04/15 22:41:14 | 000,169,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\ccsetx64.sys -- (ccSet_N360)
DRV:64bit: - [2013/03/04 21:21:36 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/27 23:05:22 | 000,224,416 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/14 23:53:02 | 001,813,056 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/07/06 21:11:20 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/07/06 21:11:20 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/06/17 06:50:58 | 009,359,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/06/17 01:27:42 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/06/09 22:19:54 | 001,451,056 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/04/15 18:37:50 | 000,079,488 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011/04/15 18:37:50 | 000,040,064 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2011/03/05 03:16:00 | 000,436,840 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/02/15 14:37:00 | 000,335,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2010/11/29 08:50:38 | 000,044,672 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/07/28 12:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/02/18 12:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 20:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 16:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013/09/24 00:37:14 | 001,525,848 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130924.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/09/02 12:32:43 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130927.018\ex64.sys -- (NAVEX15)
DRV - [2013/09/02 12:32:40 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130927.018\eng64.sys -- (NAVENG)
DRV - [2013/08/27 14:22:46 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013/08/27 14:22:46 | 000,140,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/08/25 19:30:14 | 000,520,280 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130927.002\IDSviA64.sys -- (IDSVia64)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=CPNTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=CPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{E59F3F0D-2F9A-41DB-BB93-898062EAD357}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
IE - HKLM\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - No CLSID value found
IE - HKLM\..\URLSearchHook: {37a7edb7-afda-4373-9865-02bf8160e677} - C:\Program Files (x86)\Vafmusic7\prxtbVafm.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {AB2D597D-8C5F-4970-BF8E-95A3F910D156}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=CPNTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=CPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\..\SearchScopes\{E59F3F0D-2F9A-41DB-BB93-898062EAD357}: "URL" = http://www.amazon.co...s={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2789968882-3570388344-1764720213-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
IE - HKU\S-1-5-21-2789968882-3570388344-1764720213-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...B2-8BB64F7BAAE9
IE - HKU\S-1-5-21-2789968882-3570388344-1764720213-1001\..\URLSearchHook: {37a7edb7-afda-4373-9865-02bf8160e677} - C:\Program Files (x86)\Vafmusic7\prxtbVafm.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2789968882-3570388344-1764720213-1001\..\SearchScopes,DefaultScope = {AB2D597D-8C5F-4970-BF8E-95A3F910D156}
IE - HKU\S-1-5-21-2789968882-3570388344-1764720213-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-2789968882-3570388344-1764720213-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...000441ea1c678e2
IE - HKU\S-1-5-21-2789968882-3570388344-1764720213-1001\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=CPNTDF
IE - HKU\S-1-5-21-2789968882-3570388344-1764720213-1001\..\SearchScopes\{4D79A82F-7350-44FC-A884-2572B3D0CCEC}: "URL" = http://us.yhs4.searc...p={searchTerms}
IE - HKU\S-1-5-21-2789968882-3570388344-1764720213-1001\..\SearchScopes\{69AB3DBE-A0F8-44B1-94F9-467E41633CD2}: "URL" = http://start.funmood...q={searchTerms}
IE - HKU\S-1-5-21-2789968882-3570388344-1764720213-1001\..\SearchScopes\{6C4D1BD1-C6F6-4165-AFF4-5B088911DB1F}: "URL" = http://websearch.ask...DC-67B401513DD3
IE - HKU\S-1-5-21-2789968882-3570388344-1764720213-1001\..\SearchScopes\{AB2D597D-8C5F-4970-BF8E-95A3F910D156}: "URL" = http://search.condui...9891861234&UM=2
IE - HKU\S-1-5-21-2789968882-3570388344-1764720213-1001\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=CPNTDF
IE - HKU\S-1-5-21-2789968882-3570388344-1764720213-1001\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKU\S-1-5-21-2789968882-3570388344-1764720213-1001\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKU\S-1-5-21-2789968882-3570388344-1764720213-1001\..\SearchScopes\{E59F3F0D-2F9A-41DB-BB93-898062EAD357}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKU\S-1-5-21-2789968882-3570388344-1764720213-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2789968882-3570388344-1764720213-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..CT3303000.browser.search.defaultthis.engineName: "true"
FF - prefs.js..browser.search.defaultenginename: "Vafmusic7 Customized Web Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Vafmusic7 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Vafmusic7 Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://search.condui...2-8BB64F7BAAE9"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - prefs.js..keyword.URL: "http://search.condui...009238&UM=2&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sarah\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sarah\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Sarah\AppData\Local\RewardsArcadeSuite\1950\Firefox [2011/12/31 18:52:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ [2013/10/09 17:28:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn\ [2013/04/02 20:10:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/09/02 13:25:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\Mozilla\Extensions
[2013/10/09 17:28:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions
[2013/10/09 17:28:43 | 000,000,000 | ---D | M] (Vafmusic7) -- C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}
[2013/10/09 15:15:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\staged
[2013/10/09 14:50:55 | 000,044,282 | ---- | M] () (No name found) -- C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\[email protected]
[2013/10/03 16:59:46 | 000,011,342 | ---- | M] () (No name found) -- C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\[email protected]
[2013/10/09 14:52:50 | 000,000,995 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\searchplugins\conduit.xml
[2012/02/28 21:15:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/09/02 13:24:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/09/02 13:24:59 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = http://search.condui...=CT3303000&UM=2
CHR - default_search_provider: suggest_url = http://suggest.searc...8516356657&UM=2
CHR - homepage: http://search.condui...8516356657&UM=2
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Sarah\AppData\Local\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Sarah\AppData\Local\Google\Chrome\Application\29.0.1547.66\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sarah\AppData\Local\Google\Chrome\Application\29.0.1547.66\gcswf32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Users\Sarah\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Sarah\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: SaltarSmart = C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\chdboodilddefglllfoimeceomkpmkbi\1.0.0_0\
CHR - Extension: Google Search = C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Vafmusic7 = C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\edakhebdfmenljamaknlnnallmchcdei\10.20.1.8_0\
CHR - Extension: OneDirection = C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\epfobokolnglahklkopijoidgjefmokc\1_0\
CHR - Extension: DefaultTab = C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\
CHR - Extension: Skype Click to Call = C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: Norton Identity Protection = C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.3.4_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Gmail = C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (no name) - {37483b40-c254-4a72-bda4-22ee90182c1e} - No CLSID value found.
O2 - BHO: (Vafmusic7 Toolbar) - {37a7edb7-afda-4373-9865-02bf8160e677} - C:\Program Files (x86)\Vafmusic7\prxtbVafm.dll (Conduit Ltd.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Sarah\AppData\Roaming\defaulttab\defaulttab\DefaultTabBHO.dll (Search Results LLC.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (RewardsArcadeSuite) - {B6EF6C45-5E8D-4c3b-B580-A5073261A381} - C:\Program Files (x86)\RewardsArcadeSuite\RewardsArcadeSuite.dll (215 Apps)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SaltarSmart) - {d99a4ec9-00bd-4fe4-85a5-4db018351265} - C:\Program Files (x86)\SaltarSmart\SaltarSmartBHO.dll (SaltarSmart)
O3 - HKLM\..\Toolbar: (no name) - {37483b40-c254-4a72-bda4-22ee90182c1e} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Vafmusic7 Toolbar) - {37a7edb7-afda-4373-9865-02bf8160e677} - C:\Program Files (x86)\Vafmusic7\prxtbVafm.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe File not found
O4 - HKLM..\Run: [EKStatusMonitor] C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPQuickWebProxy] C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [SearchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe (Conduit)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2789968882-3570388344-1764720213-1001..\Run: [HP Deskjet 3510 series (NET)] C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKU\S-1-5-21-2789968882-3570388344-1764720213-1001..\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe (ooVoo LLC)
O4 - HKU\S-1-5-21-2789968882-3570388344-1764720213-1001..\Run: [SearchProtect] C:\Users\Sarah\AppData\Roaming\SearchProtect\bin\cltmng.exe (Conduit)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts App.lnk = C:\Users\Sarah\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsApp.exe ()
O4 - Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts.lnk = C:\Users\Sarah\AppData\Local\SevereWeatherAlerts\SevereWeatherAlerts.exe (Weather Notifications, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-2789968882-3570388344-1764720213-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2789968882-3570388344-1764720213-1001\..Trusted Domains: genieo.com ([yahoo] http in Trusted sites)
O15 - HKU\S-1-5-21-2789968882-3570388344-1764720213-1001\..Trusted Ranges: Range1 ([*] in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6C4E4336-ADC9-44E9-B695-60D3071EA01D}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{9581de0b-ea57-11e1-a685-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9581de0b-ea57-11e1-a685-806e6f6e6963}\Shell\AutoRun\command - "" = G:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/09 15:18:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013/10/09 15:18:51 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/10/09 14:54:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2013/10/09 14:53:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Conduit
[2013/10/09 14:53:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vafmusic7
[2013/10/09 14:53:00 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\CRE
[2013/10/09 14:52:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2013/10/09 14:52:52 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\SearchProtect
[2013/10/09 14:51:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DefaultTab
[2013/10/09 14:51:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SaltarSmart
[2013/10/09 14:51:22 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\Weather_Notifications,_LL
[2013/10/09 14:50:56 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\defaulttab
[2013/10/09 14:50:46 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Severe Weather Alerts
[2013/10/09 14:50:45 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\SevereWeatherAlerts
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/10/14 20:21:22 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2789968882-3570388344-1764720213-1001UA.job
[2013/10/14 20:21:03 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2789968882-3570388344-1764720213-1001Core.job
[2013/10/14 19:48:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/09 17:41:42 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/09 17:41:42 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/09 17:27:18 | 000,001,934 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3510 series (Network).lnk
[2013/10/09 17:26:10 | 1292,034,048 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/09 14:56:08 | 000,000,009 | ---- | M] () -- C:\END
[2013/10/09 14:51:34 | 000,000,258 | RHS- | M] () -- C:\Users\Sarah\ntuser.pol
[2013/10/09 14:50:52 | 000,002,163 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts App.lnk
[2013/10/09 14:50:50 | 000,001,220 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts.lnk
[2013/09/29 05:01:42 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSarah.job
[2013/09/28 15:17:29 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSARAH-HP$.job
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/10/09 14:51:33 | 000,000,258 | RHS- | C] () -- C:\Users\Sarah\ntuser.pol
[2013/10/09 14:50:50 | 000,002,163 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts App.lnk
[2013/10/09 14:50:49 | 000,001,220 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts.lnk
[2013/10/09 14:50:43 | 000,000,009 | ---- | C] () -- C:\END
[2013/08/02 16:26:48 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/01/26 14:38:28 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012/04/17 16:53:58 | 000,014,119 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2011/12/31 19:00:59 | 000,006,408 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/02/28 23:56:38 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Babylon
[2012/01/10 22:47:10 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\BitZipper
[2013/07/21 19:00:27 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Blio
[2012/06/10 11:33:56 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Catalina Marketing Corp
[2012/01/10 23:39:35 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2013/10/09 14:50:56 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\defaulttab
[2012/01/05 22:39:09 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\ID Vault
[2013/06/06 17:28:43 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\MusicOasis
[2011/12/26 21:08:22 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\ooVoo Details
[2012/02/28 23:44:48 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\OpenOffice.org
[2013/10/09 14:59:13 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\SearchProtect
[2013/05/24 22:25:22 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\SoftGrid Client
[2013/01/20 20:26:05 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\SpecialSavings
[2013/01/20 20:25:32 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\StatusWinks
[2011/12/25 13:38:20 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Synaptics
[2012/01/04 23:37:51 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Temp
[2012/02/17 21:33:37 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Tific
[2011/12/31 19:03:29 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\TP
[2012/01/15 15:10:56 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/07/06 21:08:27 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/07/06 21:08:27 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/07/06 21:08:27 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/07/06 21:08:27 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 23:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/07/06 21:08:27 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/07/06 21:08:27 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 23:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: SERVICES >
[2009/06/10 17:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.ASFX >
[2010/11/16 00:02:36 | 000,000,264 | ---- | M] () MD5=0652D24D4E2799851A6DF1705E2BFFDA -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\uk_UA\Services\Services.asfx
[2010/11/16 00:02:26 | 000,000,225 | ---- | M] () MD5=0A27F1D6595A69800A43CDE155B1E4A0 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\fi_FI\Services\Services.asfx
[2010/11/16 00:02:34 | 000,000,245 | ---- | M] () MD5=0B82FAB8FF5F988C5311DF1144A7D740 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ru_RU\Services\Services.asfx
[2010/11/16 00:02:26 | 000,000,225 | ---- | M] () MD5=0E89BE53F56B22390CF61584B649CE01 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\da_DK\Services\Services.asfx
[2010/11/16 00:02:26 | 000,000,228 | ---- | M] () MD5=14DA84ECAF57B5ADA36B9093FF04CF32 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ja_JP\Services\Services.asfx
[2010/11/16 00:02:24 | 000,000,230 | ---- | M] () MD5=2577B66F38E0DEA25F328DA4A0FED322 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\fr_FR\Services\Services.asfx
[2010/11/16 00:02:34 | 000,000,233 | ---- | M] () MD5=3382FAB54FC906B0E40269D903A8D690 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\pl_PL\Services\Services.asfx
[2010/11/16 00:02:34 | 000,000,231 | ---- | M] () MD5=5226417D3C8206000A8983BDC1243075 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ro_RO\Services\Services.asfx
[2010/11/16 00:02:34 | 000,000,230 | ---- | M] () MD5=545E97C4F4CEA743A8D86B685EE2EDBB -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\hr_HR\Services\Services.asfx
[2010/11/16 00:02:26 | 000,000,226 | ---- | M] () MD5=55EA57D90AE22BDF0132597EF0D7C9C7 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\sv_SE\Services\Services.asfx
[2010/11/16 00:02:36 | 000,000,232 | ---- | M] () MD5=611CB9CC21D2DDAD711690671F70EF39 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ca_ES\Services\Services.asfx
[2010/11/16 00:02:34 | 000,000,233 | ---- | M] () MD5=846C265B751189E88B74F0155DB6B828 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\sl_SI\Services\Services.asfx
[2010/11/16 00:02:36 | 000,000,231 | ---- | M] () MD5=89BD37C4118540FD5AA8CDD0C24D6C0A -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\sk_SK\Services\Services.asfx
[2010/11/16 00:02:26 | 000,000,231 | ---- | M] () MD5=8C95C0528EA7049A1DFC7A7342461D75 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\es_ES\Services\Services.asfx
[2010/11/16 00:02:30 | 000,000,225 | ---- | M] () MD5=9287C7268CC0F37F1DDE18CEBB128685 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\nb_NO\Services\Services.asfx
[2010/11/16 00:02:30 | 000,000,228 | ---- | M] () MD5=95326C46AC2654AFF5C8543DFE22CCB3 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ko_KR\Services\Services.asfx
[2010/11/16 00:02:24 | 000,000,231 | ---- | M] () MD5=9F2731666F5771CC5C1E4EEDC8FB8607 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\de_DE\Services\Services.asfx
[2010/11/16 00:02:32 | 000,000,228 | ---- | M] () MD5=A7B7A4CC1A717292474115CD3A4AC121 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\zh_CN\Services\Services.asfx
[2010/11/16 00:02:34 | 000,000,232 | ---- | M] () MD5=B6E63D87C73CED2D6B433C542C5C3965 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\hu_HU\Services\Services.asfx
[2010/11/16 00:02:38 | 000,000,231 | ---- | M] () MD5=C85F2519DC6AECF93F67AA613A320136 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\eu_ES\Services\Services.asfx
[2010/11/16 00:02:26 | 000,000,231 | ---- | M] () MD5=CF94F061685A38BABE0BBD463191EDE7 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\it_IT\Services\Services.asfx
[2010/11/16 00:02:32 | 000,000,228 | ---- | M] () MD5=E09422BE0C7636A7B63A1527C4C1372D -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\zh_TW\Services\Services.asfx
[2010/11/16 00:02:32 | 000,000,229 | ---- | M] () MD5=E57594DB9B9D78AB4B53D34CAFEB8497 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\cs_CZ\Services\Services.asfx
[2010/11/16 00:02:30 | 000,000,234 | ---- | M] () MD5=EBD8D036504F2935675F5F432F076DBA -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\pt_BR\Services\Services.asfx
[2010/11/16 00:02:26 | 000,000,227 | ---- | M] () MD5=F36865AB3B9813962B7EDBE66FA1C28A -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\nl_NL\Services\Services.asfx
[2010/11/16 00:02:34 | 000,000,229 | ---- | M] () MD5=F9824728970AC8199BABDC9CBA5E038C -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\tr_TR\Services\Services.asfx

