Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

got a used computer full of junk need help cleaning please [Solved]

Started by wisdom89 , Mar 07 2014 11:09 AM

  • This topic is locked This topic is locked

#1
wisdom89
Posted 07 March 2014 - 11:09 AM

wisdom89

    Member

  • Member
  • PipPip
  • 11 posts
the computer runs really slow tons of pop ups full of malware


OTL logfile created on: 3/7/2014 9:57:15 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dawn\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16798)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.02 Gb Available Physical Memory | 35.54% Memory free
5.73 Gb Paging File | 3.12 Gb Available in Paging File | 54.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.55 Gb Total Space | 149.21 Gb Free Space | 66.75% Space Free | Partition Type: NTFS

Computer Name: DAWN-PC | User Name: Dawn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/03/07 09:56:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dawn\Downloads\OTL.exe
PRC - [2014/03/05 12:41:31 | 000,193,536 | ---- | M] () -- C:\Program Files\Re-Markable-soft\Re-Markable155.exe
PRC - [2014/02/28 10:19:48 | 003,234,256 | ---- | M] () -- C:\Users\Dawn\AppData\Local\fst_us_7\upfst_us_7.exe
PRC - [2014/01/22 12:19:38 | 003,788,816 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgidsagent.exe
PRC - [2014/01/22 12:17:36 | 004,962,320 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgui.exe
PRC - [2014/01/11 04:29:23 | 000,866,584 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/12/18 12:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/12/06 08:56:38 | 000,223,112 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exe
PRC - [2013/12/05 12:48:12 | 000,680,976 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgemcx.exe
PRC - [2013/11/25 22:03:56 | 000,591,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgcsrvx.exe
PRC - [2013/11/25 22:00:24 | 000,892,944 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgnsx.exe
PRC - [2013/11/13 22:03:10 | 000,729,616 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgrsx.exe
PRC - [2013/11/13 09:37:44 | 000,166,072 | ---- | M] (Local Weather LLC) -- C:\Users\Dawn\AppData\Local\WeatherAlerts\WeatherAlerts.exe
PRC - [2013/10/07 13:50:28 | 000,120,096 | ---- | M] (Sendori, Inc.) -- C:\Program Files\Sendori\SendoriSvc.exe
PRC - [2013/10/07 13:50:28 | 000,083,232 | ---- | M] (Sendori, Inc.) -- C:\Program Files\Sendori\SendoriTray.exe
PRC - [2013/10/07 13:50:24 | 003,623,200 | ---- | M] (Sendori) -- C:\Program Files\Sendori\sndappv2.exe
PRC - [2013/10/07 13:50:24 | 000,022,304 | ---- | M] (sendori) -- C:\Program Files\Sendori\Sendori.Service.exe
PRC - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe
PRC - [2013/08/01 18:52:57 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/11/22 20:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/07/12 10:48:46 | 000,185,856 | ---- | M] () -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
PRC - [2011/04/27 13:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/07 01:16:55 | 005,249,024 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
PRC - [2011/01/07 01:16:55 | 000,040,960 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
PRC - [2011/01/07 01:16:53 | 004,539,392 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
PRC - [2010/10/01 09:48:18 | 000,727,664 | ---- | M] () -- C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe
PRC - [2010/08/19 18:06:56 | 000,487,562 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2010/04/07 06:35:04 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2010/04/07 06:35:04 | 000,229,458 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\stacsv.exe
PRC - [2010/01/15 10:26:52 | 003,873,648 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2009/11/04 15:45:46 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/11/04 15:45:44 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/10/20 09:11:58 | 002,364,704 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2009/10/20 09:11:58 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009/10/20 09:11:58 | 000,595,232 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009/07/13 19:14:28 | 000,646,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\osk.exe
PRC - [2009/03/03 04:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\AEstSrv.exe


========== Modules (No Company Name) ==========

MOD - [2014/02/28 10:19:48 | 003,234,256 | ---- | M] () -- C:\Users\Dawn\AppData\Local\fst_us_7\upfst_us_7.exe
MOD - [2014/02/19 08:25:56 | 013,632,904 | ---- | M] () -- C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\PepperFlash\12.0.0.70\pepflashplayer.dll
MOD - [2014/02/13 03:41:14 | 011,922,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\4b1795df6372b251625f958595e08d3d\System.Web.ni.dll
MOD - [2014/02/13 03:40:46 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\59312674865dc2a19c27f9f460b1673b\System.Runtime.Remoting.ni.dll
MOD - [2014/02/13 03:39:03 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/02/13 03:38:35 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/02/13 03:37:24 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014/02/13 03:37:10 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\f96e07044730442ee1f3dd90db984e6a\System.Configuration.ni.dll
MOD - [2014/02/13 03:37:07 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/02/13 03:36:48 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2014/01/11 04:29:21 | 000,399,640 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.76\ppgooglenaclpluginchrome.dll
MOD - [2014/01/11 04:29:17 | 004,055,320 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.76\pdf.dll
MOD - [2014/01/11 04:28:15 | 000,715,544 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.76\libglesv2.dll
MOD - [2014/01/11 04:28:14 | 000,100,120 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.76\libegl.dll
MOD - [2014/01/11 04:28:11 | 001,634,584 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.76\ffmpegsumo.dll
MOD - [2010/10/01 09:48:18 | 000,727,664 | ---- | M] () -- C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe
MOD - [2009/10/20 09:12:10 | 000,132,384 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll


========== Services (SafeList) ==========

SRV - [2014/03/06 19:18:25 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/03/05 12:41:31 | 000,193,536 | ---- | M] () [Auto | Running] -- C:\Program Files\Re-Markable-soft\Re-Markable155.exe -- (Re-Markable)
SRV - [2014/01/22 12:19:38 | 003,788,816 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/12/18 12:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/10/07 13:50:28 | 000,120,096 | ---- | M] (Sendori, Inc.) [Auto | Running] -- C:\Program Files\Sendori\SendoriSvc.exe -- (Application Sendori)
SRV - [2013/10/07 13:50:24 | 003,623,200 | ---- | M] (Sendori) [Auto | Running] -- C:\Program Files\Sendori\sndappv2.exe -- (sndappv2)
SRV - [2013/10/07 13:50:24 | 000,022,304 | ---- | M] (sendori) [Auto | Running] -- C:\Program Files\Sendori\Sendori.Service.exe -- (Service Sendori)
SRV - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2013/05/26 22:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/07/12 10:48:46 | 000,185,856 | ---- | M] () [Auto | Running] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
SRV - [2011/04/27 13:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 13:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/01/27 03:00:24 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/01/07 01:16:55 | 000,040,960 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2010/04/07 06:35:04 | 000,229,458 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\stacsv.exe -- (STacSV)
SRV - [2009/11/04 15:45:46 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/11/04 15:45:44 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/10/20 09:11:58 | 000,595,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/07/13 19:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 19:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 19:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/03/03 04:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\AEstSrv.exe -- (AESTFilters)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lmimirr.sys -- (lmimirr)
DRV - [2014/01/19 21:46:54 | 000,022,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/11/25 21:56:22 | 000,210,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/11/25 21:56:22 | 000,149,272 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/11/25 21:49:18 | 000,120,600 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgdiskx.sys -- (Avgdiskx)
DRV - [2013/10/31 23:00:28 | 000,176,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/10/31 22:30:08 | 000,222,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/10/01 00:49:38 | 000,102,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/09/10 00:43:20 | 000,027,448 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013/08/01 16:08:52 | 000,193,848 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/04/27 13:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 11:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2011/01/07 01:16:53 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2010/11/20 06:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 06:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 06:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 04:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 03:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 03:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 03:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/09/29 10:38:00 | 000,043,888 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelern.sys -- (Acceler)
DRV - [2010/08/30 21:15:56 | 000,247,808 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2010/08/20 11:04:38 | 000,017,648 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\stdcfltn.sys -- (stdcfltn)
DRV - [2010/08/12 10:50:20 | 000,146,528 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2010/07/30 17:35:30 | 000,021,744 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Running] -- c:\Program Files\Dell Support Center\pcdsrvc.pkms -- (PCDSRVC{E9D79540-57D5953E-06020101}_0)
DRV - [2010/07/01 17:52:18 | 000,044,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2010/04/07 06:35:04 | 000,423,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2010/02/27 09:31:24 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2009/09/17 14:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2009/08/10 13:06:08 | 000,171,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/13 17:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/05/28 10:48:20 | 000,134,144 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CtAudDrv.sys -- (CtAudDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {1930e38a-deef-4cf4-9bfb-9c4ea3689a9d} - C:\Program Files\InternetHelper1.5\prxtbInte.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.helperba...q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.helperba...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.helperba...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.helperba...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.helperba...q={searchTerms}
IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.helperba...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:13828

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "bing"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "bing"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://start.msn.ipl...lay.com/?o=shp"
FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.4.8.20120412011105
FF - prefs.js..extensions.enabledAddons: {336D0C35-8A85-403a-B9D2-65C292C39087}:2.0.0.469
FF - prefs.js..extensions.enabledAddons: [email protected]:3.15.4.100013
FF - prefs.js..keyword.URL: "http://websearch.ask...TES002U2US&&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_154.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Dawn\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012/09/22 19:49:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2014/02/11 21:11:07 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Dawn\AppData\Local\Arcadesafari\[email protected] [2014/03/05 13:08:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Social Privacy\FF\ [2014/01/06 00:01:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{849d5217-0f07-4490-af96-0ce0b116db63}: C:\Program Files\Re-Markable-soft\155.xpi [2014/03/05 12:41:32 | 000,011,416 | ---- | M] ()

[2011/04/21 17:44:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dawn\AppData\Roaming\Mozilla\Extensions
[2014/03/05 10:14:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions
[2012/09/30 13:12:46 | 000,000,000 | ---D | M] (InternetHelper1.5) -- C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}
[2012/05/19 07:02:48 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/09/30 13:13:57 | 000,000,000 | ---D | M] (ShopToWin20) -- C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{a018b213-6b46-4791-9298-519020db5737}
[2014/02/11 16:44:49 | 000,000,000 | ---D | M] ("MediaPlayerEnhance") -- C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com
[2013/12/18 21:29:16 | 000,000,000 | ---D | M] (ScorpionSaver) -- C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\ScorpionSaver@jetpack
[2014/02/13 21:03:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\staged
[2014/02/11 16:44:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData
[2014/02/11 16:44:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins
[2014/02/11 16:44:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\userCode
[2012/09/30 01:33:40 | 000,002,573 | ---- | M] () -- C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\searchplugins\askcom.xml
[2012/09/30 13:19:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/25 00:47:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/11/05 13:42:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/10/03 03:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/05/09 05:24:56 | 000,002,064 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bingober893121.xml

========== Chrome ==========

CHR - default_search_provider: Web (Enabled)
CHR - default_search_provider: search_url = http://feed.helperba...q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - Extension: InternetHelper1.5 = C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.26.9.505_0\
CHR - Extension: InternetHelper1.5 = C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.26.9.505_0\nativeMessaging\nmHost
CHR - Extension: IcouCOnnverTErr = C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdmnamhfocgihbcmmdailjknfehamddf\2.2_0\
CHR - Extension: Google Wallet = C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\

O1 HOSTS File: ([2009/06/10 15:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (InternetHelper1.5 Toolbar) - {1930e38a-deef-4cf4-9bfb-9c4ea3689a9d} - C:\Program Files\InternetHelper1.5\prxtbInte.dll (Conduit Ltd.)
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Social Privacy) - {91FBEA5C-E3C7-42EA-8C2B-B168189AB5BE} - C:\Program Files\Social Privacy\sp.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (InternetHelper1.5 Toolbar) - {1930e38a-deef-4cf4-9bfb-9c4ea3689a9d} - C:\Program Files\InternetHelper1.5\prxtbInte.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {064B7C36-A156-4233-8D06-921F8A60FB6A} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (InternetHelper1.5 Toolbar) - {1930E38A-DEEF-4CF4-9BFB-9C4EA3689A9D} - C:\Program Files\InternetHelper1.5\prxtbInte.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [dnsshield] C:\Program Files\Social Privacy DNS\dnswatch.exe ()
O4 - HKLM..\Run: [FreeFallProtection] C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4 - HKLM..\Run: [fst_us_7] "C:\Program Files\fst_us_7\fst_us_7.exe" File not found
O4 - HKLM..\Run: [Logitech Download Assistant] C:\Windows\System32\LogiLDA.dll (Logitech, Inc.)
O4 - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [Sendori Tray] C:\Program Files\Sendori\SendoriTray.exe (Sendori, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKCU..\Run: [BackgroundContainer] C:\Users\Dawn\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll (Conduit Ltd.)
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_58B6F8ECAF76F56F8565A106D625FE62] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKLM..\RunOnce: [upfst_us_7.exe] C:\Users\Dawn\AppData\Local\fst_us_7\upfst_us_7.exe ()
O4 - Startup: C:\Users\Dawn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Weather Alerts.lnk = C:\Users\Dawn\AppData\Local\WeatherAlerts\WeatherAlerts.exe (Local Weather LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\Sendori.dll (Sendori)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\Sendori.dll (Sendori)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\Sendori.dll (Sendori)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\Sendori.dll (Sendori)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\Sendori.dll (Sendori)
O13 - gopher Prefix: missing
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.2.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF8C5FCB-0DA7-4981-B335-7C705BBC33A9}: DhcpNameServer = 192.168.0.1 205.171.2.65
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E6040A3D-4211-49D4-A601-18EDF38ECC76}: DhcpNameServer = 192.168.0.1 205.171.2.25
O20 - AppInit_DLLs: (C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) - File not found
O20 - AppInit_DLLs: (c:\progra~1\optimi~1\optpro~1.dll) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3bec90c3-92f6-11e3-8e54-c0cb38bf53b8}\Shell - "" = AutoRun
O33 - MountPoints2\{3bec90c3-92f6-11e3-8e54-c0cb38bf53b8}\Shell\AutoRun\command - "" = E:\menu.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/03/07 03:13:08 | 000,000,000 | ---D | C] -- C:\CCE_Quarantine
[2014/03/05 19:12:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/03/05 19:08:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2014/03/05 19:07:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/03/05 12:57:44 | 000,000,000 | ---D | C] -- C:\Users\Dawn\AppData\Roaming\AVG2014
[2014/03/05 12:57:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2014/03/05 12:56:41 | 000,000,000 | -H-D | C] -- C:\$AVG
[2014/03/05 12:56:40 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014
[2014/03/05 12:54:58 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2014/03/05 12:43:43 | 000,000,000 | ---D | C] -- C:\Program Files\LPT
[2014/03/05 12:43:34 | 000,000,000 | ---D | C] -- C:\Users\Dawn\AppData\Local\Avg2014
[2014/03/05 12:42:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Elite Max
[2014/03/05 12:42:15 | 000,000,000 | ---D | C] -- C:\Program Files\Optimizer Elite Max
[2014/03/05 12:41:58 | 000,000,000 | ---D | C] -- C:\Users\Dawn\AppData\Local\LPT
[2014/03/05 12:41:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\free_soft_to_day
[2014/03/05 12:41:57 | 000,000,000 | ---D | C] -- C:\Users\Dawn\AppData\Local\fst_us_7
[2014/03/05 12:41:57 | 000,000,000 | ---D | C] -- C:\Program Files\fst_us_7
[2014/03/05 12:41:55 | 000,000,000 | ---D | C] -- C:\Users\Dawn\AppData\Local\Smartbar
[2014/03/05 12:41:32 | 000,000,000 | ---D | C] -- C:\Program Files\Re-Markable-soft
[2014/03/05 10:17:35 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/03/05 10:07:42 | 000,000,000 | ---D | C] -- C:\Downloads
[2014/02/26 02:17:35 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014/02/13 21:03:09 | 000,000,000 | ---D | C] -- C:\ProgramData\deeaL4me
[2014/02/11 21:11:04 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2014/02/11 21:10:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Visan
[2014/02/11 21:10:57 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Photo Creations
[2014/02/11 21:10:57 | 000,000,000 | ---D | C] -- C:\Program Files\HP Photo Creations
[2014/02/11 21:10:03 | 000,000,000 | ---D | C] -- C:\Users\Dawn\AppData\Roaming\HpUpdate
[2014/02/11 21:09:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2014/02/11 21:08:10 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2014/02/11 21:05:34 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2014/02/11 21:04:48 | 000,000,000 | ---D | C] -- C:\Users\Dawn\AppData\Local\HP
[2014/02/11 17:11:30 | 000,000,000 | ---D | C] -- C:\Program Files\Uninstaller
[2014/02/11 16:57:15 | 000,000,000 | ---D | C] -- C:\Users\Dawn\AppData\Roaming\TuneUp Software
[2014/02/11 16:44:53 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2014/02/11 16:44:52 | 000,000,000 | ---D | C] -- C:\Users\Dawn\AppData\Local\MFAData
[2014/02/11 16:44:52 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2014/02/11 16:44:37 | 000,000,000 | ---D | C] -- C:\Program Files\MediaPlayerEnhance
[2014/02/11 16:41:43 | 000,000,000 | ---D | C] -- C:\Users\Dawn\AppData\Roaming\ValueApps
[2014/02/11 16:39:42 | 000,000,000 | ---D | C] -- C:\Users\Dawn\AppData\Local\Local_Weather_LLC
[2014/02/11 16:39:31 | 000,000,000 | ---D | C] -- C:\Users\Dawn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts
[2014/02/11 16:38:53 | 000,000,000 | ---D | C] -- C:\Users\Dawn\AppData\Local\WeatherAlerts
[1 C:\Users\Dawn\AppData\Local\*.tmp files -> C:\Users\Dawn\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/03/07 10:16:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/03/07 10:13:20 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2014/03/07 09:40:43 | 000,000,458 | ---- | M] () -- C:\Windows\tasks\Arcadesafari.job
[2014/03/07 09:28:01 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/07 08:37:19 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/07 08:37:19 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/07 08:31:00 | 000,001,936 | ---- | M] () -- C:\Users\Dawn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3510 series.lnk
[2014/03/07 08:30:20 | 000,000,374 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2014/03/07 08:29:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/07 08:29:14 | 2307,928,064 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/05 19:18:28 | 000,001,375 | ---- | M] () -- C:\Users\Dawn\Desktop\Continue Java Runtime Environment.lnk
[2014/03/05 12:57:13 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2014/03/05 12:42:21 | 000,000,286 | ---- | M] () -- C:\Windows\tasks\PCHelpers1st.job
[2014/03/05 12:42:18 | 000,000,286 | ---- | M] () -- C:\Windows\tasks\PCHelpers_period.job
[2014/03/05 12:42:16 | 000,001,103 | ---- | M] () -- C:\Users\Public\Desktop\Optimizer Elite Max.lnk
[2014/03/05 12:41:32 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\Re-Markable_wd.job
[2014/03/05 12:41:32 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\Re-Markable Update.job
[2014/03/05 12:37:35 | 000,000,000 | ---- | M] () -- C:\END
[2014/03/05 12:34:24 | 000,001,419 | ---- | M] () -- C:\Users\Dawn\Desktop\Internet Explorer.lnk
[2014/03/05 09:45:30 | 000,001,413 | ---- | M] () -- C:\Users\Dawn\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/03/05 09:33:34 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2014/03/04 23:45:48 | 000,664,750 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/03/04 23:45:48 | 000,123,486 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/02/13 07:00:00 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2014/02/11 21:10:58 | 000,001,955 | ---- | M] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk
[2014/02/11 21:09:39 | 000,002,214 | ---- | M] () -- C:\Users\Public\Desktop\HP Deskjet 3510 series.lnk
[2014/02/11 21:09:39 | 000,001,161 | ---- | M] () -- C:\Users\Public\Desktop\Shop for Supplies - HP Deskjet 3510 series.lnk
[2014/02/11 21:05:20 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[2014/02/11 16:45:06 | 000,001,580 | ---- | M] () -- C:\Windows\tasks\MediaPlayerEnhance-updater.job
[2014/02/11 16:45:03 | 000,001,434 | ---- | M] () -- C:\Windows\tasks\MediaPlayerEnhance-enabler.job
[2014/02/11 16:44:58 | 000,001,536 | ---- | M] () -- C:\Windows\tasks\MediaPlayerEnhance-codedownloader.job
[2014/02/11 16:44:46 | 000,002,368 | ---- | M] () -- C:\Windows\tasks\MediaPlayerEnhance-firefoxinstaller.job
[2014/02/11 16:44:43 | 000,002,406 | ---- | M] () -- C:\Windows\tasks\MediaPlayerEnhance-validator.job
[2014/02/11 16:39:32 | 000,001,148 | ---- | M] () -- C:\Users\Dawn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Weather Alerts.lnk
[1 C:\Users\Dawn\AppData\Local\*.tmp files -> C:\Users\Dawn\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/03/05 19:18:28 | 000,001,375 | ---- | C] () -- C:\Users\Dawn\Desktop\Continue Java Runtime Environment.lnk
[2014/03/05 12:57:13 | 000,000,937 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2014/03/05 12:42:21 | 000,000,286 | ---- | C] () -- C:\Windows\tasks\PCHelpers1st.job
[2014/03/05 12:42:18 | 000,000,286 | ---- | C] () -- C:\Windows\tasks\PCHelpers_period.job
[2014/03/05 12:42:16 | 000,001,103 | ---- | C] () -- C:\Users\Public\Desktop\Optimizer Elite Max.lnk
[2014/03/05 12:41:32 | 000,000,376 | ---- | C] () -- C:\Windows\tasks\Re-Markable_wd.job
[2014/03/05 12:41:32 | 000,000,374 | ---- | C] () -- C:\Windows\tasks\Re-Markable Update.job
[2014/03/05 12:34:24 | 000,001,419 | ---- | C] () -- C:\Users\Dawn\Desktop\Internet Explorer.lnk
[2014/03/05 09:45:30 | 000,001,419 | ---- | C] () -- C:\Users\Dawn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2014/03/05 09:45:30 | 000,001,413 | ---- | C] () -- C:\Users\Dawn\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/03/05 09:33:34 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2014/02/11 21:16:28 | 000,001,936 | ---- | C] () -- C:\Users\Dawn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3510 series.lnk
[2014/02/11 21:10:58 | 000,001,955 | ---- | C] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk
[2014/02/11 21:09:39 | 000,002,214 | ---- | C] () -- C:\Users\Public\Desktop\HP Deskjet 3510 series.lnk
[2014/02/11 21:09:39 | 000,001,161 | ---- | C] () -- C:\Users\Public\Desktop\Shop for Supplies - HP Deskjet 3510 series.lnk
[2014/02/11 21:05:20 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2014/02/11 16:45:06 | 000,001,580 | ---- | C] () -- C:\Windows\tasks\MediaPlayerEnhance-updater.job
[2014/02/11 16:45:03 | 000,001,434 | ---- | C] () -- C:\Windows\tasks\MediaPlayerEnhance-enabler.job
[2014/02/11 16:44:58 | 000,001,536 | ---- | C] () -- C:\Windows\tasks\MediaPlayerEnhance-codedownloader.job
[2014/02/11 16:44:46 | 000,002,368 | ---- | C] () -- C:\Windows\tasks\MediaPlayerEnhance-firefoxinstaller.job
[2014/02/11 16:44:43 | 000,002,406 | ---- | C] () -- C:\Windows\tasks\MediaPlayerEnhance-validator.job
[2014/02/11 16:39:32 | 000,001,148 | ---- | C] () -- C:\Users\Dawn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Weather Alerts.lnk
[2014/01/31 07:40:37 | 000,002,446 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/12/24 22:50:47 | 000,000,632 | RHS- | C] () -- C:\Users\Dawn\ntuser.pol
[2013/12/18 21:28:58 | 000,188,200 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/06/06 17:12:15 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/03/08 09:22:54 | 000,000,107 | ---- | C] () -- C:\Users\Dawn\webct_upload_applet.properties
[2011/01/19 23:31:31 | 000,065,024 | ---- | C] () -- C:\Users\Dawn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2012/09/26 12:45:11 | 000,002,048 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2121746328-1834018783-3590070646-1000\$RA5Y1TM\n.jpg
[2011/04/26 23:10:13 | 000,012,124 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2121746328-1834018783-3590070646-1000\$RSUDDFC\ayf\n.gif
[2009/07/13 22:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 19:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2014/03/05 12:57:45 | 000,000,000 | ---D | M] -- C:\Users\Dawn\AppData\Roaming\AVG2014
[2011/06/06 22:33:17 | 000,000,000 | ---D | M] -- C:\Users\Dawn\AppData\Roaming\FrostWire
[2011/04/21 00:58:09 | 000,000,000 | ---D | M] -- C:\Users\Dawn\AppData\Roaming\Jasc
[2011/02/26 11:33:15 | 000,000,000 | ---D | M] -- C:\Users\Dawn\AppData\Roaming\MusicNet
[2012/07/12 14:28:22 | 000,000,000 | ---D | M] -- C:\Users\Dawn\AppData\Roaming\OpenCandy
[2011/02/06 16:00:22 | 000,000,000 | ---D | M] -- C:\Users\Dawn\AppData\Roaming\PCDr
[2011/05/19 13:17:37 | 000,000,000 | ---D | M] -- C:\Users\Dawn\AppData\Roaming\TS3Client
[2014/02/11 16:57:15 | 000,000,000 | ---D | M] -- C:\Users\Dawn\AppData\Roaming\TuneUp Software
[2013/06/03 09:49:27 | 000,000,000 | ---D | M] -- C:\Users\Dawn\AppData\Roaming\Unity
[2014/02/11 16:41:43 | 000,000,000 | ---D | M] -- C:\Users\Dawn\AppData\Roaming\ValueApps

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:DF9323A5

< End of report >
  • 0

Advertisements

#2
godawgs
Posted 07 March 2014 - 01:58 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello Dawn, :wave: Welcome to the forums!
:welcome:. My name is godawgs and I will be assisting you with your Virus / Malware issues.
I will start working on your Malware issues. This may, or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine!

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.
If you have not, please adhere to the guidelines below and then carefully follow all future instructions:

You must reply to posts within four days. If you haven't replied within that time, the topic will be closed! If you need additional time to complete things, just let me know.
If you're not sure, or if something unexpected happens, Do NOT continue! Stop and ask!

This board can notify you when a new reply is added to a topic. Please read this topic to find out how to do that.

Please do not run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Do as the instructions ask, nothing extra. Do Not run things twice unless instructed.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • If I ask a Question just answer it, don't run anything unless directed to.
Please read every post completely before doing anything.
  • Pay special attention to the NOTE: lines, or anything in red. These entries identify an individual issue or important step in the cleanup process.
  • Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. Some of the steps I will be asking you to do may require you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
Logs from malware diagnostic or removal programs (OTL is one of them) can take some time to analyze.
  • I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forum, (sometimes :lol: )
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
In light of this be prepared to back up your data. Have means of backing up your data available.

IMPORTANT:Change your browser(s) to download any tools to the desktop.
Follow the directions here
For FireFox check the dot beside "Always ask me where to save files."
For Chrome, check the box beside "Ask where to save each file before downloading"
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

When OTL runs the first time it creates a file named Extras.txt. It should be in the same directory you ran OTL from. Please post the contents of that file.


Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
The Extras.txt log
  • 0

#3
wisdom89
Posted 07 March 2014 - 04:24 PM

wisdom89

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Tip: click inside this bOTL Extras logfile created on: 3/7/2014 9:57:15 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dawn\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16798)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.02 Gb Available Physical Memory | 35.54% Memory free
5.73 Gb Paging File | 3.12 Gb Available in Paging File | 54.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.55 Gb Total Space | 149.21 Gb Free Space | 66.75% Space Free | Partition Type: NTFS

Computer Name: DAWN-PC | User Name: Dawn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02D6B733-AE55-4785-80D2-5F9546604CF8}" = rport=445 | protocol=6 | dir=out | app=system |
"{06B6C43A-3835-488A-B1A3-F5F0C42A7D76}" = rport=137 | protocol=17 | dir=out | app=system |
"{06D07412-C919-4EE1-8BB6-E8D284F62ECC}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{0B35355F-2B75-4321-ACA0-2BA5D909801B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{14869838-DAE8-4F9F-B3B1-355454965C51}" = lport=137 | protocol=17 | dir=in | app=system |
"{1BD2A2D1-56CF-4C8F-8089-12E4A712000E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1DE319EA-75F2-4231-80FB-22D030DF1E87}" = rport=139 | protocol=6 | dir=out | app=system |
"{25C8A0C9-9961-431E-8A10-B8BC8A9E3ED7}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{2D411955-2137-4017-AFCE-7AB95923AE20}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2DCAF7E2-C766-4240-923E-26945A1CF0E4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{364450A5-E055-438D-BAF2-8159E93BC16E}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{3BE9DA63-F701-4648-A591-2F287596B27F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{44CB0F15-CED4-43CE-8DF7-54DDB69D8302}" = lport=138 | protocol=17 | dir=in | app=system |
"{4F5CB55F-27B7-474E-A08A-C0E8F8889CD9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{51E1C1B2-C7BD-4405-B61F-7F5B43C72C14}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5CDF5F15-0500-4CF3-B329-997B39DE3AE4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5D32FDCC-EB64-4E5E-B9D8-1871B5FBF084}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{5D38B9EF-44BB-4514-87A8-2F63ACE554B7}" = rport=2869 | protocol=6 | dir=out | app=system |
"{70B94935-862D-4C44-933C-CB1B5900B19C}" = lport=139 | protocol=6 | dir=in | app=system |
"{7A2F0BB8-48CB-42C1-8664-E174A8F01C68}" = rport=10243 | protocol=6 | dir=out | app=system |
"{7DA6CE8E-2A97-4E2B-9EDA-7132F15A97D6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{82B49C90-2CEC-4DB9-9E83-B3F1FBF7F4DA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{85E02876-B635-45CD-ABF8-5FC4270DEA86}" = lport=10243 | protocol=6 | dir=in | app=system |
"{861A757B-8242-4F9B-8AC6-AB8F1A23CD47}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8DD54C42-B97B-4F62-B983-637F8048EEAA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{96F3C21C-206C-442C-8D73-02882B7885F4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{97C10EB8-A1DB-4A50-983E-477C10C68831}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{A4D6522A-9473-4BFA-B8FF-BF6E0D7699A2}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{AA7BE884-B55B-489C-9BF6-C30D8D45E162}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AAF4EE89-E4D8-4980-99BB-C346DCD00F33}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{ABFA6DCC-E547-48C7-8306-0CF7BE8ABDB1}" = lport=445 | protocol=6 | dir=in | app=system |
"{AE1FB9D1-F386-47D6-9D81-94E21430E95C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{AE81A7A3-19EF-474D-B9FE-28847F542DB3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{BD363243-E8CE-4115-8437-544C807C31AC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BE965B58-5D42-41FE-97C3-F7B75B493F71}" = rport=138 | protocol=17 | dir=out | app=system |
"{C216FCDA-7CBF-4D0A-8541-CB75CE4E067B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DD2803E3-47DC-47B5-A45F-7B9A74DA869F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DD5FE22F-EC84-477D-8E74-02326DCBE72E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{E54CB0EE-7643-4555-8D7F-65465034E518}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{E7F9CEE8-304B-40F0-A10A-0B04FB1FCEE8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E80717EB-BF1A-4C04-99F8-F203CFD61524}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FE8CAAF8-CE03-4C80-8DFE-A7257CD0899F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0423C109-EFE0-495C-9775-44BD082A95D9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0D63DCC1-857C-4230-9513-94A9BD589731}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{10A6C632-6B8C-4013-9F3F-F8B03E8A249C}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgmfapx.exe |
"{1403435B-C025-43B8-AFDA-CD3068B84734}" = dir=in | app=c:\program files\hp\hp deskjet 3510 series\bin\devicesetup.exe |
"{151E5D3C-0AF6-45D3-9136-347360A6CD99}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{15798360-C199-4C57-8B01-94B6B918D747}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{1D0F7A3C-7451-4396-ACF5-498FDB3AB127}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgmfapx.exe |
"{22A9D2E2-4142-400D-952D-13ED6F642B89}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{2615F7EE-EB59-44BE-830F-166D3244C127}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgnsx.exe |
"{2E7ECE56-2807-4205-8BA1-3BF552082412}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{32056994-0F76-4171-9E0D-B171BF8C08EB}" = protocol=17 | dir=in | app=c:\users\dawn\appdata\local\microsoft\windows\temporary internet files\content.ie5\u91r0qm5\sweetimsetup[1].exe |
"{359A5C30-ABDA-4261-8E0D-019A77C7B736}" = protocol=6 | dir=in | app=c:\users\dawn\appdata\local\microsoft\windows\temporary internet files\content.ie5\me8nwhnp\sweetimsetup[1].exe |
"{3A783A56-85AD-427A-A181-4D4F97B4230A}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{3E7D95A6-FE4B-4133-BA7A-E8E24AD63923}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgdiagex.exe |
"{43C7B375-5B09-49DD-A49C-6F29953BB43B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{490D7D2A-B98D-4912-91A1-C387AC7C15EE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{49CBC7A5-361C-46F7-BA1B-FDC98EC625F2}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{4AC4710F-8A5E-40E8-A933-406BAC6F2C4C}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{4C801115-C903-4A1A-B007-AE77B80721DD}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgemcx.exe |
"{4D0915F7-3BE8-48FB-9433-7BE197021ABC}" = protocol=58 | dir=in | [email protected],-148 |
"{51ABE8DA-5B05-4777-8F71-32A6B02EADF0}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgnsx.exe |
"{53F59A96-DA7C-4E33-9B29-FA166038C519}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{56A15B3A-EA7C-4C2B-BB61-7F5F1C5182E6}" = protocol=17 | dir=in | app=c:\users\dawn\appdata\local\microsoft\windows\temporary internet files\content.ie5\me8nwhnp\sweetimsetup[1].exe |
"{58163982-53F1-4DE6-B740-D0F55038E2C4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{60E3ED94-CFE6-48B7-A1A9-82D938BC39D4}" = protocol=17 | dir=in | app=c:\users\dawn\appdata\local\microsoft\windows\temporary internet files\content.ie5\2z2k57d1\sweetimsetup[1].exe |
"{62004620-869A-41D5-8ABF-55FBB3F4580C}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{680161B8-3BBA-4AF7-9C83-F34F2188856B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{69E95160-AD4E-4567-B595-FF9C9F3C3D33}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{7345F4CE-350E-4D81-9555-E43C7CB17E32}" = dir=in | app=c:\program files\hp\hp deskjet 3510 series\bin\hpnetworkcommunicatorcom.exe |
"{78FC5960-767E-4CDB-87E4-82F1CE9F3A3D}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{79432B49-F455-45D8-833C-B9E7BB04419C}" = protocol=6 | dir=in | app=c:\users\dawn\appdata\local\microsoft\windows\temporary internet files\content.ie5\x22m4mjy\sweetimsetup[1].exe |
"{811AAFBE-EE1B-4C2C-9F52-5053FB9486F3}" = protocol=6 | dir=out | app=system |
"{81314FF5-157C-49EF-84D2-9D60546E2617}" = protocol=58 | dir=in | [email protected],-28545 |
"{84A94032-0807-468A-8086-D5108B28709C}" = protocol=17 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |
"{8ABEA232-C8DD-4935-9265-A4E2A4D5962C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8E89DB61-75F5-4D0A-AB52-E08652239E51}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgemcx.exe |
"{92AACF50-3668-4B17-9A77-7C5EFBC32B2A}" = protocol=17 | dir=in | app=c:\users\dawn\appdata\local\microsoft\windows\temporary internet files\content.ie5\x22m4mjy\sweetimsetup[2].exe |
"{942E65BA-3FB8-4D44-8850-DA7417916816}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{94DA6A55-3D1C-4D83-B622-EB828E098A13}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgdiagex.exe |
"{95DC79CF-26D7-41D6-8F6F-60A84134169D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9A203537-1E60-41C4-8378-6A437C85C0AE}" = protocol=6 | dir=in | app=c:\users\dawn\appdata\local\microsoft\windows\temporary internet files\content.ie5\u91r0qm5\sweetimsetup[1].exe |
"{A1141C23-8F27-47A6-8891-73C1670F24B6}" = protocol=58 | dir=out | [email protected],-28546 |
"{A12D5EC1-3478-4AA9-9E8E-A90D6F8581D6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{A1DB86AB-4D93-4B16-8986-A76173CCBA00}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A33D2F98-7FA3-4F66-92AE-797BF84B24D5}" = dir=in | app=c:\program files\hp\hp deskjet 3510 series\bin\hpnetworkcommunicator.exe |
"{A6253A1D-02AF-4EA3-AB68-6F4231902057}" = protocol=1 | dir=out | [email protected],-28544 |
"{B40A025D-01B0-4FD7-B73B-1DBC2E4E0B90}" = protocol=6 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |
"{C98FD8B6-AF92-4CFE-AE74-5B3A2020130C}" = protocol=17 | dir=in | app=c:\users\dawn\appdata\local\microsoft\windows\temporary internet files\content.ie5\x22m4mjy\sweetimsetup[1].exe |
"{C9E0F265-2B44-443D-9687-6E54AAFDA007}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CD887645-4199-4125-A09E-2DBFD1009A88}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D44B3142-6754-49E9-A387-D0FA3DC7792D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D6D0C078-9DD2-4521-9F18-A0C0D48271EC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DAD6539A-1DEE-4E0C-84F2-6B6CECE198D8}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{DB252153-CE3D-4566-830B-F1AE41A165F2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E02D6347-7BAA-41D3-9E8E-4904E801A6FD}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{E37CA94E-8636-4F4F-9D87-4250292C5A05}" = protocol=6 | dir=in | app=c:\users\dawn\appdata\local\microsoft\windows\temporary internet files\content.ie5\x22m4mjy\sweetimsetup[2].exe |
"{E7BB9777-7E0A-4EDC-83DA-4BAB7098F2C9}" = protocol=1 | dir=in | [email protected],-28543 |
"{E8C719F3-BACA-4BB4-9E34-A2CE2002260E}" = protocol=6 | dir=in | app=c:\users\dawn\appdata\local\microsoft\windows\temporary internet files\content.ie5\2z2k57d1\sweetimsetup[1].exe |
"{ECE84305-84A8-4FF6-A52E-2ACFC6948CBD}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{FB93E7E4-6742-4D6C-936B-DA618A282859}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{1F5597A3-225C-4BFA-B275-66F05F364D8E}C:\program files\frostwire 5\frostwire.exe" = protocol=6 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |
"TCP Query User{293C3417-D80B-4323-A71C-B4C336D49C4A}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{59093FAE-FD58-409A-A450-C87E9692D325}C:\program files\frostwire\frostwire.exe" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"TCP Query User{A9E3D01B-4CE2-4860-89A7-3DAA62328AEA}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"UDP Query User{3095A3A8-61D8-4D5D-B80E-61F9D1838976}C:\program files\frostwire\frostwire.exe" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"UDP Query User{A743FA5B-CAEB-4111-9600-6A43E6197AA2}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"UDP Query User{DC252762-5FD5-4CA4-B7BA-ADC613ABE993}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{E9C73100-9E11-4F03-BA3C-D561AEE34C58}C:\program files\frostwire 5\frostwire.exe" = protocol=17 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE 10.3
"{09854D8E-46B5-057B-5B6E-BFD2A04AD5AB}" = deeaL4me
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83217051FF}" = Java 7 Update 51
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.469
"{34371C5D-866E-462F-896A-BA75EC0EEDAE}" = AVG 2014
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4688EB75-28E2-4731-9BCB-55E624F7CD45}" = Dell Backup and Recovery Manager
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7C4196CA-CA41-4F34-9C08-7724E7705D52}" = Jasc Animation Shop 3
"{7E5F00AA-70BA-4BB5-94A7-012DD08B8B42}" = Art Explosion Calendar Maker
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86EE8553-9170-9462-0B03-9C7789657851}" = IcouCOnnverTErr
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{93E5D4DF-E42D-4E26-9B27-BB6A3CA5AF0C}" = HP Deskjet 3510 series Basic Device Software
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}" = Driver Whiz
"{97C1C98D-6AE5-4C71-9B00-EBBD9E014450}" = HP Deskjet 3510 series Help
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7378875-1EF9-46BB-9316-BFB615CB45DA}" = AVG 2014
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA236AFD-B26E-4BC7-9A13-76BD5F9887AC}" = Muvic Smartbar
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.9)
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24}" = LPT System Updater Service
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet32
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5930634-77B2-46FF-B5B1-EFD86D41E2E9}" = HP Deskjet 3510 series Product Improvement Study
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE 10.3
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"AVG" = AVG 2014
"de5613c9-9602-49e5-8be7-cab686879505" = Re-Markable
"Dell Support Center" = Dell Support Center
"Dell Webcam Central" = Dell Webcam Central
"DMUninstaller" = DMUninstaller
"dnsshield" = Social Privacy DNS
"DW WLAN Card Utility" = DW WLAN Card Utility
"ENTERPRISER" = Microsoft Office Enterprise 2007
"fst_us_7_is1" = fst_us_7
"Google Chrome" = Google Chrome
"Hide My MAC Address_is1" = Hide My MAC Address 2.2
"HP Photo Creations" = HP Photo Creations
"InternetHelper1.5 Toolbar" = InternetHelper1.5 Toolbar
"Level Quality Watcher" = Level Quality Watcher
"MediaPlayerEnhance" = MediaPlayerEnhance
"Mihov Image Resizer" = Mihov Image Resizer 1.2 (remove only)
"Network Play System (Patching)" = Network Play System (Patching)
"Optimizer Elite Max_is1" = Optimizer Elite Max
"Optimizer Pro_is1" = Optimizer Pro v3.2
"PCFriendly" = PCFriendly
"SearchProtect" = Search Protect
"Sendori" = Sendori
"[email protected]" = Social Privacy
"SynTPDeinstKey" = Dell Touchpad
"The Sims" = The Sims
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{cc0b6c89-648c-41d5-b5de-0fd3ef7261cd}" = Muvic Smartbar Engine
"Arcadesafari" = Arcadesafari
"DesktopWeatherAlerts" = DesktopWeatherAlerts
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/7/2014 12:00:03 PM | Computer Name = Dawn-PC | Source = PC-Doctor | ID = 1
Description = (32220) Asapi: (10:00:02:9510)(32220) libAsapi.DynamicLoadedPlugin
- Error -- 64 Unable to load library 'S3LogPusher.dll'

Error - 3/7/2014 12:00:03 PM | Computer Name = Dawn-PC | Source = PC-Doctor | ID = 1
Description = (32220) Asapi: (10:00:03:0500)(32220) Asapi.State - Error -- 123 Plugin
S3LogPusher.dll failed to load.

Error - 3/7/2014 12:10:03 PM | Computer Name = Dawn-PC | Source = PC-Doctor | ID = 1
Description = (37284) Asapi: (10:10:03:2750)(37284) libAsapi.DynamicLoadedPlugin
- Error -- 64 Unable to load library 'S3LogPusher.dll'

Error - 3/7/2014 12:10:03 PM | Computer Name = Dawn-PC | Source = PC-Doctor | ID = 1
Description = (37284) Asapi: (10:10:03:3490)(37284) Asapi.State - Error -- 123 Plugin
S3LogPusher.dll failed to load.

Error - 3/7/2014 12:20:04 PM | Computer Name = Dawn-PC | Source = PC-Doctor | ID = 1
Description = (38904) Asapi: (10:20:04:2050)(38904) libAsapi.DynamicLoadedPlugin
- Error -- 64 Unable to load library 'S3LogPusher.dll'

Error - 3/7/2014 12:20:04 PM | Computer Name = Dawn-PC | Source = PC-Doctor | ID = 1
Description = (38904) Asapi: (10:20:04:3420)(38904) Asapi.State - Error -- 123 Plugin
S3LogPusher.dll failed to load.

Error - 3/7/2014 12:30:05 PM | Computer Name = Dawn-PC | Source = PC-Doctor | ID = 1
Description = (37052) Asapi: (10:30:05:0550)(37052) libAsapi.DynamicLoadedPlugin
- Error -- 64 Unable to load library 'S3LogPusher.dll'

Error - 3/7/2014 12:30:05 PM | Computer Name = Dawn-PC | Source = PC-Doctor | ID = 1
Description = (37052) Asapi: (10:30:05:1360)(37052) Asapi.State - Error -- 123 Plugin
S3LogPusher.dll failed to load.

Error - 3/7/2014 12:40:10 PM | Computer Name = Dawn-PC | Source = PC-Doctor | ID = 1
Description = (39536) Asapi: (10:40:10:4330)(39536) libAsapi.DynamicLoadedPlugin
- Error -- 64 Unable to load library 'S3LogPusher.dll'

Error - 3/7/2014 12:40:10 PM | Computer Name = Dawn-PC | Source = PC-Doctor | ID = 1
Description = (39536) Asapi: (10:40:10:5510)(39536) Asapi.State - Error -- 123 Plugin
S3LogPusher.dll failed to load.

[ Broadcom Wireless LAN Events ]
Error - 2/5/2014 11:48:46 AM | Computer Name = Dawn-PC | Source = WLAN-Tray | ID = 0
Description = 09:48:46, Wed, Feb 05, 14 Error - Unable to gain access to user store


Error - 2/9/2014 1:43:27 PM | Computer Name = Dawn-PC | Source = WLAN-Tray | ID = 0
Description = 11:43:27, Sun, Feb 09, 14 Error - Unable to gain access to user store


Error - 2/12/2014 7:59:52 AM | Computer Name = Dawn-PC | Source = WLAN-Tray | ID = 0
Description = 05:59:52, Wed, Feb 12, 14 Error - Unable to gain access to user store


Error - 3/4/2014 8:58:48 AM | Computer Name = Dawn-PC | Source = WLAN-Tray | ID = 0
Description = 06:58:48, Tue, Mar 04, 14 Error - Unable to gain access to user store


Error - 3/5/2014 1:12:34 PM | Computer Name = Dawn-PC | Source = WLAN-Tray | ID = 0
Description = 11:12:34, Wed, Mar 05, 14 Error - Unable to gain access to user store


[ Media Center Events ]
Error - 1/21/2014 8:22:10 AM | Computer Name = Dawn-PC | Source = MCUpdate | ID = 0
Description = 6:22:10 AM - Error connecting to the internet. 6:22:10 AM - Unable
to contact server..