< MD5 for: SERVICES.CFG >
[2010/11/16 00:02:22 | 000,032,633 | ---- | M] () MD5=EA1C35DD541D60819D55482130BD585D -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg

< MD5 for: SERVICES.EXE >
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2010/11/21 03:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2010/11/21 03:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2010/11/21 03:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2010/11/21 03:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2010/11/21 03:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2010/11/21 03:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SERVICES.RDB >
[2009/04/24 01:34:14 | 005,472,256 | ---- | M] () MD5=81CCB59A28A03DB55807B883CB679027 -- C:\Program Files (x86)\OpenOffice.org 3\Basis\program\services.rdb
[2009/04/24 01:35:04 | 000,262,144 | ---- | M] () MD5=81CCB59A28A03DB55807B883CB679027 -- C:\Program Files (x86)\OpenOffice.org 3\URE\misc\services.rdb
[2009/04/24 01:34:14 | 005,472,256 | ---- | M] () MD5=81CCB59A28A03DB55807B883CB679027 -- C:\Users\Sarah\AppData\Local\Temp\services.rdb

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is F68F-92CA
Directory of C:\
07/14/2009 01:08 AM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\Program Files (x86)\Evernote
07/06/2011 09:38 PM <SYMLINKD> Evernote3.5 [C:\Program Files (x86)\Evernote\Evernote]
0 File(s) 0 bytes
Directory of C:\ProgramData
07/14/2009 01:08 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 01:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 01:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 01:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 01:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 01:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
07/14/2009 01:08 AM <SYMLINKD> All Users [C:\ProgramData]
07/14/2009 01:08 AM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
07/14/2009 01:08 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 01:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 01:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 01:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 01:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 01:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/14/2009 01:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
07/14/2009 01:08 AM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/14/2009 01:08 AM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
07/14/2009 01:08 AM <JUNCTION> My Documents [C:\Users\Default\Documents]
07/14/2009 01:08 AM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/14/2009 01:08 AM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/14/2009 01:08 AM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/14/2009 01:08 AM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/14/2009 01:08 AM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/14/2009 01:08 AM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/14/2009 01:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
07/14/2009 01:08 AM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 01:08 AM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/14/2009 01:08 AM <JUNCTION> My Music [C:\Users\Default\Music]
07/14/2009 01:08 AM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
07/14/2009 01:08 AM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
07/14/2009 01:08 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 01:08 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 01:08 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Sarah
12/25/2011 01:30 PM <JUNCTION> Application Data [C:\Users\Sarah\AppData\Roaming]
12/25/2011 01:30 PM <JUNCTION> Cookies [C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies]
12/25/2011 01:30 PM <JUNCTION> Local Settings [C:\Users\Sarah\AppData\Local]
12/25/2011 01:30 PM <JUNCTION> My Documents [C:\Users\Sarah\Documents]
12/25/2011 01:30 PM <JUNCTION> NetHood [C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
12/25/2011 01:30 PM <JUNCTION> PrintHood [C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
12/25/2011 01:30 PM <JUNCTION> Recent [C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Recent]
12/25/2011 01:30 PM <JUNCTION> SendTo [C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\SendTo]
12/25/2011 01:30 PM <JUNCTION> Start Menu [C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu]
12/25/2011 01:30 PM <JUNCTION> Templates [C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Sarah\AppData\Local
12/25/2011 01:30 PM <JUNCTION> Application Data [C:\Users\Sarah\AppData\Local]
12/25/2011 01:30 PM <JUNCTION> History [C:\Users\Sarah\AppData\Local\Microsoft\Windows\History]
12/25/2011 01:30 PM <JUNCTION> Temporary Internet Files [C:\Users\Sarah\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Sarah\Documents
12/25/2011 01:30 PM <JUNCTION> My Music [C:\Users\Sarah\Music]
12/25/2011 01:30 PM <JUNCTION> My Pictures [C:\Users\Sarah\Pictures]
12/25/2011 01:30 PM <JUNCTION> My Videos [C:\Users\Sarah\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
51 Dir(s) 170,785,427,456 bytes free

< End of report >

[pystryker]

Hello

There should be one more log called Extras.txt from the initial OTL scan. It will be found in the same place where you ran OTL from. In this case C:\Users\Sarah\Downloads

Please post that log in your next reply. Also, please move OTL.exe to your desktop, it works better from there.

[pystryker]

Also, have you run the aswMBR scan? If so, please post the log when you can, and thanks!

[tdjone813]

When I click on step 2 it comes up page not found

[tdjone813]

Here is the extras post


OTL Extras logfile created on: 10/14/2013 8:04:57 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sarah\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.60 Gb Total Physical Memory | 0.08 Gb Available Physical Memory | 4.68% Memory free
3.21 Gb Paging File | 0.58 Gb Available in Paging File | 18.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 214.16 Gb Total Space | 159.34 Gb Free Space | 74.40% Space Free | Partition Type: NTFS
Drive D: | 14.56 Gb Total Space | 1.62 Gb Free Space | 11.12% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 1.08 Gb Free Space | 27.38% Space Free | Partition Type: FAT32

Computer Name: SARAH-HP | User Name: Sarah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02FC758A-C97B-42F7-BE77-31FE4F4FB62C}" = rport=137 | protocol=17 | dir=out | app=system |
"{094EC3D5-6F0F-4FFE-A718-75D90676EE8E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{15FF1C07-2017-43C6-9C12-C54A0D422172}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1C259AF3-FFC1-46DF-A30F-D899E450C54E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1EFFF066-8A65-454A-BC27-A718967E166A}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{22E000B7-C378-44F4-BD98-299EEB0CE7DB}" = rport=10243 | protocol=6 | dir=out | app=system |
"{2A6B30AD-3CC1-42E3-AA70-FC5B9C7FB543}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{2BA50EBF-836A-4491-8729-49376A1F7D6F}" = lport=137 | protocol=17 | dir=in | app=system |
"{2E33063B-5D94-4112-A8BD-260D0F204631}" = lport=139 | protocol=6 | dir=in | app=system |
"{31AEDCF0-CA5D-4514-B866-193D45667191}" = lport=445 | protocol=6 | dir=in | app=system |
"{48ECCFC7-1EDF-441B-BF0D-318800D69BAB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4FF4A882-CE08-48E2-9379-24FEA5FE69EE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{55585FF7-2FE0-4F1E-9E82-D56DE9A33D92}" = lport=10243 | protocol=6 | dir=in | app=system |
"{58316B5D-8577-4CA1-ABDF-4211B823A4B4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{59E285DB-6E1D-42A4-8D7B-35AF583CD328}" = lport=138 | protocol=17 | dir=in | app=system |
"{5CD05246-E7AB-4307-B63E-73F27979C324}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9FBA3F5C-794B-44C2-9A25-34D09E96CC79}" = rport=445 | protocol=6 | dir=out | app=system |
"{A9AD2057-69D7-40EF-AB51-6A96A71DB7C6}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{AA6ACA1C-3B3E-4A11-9D0C-B4D57A466439}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B55F9A1A-80A9-4625-AFA2-B0E71C98CE22}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B927E893-5945-4FD8-9A0B-822F522DB4A1}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{C8356A61-5F80-413A-81BD-CEFD8D587316}" = rport=138 | protocol=17 | dir=out | app=system |
"{D38EA918-F999-4CFE-A2BE-61D178799F65}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{DA6456E0-4EFD-4656-8BA2-0A85388C06FF}" = rport=139 | protocol=6 | dir=out | app=system |
"{E6F27F5B-F179-46B5-9CEF-5FEEB9B08124}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EB6D3A8C-B0A7-4E62-9F19-4F8CB1176C35}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{EEC0ACA4-1C71-491B-9636-4724C6348F8F}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04C108F1-FFB0-413E-9955-33BD47472CCD}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{070EF5E7-D8A6-4C09-A123-20AEE3686B64}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0AD6D5E0-06F3-4467-AF00-A04B027D5DC6}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0BE6C2A3-FAE4-4C5B-8683-383CA1531786}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0C8DA4C0-D066-4A7C-9CB3-131F31C3DCCE}" = dir=in | app=c:\program files\hp\hp deskjet 3510 series\bin\devicesetup.exe |
"{11105F05-7348-47E8-ABD2-C32BDF15FB48}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{18418CFD-E01F-418A-8BC8-0C13D45F4B1B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1CC84F0C-E398-4312-BF60-6E1800994D85}" = dir=in | app=c:\program files (x86)\file type assistant\tsassist.exe |
"{1FF5B2AA-EBB7-4A43-B579-2704589E3B81}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe |
"{257BEA93-44F1-4EFC-8FE7-D8FE4E83F32D}" = protocol=6 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
"{25C49191-CD98-4D47-ABED-5A53DA72A2EB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{27C66848-27D7-42D5-AEE6-1DE9CE5773A3}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe |
"{2ADBE8DC-0A01-445E-8293-0C0C049007A1}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe |
"{320AA49C-4A19-4F01-8B98-06D073FAE019}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{32706F64-4E92-4C10-83E2-170A71DF1C5A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{350BF55D-EA32-4378-9006-5E27F5D9CDB7}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{373543E5-BA7B-45EC-BF0D-15EA125205AE}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{37F7D1FD-F66F-4608-B5AC-74F900F6E0B8}" = protocol=17 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
"{3DD5A1A3-E703-4C77-8870-C14E3EC7E3B4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{48C68EE5-A5CE-4BAD-A7B2-7A41DE38CBD8}" = protocol=6 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{513CC0D1-E819-4F4C-8216-E00289DB405E}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe |
"{51C37CCC-AB95-4CEA-B293-785D6B15D4A3}" = dir=in | app=c:\program files\hp\hp deskjet 3510 series\bin\hpnetworkcommunicator.exe |
"{51EA85BB-30D0-4CCF-869A-834BFE9748C8}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe |
"{56E1DC14-21B2-4AC0-A06E-C9CB164A5DF9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5BAD9E3B-AB1C-4FB2-B21D-3615A7849B3F}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe |
"{5E4D7D08-E99C-471A-A433-B470C5BFF4AB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6D3559FA-E5DA-4DBD-A0DF-F5B0FC110EED}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{735C9DE1-69C3-407D-817E-FF5B427DD5EE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7718F134-DE34-4A21-8B52-C44F9DD04017}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{78B7F0B2-F487-4480-A9D6-AEA5340A421E}" = protocol=1 | dir=in | [email protected],-28543 |
"{7E9B3960-CD60-43EB-BABC-60018D50CC71}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{8B059B87-A64E-4EC2-AE35-9070840FDDBA}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe |
"{8B2B5FEE-3410-4AD0-AE6C-33EB539E0411}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{90A234B8-315D-446A-BE3D-947BA22AA9C9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{941D155B-68B8-45EC-8E20-DFA4CC2B0AB8}" = protocol=6 | dir=out | app=system |
"{98AA77AB-556E-42F6-B24D-6B48D4FF8FA3}" = protocol=58 | dir=out | [email protected],-28546 |
"{A07A7AB4-4242-453A-B485-85EE774B4CC3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A282DC7F-EEC1-4FF1-BEDC-64CC7EF6A961}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{A32F12C4-3229-4E80-9759-BDA450E2FD12}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe |
"{A91D0299-DC69-4452-9820-FCF0527E3182}" = dir=in | app=c:\program files\hp\hp deskjet 3510 series\bin\hpnetworkcommunicatorcom.exe |
"{AACDE03C-5221-4284-8EC6-F90261D5505B}" = protocol=1 | dir=out | [email protected],-28544 |
"{BE2CE27C-1ADC-4D90-8BCB-88C3C11A38B3}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{BF6CD862-F9AF-4DB1-9FFF-6458F9632095}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{C1140EEE-AA11-4502-826B-B06C645BC29F}" = protocol=17 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{CD3118BA-DE72-4A76-9DF1-7CFB70E4C142}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe |
"{F72CB198-A78D-4DE3-8923-17B2D90F4F03}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{F8B336C5-A501-4CD0-9B3C-729B82C94A60}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe |
"{FD13804B-1134-4693-8A08-99DB2D575E60}" = protocol=58 | dir=in | [email protected],-28545 |
"{FDB72B11-607D-4FEB-A531-C10C7B5357F8}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"TCP Query User{373E567C-2A26-42A6-8191-CD4D2A8261AA}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"TCP Query User{C707BD98-743E-468A-BE01-6DC529F4C981}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"UDP Query User{BB2F45C3-4CDE-4C50-B4C3-25ECA69EDE21}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"UDP Query User{F47E7CD1-1873-4674-99F9-FF57358A8FD9}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1E4F85D3-21AE-5965-B58F-ADA152087438}" = ccc-utility64
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5A847522-375C-4D05-BD3D-88C450CC047F}" = HP Launch Box
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{72927D2A-ADEF-786D-91E3-06CEFD60D107}" = ATI Catalyst Install Manager
"{791D3241-C6A4-417F-82E6-00543B6E5012}" = HP Deskjet 3510 series Product Improvement Study
"{7F20F2D1-C425-4432-96BA-EBD0C2181493}" = HP Deskjet 3510 series Basic Device Software
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D2F5AD37-740F-4A4E-257C-AB1B1577FB03}" = AMD Media Foundation Decoders
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F25DF24C-44F4-CA28-AE93-C50E637677E1}" = AMD Fuel
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SaltarSmart" = SaltarSmart 1.0.0
"SynTPDeinstKey" = Synaptics TouchPad Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00A42832-B21A-4296-B5F4-D296D0BC4A3E}" = HP Quick Launch
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0DC04A49-75C8-234A-459A-56E90120C9BF}" = Catalyst Control Center Graphics Previews Common
"{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
"{12222C69-B349-23B5-EE29-2A02B68A56C7}" = CCC Help Greek
"{131D3479-CA72-DEDE-5764-7083B7B1F547}" = CCC Help Danish
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{1854100A-B46D-290C-0E1B-29EC1C4276D1}" = CCC Help Spanish
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{28FE073B-1230-4BF6-830C-7434FD0C0069}" = HP Software Framework
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A2414C2-829B-1617-A858-3E7A95E2F776}" = CCC Help Norwegian
"{2CBC1636-7754-CC40-9FDD-537F6B9576E3}" = Catalyst Control Center Localization All
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{376348C2-E372-48BC-A138-E896757BD86A}" = aioscnnr
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F089C-BB4B-D768-9E1A-CDBCD6B9654E}" = Catalyst Control Center InstallProxy
"{5036764A-435D-40C9-869C-31085A3D741D}" = HP Setup
"{51B57AC2-5B19-8EBD-C875-1ABE27B8805F}" = CCC Help German
"{53A79F0B-4D17-5D2A-9212-2167C84892EA}" = CCC Help Chinese Standard
"{559C58CD-F800-A374-DA37-D98FF4F440F6}" = CCC Help Chinese Traditional
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{5723D1D9-E745-DEB4-3EFC-699B36CF04F8}" = CCC Help Japanese
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5EC11835-8CB9-846B-B3DC-B8C99C748D7B}" = CCC Help Dutch
"{60382BCF-CD62-ED26-F920-30ACDDB13E89}" = CCC Help Thai
"{62280713-38D6-DC4B-1AF5-B6145A9D64EE}" = CCC Help English
"{646ADDE8-F6A6-E311-7A17-6744944F4B8A}" = CCC Help Swedish
"{6737D9E5-E5EE-5BCC-5214-8D988AE88FC9}" = CCC Help French
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A55875-B6DD-41E8-8CF6-F193D9C47051}" = HP Documentation
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{856480C9-2428-15E1-97BC-685EE2A7B8E6}" = MusicOasis
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8B52057C-15DB-433E-957C-E279BC7D07E3}" = HP QuickWeb
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8C9CA7D5-93F8-A8CD-61D1-BF8A288F1FF2}" = CCC Help Portuguese
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E53C421-F248-DEFF-68AC-20691AA1DE59}" = CCC Help Finnish
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT5390 802.11b/g/n WiFi Adapter
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore
"{90140011-0061-0409-0000-0000000FF1CE}" = Microsoft Office Home and Student 2010 - English
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}" = Blio
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95A46A36-EEF8-A4A2-19F6-45A994E42E29}" = CCC Help Hungarian
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{97C1C98D-6AE5-4C71-9B00-EBBD9E014450}" = HP Deskjet 3510 series Help
"{9A452B33-CA88-CB24-F2C5-7123106600EE}" = CCC Help Italian
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A834E3B6-C376-1C25-301E-20F16E9FCE00}" = CCC Help Turkish
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = Compaq Setup Manager
"{AF01C37B-FCCB-50C3-64A9-A16811F045C7}" = AMD VISION Engine Control Center
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BC4A54D6-6591-4D01-AE21-C9ABAAF69D7F}" = Microsoft Expression Encoder 4
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{C0F0F180-AAC4-0564-FFD4-8810D6CE3BAB}" = CCC Help Korean
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF173F8A-9F41-B92D-E516-E96166FD0CDD}" = CCC Help Polish
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E00C1D49-FDFE-AD68-7C8F-6F021AAAF212}" = CCC Help Russian
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Software
"{E1845F1C-068C-F8F4-D31D-D3540D47C453}" = Adobe Download Assistant
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E44578C7-4667-4124-8BC2-1161BCA54978}" = HP Power Manager
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{E96CAA2A-0244-4A2A-8403-0C3C9534778B}" = ESU for Microsoft Windows 7 SP1
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F30403FF-0146-4633-AAC5-D5CD5C50AE70}" = Catalyst Control Center - Branding
"{F6F65734-697D-CBF9-416C-9BFF34AF2C0A}" = CCC Help Czech
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.3
"{F9EC30D1-F688-4708-9850-CB5120074AAA}" = Microsoft Expression Encoder 4 Screen Capture Codec
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"BabylonToolbar" = Babylon toolbar on IE
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Coupon Printer for Windows5.0.0.3" = Coupon Printer for Windows
"DefaultTab" = DefaultTab
"Encoder_4.0.3205.0" = Microsoft Expression Encoder 4
"HP Photo Creations" = HP Photo Creations
"IECT3303000" = Vafmusic7 Toolbar for IE
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"Mozilla Firefox 23.0.1 (x86 en-US)" = Mozilla Firefox 23.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MusicOasis" = MusicOasis
"N360" = Norton Security Suite
"NCH_EN Toolbar" = NCH EN Toolbar
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"PrintProjects" = PrintProjects
"SearchProtect" = Search Protect by conduit
"Trusted Software Assistant_is1" = File Type Assistant
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WTA-119c0c51-cfb9-4317-a220-4fbf25981a1a" = Agatha Christie - Peril at End House
"WTA-179de5ea-67ad-4e33-a33e-f034f99880a0" = Zuma Deluxe
"WTA-1b0f0f3f-4c91-48b1-b744-20eefad68793" = Blackhawk Striker 2
"WTA-32a87b37-4e35-4796-84b1-53c2e38475e6" = Namco All-Stars: PAC-MAN
"WTA-356126c7-d89d-4f5c-891c-86ed0abf6701" = Plants vs. Zombies - Game of the Year
"WTA-38474588-4b53-4f7f-8e28-cf8eed0e463b" = Jewel Quest: The Sleepless Star - Collector's Edition
"WTA-8870fbec-7873-45e6-b8e8-07b818b3079f" = Cradle of Rome 2
"WTA-8959d8e6-776b-4d98-90c3-22d8894d44fe" = FATE
"WTA-a1e8fc7d-b409-4bb2-bf5c-d842348c67fa" = Polar Golfer
"WTA-a6b3c4e0-4c03-41f2-b836-d52c9795bdd7" = Virtual Villagers 5 - New Believers
"WTA-a78bdb29-818b-4192-bcf1-c80095a4966a" = Farm Frenzy
"WTA-aa965f3a-3e9e-4573-b30d-2c42e3772164" = Cake Mania
"WTA-ac6d320e-1fa4-4343-b2b2-c578fc407270" = Poker Superstars III
"WTA-b2572f39-665c-4b6f-b497-d688bbad175c" = Governor of Poker 2 Premium Edition
"WTA-b6ad4866-c56f-42ee-b968-177b16587fd6" = Bounce Symphony
"WTA-b7f15645-7cff-462a-9219-e92c4281632e" = Slingo Supreme
"WTA-bf8c5fc4-8f09-42fc-a056-428f83a5da37" = Bejeweled 3
"WTA-c56347ea-a0a2-4e58-be53-da8f4d3c4b18" = Chronicles of Albian
"WTA-cb0f3cd3-be33-49c5-abd5-15d36669c65e" = Polar Bowler
"WTA-cff3de22-a66c-4c22-b34a-5138919cf04f" = Blasterball 3
"WTA-dd18deb6-7ddc-4515-b1f6-1dceb068a32e" = Chuzzle Deluxe
"WTA-e486a45f-e39a-4ce7-b585-feb4beb2d6f6" = Mystery of Mortlake Mansion
"WTA-e66791d3-9ffa-4ad3-af0d-f5e892b601fb" = Penguins!
"WTA-e76194e3-6145-4a24-a836-bf57e0713fb1" = Mah Jong Medley
"WTA-ea744253-f52c-497f-8459-b41cffe4ac62" = Vacation Quest - The Hawaiian Islands