Error - 1/21/2014 8:22:42 AM | Computer Name = Dawn-PC | Source = MCUpdate | ID = 0
Description = 6:22:39 AM - Error connecting to the internet. 6:22:39 AM - Unable
to contact server..

Error - 1/21/2014 9:30:38 AM | Computer Name = Dawn-PC | Source = MCUpdate | ID = 0
Description = 7:30:38 AM - Error connecting to the internet. 7:30:38 AM - Unable
to contact server..

Error - 1/21/2014 9:31:09 AM | Computer Name = Dawn-PC | Source = MCUpdate | ID = 0
Description = 7:31:07 AM - Error connecting to the internet. 7:31:07 AM - Unable
to contact server..

Error - 1/21/2014 10:34:52 AM | Computer Name = Dawn-PC | Source = MCUpdate | ID = 0
Description = 8:34:52 AM - Error connecting to the internet. 8:34:52 AM - Unable
to contact server..

Error - 1/21/2014 10:35:24 AM | Computer Name = Dawn-PC | Source = MCUpdate | ID = 0
Description = 8:35:21 AM - Error connecting to the internet. 8:35:21 AM - Unable
to contact server..

Error - 2/17/2014 5:43:24 AM | Computer Name = Dawn-PC | Source = MCUpdate | ID = 0
Description = 3:43:09 AM - Error connecting to the internet. 3:43:09 AM - Unable
to contact server..

Error - 2/17/2014 6:47:06 AM | Computer Name = Dawn-PC | Source = MCUpdate | ID = 0
Description = 4:47:04 AM - Error connecting to the internet. 4:47:04 AM - Unable
to contact server..

Error - 2/17/2014 7:47:46 AM | Computer Name = Dawn-PC | Source = MCUpdate | ID = 0
Description = 5:47:46 AM - Error connecting to the internet. 5:47:46 AM - Unable
to contact server..

Error - 2/17/2014 7:48:18 AM | Computer Name = Dawn-PC | Source = MCUpdate | ID = 0
Description = 5:48:16 AM - Error connecting to the internet. 5:48:16 AM - Unable
to contact server..

[ SendoriLogs Events ]
Error - 2/17/2014 7:40:09 AM | Computer Name = Dawn-PC | Source = SendoriLog | ID = 99
Description = On EnableObject reference not set to an instance of an object.

Error - 2/17/2014 7:45:09 AM | Computer Name = Dawn-PC | Source = SendoriLog | ID = 99
Description = On EnableObject reference not set to an instance of an object.

Error - 2/17/2014 7:50:09 AM | Computer Name = Dawn-PC | Source = SendoriLog | ID = 99
Description = On EnableObject reference not set to an instance of an object.

Error - 2/17/2014 7:55:09 AM | Computer Name = Dawn-PC | Source = SendoriLog | ID = 99
Description = On EnableObject reference not set to an instance of an object.

Error - 2/17/2014 8:00:09 AM | Computer Name = Dawn-PC | Source = SendoriLog | ID = 99
Description = On EnableObject reference not set to an instance of an object.

Error - 2/17/2014 8:05:09 AM | Computer Name = Dawn-PC | Source = SendoriLog | ID = 99
Description = On EnableObject reference not set to an instance of an object.

Error - 2/17/2014 8:10:09 AM | Computer Name = Dawn-PC | Source = SendoriLog | ID = 99
Description = On EnableObject reference not set to an instance of an object.

Error - 2/17/2014 8:15:09 AM | Computer Name = Dawn-PC | Source = SendoriLog | ID = 99
Description = On EnableObject reference not set to an instance of an object.

Error - 2/17/2014 8:20:09 AM | Computer Name = Dawn-PC | Source = SendoriLog | ID = 99
Description = On EnableObject reference not set to an instance of an object.

Error - 3/2/2014 1:04:08 AM | Computer Name = Dawn-PC | Source = SendoriLog | ID = 99
Description = On EnableObject reference not set to an instance of an object.

[ System Events ]
Error - 3/7/2014 9:51:55 AM | Computer Name = Dawn-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ehRecvr service.

Error - 3/7/2014 9:52:25 AM | Computer Name = Dawn-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ehRecvr service.

Error - 3/7/2014 10:08:44 AM | Computer Name = Dawn-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ehRecvr service.

Error - 3/7/2014 10:09:14 AM | Computer Name = Dawn-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ehRecvr service.

Error - 3/7/2014 10:25:29 AM | Computer Name = Dawn-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ehRecvr service.

Error - 3/7/2014 10:25:59 AM | Computer Name = Dawn-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ehRecvr service.

Error - 3/7/2014 10:29:21 AM | Computer Name = Dawn-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 8:27:55 AM on ?3/?7/?2014 was unexpected.

Error - 3/7/2014 10:29:51 AM | Computer Name = Dawn-PC | Source = Microsoft Antimalware | ID = 5101
Description = %%860 grace period has expired. Protection against viruses, spyware,
and other potentially unwanted software is disabled. Expiration Reason: %%873 Expiration
Date (UTC): ?3/?7/?2014 2:29:51 PM Error Code: 0x80092003 Error Description: An error
occurred while reading or writing to a file.

Error - 3/7/2014 10:30:51 AM | Computer Name = Dawn-PC | Source = Service Control Manager | ID = 7023
Description = The Microsoft Antimalware Service service terminated with the following
error: %%-2147017840

Error - 3/7/2014 10:48:37 AM | Computer Name = Dawn-PC | Source = bowser | ID = 8003
Description =


< End of report >
ox to load the editor
  • 0

#4
godawgs
Posted 07 March 2014 - 11:09 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi there.

There is a boat load to do here. We are gonna uninstall some malicious programs, kill the things the the OTL scan shows and remove a Chrome extension. Then get some additional scans.
But first we need to address the antivirus programs installed on the computer. The OTL log shows that you have the AVG and Microsoft Security Essentials antivirus programs installed on the computer.

Multiple Antivirus Programs Installed

I see that you have more than one antivirus programs installed and running. You should only have one antivirus program installed and running. Antivirus programs run in the background providing continuous protection of your system. It's called Real-Time Protection, or scanning, and it uses system resources as it runs. Two or more antivirus programs running at the same time will use 2 or 3 times the amount of system resources, or more. Because each program wants control of the system, there will be conflicts caused, including false positives. The end result is actually LESS antivirus protection.

In your next reply I want you to tell me which AV program you want to keep and I will help you uninstall the other one.


The log shows evidence of the following Peer-to-Peer program(s) on the system:

Frostwire

GeeksToGo does not recommend using such programs, but you should read the description of Peer-to-Peer programs below before deciding for yourself.

Description of Peer-to-Peer (P2P) software.
P2P(Peer-to-Peer) may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. The program(s) may be safe, but there's no way to tell if the file being shared is infected. P2P programs, more often than not, install adware and/or spyware and worse still, some worms spread via P2P networks, infecting you as well.
Once upon a time, P2P file sharing was fairly safe. This is no longer true. P2P programs form a direct conduit inside your computer, their security measures are easily circumvented, and malware writers are increasingly exploiting them to spread their wares on to your computer. If your P2P program is not configured correctly, your computer may also be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

If you need convincing, please read these short reports on the dangers of peer-2-peer programs and file sharing. We advise removing any P2P programs you have now and avoiding this type of software application. Whether you remove them or not is your decision. But if you decide to keep and use Peer-to-Peer programs I can guarantee that you will be coming back to this forum or another malware forum. If you do choose to keep the program(s), please do not use it / them until the computer is clean and I give the all clear.


Step-1.

Malicious program uninstalls

1. Please click the Start Orb Posted Image, click Control Panel. Under the Programs or Programs and Features heading click Uninstall a program
2. In the list of programs installed, locate the following program(s):

Web Assistant 2.0.0.469
Re-Markable
DMUninstaller
Social Privacy DNS
fst_us_7
InternetHelper1.5 Toolbar
MediaPlayerEnhance
Optimizer Elite Max
Optimizer Pro v3.2
PCFriendly
Search Protect
Social Privacy
Muvic Smartbar Engine
Arcadesafari

3. Right click each program and click Uninstall
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.


Step-2.

Posted Image OTL Fix

Please close all open windows and browsers

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:OTL
PRC - [2014/03/05 12:41:31 | 000,193,536 | ---- | M] () -- C:\Program Files\Re-Markable-soft\Re-Markable155.exe
PRC - [2014/02/28 10:19:48 | 003,234,256 | ---- | M] () -- C:\Users\Dawn\AppData\Local\fst_us_7\upfst_us_7.exe
PRC - [2012/07/12 10:48:46 | 000,185,856 | ---- | M] () -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
MOD - [2014/02/28 10:19:48 | 003,234,256 | ---- | M] () -- C:\Users\Dawn\AppData\Local\fst_us_7\upfst_us_7.exe
SRV - [2014/03/05 12:41:31 | 000,193,536 | ---- | M] () [Auto | Running] -- C:\Program Files\Re-Markable-soft\Re-Markable155.exe -- (Re-Markable)
SRV - [2012/07/12 10:48:46 | 000,185,856 | ---- | M] () [Auto | Running] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
IE - HKLM\..\URLSearchHook: {1930e38a-deef-4cf4-9bfb-9c4ea3689a9d} - C:\Program Files\InternetHelper1.5\prxtbInte.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.helperba...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.helperba...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.helperba...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.helperba...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.helperba...q={searchTerms}
IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.helperba...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:13828
FF - prefs.js..extensions.enabledAddons: {336D0C35-8A85-403a-B9D2-65C292C39087}:2.0.0.469
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Social Privacy\FF\ [2014/01/06 00:01:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{849d5217-0f07-4490-af96-0ce0b116db63}: C:\Program Files\Re-Markable-soft\155.xpi [2014/03/05 12:41:32 | 000,011,416 | ---- | M] ()
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Dawn\AppData\Local\Arcadesafari\[email protected] [2014/03/05 13:08:59 | 000,000,000 | ---D | M]
[2012/09/30 13:12:46 | 000,000,000 | ---D | M] (InternetHelper1.5) -- C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}
[2012/09/30 13:13:57 | 000,000,000 | ---D | M] (ShopToWin20) -- C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{a018b213-6b46-4791-9298-519020db5737}
[2014/02/11 16:44:49 | 000,000,000 | ---D | M] ("MediaPlayerEnhance") -- C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com
[2013/12/18 21:29:16 | 000,000,000 | ---D | M] (ScorpionSaver) -- C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\ScorpionSaver@jetpack
[2014/02/13 21:03:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\staged
[2014/02/11 16:44:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData
[2014/02/11 16:44:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins
[2014/02/11 16:44:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\userCode
[2012/05/09 05:24:56 | 000,002,064 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bingober893121.xml
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (InternetHelper1.5 Toolbar) - {1930e38a-deef-4cf4-9bfb-9c4ea3689a9d} - C:\Program Files\InternetHelper1.5\prxtbInte.dll (Conduit Ltd.)
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll ()
O2 - BHO: (Social Privacy) - {91FBEA5C-E3C7-42EA-8C2B-B168189AB5BE} - C:\Program Files\Social Privacy\sp.dll ()
O3 - HKLM\..\Toolbar: (InternetHelper1.5 Toolbar) - {1930e38a-deef-4cf4-9bfb-9c4ea3689a9d} - C:\Program Files\InternetHelper1.5\prxtbInte.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {064B7C36-A156-4233-8D06-921F8A60FB6A} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (InternetHelper1.5 Toolbar) - {1930E38A-DEEF-4CF4-9BFB-9C4EA3689A9D} - C:\Program Files\InternetHelper1.5\prxtbInte.dll (Conduit Ltd.)
O4 - HKLM..\Run: [dnsshield] C:\Program Files\Social Privacy DNS\dnswatch.exe ()
O4 - HKLM..\Run: [fst_us_7] "C:\Program Files\fst_us_7\fst_us_7.exe" File not found
O4 - HKCU..\Run: [BackgroundContainer] C:\Users\Dawn\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll (Conduit Ltd.)
O4 - HKLM..\RunOnce: [upfst_us_7.exe] C:\Users\Dawn\AppData\Local\fst_us_7\upfst_us_7.exe ()
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O20 - AppInit_DLLs: (C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) - File not found
O20 - AppInit_DLLs: (c:\progra~1\optimi~1\optpro~1.dll) - File not found
O33 - MountPoints2\{3bec90c3-92f6-11e3-8e54-c0cb38bf53b8}\Shell - "" = AutoRun
O33 - MountPoints2\{3bec90c3-92f6-11e3-8e54-c0cb38bf53b8}\Shell\AutoRun\command - "" = E:\menu.exe
[2014/03/05 12:41:57 | 000,000,000 | ---D | C] -- C:\Users\Dawn\AppData\Local\fst_us_7
[2014/03/05 12:41:57 | 000,000,000 | ---D | C] -- C:\Program Files\fst_us_7
[2014/03/05 12:41:55 | 000,000,000 | ---D | C] -- C:\Users\Dawn\AppData\Local\Smartbar
[2014/03/05 12:41:32 | 000,000,000 | ---D | C] -- C:\Program Files\Re-Markable-soft
[2014/02/11 16:44:37 | 000,000,000 | ---D | C] -- C:\Program Files\MediaPlayerEnhance
[2014/02/11 16:41:43 | 000,000,000 | ---D | C] -- C:\Users\Dawn\AppData\Roaming\ValueApps
[2014/03/07 09:40:43 | 000,000,458 | ---- | M] () -- C:\Windows\tasks\Arcadesafari.job
[2014/03/05 12:42:21 | 000,000,286 | ---- | M] () -- C:\Windows\tasks\PCHelpers1st.job
[2014/03/05 12:42:18 | 000,000,286 | ---- | M] () -- C:\Windows\tasks\PCHelpers_period.job
[2014/03/05 12:41:32 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\Re-Markable_wd.job
[2014/03/05 12:41:32 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\Re-Markable Update.job
[2014/02/11 16:45:06 | 000,001,580 | ---- | M] () -- C:\Windows\tasks\MediaPlayerEnhance-updater.job
[2014/02/11 16:45:03 | 000,001,434 | ---- | M] () -- C:\Windows\tasks\MediaPlayerEnhance-enabler.job
[2014/02/11 16:44:58 | 000,001,536 | ---- | M] () -- C:\Windows\tasks\MediaPlayerEnhance-codedownloader.job
[2014/02/11 16:44:46 | 000,002,368 | ---- | M] () -- C:\Windows\tasks\MediaPlayerEnhance-firefoxinstaller.job
[2014/02/11 16:44:43 | 000,002,406 | ---- | M] () -- C:\Windows\tasks\MediaPlayerEnhance-validator.job
[2012/07/12 14:28:22 | 000,000,000 | ---D | M] -- C:\Users\Dawn\AppData\Roaming\OpenCandy
[2014/02/11 16:41:43 | 000,000,000 | ---D | M] -- C:\Users\Dawn\AppData\Roaming\ValueApps

:REG
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{32056994-0F76-4171-9E0D-B171BF8C08EB}" = -
"{359A5C30-ABDA-4261-8E0D-019A77C7B736}" = -
"{3A783A56-85AD-427A-A181-4D4F97B4230A}" = -
"{56A15B3A-EA7C-4C2B-BB61-7F5F1C5182E6}" = -
"{69E95160-AD4E-4567-B595-FF9C9F3C3D33}" = -
"{79432B49-F455-45D8-833C-B9E7BB04419C}" = -
"{92AACF50-3668-4B17-9A77-7C5EFBC32B2A}" = -
"{9A203537-1E60-41C4-8378-6A437C85C0AE}" = -
"{C98FD8B6-AF92-4CFE-AE74-5B3A2020130C}" = -
"{DAD6539A-1DEE-4E0C-84F2-6B6CECE198D8}" = -
"{E02D6347-7BAA-41D3-9E8E-4904E801A6FD}" = -
"{E37CA94E-8636-4F4F-9D87-4250292C5A05}" = -
"{E8C719F3-BACA-4BB4-9E34-A2CE2002260E}" = -
"TCP Query User{A9E3D01B-4CE2-4860-89A7-3DAA62328AEA}C:\program files\bearshare applications\bearshare\bearshare.exe" = -
"UDP Query User{A743FA5B-CAEB-4111-9600-6A43E6197AA2}C:\program files\bearshare applications\bearshare\bearshare.exe" = -

:FILES
ipconfig /flushdns /c
C:\Users\Dawn\AppData\Local\Arcadesafari
C:\Program Files\Re-Markable-soft
C:\Users\Dawn\AppData\Local\fst_us_7
C:\Program Files\Web Assistant
C:\Program FilesC:\Program Files\Social Privacy
C:\Users\Dawn\AppData\Local\Conduit
C:\PROGRA~1\SearchProtect
c:\progra~1\optimi~1
c:\program files\bearshare applications
netsh advfirewall reset /c
netsh advfirewall set allprofiles state off /c

:COMMANDS
[emptytemp]


Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop. To do that:
  • Vista and 7 users: Right click the icon and click Run as Administrator
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-3.

Delete Google Chrome extensions:

Open the Chrome browser:

  • Click the tools menu icon Posted Image on the browser toolbar.
  • Click Tools.
  • Select Extensions. A page like the one shown below will open:
    Posted Image
  • Look for any InternetHelper1.5 items. If there is a check mark in the box next to it/them, click the box to uncheck it/them. Then click the trash can icon next to the box.
  • A confirmation dialog will appear, click Remove.

Step-4.

AdwCleaner by Xplode

Download AdwCleaner. Click here and then click the Download Now @ BleepingComputer button. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.
  • Right click the AdwCleaner icon Posted Image on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.

    Posted Image
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above the progress bar you will see Pending. Please uncheck elements you don't want to remove. Do Not delete anything at this time.
  • Click the Report button to get the log.
  • Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
  • Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.
NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.


Step-5.

Posted Image OTL Custom Scan

1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image box in OTL. To do that:
  • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

createrestorepoint
netsvcs
baseservices
dir "C:\Program Files\*" /c
/md5start
rcss.dll
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
c:\program files (x86)\Google\Desktop
c:\program files\Google\Desktop
dir "%systemdrive%\*" /S /A:L /C


2. Re-open Posted Imageon the desktop. To do that:
  • Vista / 7 Users: Right click on the icon and click Run as Administrator)
Make sure all other windows are closed.
  • You will see a console like the one below:

    Posted Image
  • Click the box beside Scan All Users at the top of the console<---Very Important
  • Make sure the Output box at the top is set to Standard Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Place the mouse pointer inside thePosted Image box, right click and click Paste. This will put the above script inside OTL
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL (it should be on your desktop).
  • Please copy the contents of this file and paste it into your reply. To do that:
  • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.

Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. Let me know which AV program you want to keep.
2. Let me know what you decided about Frostwire
3. Let me know if you had any problems uninstalling the programs
4. The OTL fixes log
5. The AdwCleaner[R0].txt log
6. The new OTL.txt log
  • 1

#5
wisdom89
Posted 08 March 2014 - 03:46 PM

wisdom89

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I cannot get the internet helper 1.5 toolbar to uninstall on my computer help plz
  • 0

#6
godawgs
Posted 08 March 2014 - 05:03 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Are you getting any kind of message? Try booting into Safe Mode and see if it will uninstall. If it will that's good. If it doesn't it might be that the toolbar was bundled with another program that you installed. Just continue uninstalling the rest of the programs (you can continue in Safe Mode). If another program or toolbar won't uninstall just make a note of it and continue to the next one. Then reboot the computer and complete the rest of the steps. I have included the parts of the toolbars that show in the OTL scan in the OTL fix.
When you finish with all of the steps, post the logs I asked for and tell me which programs wouldn't uninstall.
  • 0

#7
wisdom89
Posted 08 March 2014 - 07:32 PM

wisdom89

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hello I am sorry I have never said hello.
I would like to keep the windows AV program. unless you know of a better free one. I would like to get rid of Frostwire like I said it all came on here. Internet Helper 1.5 Toolbar was not able to be removed in safe mode