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2789968882-3570388344-1764720213-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"RewardsArcadeSuite" = RewardsArcadeSuite
"Severe Weather Alerts" = Severe Weather Alerts

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/27/2013 5:02:36 PM | Computer Name = Sarah-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7441

Error - 7/27/2013 5:02:37 PM | Computer Name = Sarah-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/27/2013 5:02:37 PM | Computer Name = Sarah-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8455

Error - 7/27/2013 5:02:37 PM | Computer Name = Sarah-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8455

Error - 7/27/2013 5:02:38 PM | Computer Name = Sarah-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/27/2013 5:02:38 PM | Computer Name = Sarah-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9484

Error - 7/27/2013 5:02:38 PM | Computer Name = Sarah-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9484

Error - 7/27/2013 5:02:39 PM | Computer Name = Sarah-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/27/2013 5:02:39 PM | Computer Name = Sarah-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10514

Error - 7/27/2013 5:02:39 PM | Computer Name = Sarah-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10514

Error - 8/2/2013 2:30:39 PM | Computer Name = Sarah-HP | Source = WinMgmt | ID = 10
Description =

[ Hewlett-Packard Events ]
Error - 4/16/2013 8:09:21 PM | Computer Name = Sarah-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 1642 Ram Utilization: 80 TargetSite: Void UpdateAndDetect()

Error - 4/24/2013 9:01:23 PM | Computer Name = Sarah-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 4/24/2013 9:02:13 PM | Computer Name = Sarah-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 1642 Ram Utilization: 80 TargetSite: Void UpdateAndDetect()

Error - 4/24/2013 9:03:35 PM | Computer Name = Sarah-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 5/7/2013 9:38:15 PM | Computer Name = Sarah-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 1642 Ram Utilization: 80 TargetSite: Void UpdateAndDetect()

Error - 5/15/2013 8:40:37 PM | Computer Name = Sarah-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 5/15/2013 8:40:56 PM | Computer Name = Sarah-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 1642 Ram Utilization: 80 TargetSite: Void UpdateAndDetect()

Error - 5/21/2013 8:48:51 PM | Computer Name = Sarah-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 5/21/2013 8:49:22 PM | Computer Name = Sarah-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 1642 Ram Utilization: 70 TargetSite: Void UpdateAndDetect()

Error - 5/21/2013 8:50:08 PM | Computer Name = Sarah-HP | Source = HPSF.exe | ID = 4000
Description =

[ HP Software Framework Events ]
Error - 4/10/2013 8:27:21 PM | Computer Name = Sarah-HP | Source = CaslWmi | ID = 5
Description = 2013/04/10 20:27:21.215|00001470|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 4/16/2013 8:10:05 PM | Computer Name = Sarah-HP | Source = CaslWmi | ID = 5
Description = 2013/04/16 20:10:05.885|00000C30|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 4/24/2013 9:01:58 PM | Computer Name = Sarah-HP | Source = CaslWmi | ID = 5
Description = 2013/04/24 21:01:58.323|00000BDC|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 4/24/2013 9:02:59 PM | Computer Name = Sarah-HP | Source = CaslWmi | ID = 5
Description = 2013/04/24 21:02:59.665|00001558|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 4/24/2013 9:03:28 PM | Computer Name = Sarah-HP | Source = CaslWmi | ID = 5
Description = 2013/04/24 21:03:28.086|0000093C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 5/7/2013 9:38:44 PM | Computer Name = Sarah-HP | Source = CaslWmi | ID = 5
Description = 2013/05/07 21:38:44.134|00001468|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 5/15/2013 8:41:32 PM | Computer Name = Sarah-HP | Source = CaslWmi | ID = 5
Description = 2013/05/15 20:41:32.082|000007E4|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 5/21/2013 8:50:51 PM | Computer Name = Sarah-HP | Source = CaslWmi | ID = 5
Description = 2013/05/21 20:50:51.273|00000BA0|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 6/4/2013 8:19:45 PM | Computer Name = Sarah-HP | Source = CaslWmi | ID = 5
Description = 2013/06/04 20:19:45.149|00000998|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 6/4/2013 8:20:13 PM | Computer Name = Sarah-HP | Source = CaslWmi | ID = 5
Description = 2013/06/04 20:20:13.345|000015C8|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

[ System Events ]
Error - 10/9/2013 3:05:39 PM | Computer Name = Sarah-HP | Source = Service Control Manager | ID = 7000
Description = The Update SaltarSmart service failed to start due to the following
error: %%1053

Error - 10/9/2013 3:05:50 PM | Computer Name = Sarah-HP | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the HPWMISVC service.

Error - 10/9/2013 3:06:03 PM | Computer Name = Sarah-HP | Source = Service Control Manager | ID = 7034
Description = The DefaultTabSearch service terminated unexpectedly. It has done
this 1 time(s).

Error - 10/9/2013 3:08:33 PM | Computer Name = Sarah-HP | Source = Service Control Manager | ID = 7000
Description = The HP Support Assistant Service service failed to start due to the
following error: %%2

Error - 10/9/2013 3:11:37 PM | Computer Name = Sarah-HP | Source = Service Control Manager | ID = 7022
Description = The Windows Update service hung on starting.

Error - 10/9/2013 3:15:02 PM | Computer Name = Sarah-HP | Source = bowser | ID = 8003
Description =

Error - 10/9/2013 5:26:42 PM | Computer Name = Sarah-HP | Source = EventLog | ID = 6008
Description = The previous system shutdown at 3:18:38 PM on ?10/?9/?2013 was unexpected.

Error - 10/9/2013 5:30:08 PM | Computer Name = Sarah-HP | Source = Service Control Manager | ID = 7000
Description = The HP Support Assistant Service service failed to start due to the
following error: %%2

Error - 10/9/2013 5:38:54 PM | Computer Name = Sarah-HP | Source = bowser | ID = 8003
Description =

Error - 10/14/2013 7:59:30 PM | Computer Name = Sarah-HP | Source = bowser | ID = 8003
Description =


< End of report >

[pystryker]

When I click on step 2 it comes up page not found

Ah, I see the problem, an outdated link. Click the link below to download the program, then follow the instructions regarding aswmbr in the first post, please.


aswMBR.exe

[tdjone813]