All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Process Re-Markable155.exe killed successfully!
No active process named upfst_us_7.exe was found!
No active process named ExtensionUpdaterService.exe was found!
Service Re-Markable stopped successfully!
Service Re-Markable deleted successfully!
C:\Program Files\Re-Markable-soft\Re-Markable155.exe moved successfully.
Error: No service named Web Assistant Updater was found to stop!
Service\Driver key Web Assistant Updater not found.
File C:\Program Files\Web Assistant\ExtensionUpdaterService.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\ deleted successfully.
C:\Program Files\InternetHelper1.5\prxtbInte.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: {336D0C35-8A85-403a-B9D2-65C292C39087}:2.0.0.469 removed from extensions.enabledAddons
Registry value HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected] deleted successfully.
File C:\Program Files\Social Privacy\FF\ not found.
Registry value HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{849d5217-0f07-4490-af96-0ce0b116db63} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{849d5217-0f07-4490-af96-0ce0b116db63}\ not found.
File C:\Program Files\Re-Markable-soft\155.xpi [2014/03/05 12:41:32 | 000,011,416 | ---- | M] not found.
Registry value HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected] not found.
File C:\Users\Dawn\AppData\Local\Arcadesafari\[email protected] not found.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\Plugins folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\modules folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\META-INF folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\lib folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\defaults\preferences folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\defaults folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\skin folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\sl folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\lib folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\core folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\wa\WEATHER\js folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\wa\WEATHER\css folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\wa\WEATHER folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\wa\TWITTER\resources folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\wa\TWITTER\js folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\wa\TWITTER\img folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\wa\TWITTER folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\wa\TESTER_POPUP\js folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\wa\TESTER_POPUP folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\wa\TESTER_EMBEDDED\js folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\wa\TESTER_EMBEDDED folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\wa\TESTER_BCAPI\js folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\wa\TESTER_BCAPI\autoTest\spec folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\wa\TESTER_BCAPI\autoTest\lib\jasmine-1.1.0 folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\wa\TESTER_BCAPI\autoTest\lib folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\wa\TESTER_BCAPI\autoTest folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\wa\TESTER_BCAPI folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\wa\SEARCH_IN_NEW_TAB folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\wa\SEARCH\view\style\rsx folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\wa\SEARCH\view\style folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\wa\SEARCH\view\script folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\wa\SEARCH\view folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\wa\SEARCH\resources folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\wa\SEARCH\js folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\wa\SEARCH\Css folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\wa\SEARCH\buildSettings folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\wa\SEARCH folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\wa\RADIO_PLAYER\js\resources folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\wa\RADIO_PLAYER\js folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\wa\RADIO_PLAYER\css\custom-theme folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\wa\RADIO_PLAYER\css folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\wa\RADIO_PLAYER folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\wa\PRICE_GONG\menu_dlg folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\wa\PRICE_GONG\images folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\wa\PRICE_GONG\css\custom-theme folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\wa\PRICE_GONG\css folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\wa\PRICE_GONG\agreement folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\wa\PRICE_GONG folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\wa\Optimizer\js folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\wa\Optimizer folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\wa\NOTIFICATION\js folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\wa\NOTIFICATION\images\light folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\wa\NOTIFICATION\images\dark folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\wa\NOTIFICATION\images folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\wa\NOTIFICATION\css folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\wa\NOTIFICATION folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\wa\MULTI_RSS\js\resources folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\wa\MULTI_RSS\js folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\wa\MULTI_RSS\img folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\wa\MULTI_RSS\css folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\wa\MULTI_RSS folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\wa\HIGHLIGHTER\js folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\wa\HIGHLIGHTER\css folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\wa\HIGHLIGHTER folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\wa\EMAIL_NOTIFIER\js\plugins folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\wa\EMAIL_NOTIFIER\js folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\wa\EMAIL_NOTIFIER\css folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\wa\EMAIL_NOTIFIER folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\wa\APPLICATION_BUTTON\resources folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\wa\APPLICATION_BUTTON\Js folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\wa\APPLICATION_BUTTON folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\wa\404 folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\wa folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\ui\menu\js folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\ui\menu\img folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\ui\menu\css folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\ui\menu folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\ui\gf\img folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\ui\gf\css folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\ui\gf folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\ui\gadgetFrame folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\ui\dlg\ftd\images folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\ui\dlg\ftd folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\ui\dlg folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\ui folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\searchProtector\searchProtectorSettingsDialog\images folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\searchProtector\searchProtectorSettingsDialog folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\searchProtector\SearchProtectorBubbleDialog\images folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\searchProtector\SearchProtectorBubbleDialog folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\searchProtector\js folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\searchProtector folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\options\js\resources folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\options\js folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\options\images folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\options\css folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\options folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\myStuffDialogs folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\features\js\resources folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\features\js folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\features folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\api folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\ac\res folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\ac\img folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\ac\css folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\ac folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\aboutBox\js folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\aboutBox\images folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al\aboutBox folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb\al folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content\tb folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201\content folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome\CT3247201 folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\chrome folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d} folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{a018b213-6b46-4791-9298-519020db5737}\chrome\skin folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{a018b213-6b46-4791-9298-519020db5737}\chrome\content\locale folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{a018b213-6b46-4791-9298-519020db5737}\chrome\content folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{a018b213-6b46-4791-9298-519020db5737}\chrome folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{a018b213-6b46-4791-9298-519020db5737} folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\skin folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\locale\en-US folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\locale folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\userCode folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\defaults\preferences folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\defaults folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\api folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\ScorpionSaver@jetpack\resources\ScorpionSaver\tests folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\ScorpionSaver@jetpack\resources\ScorpionSaver\lib folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\ScorpionSaver@jetpack\resources\ScorpionSaver\data folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\ScorpionSaver@jetpack\resources\ScorpionSaver folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\windows folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\window folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\utils folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\traits folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\tabs folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\system folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\private-browsing folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\l10n folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\events folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\event folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\dom folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\content folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\addon folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\ScorpionSaver@jetpack\resources\api-utils\data folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\ScorpionSaver@jetpack\resources\api-utils folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\ScorpionSaver@jetpack\resources\addon-kit\lib folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\ScorpionSaver@jetpack\resources\addon-kit\data folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\ScorpionSaver@jetpack\resources\addon-kit folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\ScorpionSaver@jetpack\resources folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\ScorpionSaver@jetpack\locale folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\ScorpionSaver@jetpack\defaults\preferences folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\ScorpionSaver@jetpack\defaults folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\ScorpionSaver@jetpack folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\staged\[email protected]\content folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\staged\[email protected] folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\staged\[email protected]\content folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\staged\[email protected] folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\staged\[email protected]\content folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\staged\[email protected] folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\staged\[email protected]\content folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\staged\[email protected] folder moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\staged folder moved successfully.
Folder C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\ not found.
Folder C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\ not found.
Folder C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\userCode\ not found.
C:\Program Files\Mozilla Firefox\searchplugins\bingober893121.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\ not found.
File C:\Program Files\InternetHelper1.5\prxtbInte.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}\ not found.
File C:\Program Files\Web Assistant\Extension32.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{91FBEA5C-E3C7-42EA-8C2B-B168189AB5BE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91FBEA5C-E3C7-42EA-8C2B-B168189AB5BE}\ not found.
File C:\Program Files\Social Privacy\sp.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\ not found.
File C:\Program Files\InternetHelper1.5\prxtbInte.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{064B7C36-A156-4233-8D06-921F8A60FB6A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{064B7C36-A156-4233-8D06-921F8A60FB6A}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1930E38A-DEEF-4CF4-9BFB-9C4EA3689A9D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1930E38A-DEEF-4CF4-9BFB-9C4EA3689A9D}\ not found.
File C:\Program Files\InternetHelper1.5\prxtbInte.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\dnsshield not found.
File C:\Program Files\Social Privacy DNS\dnswatch.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\fst_us_7 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\BackgroundContainer deleted successfully.
C:\Users\Dawn\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\upfst_us_7.exe not found.
File C:\Users\Dawn\AppData\Local\fst_us_7\upfst_us_7.exe not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~1\optimi~1\optpro~1.dll deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3bec90c3-92f6-11e3-8e54-c0cb38bf53b8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3bec90c3-92f6-11e3-8e54-c0cb38bf53b8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3bec90c3-92f6-11e3-8e54-c0cb38bf53b8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3bec90c3-92f6-11e3-8e54-c0cb38bf53b8}\ not found.
File E:\menu.exe not found.
Folder C:\Users\Dawn\AppData\Local\fst_us_7\ not found.
Folder C:\Program Files\fst_us_7\ not found.
Folder C:\Users\Dawn\AppData\Local\Smartbar\ not found.
C:\Program Files\Re-Markable-soft folder moved successfully.
C:\Program Files\MediaPlayerEnhance folder moved successfully.
C:\Users\Dawn\AppData\Roaming\ValueApps\CH folder moved successfully.
C:\Users\Dawn\AppData\Roaming\ValueApps folder moved successfully.
File C:\Windows\tasks\Arcadesafari.job not found.
C:\Windows\Tasks\PCHelpers1st.job moved successfully.
C:\Windows\Tasks\PCHelpers_period.job moved successfully.
C:\Windows\Tasks\Re-Markable_wd.job moved successfully.
C:\Windows\Tasks\Re-Markable Update.job moved successfully.
C:\Windows\Tasks\MediaPlayerEnhance-updater.job moved successfully.
C:\Windows\Tasks\MediaPlayerEnhance-enabler.job moved successfully.
C:\Windows\Tasks\MediaPlayerEnhance-codedownloader.job moved successfully.
C:\Windows\Tasks\MediaPlayerEnhance-firefoxinstaller.job moved successfully.
C:\Windows\Tasks\MediaPlayerEnhance-validator.job moved successfully.
C:\Users\Dawn\AppData\Roaming\OpenCandy\DC5CBF94AEA047A3BF168A83D9468030 folder moved successfully.
C:\Users\Dawn\AppData\Roaming\OpenCandy folder moved successfully.
Folder C:\Users\Dawn\AppData\Roaming\ValueApps\ not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{32056994-0F76-4171-9E0D-B171BF8C08EB} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32056994-0F76-4171-9E0D-B171BF8C08EB}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{359A5C30-ABDA-4261-8E0D-019A77C7B736} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{359A5C30-ABDA-4261-8E0D-019A77C7B736}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3A783A56-85AD-427A-A181-4D4F97B4230A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3A783A56-85AD-427A-A181-4D4F97B4230A}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{56A15B3A-EA7C-4C2B-BB61-7F5F1C5182E6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56A15B3A-EA7C-4C2B-BB61-7F5F1C5182E6}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{69E95160-AD4E-4567-B595-FF9C9F3C3D33} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69E95160-AD4E-4567-B595-FF9C9F3C3D33}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{79432B49-F455-45D8-833C-B9E7BB04419C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79432B49-F455-45D8-833C-B9E7BB04419C}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{92AACF50-3668-4B17-9A77-7C5EFBC32B2A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92AACF50-3668-4B17-9A77-7C5EFBC32B2A}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9A203537-1E60-41C4-8378-6A437C85C0AE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9A203537-1E60-41C4-8378-6A437C85C0AE}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C98FD8B6-AF92-4CFE-AE74-5B3A2020130C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C98FD8B6-AF92-4CFE-AE74-5B3A2020130C}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DAD6539A-1DEE-4E0C-84F2-6B6CECE198D8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DAD6539A-1DEE-4E0C-84F2-6B6CECE198D8}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E02D6347-7BAA-41D3-9E8E-4904E801A6FD} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E02D6347-7BAA-41D3-9E8E-4904E801A6FD}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E37CA94E-8636-4F4F-9D87-4250292C5A05} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E37CA94E-8636-4F4F-9D87-4250292C5A05}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E8C719F3-BACA-4BB4-9E34-A2CE2002260E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E8C719F3-BACA-4BB4-9E34-A2CE2002260E}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{A9E3D01B-4CE2-4860-89A7-3DAA62328AEA}C:\program files\bearshare applications\bearshare\bearshare.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{A743FA5B-CAEB-4111-9600-6A43E6197AA2}C:\program files\bearshare applications\bearshare\bearshare.exe deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Dawn\Downloads\cmd.bat deleted successfully.
C:\Users\Dawn\Downloads\cmd.txt deleted successfully.
File\Folder C:\Users\Dawn\AppData\Local\Arcadesafari not found.
File\Folder C:\Program Files\Re-Markable-soft not found.
File\Folder C:\Users\Dawn\AppData\Local\fst_us_7 not found.
File\Folder C:\Program Files\Web Assistant not found.
File\Folder C:\Program FilesC:\Program Files\Social Privacy not found.
C:\Users\Dawn\AppData\Local\Conduit\CT3247201 folder moved successfully.
C:\Users\Dawn\AppData\Local\Conduit\BackgroundContainer folder moved successfully.
C:\Users\Dawn\AppData\Local\Conduit folder moved successfully.
File\Folder C:\PROGRA~1\SearchProtect not found.
File\Folder c:\progra~1\optimi~1 not found.
File\Folder c:\program files\bearshare applications not found.
< netsh advfirewall reset /c >
Ok.
C:\Users\Dawn\Downloads\cmd.bat deleted successfully.
C:\Users\Dawn\Downloads\cmd.txt deleted successfully.
< netsh advfirewall set allprofiles state off /c >
Ok.
C:\Users\Dawn\Downloads\cmd.bat deleted successfully.
C:\Users\Dawn\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Dawn
->Temp folder emptied: 723164023 bytes
->Temporary Internet Files folder emptied: 446174575 bytes
->Java cache emptied: 3465028 bytes
->FireFox cache emptied: 174685071 bytes
->Google Chrome cache emptied: 378257842 bytes
->Apple Safari cache emptied: 11897856 bytes
->Flash cache emptied: 933 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 685515 bytes
->Temporary Internet Files folder emptied: 605708 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 6836009 bytes

User: kaycie
->Temp folder emptied: 273184436 bytes
->Temporary Internet Files folder emptied: 3551107563 bytes
->Java cache emptied: 1393056 bytes
->FireFox cache emptied: 586502789 bytes
->Flash cache emptied: 186101 bytes

User: Mr Morgan
->Temp folder emptied: 8543681 bytes
->Temporary Internet Files folder emptied: 314783284 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 87561056 bytes
->Flash cache emptied: 84709 bytes

User: Public

User: Rodney
->Temp folder emptied: 9279473 bytes
->Temporary Internet Files folder emptied: 711022 bytes
->Google Chrome cache emptied: 336729463 bytes
->Flash cache emptied: 56502 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 403553839 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 1318767143 bytes

Total Files Cleaned = 8,238.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 03082014_160538

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\sndappv2.log scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

# AdwCleaner v3.020 - Report created 08/03/2014 at 18:01:10
# Updated 27/02/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : Dawn - DAWN-PC
# Running from : C:\Users\Dawn\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : ca82e1a5

***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\searchplugins\Askcom.xml
File Found : C:\Windows\System32\Tasks\BackgroundContainer Startup Task
Folder Found : C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Found C:\Program Files\Conduit
Folder Found C:\Program Files\InternetHelper1.5
Folder Found C:\Program Files\Level Quality Watcher
Folder Found C:\Program Files\predm
Folder Found C:\Users\Dawn\AppData\Local\apn
Folder Found C:\Users\Dawn\AppData\Local\PackageAware
Folder Found C:\Users\Dawn\AppData\LocalLow\Conduit
Folder Found C:\Users\Dawn\AppData\LocalLow\InternetHelper1.5
Folder Found C:\Users\Dawn\AppData\LocalLow\searchquband
Folder Found C:\Users\kaycie\AppData\LocalLow\PriceGong
Folder Found C:\Users\Rodney\AppData\Local\SearchProtect

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\Freecause
Key Found : HKCU\Software\AppDataLow\Software\InternetHelper1.5
Key Found : HKCU\Software\AppDataLow\Software\Scorpion Saver
Key Found : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\FreeSoftToday
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\installedbrowserextensions
Key Found : HKCU\Software\InternetHelper1.5
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\SmartBar
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\TutoTag
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\Software\Bandoo
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9DC8FA51-B596-4F77-802C-5B295919C205}
Key Found : HKLM\SOFTWARE\Classes\AppID\AdpeakProxy.exe
Key Found : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE
Key Found : HKLM\SOFTWARE\Classes\BandooCore.BandooCore
Key Found : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1
Key Found : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr
Key Found : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1
Key Found : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr
Key Found : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1
Key Found : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr
Key Found : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422412250}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6CE321DA-DC11-45C6-A0FC-4E8A7D978ABC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{74137531-80F7-406F-9543-7D11385FA8C8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9B7B034B-944A-4261-B487-862F642F7615}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CF0A6C67-CFD0-40B0-A375-4B9893C2B339}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F62A4AF9-58B4-4FEC-89CC-D717A547D8E8}
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0044150.BHO
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0044150.BHO.1
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0044150.Sandbox
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0044150.Sandbox.1
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.bho
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Found : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455415550}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466416650}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6F43FA77-C18F-4D0C-9C7E-958876FE2061}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DF948646-8BF4-450E-A059-CF8A4E0FE2BE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E96B49B0-E11F-48FC-984A-EEC29A4F57E1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Key Found : HKLM\SOFTWARE\Classes\PCProxy.DataContainer
Key Found : HKLM\SOFTWARE\Classes\speedupmypc
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3063386
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3247201
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440444414450}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\InternetHelper1.5
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1EA0DF4A-F458-45F3-BA45-061995A29CB1}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{429E0C87-C956-45BE-B453-FDF0CB2A4CE0}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_safari_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_safari_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_teamspeak[1]_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_teamspeak[1]_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\BackgroundContainer Startup Task
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DD12ED2F-EFBB-41BD-A251-5215ABD36D89}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DD12ED2F-EFBB-41BD-A251-5215ABD36D89}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CF0A6C67-CFD0-40B0-A375-4B9893C2B339}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F9E44926-2497-46F3-8A25-928136AC079E}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InternetHelper1.5 Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PricePeep
Key Found : HKLM\Software\PIP
Key Found : HKLM\Software\Scorpion Saver
Key Found : HKLM\Software\SearchProtect
Key Found : HKLM\Software\Tutorials
Key Found : HKLM\Software\Uniblue
Key Found : HKLM\Software\Web Assistant
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16798

Setting Found : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldsFqghGWL_tj4X1cDclTWlWKQqIqm4F6MBE4RNcEtlTblIbQZXSKyivfciPPhJE2cigfiiRgxHtyJFo-DuvbdbgvX3SPIWFY0yjKXSfKOHxUrJIUlNz8rKXzD4kk1lcdql-lbwH4pAryvQ,,&q={searchTerms}
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldsFqghGWL_tj4X1cDclTWlWKQqIqm4F6MBE4RNcEtlTblIbQZXSKyivfciPPhJE2cigfiiRgxHtyJFo-DuvbdbgvX3SPIWFY0yjKXSfKOHxUrJIUlNz8rKXzD4kk1lcdql-lbwH4pAryug,,&q={searchTerms}

-\\ Mozilla Firefox v

[ File : C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\prefs.js ]

Line Found : user_pref("browser.search.defaultengine", "Ask.com");
Line Found : user_pref("browser.search.order.1", "Ask.com");
Line Found : user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");
Line Found : user_pref("extensions.asktb.abar-war-regex", "conduit\\.com");
Line Found : user_pref("extensions.asktb.abar-war-timeout", "4000");
Line Found : user_pref("extensions.asktb.apn_dbr", "cr_17.0.963.56");
Line Found : user_pref("extensions.asktb.autofill-competitor-query-enabled", true);
Line Found : user_pref("extensions.asktb.cbid", "FM");
Line Found : user_pref("extensions.asktb.config-updated", false);
Line Found : user_pref("extensions.asktb.cr-o", "14193cr");
Line Found : user_pref("extensions.asktb.crumb", "2012.02.25+11.28.14-toolbar014iad-US-Q2hpY2FnbyxJTCxVbml0ZWQgU3RhdGVz");
Line Found : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&l={l}&qsrc={qsrc}");
Line Found : user_pref("extensions.asktb.displaybehavior", "");
Line Found : user_pref("extensions.asktb.displaytext", "");
Line Found : user_pref("extensions.asktb.dtid", "TES002U2US");
Line Found : user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false);
Line Found : user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "USIL0225");
Line Found : user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "F");
Line Found : user_pref("extensions.asktb.ff-original-keyword-url", "");
Line Found : user_pref("extensions.asktb.fresh-install", false);
Line Found : user_pref("extensions.asktb.guid", "53c5d626-21b5-4469-a059-f036c24c2ca2");
Line Found : user_pref("extensions.asktb.hpr", "YES");
Line Found : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com\", \"www.facebook.com\", \"www.playsushi.com\", \"WWW.google.com\", \"hxxps://websearch.ask.com\", [...]
Line Found : user_pref("extensions.asktb.if", "first");
Line Found : user_pref("extensions.asktb.l", "dis");
Line Found : user_pref("extensions.asktb.last-config-req", "1348990420828");
Line Found : user_pref("extensions.asktb.last-search-timestamp", "1330490524866");
Line Found : user_pref("extensions.asktb.locale", "en_US");
Line Found : user_pref("extensions.asktb.location", "Chicago,IL,United States");
Line Found : user_pref("extensions.asktb.lstation", "");
Line Found : user_pref("extensions.asktb.new-tab-enabled", true);
Line Found : user_pref("extensions.asktb.news-native-on", true);
Line Found : user_pref("extensions.asktb.o", "14193");
Line Found : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Line Found : user_pref("extensions.asktb.pstate", "");
Line Found : user_pref("extensions.asktb.qsrc", "2871");
Line Found : user_pref("extensions.asktb.r", "2");
Line Found : user_pref("extensions.asktb.sa", "YES");
Line Found : user_pref("extensions.asktb.saguid", "75E09092-9B73-43C3-A9A7-05BA9FF9D409");
Line Found : user_pref("extensions.asktb.search-history-queries", "ww2||paul shipman in world war 2");
Line Found : user_pref("extensions.asktb.search-plugin-suggestions-url", "hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms}");
Line Found : user_pref("extensions.asktb.search-suggestions-enabled", true);
Line Found : user_pref("extensions.asktb.silent-upgrade", true);
Line Found : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
Line Found : user_pref("extensions.asktb.socialmini-first", true);
Line Found : user_pref("extensions.asktb.socialmini-interval", "1200000");
Line Found : user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
Line Found : user_pref("extensions.asktb.socialmini-max-items", "30");
Line Found : user_pref("extensions.asktb.socialmini-native-on", true);
Line Found : user_pref("extensions.asktb.socialmini-speed", "10000");
Line Found : user_pref("extensions.asktb.socialmini-transition-first-open", false);
Line Found : user_pref("extensions.asktb.themeid", "");
Line Found : user_pref("extensions.asktb.timeinstalled", "2/25/2012 1:29:00 PM");
Line Found : user_pref("extensions.asktb.to", "");
Line Found : user_pref("extensions.asktb.v", "3.15.4.100013");
Line Found : user_pref("extensions.asktb.version", "5.15.4.23821");
Line Found : user_pref("extensions.asktb.volume", "");
Line Found : user_pref("extensions.enabledAddons", "{635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.4.8.20120412011105,"",[email protected]:3.15.4.100013,{972ce4c6-7e08-4474-a285-3208198ce6fd}:6.0.2");
Line Found : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=FWV5&o=14193&locale=en_US&apn_uid=53c5d626-21b5-4469-a059-f036c24c2ca2&apn_ptnrs=FM&apn_sauid=75E09092-9B73-43C3-A9A7-05[...]
Line Found : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\":\"q\",\"search.sweetim.com\":\"q\",\"search.imesh.net\":\"q\",\"www.search-results.com\":\"q\",\"h[...]
Line Found : user_pref("CT3247201.autoDisableScopes", 0);

[ File : C:\Users\kaycie\AppData\Roaming\Mozilla\Firefox\Profiles\2we4w1m6.default\prefs.js ]

Line Found : user_pref("browser.search.defaultengine", "Ask.com");
Line Found : user_pref("browser.search.defaultenginename", "Ask.com");
Line Found : user_pref("browser.search.order.1", "Ask.com");
Line Found : user_pref("browser.search.selectedEngine", "Ask.com");
Line Found : user_pref("browser.startup.homepage", "hxxp://www.ask.com/?l=dis&o=14196");
Line Found : user_pref("extensions.asktb.ff-original-keyword-url", "");
Line Found : user_pref("extensions.gamesbar.msnus.config.partner_logo", "iVBORw0KGgoAAAANSUhEUgAAAF8AAAAYCAYAAACcESEhAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90[...]
Line Found : user_pref("extensions.gamesbar.msnus.homepage", "hxxp://www.ask.com/?l=dis&o=14196");

-\\ Google Chrome v32.0.1700.76

[ File : C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found : search_url
Found : search_url

[ File : C:\Users\Rodney\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found : urls_to_restore_on_startup
Found : homepage
Found : urls_to_restore_on_startup
Found : homepage
Found : urls_to_restore_on_startup
Found : urls_to_restore_on_startup
Found : urls_to_restore_on_startup
Found : urls_to_restore_on_startup
Found : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [20687 octets] - [08/03/2014 18:01:10]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [20748 octets] ##########



OTL logfile created on: 3/8/2014 6:09:26 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dawn\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16798)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 62.96% Memory free
5.73 Gb Paging File | 4.40 Gb Available in Paging File | 76.87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.55 Gb Total Space | 155.48 Gb Free Space | 69.55% Space Free | Partition Type: NTFS

Computer Name: DAWN-PC | User Name: Dawn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/03/07 09:56:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dawn\Desktop\OTL.exe
PRC - [2014/01/22 12:19:38 | 003,788,816 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgidsagent.exe
PRC - [2014/01/22 12:17:36 | 004,962,320 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgui.exe
PRC - [2013/12/18 12:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/12/06 08:56:38 | 000,223,112 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exe
PRC - [2013/12/05 12:48:12 | 000,680,976 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgemcx.exe
PRC - [2013/11/25 22:03:56 | 000,591,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgcsrvx.exe
PRC - [2013/11/25 22:00:24 | 000,892,944 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgnsx.exe
PRC - [2013/11/13 22:03:10 | 000,729,616 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgrsx.exe
PRC - [2013/11/13 09:37:44 | 000,166,072 | ---- | M] (Local Weather LLC) -- C:\Users\Dawn\AppData\Local\WeatherAlerts\WeatherAlerts.exe
PRC - [2013/10/07 13:50:28 | 000,120,096 | ---- | M] (Sendori, Inc.) -- C:\Program Files\Sendori\SendoriSvc.exe
PRC - [2013/10/07 13:50:28 | 000,083,232 | ---- | M] (Sendori, Inc.) -- C:\Program Files\Sendori\SendoriTray.exe
PRC - [2013/10/07 13:50:24 | 003,623,200 | ---- | M] (Sendori) -- C:\Program Files\Sendori\sndappv2.exe
PRC - [2013/10/07 13:50:24 | 000,022,304 | ---- | M] (sendori) -- C:\Program Files\Sendori\Sendori.Service.exe
PRC - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe
PRC - [2013/08/01 18:52:57 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/11/22 20:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011/04/27 13:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/07 01:16:55 | 005,249,024 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
PRC - [2011/01/07 01:16:55 | 000,040,960 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
PRC - [2011/01/07 01:16:53 | 004,539,392 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
PRC - [2010/10/01 09:48:18 | 000,727,664 | ---- | M] () -- C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe
PRC - [2010/08/19 18:06:56 | 000,487,562 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2010/04/07 06:35:04 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2010/04/07 06:35:04 | 000,229,458 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\stacsv.exe
PRC - [2010/01/15 10:26:52 | 003,873,648 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2009/11/04 15:45:46 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/11/04 15:45:44 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/10/20 09:11:58 | 002,364,704 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2009/10/20 09:11:58 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009/10/20 09:11:58 | 000,595,232 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009/07/13 19:14:28 | 000,646,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\osk.exe
PRC - [2009/03/03 04:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\AEstSrv.exe


========== Modules (No Company Name) ==========

MOD - [2014/02/13 03:41:14 | 011,922,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\4b1795df6372b251625f958595e08d3d\System.Web.ni.dll
MOD - [2014/02/13 03:40:46 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\59312674865dc2a19c27f9f460b1673b\System.Runtime.Remoting.ni.dll
MOD - [2014/02/13 03:39:03 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/02/13 03:38:35 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/02/13 03:37:24 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014/02/13 03:37:10 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\f96e07044730442ee1f3dd90db984e6a\System.Configuration.ni.dll
MOD - [2014/02/13 03:37:07 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/02/13 03:36:48 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2010/10/01 09:48:18 | 000,727,664 | ---- | M] () -- C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe
MOD - [2009/10/20 09:12:10 | 000,132,384 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll


========== Services (SafeList) ==========

SRV - [2014/03/06 19:18:25 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/01/22 12:19:38 | 003,788,816 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/12/18 12:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/10/07 13:50:28 | 000,120,096 | ---- | M] (Sendori, Inc.) [Auto | Running] -- C:\Program Files\Sendori\SendoriSvc.exe -- (Application Sendori)
SRV - [2013/10/07 13:50:24 | 003,623,200 | ---- | M] (Sendori) [Auto | Running] -- C:\Program Files\Sendori\sndappv2.exe -- (sndappv2)
SRV - [2013/10/07 13:50:24 | 000,022,304 | ---- | M] (sendori) [Auto | Running] -- C:\Program Files\Sendori\Sendori.Service.exe -- (Service Sendori)
SRV - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2013/05/26 22:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/04/27 13:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 13:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/01/27 03:00:24 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/01/07 01:16:55 | 000,040,960 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2010/04/07 06:35:04 | 000,229,458 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\stacsv.exe -- (STacSV)
SRV - [2009/11/04 15:45:46 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/11/04 15:45:44 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/10/20 09:11:58 | 000,595,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/07/13 19:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 19:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 19:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/03/03 04:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\AEstSrv.exe -- (AESTFilters)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lmimirr.sys -- (lmimirr)
DRV - [2014/01/19 21:46:54 | 000,022,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/11/25 21:56:22 | 000,210,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/11/25 21:56:22 | 000,149,272 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/11/25 21:49:18 | 000,120,600 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgdiskx.sys -- (Avgdiskx)
DRV - [2013/10/31 23:00:28 | 000,176,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/10/31 22:30:08 | 000,222,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/10/01 00:49:38 | 000,102,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/09/10 00:43:20 | 000,027,448 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013/08/01 16:08:52 | 000,193,848 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/04/27 13:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 11:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2011/01/07 01:16:53 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2010/11/20 06:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 06:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 06:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 04:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 03:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 03:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 03:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/09/29 10:38:00 | 000,043,888 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelern.sys -- (Acceler)
DRV - [2010/08/30 21:15:56 | 000,247,808 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2010/08/20 11:04:38 | 000,017,648 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\stdcfltn.sys -- (stdcfltn)
DRV - [2010/08/12 10:50:20 | 000,146,528 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2010/07/30 17:35:30 | 000,021,744 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Running] -- c:\Program Files\Dell Support Center\pcdsrvc.pkms -- (PCDSRVC{E9D79540-57D5953E-06020101}_0)
DRV - [2010/07/01 17:52:18 | 000,044,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2010/04/07 06:35:04 | 000,423,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2010/02/27 09:31:24 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2009/09/17 14:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2009/08/10 13:06:08 | 000,171,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/13 17:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/05/28 10:48:20 | 000,134,144 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CtAudDrv.sys -- (CtAudDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2121746328-1834018783-3590070646-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1
IE - HKU\S-1-5-21-2121746328-1834018783-3590070646-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-2121746328-1834018783-3590070646-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-2121746328-1834018783-3590070646-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\S-1-5-21-2121746328-1834018783-3590070646-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKU\S-1-5-21-2121746328-1834018783-3590070646-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\S-1-5-21-2121746328-1834018783-3590070646-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2121746328-1834018783-3590070646-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "bing"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "bing"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://start.msn.ipl...lay.com/?o=shp"
FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.4.8.20120412011105
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledAddons: [email protected]:3.15.4.100013
FF - prefs.js..keyword.URL: "http://websearch.ask...TES002U2US&&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_154.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Dawn\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2014/02/11 21:11:07 | 000,000,000 | ---D | M]

[2011/04/21 17:44:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dawn\AppData\Roaming\Mozilla\Extensions
[2014/03/08 16:07:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions
[2012/05/19 07:02:48 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/09/30 01:33:40 | 000,002,573 | ---- | M] () -- C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\searchplugins\askcom.xml
[2012/09/30 13:19:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/25 00:47:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/11/05 13:42:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/10/03 03:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - default_search_provider: Web (Enabled)
CHR - default_search_provider: search_url = http://feed.helperba...q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - Extension: IcouCOnnverTErr = C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdmnamhfocgihbcmmdailjknfehamddf\2.2_0\
CHR - Extension: Google Wallet = C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\

O1 HOSTS File: ([2009/06/10 15:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2121746328-1834018783-3590070646-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-2121746328-1834018783-3590070646-1000\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [CCE] C:\Users\Dawn\Downloads\cce_2.5.242177.201_x32\CCE\CCE.exe (COMODO)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [FreeFallProtection] C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4 - HKLM..\Run: [Logitech Download Assistant] C:\Windows\System32\LogiLDA.dll (Logitech, Inc.)
O4 - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [Sendori Tray] C:\Program Files\Sendori\SendoriTray.exe (Sendori, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\S-1-5-21-2121746328-1834018783-3590070646-1000..\Run: [GoogleChromeAutoLaunch_58B6F8ECAF76F56F8565A106D625FE62] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [osk.exe] C:\Windows\System32\osk.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [osk.exe] C:\Windows\System32\osk.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Dawn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Weather Alerts.lnk = C:\Users\Dawn\AppData\Local\WeatherAlerts\WeatherAlerts.exe (Local Weather LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2121746328-1834018783-3590070646-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2121746328-1834018783-3590070646-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2121746328-1834018783-3590070646-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\Sendori.dll (Sendori)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\Sendori.dll (Sendori)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\Sendori.dll (Sendori)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\Sendori.dll (Sendori)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\Sendori.dll (Sendori)
O13 - gopher Prefix: missing
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.2.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF8C5FCB-0DA7-4981-B335-7C705BBC33A9}: DhcpNameServer = 192.168.0.1 205.171.2.65
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E6040A3D-4211-49D4-A601-18EDF38ECC76}: DhcpNameServer = 192.168.0.1 205.171.2.25
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2014/03/08 18:00:05 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/03/08 16:05:38 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/03/08 11:02:56 | 000,000,000 | ---D | C] -- C:\Program Files\predm
[2014/03/07 15:11:32 | 000,000,000 | ---D | C] -- C:\Users\Dawn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RMPrepUSB
[2014/03/07 15:11:29 | 000,000,000 | ---D | C] -- C:\Program Files\RMPrepUSB
[2014/03/07 13:14:59 | 000,000,000 | ---D | C] -- C:\Users\Dawn\Documents\Bluetooth Exchange Folder
[2014/03/07 09:56:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dawn\Desktop\OTL.exe
[2014/03/07 03:13:08 | 000,000,000 | ---D | C] -- C:\CCE_Quarantine
[2014/03/06 19:18:09 | 017,917,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2014/03/05 19:12:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/03/05 19:08:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2014/03/05 19:08:32 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2014/03/05 19:07:42 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2014/03/05 19:07:42 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2014/03/05 19:07:42 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2014/03/05 19:07:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/03/05 12:57:44 | 000,000,000 | ---D | C] -- C:\Users\Dawn\AppData\Roaming\AVG2014
[2014/03/05 12:57:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2014/03/05 12:56:41 | 000,000,000 | -H-D | C] -- C:\$AVG
[2014/03/05 12:56:40 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014
[2014/03/05 12:54:58 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2014/03/05 12:43:43 | 000,000,000 | ---D | C] -- C:\Program Files\LPT
[2014/03/05 12:43:34 | 000,000,000 | ---D | C] -- C:\Users\Dawn\AppData\Local\Avg2014
[2014/03/05 11:24:40 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2014/03/05 11:23:57 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2014/03/05 11:23:57 | 001,987,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2014/03/05 10:17:35 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/03/05 10:07:42 | 000,000,000 | ---D | C] -- C:\Downloads
[2014/03/05 09:33:35 | 000,745,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2014/03/05 09:33:35 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2014/03/05 09:33:34 | 002,877,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014/03/05 09:33:34 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/03/05 09:33:34 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014/03/05 09:33:34 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2014/03/05 09:33:34 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2014/03/05 09:33:34 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2014/03/05 09:33:34 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014/03/05 09:33:34 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014/03/05 09:33:34 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2014/03/05 09:33:34 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2014/03/05 09:33:34 | 000,242,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2014/03/05 09:33:34 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2014/03/05 09:33:34 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2014/03/05 09:33:34 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2014/03/05 09:33:34 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2014/03/05 09:33:34 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2014/03/05 09:33:34 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2014/03/05 09:33:34 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014/03/05 09:33:34 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2014/03/05 09:33:34 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2014/03/05 09:33:34 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2014/03/05 09:33:34 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2014/03/05 09:33:34 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2014/03/05 09:33:34 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2014/03/05 09:33:34 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2014/03/05 09:33:34 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2014/03/05 09:33:34 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2014/03/05 09:33:34 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2014/03/05 09:33:34 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2014/03/05 09:33:34 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/03/05 09:33:34 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2014/03/05 09:33:34 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2014/03/05 09:33:34 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2014/03/05 09:33:34 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2014/03/05 09:31:30 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll
[2014/03/05 09:31:30 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2014/03/05 09:31:30 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2014/03/05 09:31:30 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2014/03/05 09:31:30 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2014/03/05 09:31:30 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2014/03/05 09:31:30 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2014/03/05 09:31:30 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2014/03/05 09:31:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
[2014/03/05 09:31:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2014/03/05 09:31:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
[2014/03/05 09:31:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2014/03/05 09:31:30 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2014/03/05 09:31:29 | 001,080,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2014/03/05 09:31:29 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2014/03/05 09:31:29 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2014/03/05 09:31:29 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2014/03/05 09:31:29 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2014/03/05 09:31:29 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2014/03/05 09:31:29 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2014/03/05 09:31:29 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2014/02/26 02:17:35 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014/02/13 21:03:09 | 000,000,000 | ---D | C] -- C:\ProgramData\deeaL4me
[2014/02/12 18:00:05 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2014/02/12 17:59:42 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2014/02/12 17:59:42 | 000,572,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2014/02/12 17:59:41 | 000,510,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2014/02/12 17:59:41 | 000,508,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2014/02/12 17:59:41 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2014/02/12 17:59:41 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2014/02/12 17:59:40 | 000,390,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2014/02/12 17:59:40 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2014/02/12 17:59:40 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2014/02/11 21:11:04 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2014/02/11 21:10:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Visan
[2014/02/11 21:10:57 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Photo Creations
[2014/02/11 21:10:57 | 000,000,000 | ---D | C] -- C:\Program Files\HP Photo Creations
[2014/02/11 21:10:03 | 000,000,000 | ---D | C] -- C:\Users\Dawn\AppData\Roaming\HpUpdate
[2014/02/11 21:09:40 | 000,563,048 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\HPDiscoPMAD11.dll
[2014/02/11 21:09:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2014/02/11 21:08:10 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2014/02/11 21:05:34 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2014/02/11 21:04:48 | 000,000,000 | ---D | C] -- C:\Users\Dawn\AppData\Local\HP
[2014/02/11 16:57:15 | 000,000,000 | ---D | C] -- C:\Users\Dawn\AppData\Roaming\TuneUp Software
[2014/02/11 16:44:53 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2014/02/11 16:44:52 | 000,000,000 | ---D | C] -- C:\Users\Dawn\AppData\Local\MFAData
[2014/02/11 16:44:52 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2014/02/11 16:39:42 | 000,000,000 | ---D | C] -- C:\Users\Dawn\AppData\Local\Local_Weather_LLC
[2014/02/11 16:39:31 | 000,000,000 | ---D | C] -- C:\Users\Dawn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts
[2014/02/11 16:38:53 | 000,000,000 | ---D | C] -- C:\Users\Dawn\AppData\Local\WeatherAlerts
[1 C:\Users\Dawn\AppData\Local\*.tmp files -> C:\Users\Dawn\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/03/08 18:20:06 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2014/03/08 18:16:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/03/08 17:59:52 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/08 17:59:52 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/08 17:57:05 | 000,664,750 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/03/08 17:57:05 | 000,123,486 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/03/08 17:53:27 | 000,001,936 | ---- | M] () -- C:\Users\Dawn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3510 series.lnk
[2014/03/08 17:52:46 | 000,000,374 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2014/03/08 17:52:05 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2014/03/08 17:51:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/08 17:51:14 | 2307,928,064 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/08 17:28:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/07 15:11:33 | 000,000,999 | ---- | M] () -- C:\Users\Dawn\Desktop\RMPrepUSB.lnk
[2014/03/07 09:56:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dawn\Desktop\OTL.exe
[2014/03/06 19:18:17 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/03/06 19:18:17 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/03/06 19:18:10 | 017,917,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2014/03/05 19:18:28 | 000,001,375 | ---- | M] () -- C:\Users\Dawn\Desktop\Continue Java Runtime Environment.lnk
[2014/03/05 19:07:07 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2014/03/05 19:07:06 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2014/03/05 19:07:06 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2014/03/05 19:07:06 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2014/03/05 12:57:13 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2014/03/05 12:37:35 | 000,000,000 | ---- | M] () -- C:\END
[2014/03/05 12:34:24 | 000,001,419 | ---- | M] () -- C:\Users\Dawn\Desktop\Internet Explorer.lnk
[2014/03/05 09:45:30 | 000,001,413 | ---- | M] () -- C:\Users\Dawn\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/03/05 09:33:35 | 000,745,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2014/03/05 09:33:35 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2014/03/05 09:33:34 | 002,877,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014/03/05 09:33:34 | 002,706,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/03/05 09:33:34 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014/03/05 09:33:34 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2014/03/05 09:33:34 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2014/03/05 09:33:34 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2014/03/05 09:33:34 | 000,493,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014/03/05 09:33:34 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014/03/05 09:33:34 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2014/03/05 09:33:34 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2014/03/05 09:33:34 | 000,242,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2014/03/05 09:33:34 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2014/03/05 09:33:34 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2014/03/05 09:33:34 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2014/03/05 09:33:34 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2014/03/05 09:33:34 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2014/03/05 09:33:34 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2014/03/05 09:33:34 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014/03/05 09:33:34 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2014/03/05 09:33:34 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2014/03/05 09:33:34 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2014/03/05 09:33:34 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2014/03/05 09:33:34 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2014/03/05 09:33:34 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2014/03/05 09:33:34 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2014/03/05 09:33:34 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2014/03/05 09:33:34 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2014/03/05 09:33:34 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2014/03/05 09:33:34 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2014/03/05 09:33:34 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/03/05 09:33:34 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2014/03/05 09:33:34 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2014/03/05 09:33:34 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2014/03/05 09:33:34 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2014/03/05 09:33:34 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2014/03/05 09:31:30 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll
[2014/03/05 09:31:30 | 001,247,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2014/03/05 09:31:30 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2014/03/05 09:31:30 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2014/03/05 09:31:30 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2014/03/05 09:31:30 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2014/03/05 09:31:30 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2014/03/05 09:31:30 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2014/03/05 09:31:30 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
[2014/03/05 09:31:30 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2014/03/05 09:31:30 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
[2014/03/05 09:31:30 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2014/03/05 09:31:30 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2014/03/05 09:31:29 | 001,080,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2014/03/05 09:31:29 | 000,604,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2014/03/05 09:31:29 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2014/03/05 09:31:29 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2014/03/05 09:31:29 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2014/03/05 09:31:29 | 000,207,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2014/03/05 09:31:29 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2014/03/05 09:31:29 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2014/02/13 07:00:00 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2014/02/11 21:10:58 | 000,001,955 | ---- | M] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk
[2014/02/11 21:09:39 | 000,002,214 | ---- | M] () -- C:\Users\Public\Desktop\HP Deskjet 3510 series.lnk
[2014/02/11 21:09:39 | 000,001,161 | ---- | M] () -- C:\Users\Public\Desktop\Shop for Supplies - HP Deskjet 3510 series.lnk
[2014/02/11 21:05:20 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[2014/02/11 16:39:32 | 000,001,148 | ---- | M] () -- C:\Users\Dawn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Weather Alerts.lnk
[1 C:\Users\Dawn\AppData\Local\*.tmp files -> C:\Users\Dawn\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/03/08 16:08:21 | 000,065,536 | ---- | C] () -- C:\Windows\System32\Ikeext.etl
[2014/03/07 15:11:33 | 000,000,999 | ---- | C] () -- C:\Users\Dawn\Desktop\RMPrepUSB.lnk
[2014/03/05 19:18:28 | 000,001,375 | ---- | C] () -- C:\Users\Dawn\Desktop\Continue Java Runtime Environment.lnk
[2014/03/05 12:57:13 | 000,000,937 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2014/03/05 12:34:24 | 000,001,419 | ---- | C] () -- C:\Users\Dawn\Desktop\Internet Explorer.lnk
[2014/03/05 09:45:30 | 000,001,419 | ---- | C] () -- C:\Users\Dawn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2014/03/05 09:45:30 | 000,001,413 | ---- | C] () -- C:\Users\Dawn\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/03/05 09:33:34 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2014/02/11 21:16:28 | 000,001,936 | ---- | C] () -- C:\Users\Dawn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3510 series.lnk
[2014/02/11 21:10:58 | 000,001,955 | ---- | C] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk
[2014/02/11 21:09:39 | 000,002,214 | ---- | C] () -- C:\Users\Public\Desktop\HP Deskjet 3510 series.lnk
[2014/02/11 21:09:39 | 000,001,161 | ---- | C] () -- C:\Users\Public\Desktop\Shop for Supplies - HP Deskjet 3510 series.lnk
[2014/02/11 21:05:20 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2014/02/11 16:39:32 | 000,001,148 | ---- | C] () -- C:\Users\Dawn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Weather Alerts.lnk
[2014/01/31 07:40:37 | 000,002,446 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/12/24 22:50:47 | 000,000,632 | RHS- | C] () -- C:\Users\Dawn\ntuser.pol
[2013/12/18 21:28:58 | 000,188,200 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/06/06 17:12:15 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/03/08 09:22:54 | 000,000,107 | ---- | C] () -- C:\Users\Dawn\webct_upload_applet.properties
[2011/01/19 23:31:31 | 000,065,024 | ---- | C] () -- C:\Users\Dawn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2009/07/13 22:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 19:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2014/03/05 12:57:45 | 000,000,000 | ---D | M] -- C:\Users\Dawn\AppData\Roaming\AVG2014
[2011/06/06 22:33:17 | 000,000,000 | ---D | M] -- C:\Users\Dawn\AppData\Roaming\FrostWire
[2011/04/21 00:58:09 | 000,000,000 | ---D | M] -- C:\Users\Dawn\AppData\Roaming\Jasc
[2011/02/26 11:33:15 | 000,000,000 | ---D | M] -- C:\Users\Dawn\AppData\Roaming\MusicNet
[2011/02/06 16:00:22 | 000,000,000 | ---D | M] -- C:\Users\Dawn\AppData\Roaming\PCDr
[2011/05/19 13:17:37 | 000,000,000 | ---D | M] -- C:\Users\Dawn\AppData\Roaming\TS3Client
[2014/02/11 16:57:15 | 000,000,000 | ---D | M] -- C:\Users\Dawn\AppData\Roaming\TuneUp Software
[2013/06/03 09:49:27 | 000,000,000 | ---D | M] -- C:\Users\Dawn\AppData\Roaming\Unity
[2012/05/09 05:25:21 | 000,000,000 | ---D | M] -- C:\Users\kaycie\AppData\Roaming\Oberon Media
[2012/05/09 05:26:20 | 000,000,000 | ---D | M] -- C:\Users\kaycie\AppData\Roaming\PlayFirst
[2013/12/24 23:03:08 | 000,000,000 | ---D | M] -- C:\Users\Rodney\AppData\Roaming\Unity