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-10-14 22:23:35
-----------------------------
22:23:35.889 OS Version: Windows x64 6.1.7601 Service Pack 1
22:23:35.889 Number of processors: 2 586 0x100
22:23:35.892 ComputerName: SARAH-HP UserName: Sarah
22:23:53.965 Initialize success
22:30:11.943 AVAST engine defs: 13101401
22:30:16.928 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000073
22:30:16.937 Disk 0 Vendor: Hitachi_ ESBO Size: 238475MB BusType: 11
22:30:17.750 Disk 0 MBR read successfully
22:30:17.758 Disk 0 MBR scan
22:30:17.950 Disk 0 Windows 7 default MBR code
22:30:17.986 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
22:30:18.069 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 219301 MB offset 409600
22:30:18.118 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 14910 MB offset 449538048
22:30:18.184 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 4063 MB offset 480073728
22:30:18.867 Disk 0 scanning C:\Windows\system32\drivers
22:31:29.050 Service scanning
22:31:52.512 Service BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130924.001\BHDrvx64.sys **LOCKED** 5
22:32:09.882 Service eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys **LOCKED** 5
22:32:16.416 Service EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys **LOCKED** 5
22:32:28.091 Service IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130927.002\IDSvia64.sys **LOCKED** 5
22:32:40.053 Service NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130927.018\ENG64.SYS **LOCKED** 5
22:32:41.100 Service NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130927.018\EX64.SYS **LOCKED** 5
22:33:50.947 Modules scanning
22:33:51.009 Disk 0 trace - called modules:
22:33:51.458 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys ACPI.sys storport.sys hal.dll amd_sata.sys
22:33:51.598 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80024fd060]
22:33:51.619 3 CLASSPNP.SYS[fffff88001b9343f] -> nt!IofCallDriver -> [0xfffffa80023d79b0]
22:33:51.642 5 amd_xata.sys[fffff880010dca1d] -> nt!IofCallDriver -> [0xfffffa8001433d20]
22:33:51.665 7 ACPI.sys[fffff88000f197a1] -> nt!IofCallDriver -> \Device\00000073[0xfffffa80023d2060]
22:34:13.533 AVAST engine scan C:\Windows
22:34:24.023 AVAST engine scan C:\Windows\system32
22:48:18.645 AVAST engine scan C:\Windows\system32\drivers
22:49:09.838 AVAST engine scan C:\Users\Sarah
23:02:13.706 AVAST engine scan C:\ProgramData
23:16:38.786 Scan finished successfully
23:18:11.940 Disk 0 MBR has been saved successfully to "C:\Users\Sarah\Desktop\MBR.dat"
23:18:12.513 The log file has been saved successfully to "C:\Users\Sarah\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-10-14 22:23:35
-----------------------------
22:23:35.889 OS Version: Windows x64 6.1.7601 Service Pack 1
22:23:35.889 Number of processors: 2 586 0x100
22:23:35.892 ComputerName: SARAH-HP UserName: Sarah
22:23:53.965 Initialize success
22:30:11.943 AVAST engine defs: 13101401
22:30:16.928 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000073
22:30:16.937 Disk 0 Vendor: Hitachi_ ESBO Size: 238475MB BusType: 11
22:30:17.750 Disk 0 MBR read successfully
22:30:17.758 Disk 0 MBR scan
22:30:17.950 Disk 0 Windows 7 default MBR code
22:30:17.986 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
22:30:18.069 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 219301 MB offset 409600
22:30:18.118 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 14910 MB offset 449538048
22:30:18.184 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 4063 MB offset 480073728
22:30:18.867 Disk 0 scanning C:\Windows\system32\drivers
22:31:29.050 Service scanning
22:31:52.512 Service BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130924.001\BHDrvx64.sys **LOCKED** 5
22:32:09.882 Service eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys **LOCKED** 5
22:32:16.416 Service EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys **LOCKED** 5
22:32:28.091 Service IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130927.002\IDSvia64.sys **LOCKED** 5
22:32:40.053 Service NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130927.018\ENG64.SYS **LOCKED** 5
22:32:41.100 Service NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130927.018\EX64.SYS **LOCKED** 5
22:33:50.947 Modules scanning
22:33:51.009 Disk 0 trace - called modules:
22:33:51.458 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys ACPI.sys storport.sys hal.dll amd_sata.sys
22:33:51.598 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80024fd060]
22:33:51.619 3 CLASSPNP.SYS[fffff88001b9343f] -> nt!IofCallDriver -> [0xfffffa80023d79b0]
22:33:51.642 5 amd_xata.sys[fffff880010dca1d] -> nt!IofCallDriver -> [0xfffffa8001433d20]
22:33:51.665 7 ACPI.sys[fffff88000f197a1] -> nt!IofCallDriver -> \Device\00000073[0xfffffa80023d2060]
22:34:13.533 AVAST engine scan C:\Windows
22:34:24.023 AVAST engine scan C:\Windows\system32
22:48:18.645 AVAST engine scan C:\Windows\system32\drivers
22:49:09.838 AVAST engine scan C:\Users\Sarah
23:02:13.706 AVAST engine scan C:\ProgramData
23:16:38.786 Scan finished successfully
23:18:11.940 Disk 0 MBR has been saved successfully to "C:\Users\Sarah\Desktop\MBR.dat"
23:18:12.513 The log file has been saved successfully to "C:\Users\Sarah\Desktop\aswMBR.txt"
23:20:06.728 Disk 0 MBR has been saved successfully to "C:\Users\Sarah\Desktop\MBR.dat"
23:20:06.746 The log file has been saved successfully to "C:\Users\Sarah\Desktop\aswMBR.txt"

[pystryker]

Hello, we have some work to do, so let's get started.


The Dangers of P2P Programs

I noticed that you have a P2P file sharing program (Frostwire) on your computer . I cannot stress highly enough the danger in using these types of programs. P2P programs are one of the major avenues of infection these days. The files downloaded with these programs are more likely than not infected with trojans, malware, rootkits, etc.

You run the risk of getting an infection that can compromise your sensitive data, such as financial records, personal information, etc. That is just the infection aspect of using P2P programs. You also run the risk of possible arrest, fines, or in severe cases, jail time for illegal downloading of copyrighted material.

Here are some information sources about the dangers of P2P programs:

FBI - Peer to Peer Scams

USA Today Artticle on P2P Programs

File Sharing Infects 500,000 Computers

I very much recommend you uninstall this program from your machine. If not, I can guarantee you will be back needing help with your machine again. The risks of infections from content downloaded with P2P programs far outweigh any benefit of using them.

It is, of course, your choice as to whether or not you remove the program from your machine. It is my duty though, to point out how dangerous it is to use these programs. However, I must request that you do not use it while we are cleaning your machine.


Please follow the instructions below:

Step 1: Program and Extension Uninstalls

Please uninstall the following programs from your computer:

• SaltarSmart 1.0.0
  
• Babylon toolbar on IE
  
• DefaultTab
  
• Vafmusic7 Toolbar for IE
  
• MusicOasis
  
• Search Protect by conduit
  
• RewardsArcadeSuite
  
• NCH EN Toolbar

1.) Open Programs and Features by clicking the Start button, clicking Control Panel and then clicking Uninstall a program or Programs and Features.

2.) Select a program, and then click Uninstall. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

If you encounter any problems with uninstalling one, don't worry about it, move on to the next one in the list.


Please uninstall the following extensions in your Chrome web browser:

• SaltarSmart
  
• Vafmusic7
  
• DefaultTab

1.) Click on the Chrome menu button

2.) Click Tools and select Extensions

3.) Click the Trash Can icon by the extension you want to remove.

4.) A confirmation dialog will appear, then click Remove


Step 2: Windows Sidebar

Windows Fix It

You have Windows Sidebar running on your machine and it is known to have some security problems. Microsoft Corporation has an article about these issues, and you can read it by clicking here . Please disable it by using Fix It.

You can download Fix It by clicking here.



Step 3: OTL Fix


Let's run an OTL fix:

Warning: This fix is to be used on this system and this system ONLY. Using this fix on any other machine other than yours can seriously damage it.

Be advised that when the fix commences, it will shut down all running processes and you may lose the dektop and icons, they will return on reboot.

Run OTL

• Copy the text in the quote box below (do not copy the word "quote") and paste in the in the box marked Custom Scans/Fixes as shown in the graphic below.

:Commands
[createrestorepoint]

:OTL
SRV - [2013/10/14 19:52:13 | 000,065,312 | ---- | M] (SaltarSmart) [Auto | Running] -- C:\Program Files (x86)\SaltarSmart\bin\utilSaltarSmart.exe -- (Util SaltarSmart)
SRV - [2013/10/09 14:50:56 | 000,107,520 | ---- | M] () [Auto | Running] -- C:\Users\Sarah\AppData\Roaming\defaulttab\defaulttab\dtupdate.exe -- (DefaultTabUpdate)
SRV - [2013/10/03 16:59:46 | 000,065,312 | ---- | M] (SaltarSmart) [Auto | Running] -- C:\Program Files (x86)\SaltarSmart\updateSaltarSmart.exe -- (Update SaltarSmart)
SRV - [2013/09/16 10:03:46 | 000,573,952 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe -- (DefaultTabSearch)
SRV - [2013/05/08 02:18:34 | 000,097,056 | ---- | M] (Conduit) [Auto | Running] -- C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe -- (CltMngSvc)
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=CPNTDF
IE - HKLM\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - No CLSID value found
IE - HKLM\..\URLSearchHook: {37a7edb7-afda-4373-9865-02bf8160e677} - C:\Program Files (x86)\Vafmusic7\prxtbVafm.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {AB2D597D-8C5F-4970-BF8E-95A3F910D156}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=CPNTDF
IE - HKU\S-1-5-21-2789968882-3570388344-1764720213-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...B2-8BB64F7BAAE9
IE - HKU\S-1-5-21-2789968882-3570388344-1764720213-1001\..\URLSearchHook: {37a7edb7-afda-4373-9865-02bf8160e677} - C:\Program Files (x86)\Vafmusic7\prxtbVafm.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2789968882-3570388344-1764720213-1001\..\SearchScopes,DefaultScope = {AB2D597D-8C5F-4970-BF8E-95A3F910D156}
IE - HKU\S-1-5-21-2789968882-3570388344-1764720213-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...000441ea1c678e2
IE - HKU\S-1-5-21-2789968882-3570388344-1764720213-1001\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=CPNTDF
IE - HKU\S-1-5-21-2789968882-3570388344-1764720213-1001\..\SearchScopes\{69AB3DBE-A0F8-44B1-94F9-467E41633CD2}: "URL" = http://start.funmood...q={searchTerms}
IE - HKU\S-1-5-21-2789968882-3570388344-1764720213-1001\..\SearchScopes\{6C4D1BD1-C6F6-4165-AFF4-5B088911DB1F}: "URL" = http://websearch.ask...DC-67B401513DD3
IE - HKU\S-1-5-21-2789968882-3570388344-1764720213-1001\..\SearchScopes\{AB2D597D-8C5F-4970-BF8E-95A3F910D156}: "URL" = http://search.condui...9891861234&UM=2
FF - prefs.js..browser.search.defaultenginename: "Vafmusic7 Customized Web Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Vafmusic7 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Vafmusic7 Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://search.condui...2-8BB64F7BAAE9"
FF - prefs.js..keyword.URL: "http://search.condui...009238&UM=2&q="
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Sarah\AppData\Local\RewardsArcadeSuite\1950\Firefox [2011/12/31 18:52:49 | 000,000,000 | ---D | M]
[2013/10/09 17:28:43 | 000,000,000 | ---D | M] (Vafmusic7) -- C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}
[2013/10/09 14:50:55 | 000,044,282 | ---- | M] () (No name found) -- C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\[email protected]
[2013/10/03 16:59:46 | 000,011,342 | ---- | M] () (No name found) -- C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\[email protected]
[2013/10/09 14:52:50 | 000,000,995 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\searchplugins\conduit.xml
CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = http://search.condui...=CT3303000&UM=2
CHR - default_search_provider: suggest_url = http://suggest.searc...8516356657&UM=2
CHR - homepage: http://search.condui...8516356657&UM=2
O2 - BHO: (no name) - {37483b40-c254-4a72-bda4-22ee90182c1e} - No CLSID value found.
O2 - BHO: (Vafmusic7 Toolbar) - {37a7edb7-afda-4373-9865-02bf8160e677} - C:\Program Files (x86)\Vafmusic7\prxtbVafm.dll (Conduit Ltd.)
O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Sarah\AppData\Roaming\defaulttab\defaulttab\DefaultTabBHO.dll (Search Results LLC.)
O2 - BHO: (RewardsArcadeSuite) - {B6EF6C45-5E8D-4c3b-B580-A5073261A381} - C:\Program Files (x86)\RewardsArcadeSuite\RewardsArcadeSuite.dll (215 Apps)
O3 - HKLM\..\Toolbar: (no name) - {37483b40-c254-4a72-bda4-22ee90182c1e} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Vafmusic7 Toolbar) - {37a7edb7-afda-4373-9865-02bf8160e677} - C:\Program Files (x86)\Vafmusic7\prxtbVafm.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [SearchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe (Conduit)
O4 - HKU\S-1-5-21-2789968882-3570388344-1764720213-1001..\Run: [SearchProtect] C:\Users\Sarah\AppData\Roaming\SearchProtect\bin\cltmng.exe (Conduit)
O15 - HKU\S-1-5-21-2789968882-3570388344-1764720213-1001\..Trusted Domains: genieo.com ([yahoo] http in Trusted sites)
O15 - HKU\S-1-5-21-2789968882-3570388344-1764720213-1001\..Trusted Ranges: Range1 ([*] in Trusted sites)
[2013/10/09 14:54:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2013/10/09 14:53:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Conduit
[2013/10/09 14:53:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vafmusic7
[2013/10/09 14:52:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2013/10/09 14:52:52 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\SearchProtect
[2013/10/09 14:51:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DefaultTab
[2013/10/09 14:51:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SaltarSmart
[2013/10/09 14:50:56 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\defaulttab
[2012/02/28 23:56:38 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Babylon
[2013/10/09 14:50:56 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\defaulttab
[2013/10/09 14:59:13 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\SearchProtect
[2013/01/20 20:26:05 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\SpecialSavings

:Commands
[resethosts]
[emptytemp]

• Click the Run Fix button at the top of the OTL control panel.
  