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV - [2009/07/13 19:14:53 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2013/02/26 22:49:16 | 000,047,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2009/07/13 19:14:11 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2010/11/20 06:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2010/11/20 06:18:06 | 000,494,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2013/09/24 18:49:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009/07/13 19:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2012/07/04 15:14:34 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2013/07/08 22:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2010/11/20 06:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2010/11/20 06:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2011/03/02 23:38:01 | 000,132,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/07/13 19:15:13 | 000,098,304 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009/07/13 19:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2009/07/13 19:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2010/11/20 06:19:23 | 000,350,208 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
SRV - [2011/04/27 13:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/04/27 13:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2009/07/13 19:16:15 | 000,313,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2009/07/13 19:15:41 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2009/07/13 19:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2009/07/13 19:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2012/10/03 10:42:26 | 000,242,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2009/07/13 19:16:11 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2011/05/24 04:44:59 | 000,293,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2012/02/10 23:37:49 | 000,317,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2013/09/24 18:49:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV - [2009/07/13 19:16:12 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2010/11/20 06:21:00 | 000,286,208 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2010/11/20 06:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2009/07/13 19:16:13 | 000,021,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2013/09/24 18:49:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009/07/13 19:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2010/11/20 06:21:26 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2010/11/20 06:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV - [2010/11/20 06:21:05 | 000,750,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2010/11/20 06:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/13 19:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2012/04/30 22:44:12 | 000,164,352 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2010/11/20 06:17:51 | 001,025,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2010/11/20 06:18:05 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2010/11/20 06:18:05 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2010/11/20 06:21:06 | 000,125,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2013/05/26 22:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/11/20 06:21:35 | 001,086,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (eventlog)
SRV - [2010/11/20 06:19:40 | 000,566,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2010/11/20 06:21:35 | 000,463,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (StiSvc)
SRV - [2010/11/20 06:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/07/13 19:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012/06/02 16:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2010/11/20 06:18:34 | 000,214,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/13 19:16:19 | 000,829,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2010/11/20 06:21:36 | 000,084,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)

< dir "C:\Program Files\*" /c >
Volume in drive C is OS
Volume Serial Number is C627-7DDE
Directory of C:\PROGRAM FILES
03/08/2014 04:08 PM <DIR> .
03/08/2014 04:08 PM <DIR> ..
08/25/2011 09:25 PM <DIR> Adobe
03/05/2014 12:54 PM <DIR> AVG
12/18/2013 09:25 PM <DIR> Bonjour
01/07/2011 01:18 AM <DIR> Cisco
03/05/2014 07:08 PM <DIR> Common Files
12/07/2011 06:07 PM <DIR> Conduit
01/07/2011 01:19 AM <DIR> Creative
01/07/2011 01:19 AM <DIR> Creative Live! Cam
01/07/2011 01:17 AM <DIR> Dell
01/07/2011 01:11 AM <DIR> Dell Inc
01/07/2011 01:21 AM <DIR> Dell Support Center
01/07/2011 01:19 AM <DIR> Dell Webcam
04/15/2011 11:43 AM <DIR> Driver Whiz
06/23/2011 01:51 AM <DIR> DVD Maker
02/20/2011 11:38 AM <DIR> Electronic Arts
06/06/2011 04:07 PM <DIR> FrostWire
09/30/2012 01:30 AM <DIR> Google
02/11/2014 09:11 PM <DIR> Hewlett-Packard
10/10/2012 01:54 PM <DIR> HideMyMAC
02/11/2014 09:10 PM <DIR> HP
02/11/2014 09:10 PM <DIR> HP Photo Creations
01/07/2011 03:07 AM <DIR> IDT
01/07/2011 01:13 AM <DIR> Intel
03/05/2014 09:40 AM <DIR> Internet Explorer
03/08/2014 04:07 PM <DIR> InternetHelper1.5
04/21/2011 12:57 AM <DIR> Jasc Software Inc
03/05/2014 07:06 PM <DIR> Java
12/18/2013 09:27 PM <DIR> Level Quality Watcher
03/05/2014 04:23 PM <DIR> LPT
02/19/2011 04:45 PM <DIR> Maxis
01/18/2011 04:10 PM <DIR> Microsoft
11/11/2011 10:15 AM <DIR> Microsoft Office
05/01/2012 02:01 AM <DIR> Microsoft Security Client
12/07/2013 04:18 AM <DIR> Microsoft Silverlight
01/07/2011 01:25 AM <DIR> Microsoft SQL Server Compact Edition
01/18/2011 04:08 PM <DIR> Microsoft Visual Studio
01/18/2011 04:06 PM <DIR> Microsoft Visual Studio 8
01/27/2011 03:02 AM <DIR> Microsoft Works
01/28/2011 03:00 AM <DIR> Microsoft.NET
06/08/2011 01:45 AM <DIR> Mihov Image Resizer
09/30/2012 01:19 PM <DIR> Mozilla Firefox
01/18/2011 04:08 PM <DIR> MSBuild
01/29/2014 03:12 PM <DIR> Nova Development
05/09/2012 05:24 AM <DIR> Oberon Media
03/08/2014 11:14 AM <DIR> PCFriendly
03/08/2014 11:02 AM <DIR> predm
03/07/2014 09:06 AM <DIR> QuickTime
07/13/2009 10:52 PM <DIR> Reference Assemblies
03/07/2014 03:11 PM <DIR> RMPrepUSB
01/07/2011 01:18 AM <DIR> Roxio
01/06/2014 12:05 AM <DIR> Sendori
01/06/2014 12:01 AM <DIR> sp
01/07/2011 01:13 AM <DIR> STMicroelectronics
01/07/2011 03:02 AM <DIR> Synaptics
01/07/2011 01:16 AM <DIR> WIDCOMM
12/07/2013 04:15 AM <DIR> Windows Defender
12/07/2013 04:15 AM <DIR> Windows Journal
03/31/2011 01:01 AM <DIR> Windows Live
06/23/2011 01:51 AM <DIR> Windows Mail
12/12/2013 03:34 AM <DIR> Windows Media Player
07/13/2009 10:52 PM <DIR> Windows NT
06/23/2011 01:51 AM <DIR> Windows Photo Viewer
06/23/2011 01:51 AM <DIR> Windows Portable Devices
06/23/2011 01:51 AM <DIR> Windows Sidebar
03/05/2014 12:17 PM <DIR> Yahoo!
09/23/2011 04:22 PM <DIR> YourBountyHunter!
0 File(s) 0 bytes
68 Dir(s) 167,012,671,488 bytes free

< MD5 for: EXPLORER.EXE >
[2011/01/07 03:00:33 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_523cdab8f40fe558\explorer.exe
[2011/02/25 23:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/13 19:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/25 23:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2011/01/07 03:00:43 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/25 23:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 06:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2011/01/07 03:00:37 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2011/01/07 03:00:37 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2011/01/07 03:00:43 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[2011/01/07 03:00:33 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_51c00e6ddae85c4b\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 19:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2011/01/07 03:00:43 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2011/01/07 03:00:43 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 06:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 06:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/13 19:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< c:\program files (x86)\Google\Desktop >
[2009/07/13 22:53:46 | 000,032,612 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/07/13 22:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2011/01/18 15:56:55 | 000,000,564 | ---- | C] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2011/01/18 15:56:56 | 000,000,422 | ---- | C] () -- C:\Windows\Tasks\SystemToolsDailyTest.job
[2012/09/30 01:30:01 | 000,000,882 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2013/06/27 21:48:04 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2013/12/06 08:56:55 | 000,000,882 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cef29367a9eb04.job

< c:\program files\Google\Desktop >

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C is OS
Volume Serial Number is C627-7DDE
Directory of C:\
07/13/2009 10:53 PM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
07/13/2009 10:53 PM <JUNCTION> Application Data [C:\ProgramData]
07/13/2009 10:53 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/13/2009 10:53 PM <JUNCTION> Documents [C:\Users\Public\Documents]
07/13/2009 10:53 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/13/2009 10:53 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009 10:53 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
07/13/2009 10:53 PM <SYMLINKD> All Users [C:\ProgramData]
07/13/2009 10:53 PM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
07/13/2009 10:53 PM <JUNCTION> Application Data [C:\ProgramData]
07/13/2009 10:53 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/13/2009 10:53 PM <JUNCTION> Documents [C:\Users\Public\Documents]
07/13/2009 10:53 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/13/2009 10:53 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009 10:53 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Dawn
01/18/2011 03:54 PM <JUNCTION> Application Data [C:\Users\Dawn\AppData\Roaming]
01/18/2011 03:54 PM <JUNCTION> Cookies [C:\Users\Dawn\AppData\Roaming\Microsoft\Windows\Cookies]
01/18/2011 03:54 PM <JUNCTION> Local Settings [C:\Users\Dawn\AppData\Local]
01/18/2011 03:54 PM <JUNCTION> My Documents [C:\Users\Dawn\Documents]
01/18/2011 03:54 PM <JUNCTION> NetHood [C:\Users\Dawn\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
01/18/2011 03:54 PM <JUNCTION> PrintHood [C:\Users\Dawn\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
01/18/2011 03:54 PM <JUNCTION> Recent [C:\Users\Dawn\AppData\Roaming\Microsoft\Windows\Recent]
01/18/2011 03:54 PM <JUNCTION> SendTo [C:\Users\Dawn\AppData\Roaming\Microsoft\Windows\SendTo]
01/18/2011 03:54 PM <JUNCTION> Start Menu [C:\Users\Dawn\AppData\Roaming\Microsoft\Windows\Start Menu]
01/18/2011 03:54 PM <JUNCTION> Templates [C:\Users\Dawn\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Dawn\AppData\Local
01/18/2011 03:54 PM <JUNCTION> Application Data [C:\Users\Dawn\AppData\Local]
01/18/2011 03:54 PM <JUNCTION> History [C:\Users\Dawn\AppData\Local\Microsoft\Windows\History]
01/18/2011 03:54 PM <JUNCTION> Temporary Internet Files [C:\Users\Dawn\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Dawn\AppData\LocalLow
05/01/2011 12:20 AM <JUNCTION> PlayReady [C:\ProgramData\Microsoft\PlayReady]
0 File(s) 0 bytes
Directory of C:\Users\Dawn\Documents
01/18/2011 03:54 PM <JUNCTION> My Music [C:\Users\Dawn\Music]
01/18/2011 03:54 PM <JUNCTION> My Pictures [C:\Users\Dawn\Pictures]
01/18/2011 03:54 PM <JUNCTION> My Videos [C:\Users\Dawn\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/13/2009 10:53 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
07/13/2009 10:53 PM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/13/2009 10:53 PM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
07/13/2009 10:53 PM <JUNCTION> My Documents [C:\Users\Default\Documents]
07/13/2009 10:53 PM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/13/2009 10:53 PM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/13/2009 10:53 PM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/13/2009 10:53 PM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/13/2009 10:53 PM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/13/2009 10:53 PM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/13/2009 10:53 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
07/13/2009 10:53 PM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/13/2009 10:53 PM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/13/2009 10:53 PM <JUNCTION> My Music [C:\Users\Default\Music]
07/13/2009 10:53 PM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
07/13/2009 10:53 PM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Guest
01/19/2011 07:21 AM <JUNCTION> Application Data [C:\Users\Guest\AppData\Roaming]
01/19/2011 07:21 AM <JUNCTION> Cookies [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies]
01/19/2011 07:21 AM <JUNCTION> Local Settings [C:\Users\Guest\AppData\Local]
01/19/2011 07:21 AM <JUNCTION> My Documents [C:\Users\Guest\Documents]
01/19/2011 07:21 AM <JUNCTION> NetHood [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
01/19/2011 07:21 AM <JUNCTION> PrintHood [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
01/19/2011 07:21 AM <JUNCTION> Recent [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Recent]
01/19/2011 07:21 AM <JUNCTION> SendTo [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\SendTo]
01/19/2011 07:21 AM <JUNCTION> Start Menu [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu]
01/19/2011 07:21 AM <JUNCTION> Templates [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Guest\AppData\Local
01/19/2011 07:21 AM <JUNCTION> Application Data [C:\Users\Guest\AppData\Local]
01/19/2011 07:21 AM <JUNCTION> History [C:\Users\Guest\AppData\Local\Microsoft\Windows\History]
01/19/2011 07:21 AM <JUNCTION> Temporary Internet Files [C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Guest\Documents
01/19/2011 07:21 AM <JUNCTION> My Music [C:\Users\Guest\Music]
01/19/2011 07:21 AM <JUNCTION> My Pictures [C:\Users\Guest\Pictures]
01/19/2011 07:21 AM <JUNCTION> My Videos [C:\Users\Guest\Videos]
0 File(s) 0 bytes
Directory of C:\Users\kaycie
06/23/2011 06:34 AM <JUNCTION> Application Data [C:\Users\kaycie\AppData\Roaming]
06/23/2011 06:34 AM <JUNCTION> Cookies [C:\Users\kaycie\AppData\Roaming\Microsoft\Windows\Cookies]
06/23/2011 06:34 AM <JUNCTION> Local Settings [C:\Users\kaycie\AppData\Local]
06/23/2011 06:34 AM <JUNCTION> My Documents [C:\Users\kaycie\Documents]
06/23/2011 06:34 AM <JUNCTION> NetHood [C:\Users\kaycie\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
06/23/2011 06:34 AM <JUNCTION> PrintHood [C:\Users\kaycie\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
06/23/2011 06:34 AM <JUNCTION> Recent [C:\Users\kaycie\AppData\Roaming\Microsoft\Windows\Recent]
06/23/2011 06:34 AM <JUNCTION> SendTo [C:\Users\kaycie\AppData\Roaming\Microsoft\Windows\SendTo]
06/23/2011 06:34 AM <JUNCTION> Start Menu [C:\Users\kaycie\AppData\Roaming\Microsoft\Windows\Start Menu]
06/23/2011 06:34 AM <JUNCTION> Templates [C:\Users\kaycie\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\kaycie\AppData\Local
06/23/2011 06:34 AM <JUNCTION> Application Data [C:\Users\kaycie\AppData\Local]
06/23/2011 06:34 AM <JUNCTION> History [C:\Users\kaycie\AppData\Local\Microsoft\Windows\History]
06/23/2011 06:34 AM <JUNCTION> Temporary Internet Files [C:\Users\kaycie\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\kaycie\Documents
06/23/2011 06:34 AM <JUNCTION> My Music [C:\Users\kaycie\Music]
06/23/2011 06:34 AM <JUNCTION> My Pictures [C:\Users\kaycie\Pictures]
06/23/2011 06:34 AM <JUNCTION> My Videos [C:\Users\kaycie\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Mr Morgan
12/04/2011 11:39 AM <JUNCTION> Application Data [C:\Users\Mr Morgan\AppData\Roaming]
12/04/2011 11:39 AM <JUNCTION> Cookies [C:\Users\Mr Morgan\AppData\Roaming\Microsoft\Windows\Cookies]
12/04/2011 11:39 AM <JUNCTION> Local Settings [C:\Users\Mr Morgan\AppData\Local]
12/04/2011 11:39 AM <JUNCTION> My Documents [C:\Users\Mr Morgan\Documents]
12/04/2011 11:39 AM <JUNCTION> NetHood [C:\Users\Mr Morgan\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
12/04/2011 11:39 AM <JUNCTION> PrintHood [C:\Users\Mr Morgan\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
12/04/2011 11:39 AM <JUNCTION> Recent [C:\Users\Mr Morgan\AppData\Roaming\Microsoft\Windows\Recent]
12/04/2011 11:39 AM <JUNCTION> SendTo [C:\Users\Mr Morgan\AppData\Roaming\Microsoft\Windows\SendTo]
12/04/2011 11:39 AM <JUNCTION> Start Menu [C:\Users\Mr Morgan\AppData\Roaming\Microsoft\Windows\Start Menu]
12/04/2011 11:39 AM <JUNCTION> Templates [C:\Users\Mr Morgan\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Mr Morgan\AppData\Local
12/04/2011 11:39 AM <JUNCTION> Temporary Internet Files [C:\Users\Mr Morgan\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Mr Morgan\Documents
12/04/2011 11:39 AM <JUNCTION> My Music [C:\Users\Mr Morgan\Music]
12/04/2011 11:39 AM <JUNCTION> My Pictures [C:\Users\Mr Morgan\Pictures]
12/04/2011 11:39 AM <JUNCTION> My Videos [C:\Users\Mr Morgan\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
07/13/2009 10:53 PM <JUNCTION> My Music [C:\Users\Public\Music]
07/13/2009 10:53 PM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/13/2009 10:53 PM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Rodney
12/24/2013 10:52 PM <JUNCTION> Application Data [C:\Users\Rodney\AppData\Roaming]
12/24/2013 10:52 PM <JUNCTION> Cookies [C:\Users\Rodney\AppData\Roaming\Microsoft\Windows\Cookies]
12/24/2013 10:52 PM <JUNCTION> Local Settings [C:\Users\Rodney\AppData\Local]
12/24/2013 10:52 PM <JUNCTION> My Documents [C:\Users\Rodney\Documents]
12/24/2013 10:52 PM <JUNCTION> NetHood [C:\Users\Rodney\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
12/24/2013 10:52 PM <JUNCTION> PrintHood [C:\Users\Rodney\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
12/24/2013 10:52 PM <JUNCTION> Recent [C:\Users\Rodney\AppData\Roaming\Microsoft\Windows\Recent]
12/24/2013 10:52 PM <JUNCTION> SendTo [C:\Users\Rodney\AppData\Roaming\Microsoft\Windows\SendTo]
12/24/2013 10:52 PM <JUNCTION> Start Menu [C:\Users\Rodney\AppData\Roaming\Microsoft\Windows\Start Menu]
12/24/2013 10:52 PM <JUNCTION> Templates [C:\Users\Rodney\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Rodney\AppData\Local
12/24/2013 10:52 PM <JUNCTION> Application Data [C:\Users\Rodney\AppData\Local]
12/24/2013 10:52 PM <JUNCTION> History [C:\Users\Rodney\AppData\Local\Microsoft\Windows\History]
12/24/2013 10:52 PM <JUNCTION> Temporary Internet Files [C:\Users\Rodney\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Rodney\Documents
12/24/2013 10:52 PM <JUNCTION> My Music [C:\Users\Rodney\Music]
12/24/2013 10:52 PM <JUNCTION> My Pictures [C:\Users\Rodney\Pictures]
12/24/2013 10:52 PM <JUNCTION> My Videos [C:\Users\Rodney\Videos]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile
01/07/2011 01:18 AM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
01/07/2011 01:18 AM <JUNCTION> Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
01/07/2011 01:18 AM <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\AppData\Local
01/07/2011 01:18 AM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
01/07/2011 01:18 AM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
01/07/2011 01:18 AM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
119 Dir(s) 167,010,312,192 bytes free

========== Alternate Data Streams ==========

@Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:DF9323A5

< End of report >
  • 0

#8
godawgs
Posted 08 March 2014 - 09:55 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

Hello I am sorry I have never said hello.

No problem. I'm sure you had bigger things on your mind. :)
Well that round got rid of a ton of rubbish and deleted another ton of TEMP files. That and removing the AVG program should make a difference in the speed of the system. The last OTL fix killed the files that Internet Helper used to load and run. In this round we will uninstall AVG, run another OTL fix and further clean the browsers.
There is a good bit to do here so take your time and if you have any questions just stop and ask. Please let me know how the computer is behaving after this run.


Step-1.

1. Please download the AVG Remover tool and save it to the desktop.

2. Please download Junkware Removal Tool to your desktop.


Step-2.

A.
Uninstall AVG

1. Please click the Start Orb Posted Image, click Control Panel. Under the Programs or Programs and Features heading click Uninstall a program
2. In the list of programs installed, locate the following program(s):

AVG 2014

3. Right click each program and click Uninstall
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.

B.
Run the AVG Remover Tool:

  • Double click the avg_remover_stf_x86_2014_4116.exe file to run it and follow the instructions displayed on your screen. (Window 7 Users may need to right click the file and click Run as Administrator.)
    NOTE: All AVG user settings will be removed after the uninstall process is complete, as well as content from the Virus Vault and all other items related to AVG installation and use. You will be asked during the removal procedure to restart your computer. Therefore, please make sure to finish your work and save all important data prior to launching AVG Remover.
  • After the restart, allow the tool to remove the remaining AVG files.

Step-3.

Posted Image OTL Fix

Please close all open windows and browsers

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lmimirr.sys -- (lmimirr)
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "bing"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "bing"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: [email protected]:3.15.4.100013
FF - prefs.js..keyword.URL: "http://websearch.ask...TES002U2US&&q="
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox
[2012/09/30 01:33:40 | 000,002,573 | ---- | M] () -- C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\searchplugins\askcom.xml
O3 - HKU\S-1-5-21-2121746328-1834018783-3590070646-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-2121746328-1834018783-3590070646-1000\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CCE] C:\Users\Dawn\Downloads\cce_2.5.242177.201_x32\CCE\CCE.exe (COMODO)
O7 - HKU\S-1-5-21-2121746328-1834018783-3590070646-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2121746328-1834018783-3590070646-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1

:REG
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{22A9D2E2-4142-400D-952D-13ED6F642B89}" = -
"{49CBC7A5-361C-46F7-BA1B-FDC98EC625F2}" = -
"{84A94032-0807-468A-8086-D5108B28709C}" = -
"{B40A025D-01B0-4FD7-B73B-1DBC2E4E0B90}" = -
"TCP Query User{59093FAE-FD58-409A-A450-C87E9692D325}C:\program files\frostwire\frostwire.exe" = -
"UDP Query User{3095A3A8-61D8-4D5D-B80E-61F9D1838976}C:\program files\frostwire\frostwire.exe" = -
"UDP Query User{E9C73100-9E11-4F03-BA3C-D561AEE34C58}C:\program files\frostwire 5\frostwire.exe" = -

:FILES
C:\Program Files\AVG
C:\Users\Dawn\AppData\Roaming\AVG2014
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
C:\$AVG
C:\AVG
C:\ProgramData\AVG2014
C:\Program Files\AVG
C:\Program Files\LPT
C:\Users\Dawn\AppData\Local\Avg2014
C:\Users\Dawn\AppData\Roaming\TuneUp Software
C:\Users\Dawn\AppData\Local\MFAData
C:\ProgramData\MFAData
C:\Users\Public\Desktop\AVG 2014.lnk
C:\Users\Dawn\AppData\Roaming\AVG2014
C:\Users\Dawn\AppData\Roaming\FrostWire
C:\Users\Dawn\AppData\Roaming\TuneUp Software
C:\ProgramData\deeaL4me
C:\Program Files\FrostWire
C:\Program Files\frostwire 5
C:\Program Files\InternetHelper1.5
C:\PCFriendly

:COMMANDS
[emptytemp]


Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop. To do that:
  • Vista and 7 users: Right click the icon and click Run as Administrator
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-4.

Re-run AdwCleaner

Close all open windows and browsers.

  • Right click the AdwCleaner icon, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  • Click the Scan button and wait for the scan to complete.
  • When the Scan has finished the Scan button will be grayed out and the Clean button will be activated.
  • Click the Clean button.
  • Everything checked will be deleted.
  • When the program has finished cleaning a report appears.
  • Once done it will ask to reboot, allow this

    Posted Image
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

Step-5.

Scan with JRT:

Posted Image Please download Junkware Removal Tool to your desktop.

NOTE: Temporarily shut down your protection software now to avoid potential conflicts, how to do so can be read here.

  • Right click the JRT icon Posted Image and click Run as Administrator to run the application.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
NOTE: Reboot the machine and ensure that all security software is now enabled.


Step-6.

Run OTL again and click the Posted Image button. Post the log it produces in your next reply.


Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. Let me know how the AVG uninstall went
2. The OTL fixes log
3. The AdwCleaner[S0].txt log
4. The JRT.txt log
5. The new OTL.txt log
  • 0

#9
wisdom89
Posted 09 March 2014 - 10:58 AM

wisdom89

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
he computer is running a little faster after this run. AVG uninstall went good

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Service lmimirr stopped successfully!
Service lmimirr deleted successfully!
File system32\DRIVERS\lmimirr.sys not found.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "bing" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "bing" removed from browser.search.selectedEngine
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: [email protected]:3.15.4.100013 removed from extensions.enabledAddons
Prefs.js: "http://websearch.ask...TES002U2US&&q=" removed from keyword.URL
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}\ not found.
File C:\Program Files\Web Assistant\Firefox not found.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\searchplugins\askcom.xml moved successfully.
Registry value HKEY_USERS\S-1-5-21-2121746328-1834018783-3590070646-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\S-1-5-21-2121746328-1834018783-3590070646-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AVG_UI not found.
File C:\Program Files\AVG\AVG2014\avgui.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CCE deleted successfully.
C:\Users\Dawn\Downloads\cce_2.5.242177.201_x32\CCE\CCE.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-2121746328-1834018783-3590070646-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\LogonHoursAction deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2121746328-1834018783-3590070646-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DontDisplayLogonHoursWarnings deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{22A9D2E2-4142-400D-952D-13ED6F642B89} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22A9D2E2-4142-400D-952D-13ED6F642B89}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{49CBC7A5-361C-46F7-BA1B-FDC98EC625F2} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49CBC7A5-361C-46F7-BA1B-FDC98EC625F2}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{84A94032-0807-468A-8086-D5108B28709C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84A94032-0807-468A-8086-D5108B28709C}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B40A025D-01B0-4FD7-B73B-1DBC2E4E0B90} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B40A025D-01B0-4FD7-B73B-1DBC2E4E0B90}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{59093FAE-FD58-409A-A450-C87E9692D325}C:\program files\frostwire\frostwire.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{3095A3A8-61D8-4D5D-B80E-61F9D1838976}C:\program files\frostwire\frostwire.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{E9C73100-9E11-4F03-BA3C-D561AEE34C58}C:\program files\frostwire 5\frostwire.exe not found.
========== FILES ==========
File\Folder C:\Program Files\AVG not found.
File\Folder C:\Users\Dawn\AppData\Roaming\AVG2014 not found.
File\Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG not found.
File\Folder C:\$AVG not found.
File\Folder C:\AVG not found.
C:\ProgramData\AVG2014\$AVG\$VAULT folder moved successfully.
C:\ProgramData\AVG2014\$AVG folder moved successfully.
C:\ProgramData\AVG2014 folder moved successfully.
File\Folder C:\Program Files\AVG not found.
C:\Program Files\LPT\Resources folder moved successfully.
C:\Program Files\LPT\Configs folder moved successfully.
C:\Program Files\LPT folder moved successfully.
File\Folder C:\Users\Dawn\AppData\Local\Avg2014 not found.
C:\Users\Dawn\AppData\Roaming\TuneUp Software\TU2012\Backups folder moved successfully.
C:\Users\Dawn\AppData\Roaming\TuneUp Software\TU2012 folder moved successfully.
C:\Users\Dawn\AppData\Roaming\TuneUp Software folder moved successfully.
C:\Users\Dawn\AppData\Local\MFAData\logs folder moved successfully.
C:\Users\Dawn\AppData\Local\MFAData folder moved successfully.
C:\ProgramData\MFAData\avibackup folder moved successfully.
C:\ProgramData\MFAData folder moved successfully.
File\Folder C:\Users\Public\Desktop\AVG 2014.lnk not found.
File\Folder C:\Users\Dawn\AppData\Roaming\AVG2014 not found.
C:\Users\Dawn\AppData\Roaming\FrostWire\themes\frostwirePro_theme folder moved successfully.
C:\Users\Dawn\AppData\Roaming\FrostWire\themes folder moved successfully.
C:\Users\Dawn\AppData\Roaming\FrostWire\image_cache\static.frostwire.com\images\overlays folder moved successfully.
C:\Users\Dawn\AppData\Roaming\FrostWire\image_cache\static.frostwire.com\images\banners folder moved successfully.
C:\Users\Dawn\AppData\Roaming\FrostWire\image_cache\static.frostwire.com\images folder moved successfully.
C:\Users\Dawn\AppData\Roaming\FrostWire\image_cache\static.frostwire.com folder moved successfully.
C:\Users\Dawn\AppData\Roaming\FrostWire\image_cache\farm6.static.flickr.com\5128 folder moved successfully.
C:\Users\Dawn\AppData\Roaming\FrostWire\image_cache\farm6.static.flickr.com\5047 folder moved successfully.
C:\Users\Dawn\AppData\Roaming\FrostWire\image_cache\farm6.static.flickr.com folder moved successfully.
C:\Users\Dawn\AppData\Roaming\FrostWire\image_cache\farm5.static.flickr.com\4147 folder moved successfully.
C:\Users\Dawn\AppData\Roaming\FrostWire\image_cache\farm5.static.flickr.com\4089 folder moved successfully.
C:\Users\Dawn\AppData\Roaming\FrostWire\image_cache\farm5.static.flickr.com\4084 folder moved successfully.
C:\Users\Dawn\AppData\Roaming\FrostWire\image_cache\farm5.static.flickr.com\4055 folder moved successfully.
C:\Users\Dawn\AppData\Roaming\FrostWire\image_cache\farm5.static.flickr.com\4047 folder moved successfully.
C:\Users\Dawn\AppData\Roaming\FrostWire\image_cache\farm5.static.flickr.com\4028 folder moved successfully.
C:\Users\Dawn\AppData\Roaming\FrostWire\image_cache\farm5.static.flickr.com folder moved successfully.
C:\Users\Dawn\AppData\Roaming\FrostWire\image_cache\farm2.static.flickr.com\1218 folder moved successfully.
C:\Users\Dawn\AppData\Roaming\FrostWire\image_cache\farm2.static.flickr.com\1207 folder moved successfully.
C:\Users\Dawn\AppData\Roaming\FrostWire\image_cache\farm2.static.flickr.com folder moved successfully.
C:\Users\Dawn\AppData\Roaming\FrostWire\image_cache folder moved successfully.
C:\Users\Dawn\AppData\Roaming\FrostWire\azureus\torrents folder moved successfully.
C:\Users\Dawn\AppData\Roaming\FrostWire\azureus\plugins folder moved successfully.
C:\Users\Dawn\AppData\Roaming\FrostWire\azureus\net folder moved successfully.
C:\Users\Dawn\AppData\Roaming\FrostWire\azureus\dht folder moved successfully.
C:\Users\Dawn\AppData\Roaming\FrostWire\azureus\active folder moved successfully.
C:\Users\Dawn\AppData\Roaming\FrostWire\azureus folder moved successfully.
C:\Users\Dawn\AppData\Roaming\FrostWire\.NetworkShare\Incomplete folder moved successfully.
C:\Users\Dawn\AppData\Roaming\FrostWire\.NetworkShare folder moved successfully.
C:\Users\Dawn\AppData\Roaming\FrostWire\.AppSpecialShare folder moved successfully.
C:\Users\Dawn\AppData\Roaming\FrostWire folder moved successfully.
File\Folder C:\Users\Dawn\AppData\Roaming\TuneUp Software not found.
C:\ProgramData\deeaL4me folder moved successfully.
C:\Program Files\FrostWire folder moved successfully.
File\Folder C:\Program Files\frostwire 5 not found.
C:\Program Files\InternetHelper1.5 folder moved successfully.
File\Folder C:\PCFriendly not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Dawn
->Temp folder emptied: 10642 bytes
->Temporary Internet Files folder emptied: 10789740 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 71917324 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 1018 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes

User: kaycie
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mr Morgan
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Rodney
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2877806 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 82.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 03092014_003533

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\sndappv2.log scheduled to be moved on reboot.
File\Folder C:\Windows\temp\TMP0000000D7997CE5FDE3CC27E not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...



# AdwCleaner v3.020 - Report created 09/03/2014 at 01:08:02
# Updated 27/02/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : Dawn - DAWN-PC
# Running from : C:\Users\Dawn\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : ca82e1a5

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Level Quality Watcher
Folder Deleted : C:\Program Files\predm
Folder Deleted : C:\Users\Dawn\AppData\Local\apn
Folder Deleted : C:\Users\Dawn\AppData\Local\PackageAware
Folder Deleted : C:\Users\Dawn\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Dawn\AppData\LocalLow\searchquband
Folder Deleted : C:\Users\Dawn\AppData\LocalLow\InternetHelper1.5
Folder Deleted : C:\Users\kaycie\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Rodney\AppData\Local\SearchProtect
Folder Deleted : C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
File Deleted : C:\END
File Deleted : C:\Windows\System32\Tasks\BackgroundContainer Startup Task

***** [ Shortcuts ] *****


***** [ Registry ] *****

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DD12ED2F-EFBB-41BD-A251-5215ABD36D89}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DD12ED2F-EFBB-41BD-A251-5215ABD36D89}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\AdpeakProxy.exe
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.BandooCore
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bho
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.DataContainer
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0044150.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0044150.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0044150.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0044150.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3063386
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3247201
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_safari_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_safari_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_teamspeak[1]_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_teamspeak[1]_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9DC8FA51-B596-4F77-802C-5B295919C205}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6CE321DA-DC11-45C6-A0FC-4E8A7D978ABC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{74137531-80F7-406F-9543-7D11385FA8C8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9B7B034B-944A-4261-B487-862F642F7615}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F62A4AF9-58B4-4FEC-89CC-D717A547D8E8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CF0A6C67-CFD0-40B0-A375-4B9893C2B339}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422412250}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6F43FA77-C18F-4D0C-9C7E-958876FE2061}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DF948646-8BF4-450E-A059-CF8A4E0FE2BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E96B49B0-E11F-48FC-984A-EEC29A4F57E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455415550}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466416650}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440444414450}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F9E44926-2497-46F3-8A25-928136AC079E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CF0A6C67-CFD0-40B0-A375-4B9893C2B339}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{429E0C87-C956-45BE-B453-FDF0CB2A4CE0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1EA0DF4A-F458-45F3-BA45-061995A29CB1}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\FreeSoftToday
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\InternetHelper1.5
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKCU\Software\AppDataLow\Software\Scorpion Saver
Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\InternetHelper1.5
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\Bandoo
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\Scorpion Saver
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\Tutorials
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\Software\Web Assistant
Key Deleted : HKLM\Software\InternetHelper1.5
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PricePeep
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InternetHelper1.5 Toolbar
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16798

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Mozilla Firefox v

[ File : C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\prefs.js ]

Line Deleted : user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");
Line Deleted : user_pref("extensions.asktb.abar-war-regex", "conduit\\.com");
Line Deleted : user_pref("extensions.asktb.abar-war-timeout", "4000");
Line Deleted : user_pref("extensions.asktb.apn_dbr", "cr_17.0.963.56");
Line Deleted : user_pref("extensions.asktb.autofill-competitor-query-enabled", true);
Line Deleted : user_pref("extensions.asktb.cbid", "FM");
Line Deleted : user_pref("extensions.asktb.config-updated", false);
Line Deleted : user_pref("extensions.asktb.cr-o", "14193cr");
Line Deleted : user_pref("extensions.asktb.crumb", "2012.02.25+11.28.14-toolbar014iad-US-Q2hpY2FnbyxJTCxVbml0ZWQgU3RhdGVz");
Line Deleted : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&l={l}&qsrc={qsrc}");
Line Deleted : user_pref("extensions.asktb.displaybehavior", "");
Line Deleted : user_pref("extensions.asktb.displaytext", "");
Line Deleted : user_pref("extensions.asktb.dtid", "TES002U2US");
Line Deleted : user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false);
Line Deleted : user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "USIL0225");
Line Deleted : user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "F");
Line Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");
Line Deleted : user_pref("extensions.asktb.fresh-install", false);
Line Deleted : user_pref("extensions.asktb.guid", "53c5d626-21b5-4469-a059-f036c24c2ca2");
Line Deleted : user_pref("extensions.asktb.hpr", "YES");
Line Deleted : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com\", \"www.facebook.com\", \"www.playsushi.com\", \"WWW.google.com\", \"hxxps://websearch.ask.com\", [...]
Line Deleted : user_pref("extensions.asktb.if", "first");
Line Deleted : user_pref("extensions.asktb.l", "dis");
Line Deleted : user_pref("extensions.asktb.last-config-req", "1348990420828");
Line Deleted : user_pref("extensions.asktb.last-search-timestamp", "1330490524866");
Line Deleted : user_pref("extensions.asktb.locale", "en_US");
Line Deleted : user_pref("extensions.asktb.location", "Chicago,IL,United States");
Line Deleted : user_pref("extensions.asktb.lstation", "");
Line Deleted : user_pref("extensions.asktb.new-tab-enabled", true);
Line Deleted : user_pref("extensions.asktb.news-native-on", true);
Line Deleted : user_pref("extensions.asktb.o", "14193");
Line Deleted : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Line Deleted : user_pref("extensions.asktb.pstate", "");
Line Deleted : user_pref("extensions.asktb.qsrc", "2871");
Line Deleted : user_pref("extensions.asktb.r", "2");
Line Deleted : user_pref("extensions.asktb.sa", "YES");
Line Deleted : user_pref("extensions.asktb.saguid", "75E09092-9B73-43C3-A9A7-05BA9FF9D409");
Line Deleted : user_pref("extensions.asktb.search-history-queries", "ww2||paul shipman in world war 2");
Line Deleted : user_pref("extensions.asktb.search-plugin-suggestions-url", "hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms}");
Line Deleted : user_pref("extensions.asktb.search-suggestions-enabled", true);
Line Deleted : user_pref("extensions.asktb.silent-upgrade", true);
Line Deleted : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
Line Deleted : user_pref("extensions.asktb.socialmini-first", true);
Line Deleted : user_pref("extensions.asktb.socialmini-interval", "1200000");
Line Deleted : user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
Line Deleted : user_pref("extensions.asktb.socialmini-max-items", "30");
Line Deleted : user_pref("extensions.asktb.socialmini-native-on", true);
Line Deleted : user_pref("extensions.asktb.socialmini-speed", "10000");
Line Deleted : user_pref("extensions.asktb.socialmini-transition-first-open", false);
Line Deleted : user_pref("extensions.asktb.themeid", "");
Line Deleted : user_pref("extensions.asktb.timeinstalled", "2/25/2012 1:29:00 PM");
Line Deleted : user_pref("extensions.asktb.to", "");
Line Deleted : user_pref("extensions.asktb.v", "3.15.4.100013");
Line Deleted : user_pref("extensions.asktb.version", "5.15.4.23821");
Line Deleted : user_pref("extensions.asktb.volume", "");
Line Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\":\"q\",\"search.sweetim.com\":\"q\",\"search.imesh.net\":\"q\",\"www.search-results.com\":\"q\",\"h[...]
Line Deleted : user_pref("CT3247201.autoDisableScopes", 0);

[ File : C:\Users\kaycie\AppData\Roaming\Mozilla\Firefox\Profiles\2we4w1m6.default\prefs.js ]

Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Line Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Line Deleted : user_pref("browser.search.order.1", "Ask.com");
Line Deleted : user_pref("browser.search.selectedEngine", "Ask.com");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://www.ask.com/?l=dis&o=14196");
Line Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");
Line Deleted : user_pref("extensions.gamesbar.msnus.config.partner_logo", "iVBORw0KGgoAAAANSUhEUgAAAF8AAAAYCAYAAACcESEhAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90[...]
Line Deleted : user_pref("extensions.gamesbar.msnus.homepage", "hxxp://www.ask.com/?l=dis&o=14196");

-\\ Google Chrome v32.0.1700.76

[ File : C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : search_url

[ File : C:\Users\Rodney\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [20829 octets] - [08/03/2014 18:01:10]
AdwCleaner[R1].txt - [19855 octets] - [09/03/2014 00:58:09]
AdwCleaner[S0].txt - [19412 octets] - [09/03/2014 01:08:02]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [19473 octets] ##########


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Professional x86
Ran by Dawn on Sun 03/09/2014 at 10:31:42.34
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2121746328-1834018783-3590070646-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2121746328-1834018783-3590070646-1000\Software\web assistant
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\pricepeep_50001_1001_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\pricepeep_50001_1001_RASMANCS