• Let the program run until it's finished and then reboot the computer.
  
• Once your machine has rebooted, a log will open. Please post that log in your next reply.

If you have any problems, questions, or need further explanation, please post a message in this thread and I will get back to you asap.


Step 4: AdwCleaner

Download ADWcleaner by clicking here. Please save it to your Desktop

• Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  
• Close any open windows or browsers.
  
• Pause your Anti-Virus program if it is running.
  
• Once it starts, click on the Scan button.
  
• Let the scan complete itself. This may take a few minutes.
  
• Once finished, click the Clean button and it may ask to reboot, please reboot.
  
• When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
  
• Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.

This report is also saved at C:\AdwCleaner[R0].txt


Step 5: Junkware Removal Tool


Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Step 6: OTL Quick Scan

Open OTL and click the Quick Scan button.

Once finished, it will only produce one log this time. Please post that in your next reply.


I know this is quite a bit of work, but please take your time executing them. I will be right here when you get them done.

Things I need to see in your next post:

• OTL Fix Log
  
• AdwCleaner Log
  
• Junkware Removal Tool Log
  
• OTL Quick Scan Log
  
• How is the computer running now?

[tdjone813]

OTL fix log

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Error: No service named Util SaltarSmart was found to stop!
Service\Driver key Util SaltarSmart not found.
File C:\Program Files (x86)\SaltarSmart\bin\utilSaltarSmart.exe not found.
Error: No service named DefaultTabUpdate was found to stop!
Service\Driver key DefaultTabUpdate not found.
File C:\Users\Sarah\AppData\Roaming\defaulttab\defaulttab\dtupdate.exe not found.
Error: No service named Update SaltarSmart was found to stop!
Service\Driver key Update SaltarSmart not found.
File C:\Program Files (x86)\SaltarSmart\updateSaltarSmart.exe not found.
Error: No service named DefaultTabSearch was found to stop!
Service\Driver key DefaultTabSearch not found.
File C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe not found.
Error: No service named CltMngSvc was found to stop!
Service\Driver key CltMngSvc not found.
File C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{37483b40-c254-4a72-bda4-22ee90182c1e} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37483b40-c254-4a72-bda4-22ee90182c1e}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{37a7edb7-afda-4373-9865-02bf8160e677} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37a7edb7-afda-4373-9865-02bf8160e677}\ not found.
File C:\Program Files (x86)\Vafmusic7\prxtbVafm.dll not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
HKU\S-1-5-21-2789968882-3570388344-1764720213-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-2789968882-3570388344-1764720213-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{37a7edb7-afda-4373-9865-02bf8160e677} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37a7edb7-afda-4373-9865-02bf8160e677}\ not found.
File C:\Program Files (x86)\Vafmusic7\prxtbVafm.dll not found.
HKEY_USERS\S-1-5-21-2789968882-3570388344-1764720213-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2789968882-3570388344-1764720213-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-2789968882-3570388344-1764720213-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_USERS\S-1-5-21-2789968882-3570388344-1764720213-1001\Software\Microsoft\Internet Explorer\SearchScopes\{69AB3DBE-A0F8-44B1-94F9-467E41633CD2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69AB3DBE-A0F8-44B1-94F9-467E41633CD2}\ not found.
Registry key HKEY_USERS\S-1-5-21-2789968882-3570388344-1764720213-1001\Software\Microsoft\Internet Explorer\SearchScopes\{6C4D1BD1-C6F6-4165-AFF4-5B088911DB1F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6C4D1BD1-C6F6-4165-AFF4-5B088911DB1F}\ not found.
Registry key HKEY_USERS\S-1-5-21-2789968882-3570388344-1764720213-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AB2D597D-8C5F-4970-BF8E-95A3F910D156}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB2D597D-8C5F-4970-BF8E-95A3F910D156}\ not found.
Prefs.js: "Vafmusic7 Customized Web Search" removed from browser.search.defaultenginename
Prefs.js: "Vafmusic7 Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "http://search.condui...={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Vafmusic7 Customized Web Search" removed from browser.search.selectedEngine
Prefs.js: "http://search.condui...2-8BB64F7BAAE9" removed from browser.startup.homepage
Prefs.js: "http://search.condui...009238&UM=2&q=" removed from keyword.URL
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected] not found.
File C:\Users\Sarah\AppData\Local\RewardsArcadeSuite\1950\Firefox not found.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\Plugins folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\modules folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\META-INF folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\lib folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\defaults\preferences folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\defaults folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\components folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\sl folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\lib\jquery.jscrollpane folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\lib\jquery.alerts\images folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\lib\jquery.alerts folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\lib folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\core folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\al\wa\WEATHER\js folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\al\wa\WEATHER\css folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\al\wa\WEATHER folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\al\wa\TWITTER\js folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\al\wa\TWITTER\img folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\al\wa\TWITTER folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\al\wa\SEARCH\view\style\rsx folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\al\wa\SEARCH\view\style folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\al\wa\SEARCH\view\script folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\al\wa\SEARCH\view folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\al\wa\SEARCH\resources folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\al\wa\SEARCH\js folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\al\wa\SEARCH\Css folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\al\wa\SEARCH\buildSettings folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\al\wa\SEARCH folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\al\wa\RADIO_PLAYER\js\resources folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\al\wa\RADIO_PLAYER\js folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\al\wa\RADIO_PLAYER\css\custom-theme folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\al\wa\RADIO_PLAYER\css folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\al\wa\RADIO_PLAYER folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\al\wa\PRICE_GONG\images folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\al\wa\PRICE_GONG\css\custom-theme folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\al\wa\PRICE_GONG\css folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\al\wa\PRICE_GONG\agreement folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\al\wa\PRICE_GONG folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\al\wa\Optimizer\js folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\al\wa\Optimizer folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\al\wa\NOTIFICATION\js folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\al\wa\NOTIFICATION\images\light folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\al\wa\NOTIFICATION\images\dark folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\al\wa\NOTIFICATION\images folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\al\wa\NOTIFICATION\css folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\al\wa\NOTIFICATION folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\al\wa\MULTI_RSS\js\resources folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\al\wa\MULTI_RSS\js folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\al\wa\MULTI_RSS\img folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\al\wa\MULTI_RSS\css folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\al\wa\MULTI_RSS folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\al\wa\HIGHLIGHTER\js folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\al\wa\HIGHLIGHTER\css folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\al\wa\HIGHLIGHTER folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\al\wa\EMAIL_NOTIFIER\js folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\al\wa\EMAIL_NOTIFIER\css folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\al\wa\EMAIL_NOTIFIER folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\al\wa\APPLICATION_BUTTON\resources folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\al\wa\APPLICATION_BUTTON\Js folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\al\wa\APPLICATION_BUTTON folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\al\wa folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\al\ui\menu\js folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\al\ui\menu\img folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\al\ui\menu\css folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\al\ui\menu folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\al\ui\gf\js folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\al\ui\gf\img folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\al\ui\gf\css folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\al\ui\gf folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\al\ui\gadgetFrame folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\al\ui\dlg\ftd\images folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\al\ui\dlg\ftd folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\al\ui\dlg folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\al\ui folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\al\sp\spsd\images folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\al\sp\spsd folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\al\sp\spbd\images folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\al\sp\spbd folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\al\sp\js folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\al\sp folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\al\options\js\resources folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\al\options\js folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\al\options\images folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\al\options\css folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\al\options folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\al\msd folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\al\api folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\al\ac\res folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\al\ac\img folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\al\ac\css folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\al\ac folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\al\aboutBox\js folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\al\aboutBox\images folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\al\aboutBox folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb\al folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\tb folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\logic\uninstall\dialog\js folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\logic\uninstall\dialog\images folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\logic\uninstall\dialog\css folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\logic\uninstall\dialog folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\logic\uninstall folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content\logic folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000\content folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome\CT3303000 folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\chrome folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677} folder moved successfully.
File C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\[email protected] not found.
File C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions\[email protected] not found.
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\searchplugins\conduit.xml moved successfully.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to change the HomePage.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{37483b40-c254-4a72-bda4-22ee90182c1e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37483b40-c254-4a72-bda4-22ee90182c1e}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{37a7edb7-afda-4373-9865-02bf8160e677}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37a7edb7-afda-4373-9865-02bf8160e677}\ not found.
File C:\Program Files (x86)\Vafmusic7\prxtbVafm.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}\ deleted successfully.
File C:\Users\Sarah\AppData\Roaming\defaulttab\defaulttab\DefaultTabBHO.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B6EF6C45-5E8D-4c3b-B580-A5073261A381}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B6EF6C45-5E8D-4c3b-B580-A5073261A381}\ not found.
File C:\Program Files (x86)\RewardsArcadeSuite\RewardsArcadeSuite.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{37483b40-c254-4a72-bda4-22ee90182c1e} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37483b40-c254-4a72-bda4-22ee90182c1e}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{37a7edb7-afda-4373-9865-02bf8160e677} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37a7edb7-afda-4373-9865-02bf8160e677}\ not found.
File C:\Program Files (x86)\Vafmusic7\prxtbVafm.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ not found.
File C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd. not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtectAll not found.
File C:\Program Files (x86)\SearchProtect\bin\cltmng.exe not found.
Registry value HKEY_USERS\S-1-5-21-2789968882-3570388344-1764720213-1001\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtect not found.
File C:\Users\Sarah\AppData\Roaming\SearchProtect\bin\cltmng.exe not found.
Registry key HKEY_USERS\S-1-5-21-2789968882-3570388344-1764720213-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\genieo.com\yahoo\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2789968882-3570388344-1764720213-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\* deleted successfully.
Invalid CLSID key: *
Folder C:\Program Files (x86)\SearchProtect\ not found.
C:\ProgramData\Conduit\IE\CT3303000 folder moved successfully.
C:\ProgramData\Conduit\IE folder moved successfully.
C:\ProgramData\Conduit folder moved successfully.
Folder C:\Program Files (x86)\Vafmusic7\ not found.
C:\Program Files (x86)\Conduit\CT3303000\plugins folder moved successfully.
C:\Program Files (x86)\Conduit\CT3303000 folder moved successfully.
C:\Program Files (x86)\Conduit\Community Alerts folder moved successfully.
C:\Program Files (x86)\Conduit folder moved successfully.
Folder C:\Users\Sarah\AppData\Roaming\SearchProtect\ not found.
Folder C:\Program Files (x86)\DefaultTab\ not found.
Folder C:\Program Files (x86)\SaltarSmart\ not found.
Folder C:\Users\Sarah\AppData\Roaming\defaulttab\ not found.
C:\Users\Sarah\AppData\Roaming\Babylon folder moved successfully.
Folder C:\Users\Sarah\AppData\Roaming\defaulttab\ not found.
Folder C:\Users\Sarah\AppData\Roaming\SearchProtect\ not found.
C:\Users\Sarah\AppData\Roaming\SpecialSavings folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Sarah
->Temp folder emptied: 851669172 bytes
->Temporary Internet Files folder emptied: 121957307 bytes
->Java cache emptied: 361364 bytes
->FireFox cache emptied: 32500276 bytes
->Google Chrome cache emptied: 42351981 bytes
->Flash cache emptied: 2510703 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 450741188 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 122463993 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,549.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10152013_111418

Files\Folders moved on Reboot...
C:\Users\Sarah\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[tdjone813]

Adw cleaner log post

# AdwCleaner v3.007 - Report created 15/10/2013 at 11:39:46
# Updated 09/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Sarah - SARAH-HP
# Running from : C:\Users\Sarah\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\IBUpdaterService
Folder Deleted : C:\Program Files (x86)\Search Results Toolbar
Folder Deleted : C:\Program Files (x86)\Smiley Bar for Facebook
Folder Deleted : C:\Program Files (x86)\SpecialSavings
Folder Deleted : C:\Program Files (x86)\NCH_EN
Folder Deleted : C:\Users\Sarah\AppData\Local\apn
Folder Deleted : C:\Users\Sarah\AppData\Local\Babylon
Folder Deleted : C:\Users\Sarah\AppData\Local\Conduit
Folder Deleted : C:\Users\Sarah\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Sarah\AppData\LocalLow\ilividtoolbarguid
Folder Deleted : C:\Users\Sarah\AppData\LocalLow\NCH_EN
Folder Deleted : C:\Users\Sarah\AppData\Roaming\StatusWinks
Folder Deleted : C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\Smartbar
Folder Deleted : C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\edakhebdfmenljamaknlnnallmchcdei
File Deleted : C:\END
File Deleted : C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\user.js
File Deleted : C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Deleted : C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Key Deleted : HKCU\Software\Google\Chrome\Extensions\edakhebdfmenljamaknlnnallmchcdei
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\edakhebdfmenljamaknlnnallmchcdei
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3303000
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B6EF6C45-5E8D-4C3B-B580-A5073261A381}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B6EF6C45-5E8D-4C3B-B580-A5073261A381}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\NCH_EN
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NCH_EN Toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16502


-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\prefs.js ]

Line Deleted : user_pref("CT3303000.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3303000.FF19Solved", "true");
Line Deleted : user_pref("CT3303000.FirstTime", "true");
Line Deleted : user_pref("CT3303000.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3303000.UserID", "UN24714482814009238");
Line Deleted : user_pref("CT3303000.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3303000.countryCode", "US");
Line Deleted : user_pref("CT3303000.embeddedsData", "[{\"appId\":\"130136188917021865\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Deleted : user_pref("CT3303000.fixPageNotFoundErrorByUser", "TRUE");
Line Deleted : user_pref("CT3303000.fullUserID", "UN24714482814009238.IN.20131009145226");
Line Deleted : user_pref("CT3303000.installDate", "09/10/2013 14:52:43");
Line Deleted : user_pref("CT3303000.installSessionId", "{ABDFDCC3-530A-4C8B-842A-CF886C81B909}");
Line Deleted : user_pref("CT3303000.installSp", "TRUE");
Line Deleted : user_pref("CT3303000.installUsageEarly", "2013-10-09T22:13:26.2145607+03:00");
Line Deleted : user_pref("CT3303000.installerVersion", "1.7.1.4");
Line Deleted : user_pref("CT3303000.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3303000.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3303000.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3303000.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3303000.keyword", "true");
Line Deleted : user_pref("CT3303000.lastVersion", "10.20.1.508");
Line Deleted : user_pref("CT3303000.mam_gk_installer_preapproved.enc", "VFJVRQ==");
Line Deleted : user_pref("CT3303000.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"about%3Asessionrestore\",\"EB_MAIN_FRAME_TITLE\":\"Restore%20Session\",\"EB_SEARCH_TERM\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp:/[...]
Line Deleted : user_pref("CT3303000.originalHomepage", "about:home");
Line Deleted : user_pref("CT3303000.originalSearchAddressUrl", "");
Line Deleted : user_pref("CT3303000.originalSearchEngine", "");
Line Deleted : user_pref("CT3303000.originalSearchEngineName", "");
Line Deleted : user_pref("CT3303000.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT3303000.searchRevert", "false");
Line Deleted : user_pref("CT3303000.searchSuggestEnabledByUser", "TRUE");
Line Deleted : user_pref("CT3303000.searchUserMode", "2");
Line Deleted : user_pref("CT3303000.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3303000.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3303000\"}");
Line Deleted : user_pref("CT3303000.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://Vafmusic7.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT3303000.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"Vafmusic7 \"}");
Line Deleted : user_pref("CT3303000.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3303000.serviceLayer_services_Configuration_lastUpdate", "1381346005967");
Line Deleted : user_pref("CT3303000.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1381346014807");
Line Deleted : user_pref("CT3303000.serviceLayer_services_appsMetadata_lastUpdate", "1381346014493");
Line Deleted : user_pref("CT3303000.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1381346013477");
Line Deleted : user_pref("CT3303000.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1381346006078");
Line Deleted : user_pref("CT3303000.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1381346014177");
Line Deleted : user_pref("CT3303000.serviceLayer_services_searchAPI_lastUpdate", "1381346007182");
Line Deleted : user_pref("CT3303000.serviceLayer_services_serviceMap_lastUpdate", "1381346005258");
Line Deleted : user_pref("CT3303000.serviceLayer_services_setupAPI_lastUpdate", "1381346006481");
Line Deleted : user_pref("CT3303000.serviceLayer_services_toolbarContextMenu_lastUpdate", "1381346013170");
Line Deleted : user_pref("CT3303000.serviceLayer_services_toolbarSettings_lastUpdate", "1381346008079");
Line Deleted : user_pref("CT3303000.serviceLayer_services_translation_lastUpdate", "1381346014692");
Line Deleted : user_pref("CT3303000.settingsINI", true);
Line Deleted : user_pref("CT3303000.showToolbarPermission", "false");
Line Deleted : user_pref("CT3303000.smartbar.CTID", "CT3303000");
Line Deleted : user_pref("CT3303000.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3303000.smartbar.homepage", "true");
Line Deleted : user_pref("CT3303000.smartbar.toolbarName", "Vafmusic7 ");
Line Deleted : user_pref("CT3303000.versionFromInstaller", "10.20.1.8");
Line Deleted : user_pref("CT3303000.xpeMode", "0");
Line Deleted : user_pref("CT3303000_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1381345998483,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3303000&CUI=UN24714482814009238&UM=2&SearchSource=13&UP=SP7E404748-36F6-4B65-90B2-8BB64F7BAAE9");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3303000");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3303000&CUI=UN24714482814009238&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3303000&CUI=UN24714482814009238&UM=2[...]
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3303000&SearchSource=2&CUI=UN24714482814009238&UM=2&q=");
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3303000");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3303000");
Line Deleted : user_pref("smartbar.machineId", "7F0FAEX6JIBPIZQBHKRMOIKUR9FRXVSQI+S9SHVEKYX6PQK8ZNRA7L4J5V+YPSBM0EAYGU8OGZ4ANX02SSVHPG");

-\\ Google Chrome v

[ File : C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : icon_url
Deleted : search_url
Deleted : suggest_url
Deleted : keyword

*************************

AdwCleaner[R0].txt - [14067 octets] - [15/10/2013 11:33:42]
AdwCleaner[S0].txt - [13932 octets] - [15/10/2013 11:39:46]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [13993 octets] ##########

[tdjone813]

Junkware Removal Tool Log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.4 (10.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Sarah on Tue 10/15/2013 at 11:49:47.24
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{38495740-0035-4471-851E-F5BBB86AB085}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{4D79A82F-7350-44FC-A884-2572B3D0CCEC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E59F3F0D-2F9A-41DB-BB93-898062EAD357}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{E59F3F0D-2F9A-41DB-BB93-898062EAD357}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Sarah\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\Sarah\appdata\local\filetypeassistant"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{190E2E60-5CD1-4D80-BD5C-49C7C4E68CF5}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{2712914D-A98E-4F02-BC7B-280781988FCC}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{2F94AEC0-DCFC-49B0-B651-0803164B6463}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{426A12D1-85BB-4611-9C1D-6CD977ECC0FD}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{56AEFB34-9D24-4852-B6D5-A59C4C1B2960}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{776F1019-D3E9-44DB-9847-154B6DAC89F3}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{77C0E540-A01F-4946-A840-CF7A919239C9}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{903D9D13-3C84-4C70-85D0-22555D65D4BC}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{A268224D-FBC1-4C55-B109-907460B3DF99}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{A29829A3-7577-4C32-9B76-283F230BCF3E}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{E61B42B4-5A78-4D7F-9889-09C7DA9F9BC5}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{E80D7CEB-A3F0-491F-B9CE-CBF731C126B0}



~~~ FireFox

Successfully deleted: [Folder] C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\5ppafeze.default\extensions\staged



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 10/15/2013 at 12:18:14.04
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[tdjone813]

OTL Quick Scan Log

OTL logfile created on: 10/15/2013 12:21:07 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sarah\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.60 Gb Total Physical Memory | 0.45 Gb Available Physical Memory | 27.95% Memory free
3.21 Gb Paging File | 1.46 Gb Available in Paging File | 45.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 214.16 Gb Total Space | 162.25 Gb Free Space | 75.76% Space Free | Partition Type: NTFS
Drive D: | 14.56 Gb Total Space | 1.62 Gb Free Space | 11.12% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 1.08 Gb Free Space | 27.38% Space Free | Partition Type: FAT32

Computer Name: SARAH-HP | User Name: Sarah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/14 20:01:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sarah\Downloads\OTL.exe
PRC - [2013/07/09 01:02:42 | 000,348,384 | ---- | M] () -- C:\Users\Sarah\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsApp.exe
PRC - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2013/05/21 00:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ccsvchst.exe
PRC - [2013/04/02 13:41:44 | 037,904,960 | ---- | M] (ooVoo LLC) -- C:\Program Files (x86)\ooVoo\ooVoo.exe
PRC - [2012/10/19 14:51:08 | 000,395,200 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2012/10/15 11:58:22 | 000,779,200 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
PRC - [2012/02/15 12:58:00 | 000,577,408 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2012/02/15 12:58:00 | 000,034,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2011/08/19 14:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2011/06/28 05:41:08 | 000,168,504 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
PRC - [2011/06/15 20:58:28 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/02/25 13:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/12/27 19:30:00 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
PRC - [2010/11/26 10:09:12 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
PRC - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2009/04/23 07:29:18 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2009/04/23 07:29:14 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/14 20:40:23 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9a1bc983c28c695729b3e46acdc6933e\System.Management.ni.dll
MOD - [2013/10/03 02:03:05 | 000,415,184 | ---- | M] () -- C:\Users\Sarah\AppData\Local\Google\Chrome\Application\30.0.1599.69\ppgooglenaclpluginchrome.dll
MOD - [2013/10/03 02:03:03 | 004,055,504 | ---- | M] () -- C:\Users\Sarah\AppData\Local\Google\Chrome\Application\30.0.1599.69\pdf.dll
MOD - [2013/10/03 02:02:12 | 000,698,832 | ---- | M] () -- C:\Users\Sarah\AppData\Local\Google\Chrome\Application\30.0.1599.69\libglesv2.dll
MOD - [2013/10/03 02:02:11 | 000,099,792 | ---- | M] () -- C:\Users\Sarah\AppData\Local\Google\Chrome\Application\30.0.1599.69\libegl.dll
MOD - [2013/10/03 02:02:09 | 001,604,560 | ---- | M] () -- C:\Users\Sarah\AppData\Local\Google\Chrome\Application\30.0.1599.69\ffmpegsumo.dll
MOD - [2013/09/02 12:59:16 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\764054efc88f51b54c8d7e44df26b671\System.Data.ni.dll
MOD - [2013/09/02 12:56:38 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\28ea347a952d20959ac6ae02d7457d39\System.Windows.Forms.ni.dll
MOD - [2013/09/02 12:56:01 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/09/02 12:54:27 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/09/02 12:53:19 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\8f7d83126a3cf283e5ac97f2d6d99f12\System.Configuration.ni.dll
MOD - [2013/09/02 12:53:15 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/07/15 21:57:08 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\8c20095bd7d46cdfa7933eb258a07daa\Accessibility.ni.dll
MOD - [2013/07/15 21:54:56 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/07/09 01:02:42 | 000,348,384 | ---- | M] () -- C:\Users\Sarah\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsApp.exe
MOD - [2013/01/28 13:08:56 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/01/28 13:08:28 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/05/30 10:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\wincfi39.dll
MOD - [2010/11/20 23:24:08 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009/04/16 14:02:16 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/06/17 02:05:20 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/06/17 01:20:20 | 000,365,568 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2010/10/11 05:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/11/17 21:14:00 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2013/08/14 13:55:29 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/05/21 00:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe -- (N360)
SRV - [2012/10/19 14:51:08 | 000,395,200 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2012/10/15 11:58:22 | 000,779,200 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/15 12:58:00 | 000,034,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011/03/02 00:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 13:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/12/27 19:30:00 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010/11/26 10:09:12 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/07/17 20:42:57 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/06/26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 19:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 19:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2013/05/23 01:25:28 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symefa64.sys -- (SymEFA)
DRV:64bit: - [2013/05/21 01:02:00 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symds64.sys -- (SymDS)
DRV:64bit: - [2013/05/16 01:02:14 | 000,796,760 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013/04/24 20:43:56 | 000,433,752 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symnets.sys -- (SymNetS)
DRV:64bit: - [2013/04/15 22:41:14 | 000,169,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\ccsetx64.sys -- (ccSet_N360)
DRV:64bit: - [2013/03/04 21:21:36 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/27 23:05:22 | 000,224,416 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/14 23:53:02 | 001,813,056 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2011/07/06 21:11:20 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/07/06 21:11:20 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/06/17 06:50:58 | 009,359,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/06/17 01:27:42 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/06/09 22:19:54 | 001,451,056 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/04/15 18:37:50 | 000,079,488 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011/04/15 18:37:50 | 000,040,064 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2011/03/05 03:16:00 | 000,436,840 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/02/15 14:37:00 | 000,335,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2010/11/29 08:50:38 | 000,044,672 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/07/28 12:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/02/18 12:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 20:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 16:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013/09/24 00:37:14 | 001,525,848 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130924.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/09/02 12:32:43 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130927.018\ex64.sys -- (NAVEX15)
DRV - [2013/09/02 12:32:40 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130927.018\eng64.sys -- (NAVENG)
DRV - [2013/08/27 14:22:46 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013/08/27 14:22:46 | 000,140,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/08/25 19:30:14 | 000,520,280 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130927.002\IDSviA64.sys -- (IDSVia64)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{E59F3F0D-2F9A-41DB-BB93-898062EAD357}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sarah\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sarah\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ [2013/10/15 11:46:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn\ [2013/04/02 20:10:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/09/02 13:25:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\Mozilla\Extensions
[2013/10/15 12:15:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\extensions
[2012/02/28 21:15:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/09/02 13:24:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/09/02 13:24:59 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Ask (Enabled)
CHR - default_search_provider: search_url = http://websearch.ask...q={searchTerms}
CHR - default_search_provider: suggest_url = http://ss.websearch....q={searchTerms},
CHR - Extension: Google Docs = C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: Google Search = C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: Skype Click to Call = C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_1\
CHR - Extension: Norton Identity Protection = C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.3.4_1\
CHR - Extension: Chrome In-App Payments service = C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_1\
CHR - Extension: Gmail = C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\

O1 HOSTS File: ([2013/10/15 11:16:36 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe File not found
O4 - HKLM..\Run: [EKStatusMonitor] C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPQuickWebProxy] C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [HP Deskjet 3510 series (NET)] C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKCU..\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe (ooVoo LLC)
O4 - Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts App.lnk = C:\Users\Sarah\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsApp.exe ()
O4 - Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts.lnk = C:\Users\Sarah\AppData\Local\SevereWeatherAlerts\SevereWeatherAlerts.exe (Weather Notifications, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6C4E4336-ADC9-44E9-B695-60D3071EA01D}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{9581de0b-ea57-11e1-a685-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9581de0b-ea57-11e1-a685-806e6f6e6963}\Shell\AutoRun\command - "" = G:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/15 11:49:39 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/10/15 11:29:11 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/10/15 11:14:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/10/09 14:51:22 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\Weather_Notifications,_LL
[2013/10/09 14:50:46 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Severe Weather Alerts
[2013/10/09 14:50:45 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\SevereWeatherAlerts

========== Files - Modified Within 30 Days ==========

[2013/10/15 12:26:01 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2789968882-3570388344-1764720213-1001UA.job
[2013/10/15 11:51:05 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/15 11:51:05 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/15 11:43:34 | 000,001,934 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3510 series (Network).lnk
[2013/10/15 11:42:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/15 11:42:41 | 1292,034,048 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/15 11:16:36 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/10/14 23:20:06 | 000,000,512 | ---- | M] () -- C:\Users\Sarah\Desktop\MBR.dat
[2013/10/14 20:31:09 | 000,002,368 | ---- | M] () -- C:\Users\Sarah\Desktop\Google Chrome.lnk
[2013/10/14 20:26:24 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2789968882-3570388344-1764720213-1001Core.job
[2013/10/09 14:51:34 | 000,000,258 | RHS- | M] () -- C:\Users\Sarah\ntuser.pol
[2013/10/09 14:50:52 | 000,002,163 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts App.lnk
[2013/10/09 14:50:50 | 000,001,220 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts.lnk
[2013/09/29 05:01:42 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSarah.job
[2013/09/28 15:17:29 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSARAH-HP$.job

========== Files Created - No Company Name ==========

[2013/10/14 23:18:11 | 000,000,512 | ---- | C] () -- C:\Users\Sarah\Desktop\MBR.dat
[2013/10/09 14:51:33 | 000,000,258 | RHS- | C] () -- C:\Users\Sarah\ntuser.pol
[2013/10/09 14:50:50 | 000,002,163 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts App.lnk
[2013/10/09 14:50:49 | 000,001,220 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts.lnk
[2013/08/02 16:26:48 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/01/26 14:38:28 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012/04/17 16:53:58 | 000,014,119 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2011/12/31 19:00:59 | 000,006,408 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/01/10 22:47:10 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\BitZipper
[2013/07/21 19:00:27 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Blio
[2012/06/10 11:33:56 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Catalina Marketing Corp
[2012/01/10 23:39:35 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/01/05 22:39:09 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\ID Vault
[2013/06/06 17:28:43 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\MusicOasis
[2011/12/26 21:08:22 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\ooVoo Details
[2012/02/28 23:44:48 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\OpenOffice.org
[2013/05/24 22:25:22 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\SoftGrid Client
[2011/12/25 13:38:20 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Synaptics
[2012/01/04 23:37:51 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Temp
[2012/02/17 21:33:37 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Tific
[2011/12/31 19:03:29 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\TP
[2012/01/15 15:10:56 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



< End of report >




The computer is running a little better, it's still freezing up a little bit but not as much

[pystryker]

The computer is running a little better, it's still freezing up a little bit but not as much

Hello

Your logs are looking good, but we have a few more things to do. Please follow the instructions below.

Please disable your anti-virus protection for the duration of these steps. Please remember to activate them upon completion.


Step 1: Change Chrome's Search Settings

Your search provider in Chrome is set to a adware related site, and we need to change that, plus delete the adware site from the list of providers.

1.) Click on the Chrome menu button on the browser toolbar.

2.) Select Settings.

3.) In the "Search" section, select the search engine you want to use from the menu. If the search engine you want to use doesn't appear in the menu, click Manage search engines.

4.) In the Search Engines dialog that appears, look for and delete any Search Provider labeled Ask

5.) Select the Search Provider you would like and click the Make Default button that appears in the row.



Step 2: Malwarebytes Scan


Please download Malwarebytes' Anti-Malware from Here.

• Double Click mbam-setup.exe to install the application (Windows 7 users, right click and select Run as Administrator.)
• Proceed through the setup
  
  • Choose your language
  • Accept the License Agreement
  • Select Destination Location
  • Select Start Menu Folder
  • Select Addtional Tasks
  • Click Install
  • In the Completeing the Malwarebytes Anti-Malware Setup Wizard Window
    
    • Uncheck Enable free trial of Malwarebytes Anti-Malware PRO
    • Keep the check mark beside Update Malwarebytes' Anti-Malware
    • Keep the check mark beside Launch Malwarebytes' Anti-Malware
  • Click Finish.
  • If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform Quick Scan
• Click Scan. The scan may take some time to finish,so please be patient.
  
  
  
• When the scan is complete, click OK, then Show Results to view the results.
  
  
  
• Make sure that everything is checked, and click Remove Selected.
  
  
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy and Paste the entire report in your next reply.

Step 3: ESET Online Scan


Please note: You can use Internet Explorer or Firefox for this step. Either browser used will have to be ran in admin mode.

Right click on either the Internet Explorer icon or the Firefox icon in the Start Menu or Quick Launch Bar on the Task bar and select Run as Administrator from the menu.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->

• Select the option YES, I accept the Terms of Use then click on Start
  
• When prompted allow the Add-On/Active X to install.
  
• Make sure that the option Remove found threats is NOT checked.
  
• Make sure that the option Scan archives is checked.
  
• Now click on Advanced Settings and select the following:
• Scan for potentially unwanted applications
• Scan for potentially unsafe applications
• Enable Anti-Stealth Technology
  
• Now click on Start
  
• The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  
• When completed the Online Scan will begin automatically. The scan may take several hours.
  
• Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  
• When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  
• Now click on Finish
  
• Use notepad to open the logfile located at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt.
  
• Copy and paste that log as a reply to this topic.

Things I need to see in your next post:

• MBAM Log
  
• ESET Scan Log