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Dawn\appdata\local\cre"
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{0083767B-47FD-4BBA-9EA1-D33DA1DD6079}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{00CE7FA6-117D-4D07-AF02-7C37C3BE23EE}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{019FCB26-090D-4367-85B4-E213B0E4D360}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{01C85C48-B744-45E8-BC16-2242B5D25F18}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{02098616-0226-4F1B-A6F0-34CD1395B4D7}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{03359959-12DC-49B9-9280-BA8B0251452B}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{0442B4CE-A8F5-482D-AFEB-F7CA30058EAF}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{057E5772-5144-4718-AD33-815F19962750}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{073CF4F0-22A9-45EA-8418-EA53E3BF0948}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{08F57D63-0845-457F-B2A2-4A9119687872}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{09014018-E80F-4558-B137-7ED677BE34AD}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{093833FB-E8CB-4B7B-85EE-3BD2982E86DB}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{097FACA0-8D88-4DAA-97FC-5034081FC9DA}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{09DAA900-2645-4C61-BF8D-7A7A9B38C942}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{0C7DBF99-B00F-41F5-AD8B-FC733CADF37D}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{100E4634-9B04-4DDF-B879-1D4CDC8B62E6}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{11C1B6F8-C9CE-4623-83DA-1A0095CD7084}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{13234C8B-A170-4B77-A46D-33478CD3B3F4}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{1357DD83-FC63-4DAE-85B8-ABB9585320C6}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{135D2164-B738-48F4-8CA7-80BA2730ED4F}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{13F4E95D-0656-49F2-925C-6DC4E9FA138A}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{14F4F084-9E39-4DF7-80B7-60052127FA0B}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{1579D8C2-C14B-41DD-867A-59CB18F08A24}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{16207A9D-BEC5-463B-ADCF-8328BAE1F483}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{172943C9-C4EA-425A-8CB3-9C2DE29CC0D6}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{1735D087-5450-4C9B-84C7-75E58606DE32}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{18C25A57-7B00-468E-8E7B-E4E7217413E6}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{19586A42-F0A2-4865-8432-1339A1385442}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{1D6E19F6-9C7D-4470-8F23-D2DAAF0B48A4}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{21C62A08-B641-43CD-9ACF-1FE9124095C9}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{229DD18F-8C87-43F0-8ACE-5A91DC0C8389}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{23BD44B9-DF23-49F0-9FE9-C1C59A4BAA31}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{254C752B-CD7D-4358-A39B-675750C946C7}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{25C8F6FB-3CE4-43B3-97A4-723EE9268954}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{27EA971A-2621-4952-8197-0400ACC673A5}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{2820C5E0-35A0-4DFF-B903-CDD28DBA2388}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{28AB130B-585D-4641-B0C5-1798AF1558A7}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{28D283A3-3901-40B5-AE2B-65D64F2E9BE2}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{29183025-0242-4035-A3B4-4881DF202CAD}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{2A5AEEB0-0EA5-4A33-8F6C-56DBB304100A}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{2CFE3453-C254-49E0-83A0-88A54A9C46FF}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{2D4030AD-E34A-4842-9E7F-C2A29160C77C}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{2D40BBC5-9EA2-46B8-88D5-F431F83857FD}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{2DDED265-39D3-4EFC-82AE-D18A78A728E4}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{303917FA-5C85-47EB-AB6C-901F9ED2C5D8}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{30808F3E-F460-4664-9394-66AE2007C316}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{309E3260-FBD8-4B45-B53E-979BD9A8C774}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{310B6369-AA54-4CEB-BBC5-BFD494BDF9F9}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{32C68191-4F60-4932-9639-0722C786690F}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{391C8F12-2D3D-4F72-AAC7-FB44122C2CD2}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{3CC9EE0D-1441-4FED-BCBF-7933B3EE635C}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{3D144EC9-7561-43C4-AC55-C1AD74D8E386}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{3EE2935E-A633-4C3F-BEE8-48E558534A30}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{3FC7C694-253D-487D-BBB9-C545723185AC}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{4083F507-7F84-4B74-97C7-D692E4B93859}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{4103F06B-9438-488C-8E83-A6581BD454C3}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{4110D662-6C84-4CD9-A68E-811696759F49}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{42064A8C-8CE2-4D51-B50E-D3C7F6C3A2AB}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{427D717A-A729-41D7-8D66-CE6F91C84886}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{43EDA5B0-FD5B-41D4-A560-A02DB9365AC6}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{44CC29D5-CF97-4C65-8B2A-7CD8EC304CE0}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{485EEA8C-C73E-4CFF-B862-8FC6908B7A13}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{49BC9536-36D8-4392-8FD5-D07D4FE4C357}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{4A363A03-7CB1-4C53-8C11-459204BA153E}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{4CDD5F91-BAE1-4309-B5D7-064D78CB346F}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{4DCF831C-0B62-4809-AD32-386908BE37EB}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{507DE22D-8699-4FF6-8B99-1A4B84F281D6}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{510DFAD2-872C-46DA-B9B2-51BF7DACD017}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{54D61C22-79F8-4B49-B1C4-8926B05297B4}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{574B1FB2-CB0B-47EC-A1B0-50CA44052863}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{5853A70F-3377-4093-A8BE-8FE15C18823F}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{599C6ACE-5916-43F3-B256-9F4A9D4F92EC}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{59D67421-4351-404A-8551-814F62F36B27}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{5B3258C1-F827-4A17-B036-4566D86F0FFA}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{5CA8EC27-8161-44F8-8113-A33F8920A87F}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{5E264DDA-EA4E-4E3A-A388-D32135561955}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{5F63C014-EB6F-466E-96F4-3F6EAF83EE26}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{62EDD5FB-B3CF-46C4-92C1-5E9724FC107B}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{63D4A58B-300B-4F17-9D26-0B095BE63B0E}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{64B0E4BC-8990-40C2-9CB9-378ECA6CCB87}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{666FA948-74B2-4124-9C5C-C119F1EB92C5}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{66EC7531-07DF-48E3-904F-4B6C95A699AB}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{6846CAEB-B6D7-4D85-B679-DF17E48B9F98}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{6B100FF4-5884-4745-89F9-2C28E274A147}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{6C314D83-ECB5-40BE-BDA8-0341AA424B41}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{6D158A39-12BD-4E96-ADD4-D11097069F36}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{6D2B3617-8B80-42E9-9911-7CE6E3C5867D}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{6E1EFC50-0C5E-4C35-B67E-D526BDEE31C7}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{6F810947-11E2-4334-A624-671768462993}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{70E7E356-CD41-4FEC-85B7-F5AFAD2E784D}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{732726AC-E9F1-4A33-9ED4-6370580EB582}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{7333C4FE-F5B3-47A1-A94F-7A56B5729EFF}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{733AEECA-EC2E-4826-80A3-515E7236AC42}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{734C26F2-C6A9-4ECA-AFC0-BDE98E098377}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{7446B407-8815-4460-AD40-B821E1A28CC2}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{752455B4-640E-4205-AF9E-1BAA1A7718C5}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{75BAC8F4-1837-4FAD-ADE9-AA09145E0C1A}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{75E573D4-2D48-41DE-9312-3E5302D55437}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{76046875-01D5-479C-8D4D-9164CAA2D2B8}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{778CC3BF-11FF-48CA-92BF-C2B9B4E1740C}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{780ECD5C-6A49-46AC-836A-6BA10C5236B0}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{7B14055A-40FF-47FD-8824-4D0B45E52E62}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{7BB2F916-12C7-4F1B-B9C1-D6C231F288BD}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{7C4B1F1E-E34F-4638-BAA7-3BA11BD11183}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{7CF74BFD-9106-4762-8504-B84B3EC3F0F8}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{7DE015B6-445F-468E-9BCE-AD7019147210}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{8266152C-7966-43B2-9F4F-3AE97E3C96AD}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{82A5C04E-DF7B-42E5-B865-4A5AD8199852}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{83778E25-F8B2-4AE4-905C-357867081067}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{83C09AC5-C50D-4754-AE72-FFDEC04BC5C0}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{85797D39-A444-40FD-8B64-2BA70AB665D0}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{861AE93C-6F3A-4394-BDAA-A7B76D82476A}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{88372252-8405-4644-BD29-68190DD29CF5}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{89208489-162D-422E-AB03-6CE3F5165FA8}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{89B0F39B-BFF5-45D1-AD8F-4E7D9BFDDFFB}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{8B245226-9285-4351-9B48-7EC599CF4ED3}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{8B53E4A5-6DD8-4D48-8618-B0F8E5C83D86}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{8CE9B2FD-6D19-410B-9969-497E9F2C28CB}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{8E0216E7-C330-46C4-9D2C-7F967D24CE86}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{8E0424D8-3AD5-4EF2-B87A-EE2999E05F5E}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{8EFD709A-11AF-407E-85C7-A71DB1A4B7C9}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{9641221D-ECCE-4744-A618-65BE7F2CA2D8}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{96667F31-FAA0-4EB0-854F-6AC9EB54D70F}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{96BA89F7-FD20-4651-90BF-9140E7D49EAE}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{975C589F-93D1-427F-B450-A8C1E310D2D4}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{976ED9B3-E0A3-4FF1-970B-E8A0D88BE701}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{977D88A5-8AFE-4464-AAA4-C16A53EAE623}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{9879F688-7506-4320-A96B-F87DA5335F4B}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{98C07A55-B005-4305-966B-002A1DDEC258}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{9A3A92BF-8873-4613-B617-3F2CB483A1EF}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{9A4B16A9-C163-44F2-AD58-B4D15376A4B9}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{9A728F9F-7CC6-4F9D-9878-639B6BCAD073}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{9AE646FD-C784-4F30-9EFB-B2649FD541D2}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{9D0CFF0F-1ABA-4991-80C8-469A34766653}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{9D25B978-4BEC-4385-A41B-6A14DE06ADB0}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{9DE4C3A4-0DEE-4D5A-964E-77BDC4FF8CC3}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{9F018A3D-317A-49C7-AAC7-EB8D974D9788}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{9FC2BA6A-6DF2-45A1-9E17-18E91BE77FB4}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{A22DC788-9C3B-456E-9384-9758787E8C25}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{A83C1F45-B2ED-4C1C-8240-0A045BE8324B}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{A9040BBF-73A1-43D7-B920-D64E3E217A0B}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{A98462CB-83C8-4B6B-8A1A-6A75F5068CE1}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{A990B612-5D44-4847-8EA8-15449ACDC02C}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{A9A12ED3-E37B-43AA-87FA-30FF4124FC79}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{AA85A00E-EF70-4054-A549-4F95780EA6D3}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{ABAFC2D9-1FCA-422A-AA8F-559D58B97F33}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{AC8E7F4B-5082-4DD8-9B08-21BC8E17A7FC}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{AE7EDA5C-FAF9-4972-A26A-B2C2F99FD171}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{AFABD0EC-10CD-4642-8790-020C52597683}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{AFD56246-37EF-45A3-99C5-6ED0467CC80D}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{B0D19BBA-0CA7-45BD-B4EF-029FD691B039}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{B23A3A39-6F5B-4DF3-9FB7-FE5546313A89}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{B62F92A4-5318-4BC5-8554-92257838E75F}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{B65183B1-4193-4A2E-9B01-10E012BD8864}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{B6A3B6D5-C432-4930-A542-8BAAC1D66C9D}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{B7AEF698-05E7-47CE-8016-8AD02F5F00B7}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{B894772D-0169-43B7-B928-7A462105AF61}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{BB687A3A-C4CF-4B8F-A91D-5C0235EB3263}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{BB750CD0-500A-425A-AB6A-211C492F680F}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{BFB86817-CEEC-4D6A-BBA0-93F9E3974A9D}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{C09D0D67-4C80-40EE-B16B-D52655A8D5D3}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{C1E0EAEC-F523-4012-83F8-D38E84928206}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{C380DC0F-3B44-43A9-8280-E0E37B6D246E}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{C3B2CA18-C4F1-4262-AFCC-803179B6A61E}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{C609B738-099C-4D0A-9E3D-1A969E7468B9}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{C6C1D823-EB89-40AB-9782-E0E919A4119E}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{CA3E121D-C6BD-43DD-9754-397BF1A0088F}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{CAD767B5-6714-4548-88FB-6185DC9B8DAC}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{CB3E58A8-B843-4954-95AD-47A16F20E781}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{CD809C1C-9EF8-4009-8989-8DC6F35B023A}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{CD926F88-6547-4237-B3EB-AD2751454475}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{CE96D374-8E31-46F3-9785-B661AA309CBE}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{CFB1E128-2EB6-420F-94B9-F09D350F6B65}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{CFE47597-579B-4E6D-ACDB-98FB8F403106}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{CFF28D42-E6C3-4539-B5B3-04014BE8A1D8}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{D0BE3636-11F1-4BBE-AEBB-B06FE2A9B7FA}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{D13AE909-DEE1-4AC4-B929-BDFAA80971DF}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{D2E0CBEF-0681-4C43-8E25-DB82056350EC}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{D3889054-7B6A-4558-914A-CA17D80D2FEE}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{D3C22172-8051-4D9E-9C8E-8230CE5BB903}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{D48379DA-A53B-499D-A1C8-49C6F956FA6F}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{D5A68FC8-BC75-4FB9-A35F-4E12B858A34A}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{D68D74A3-EBD8-4549-A4B5-17E79CB9EC1D}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{D7A18663-F1F6-40F0-B20B-4A56FAFB23AE}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{D7ED2241-7476-4C3E-A1EA-2865905A1EFE}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{D9062E48-D224-4A49-A545-A52F3C0A4DE7}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{D9E156B1-7C67-4DDD-9D4D-8F0B9CD19697}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{D9F57041-5D8E-4021-B2E1-8E232CD24509}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{DB469B05-0D9A-4AA9-BE98-14FBFAC2664D}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{DC3DFDB7-913C-4B52-B2D4-BFAADE20B529}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{E04A8462-3A43-4F25-B420-958BF2DFC872}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{E6295D70-0F1B-4727-8E08-0670C8C98287}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{E6BAAC33-1C1A-484D-84D8-9440B1DDF2B6}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{E74EE74D-96C6-4494-A92B-C5330CA41F2D}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{E7811787-7716-41BA-AC2B-ED9FD3D4530F}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{E78ADB31-3AF8-4D67-AF7B-907BE7B57DC9}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{E8713977-E259-481F-AFAE-ABE729E30B5B}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{E8AE3405-B276-4272-9735-E158F1682FC8}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{EB36ACC6-C1CA-4376-A8CE-3785A35BEC27}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{EBE482FE-14BE-48EE-9620-B84B8A9E87D4}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{EE778AB7-4C12-41BA-8470-6DFA714F822F}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{EFBA1038-7581-4F63-8CA0-1BC300B4BD43}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{F00B72EA-8CB0-4D3D-903C-E4DFBC8814F9}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{F0BED33D-D33C-49BB-B0D4-74D7DEF30FA4}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{F0F41265-7B8C-46FB-A77C-D98256B5B7B9}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{F43B2BBF-796C-4510-BB50-4C36B519AD36}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{F50F1267-43B5-4304-A40D-B183D96D9956}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{F54D6CEA-2183-4328-91FF-4265C56F1221}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{FAF3082F-942B-4E6B-94F6-2679E8B4B9D5}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{FC2E8940-EFF8-4533-AEBE-81A90347391A}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{FDEDD6D8-5D87-4AA4-ABA7-64FA9E7C2FFA}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{FE483214-BCE9-4FB9-89B3-974FEE152581}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{FE794C63-54E2-4620-B908-7879FED3FC4A}
Successfully deleted: [Empty Folder] C:\Users\Dawn\appdata\local\{FF9F03AF-3677-4C4B-8196-106856A896C4}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 03/09/2014 at 10:38:10.01
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


OTL logfile created on: 3/9/2014 10:46:56 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dawn\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16798)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.90 Gb Available Physical Memory | 66.31% Memory free
5.73 Gb Paging File | 4.62 Gb Available in Paging File | 80.58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.55 Gb Total Space | 156.12 Gb Free Space | 69.83% Space Free | Partition Type: NTFS
Drive E: | 7.43 Gb Total Space | 7.43 Gb Free Space | 100.00% Space Free | Partition Type: FAT32

Computer Name: DAWN-PC | User Name: Dawn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/03/07 10:56:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dawn\Desktop\OTL.exe
PRC - [2013/12/18 13:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/12/06 09:56:38 | 000,223,112 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exe
PRC - [2013/11/13 10:37:44 | 000,166,072 | ---- | M] (Local Weather LLC) -- C:\Users\Dawn\AppData\Local\WeatherAlerts\WeatherAlerts.exe
PRC - [2013/10/07 14:50:28 | 000,120,096 | ---- | M] (Sendori, Inc.) -- C:\Program Files\Sendori\SendoriSvc.exe
PRC - [2013/10/07 14:50:28 | 000,083,232 | ---- | M] (Sendori, Inc.) -- C:\Program Files\Sendori\SendoriTray.exe
PRC - [2013/10/07 14:50:24 | 000,022,304 | ---- | M] (sendori) -- C:\Program Files\Sendori\Sendori.Service.exe
PRC - [2013/08/01 19:52:57 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/11/22 21:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011/04/27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/07 02:16:55 | 005,249,024 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
PRC - [2011/01/07 02:16:55 | 000,040,960 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
PRC - [2011/01/07 02:16:53 | 004,539,392 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
PRC - [2010/10/01 10:48:18 | 000,727,664 | ---- | M] () -- C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe
PRC - [2010/08/19 19:06:56 | 000,487,562 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2010/04/07 07:35:04 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2010/04/07 07:35:04 | 000,229,458 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\stacsv.exe
PRC - [2010/01/15 11:26:52 | 003,873,648 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2009/11/04 16:45:46 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/11/04 16:45:44 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/10/20 10:11:58 | 002,364,704 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2009/10/20 10:11:58 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009/10/20 10:11:58 | 000,595,232 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009/03/03 05:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\AEstSrv.exe


========== Modules (No Company Name) ==========

MOD - [2014/02/13 04:41:14 | 011,922,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\4b1795df6372b251625f958595e08d3d\System.Web.ni.dll
MOD - [2014/02/13 04:40:46 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\59312674865dc2a19c27f9f460b1673b\System.Runtime.Remoting.ni.dll
MOD - [2014/02/13 04:39:03 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/02/13 04:38:35 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/02/13 04:37:24 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014/02/13 04:37:10 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\f96e07044730442ee1f3dd90db984e6a\System.Configuration.ni.dll
MOD - [2014/02/13 04:37:07 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/02/13 04:36:48 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2010/10/01 10:48:18 | 000,727,664 | ---- | M] () -- C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe
MOD - [2009/10/20 10:12:10 | 000,132,384 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll


========== Services (SafeList) ==========

SRV - [2014/03/06 20:18:25 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/18 13:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/10/07 14:50:28 | 000,120,096 | ---- | M] (Sendori, Inc.) [Auto | Running] -- C:\Program Files\Sendori\SendoriSvc.exe -- (Application Sendori)
SRV - [2013/10/07 14:50:24 | 003,623,200 | ---- | M] (Sendori) [Auto | Stopped] -- C:\Program Files\Sendori\sndappv2.exe -- (sndappv2)
SRV - [2013/10/07 14:50:24 | 000,022,304 | ---- | M] (sendori) [Auto | Running] -- C:\Program Files\Sendori\Sendori.Service.exe -- (Service Sendori)
SRV - [2013/05/26 23:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/04/27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/01/27 04:00:24 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/01/07 02:16:55 | 000,040,960 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2010/04/07 07:35:04 | 000,229,458 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\stacsv.exe -- (STacSV)
SRV - [2009/11/04 16:45:46 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/11/04 16:45:44 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/10/20 10:11:58 | 000,595,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/03/03 05:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\AEstSrv.exe -- (AESTFilters)


========== Driver Services (SafeList) ==========

DRV - [2011/04/27 14:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 12:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2011/01/07 02:16:53 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2010/11/20 07:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 07:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 07:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 04:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 04:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/09/29 11:38:00 | 000,043,888 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelern.sys -- (Acceler)
DRV - [2010/08/30 22:15:56 | 000,247,808 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2010/08/20 12:04:38 | 000,017,648 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\stdcfltn.sys -- (stdcfltn)
DRV - [2010/08/12 11:50:20 | 000,146,528 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2010/07/30 18:35:30 | 000,021,744 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Running] -- c:\Program Files\Dell Support Center\pcdsrvc.pkms -- (PCDSRVC{E9D79540-57D5953E-06020101}_0)
DRV - [2010/07/01 18:52:18 | 000,044,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2010/04/07 07:35:04 | 000,423,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2010/02/27 10:31:24 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2009/09/17 15:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2009/08/10 14:06:08 | 000,171,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/13 18:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/05/28 11:48:20 | 000,134,144 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CtAudDrv.sys -- (CtAudDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: ""
FF - prefs.js..browser.startup.homepage: "http://start.msn.ipl...lay.com/?o=shp"
FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.4.8.20120412011105
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledAddons:
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_154.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Dawn\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2014/02/11 22:11:07 | 000,000,000 | ---D | M]

[2011/04/21 18:44:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dawn\AppData\Roaming\Mozilla\Extensions
[2014/03/08 17:07:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions
[2012/09/30 14:19:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/25 01:47:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/11/05 14:42:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - default_search_provider: Web (Enabled)
CHR - default_search_provider: search_url = http://feed.helperba...q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - Extension: IcouCOnnverTErr = C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdmnamhfocgihbcmmdailjknfehamddf\2.2_0\
CHR - Extension: Google Wallet = C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\

O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [FreeFallProtection] C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4 - HKLM..\Run: [Logitech Download Assistant] C:\Windows\System32\LogiLDA.dll (Logitech, Inc.)
O4 - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [Sendori Tray] C:\Program Files\Sendori\SendoriTray.exe (Sendori, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_58B6F8ECAF76F56F8565A106D625FE62] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - Startup: C:\Users\Dawn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Weather Alerts.lnk = C:\Users\Dawn\AppData\Local\WeatherAlerts\WeatherAlerts.exe (Local Weather LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\Sendori.dll (Sendori)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\Sendori.dll (Sendori)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\Sendori.dll (Sendori)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\Sendori.dll (Sendori)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\Sendori.dll (Sendori)
O13 - gopher Prefix: missing
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.2.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF8C5FCB-0DA7-4981-B335-7C705BBC33A9}: DhcpNameServer = 192.168.0.1 205.171.2.65
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E6040A3D-4211-49D4-A601-18EDF38ECC76}: DhcpNameServer = 192.168.0.1 205.171.2.25
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/03/09 10:31:39 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/03/09 10:28:18 | 001,037,734 | ---- | C] (Thisisu) -- C:\Users\Dawn\Desktop\JRT.exe
[2014/03/08 19:00:05 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/03/08 17:05:38 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/03/07 16:11:32 | 000,000,000 | ---D | C] -- C:\Users\Dawn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RMPrepUSB
[2014/03/07 16:11:29 | 000,000,000 | ---D | C] -- C:\Program Files\RMPrepUSB
[2014/03/07 14:14:59 | 000,000,000 | ---D | C] -- C:\Users\Dawn\Documents\Bluetooth Exchange Folder
[2014/03/07 10:56:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dawn\Desktop\OTL.exe
[2014/03/07 04:13:08 | 000,000,000 | ---D | C] -- C:\CCE_Quarantine
[2014/03/06 20:18:09 | 017,917,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2014/03/05 20:12:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/03/05 20:08:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2014/03/05 20:08:32 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2014/03/05 20:07:42 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2014/03/05 20:07:42 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2014/03/05 20:07:42 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2014/03/05 20:07:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/03/05 12:24:40 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2014/03/05 12:23:57 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2014/03/05 12:23:57 | 001,987,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2014/03/05 11:17:35 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/03/05 11:07:42 | 000,000,000 | ---D | C] -- C:\Downloads
[2014/03/05 10:33:35 | 000,745,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2014/03/05 10:33:35 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2014/03/05 10:33:34 | 002,877,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014/03/05 10:33:34 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/03/05 10:33:34 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014/03/05 10:33:34 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2014/03/05 10:33:34 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2014/03/05 10:33:34 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2014/03/05 10:33:34 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014/03/05 10:33:34 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014/03/05 10:33:34 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2014/03/05 10:33:34 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2014/03/05 10:33:34 | 000,242,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2014/03/05 10:33:34 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2014/03/05 10:33:34 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2014/03/05 10:33:34 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2014/03/05 10:33:34 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2014/03/05 10:33:34 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2014/03/05 10:33:34 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2014/03/05 10:33:34 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014/03/05 10:33:34 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2014/03/05 10:33:34 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2014/03/05 10:33:34 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2014/03/05 10:33:34 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2014/03/05 10:33:34 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2014/03/05 10:33:34 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2014/03/05 10:33:34 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2014/03/05 10:33:34 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2014/03/05 10:33:34 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2014/03/05 10:33:34 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2014/03/05 10:33:34 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2014/03/05 10:33:34 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/03/05 10:33:34 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2014/03/05 10:33:34 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2014/03/05 10:33:34 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2014/03/05 10:33:34 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2014/03/05 10:31:30 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll
[2014/03/05 10:31:30 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2014/03/05 10:31:30 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2014/03/05 10:31:30 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2014/03/05 10:31:30 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2014/03/05 10:31:30 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2014/03/05 10:31:30 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2014/03/05 10:31:30 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2014/03/05 10:31:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
[2014/03/05 10:31:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2014/03/05 10:31:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
[2014/03/05 10:31:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2014/03/05 10:31:30 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2014/03/05 10:31:29 | 001,080,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2014/03/05 10:31:29 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2014/03/05 10:31:29 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2014/03/05 10:31:29 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2014/03/05 10:31:29 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2014/03/05 10:31:29 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2014/03/05 10:31:29 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2014/03/05 10:31:29 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2014/02/26 03:17:35 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014/02/12 19:00:05 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2014/02/12 18:59:42 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2014/02/12 18:59:42 | 000,572,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2014/02/12 18:59:41 | 000,510,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2014/02/12 18:59:41 | 000,508,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2014/02/12 18:59:41 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2014/02/12 18:59:41 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2014/02/12 18:59:40 | 000,390,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2014/02/12 18:59:40 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2014/02/12 18:59:40 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2014/02/11 22:11:04 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2014/02/11 22:10:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Visan
[2014/02/11 22:10:57 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Photo Creations
[2014/02/11 22:10:57 | 000,000,000 | ---D | C] -- C:\Program Files\HP Photo Creations
[2014/02/11 22:10:03 | 000,000,000 | ---D | C] -- C:\Users\Dawn\AppData\Roaming\HpUpdate
[2014/02/11 22:09:40 | 000,563,048 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\HPDiscoPMAD11.dll
[2014/02/11 22:09:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2014/02/11 22:08:10 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2014/02/11 22:05:34 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2014/02/11 22:04:48 | 000,000,000 | ---D | C] -- C:\Users\Dawn\AppData\Local\HP
[2014/02/11 17:44:53 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2014/02/11 17:39:42 | 000,000,000 | ---D | C] -- C:\Users\Dawn\AppData\Local\Local_Weather_LLC
[2014/02/11 17:39:31 | 000,000,000 | ---D | C] -- C:\Users\Dawn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts
[2014/02/11 17:38:53 | 000,000,000 | ---D | C] -- C:\Users\Dawn\AppData\Local\WeatherAlerts
[1 C:\Users\Dawn\AppData\Local\*.tmp files -> C:\Users\Dawn\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/03/09 10:52:32 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2014/03/09 10:28:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/09 10:26:59 | 001,037,734 | ---- | M] (Thisisu) -- C:\Users\Dawn\Desktop\JRT.exe
[2014/03/09 10:16:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/03/09 10:14:13 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/09 10:14:13 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/09 10:13:03 | 000,664,750 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/03/09 10:13:03 | 000,123,486 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/03/09 10:07:11 | 000,000,374 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2014/03/09 10:06:39 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2014/03/09 10:04:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/09 10:03:54 | 2307,928,064 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/09 09:24:08 | 000,001,936 | ---- | M] () -- C:\Users\Dawn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3510 series.lnk
[2014/03/09 01:57:04 | 001,244,192 | ---- | M] () -- C:\Users\Dawn\Desktop\AdwCleaner.exe
[2014/03/07 16:11:33 | 000,000,999 | ---- | M] () -- C:\Users\Dawn\Desktop\RMPrepUSB.lnk
[2014/03/07 10:56:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dawn\Desktop\OTL.exe
[2014/03/06 20:18:17 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/03/06 20:18:17 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/03/06 20:18:10 | 017,917,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2014/03/05 20:07:07 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2014/03/05 20:07:06 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2014/03/05 20:07:06 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2014/03/05 20:07:06 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2014/03/05 13:34:24 | 000,001,419 | ---- | M] () -- C:\Users\Dawn\Desktop\Internet Explorer.lnk
[2014/03/05 10:45:30 | 000,001,413 | ---- | M] () -- C:\Users\Dawn\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/03/05 10:33:35 | 000,745,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2014/03/05 10:33:35 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2014/03/05 10:33:34 | 002,877,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014/03/05 10:33:34 | 002,706,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/03/05 10:33:34 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014/03/05 10:33:34 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2014/03/05 10:33:34 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2014/03/05 10:33:34 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2014/03/05 10:33:34 | 000,493,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014/03/05 10:33:34 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014/03/05 10:33:34 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2014/03/05 10:33:34 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2014/03/05 10:33:34 | 000,242,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2014/03/05 10:33:34 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2014/03/05 10:33:34 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2014/03/05 10:33:34 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2014/03/05 10:33:34 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2014/03/05 10:33:34 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2014/03/05 10:33:34 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2014/03/05 10:33:34 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014/03/05 10:33:34 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2014/03/05 10:33:34 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2014/03/05 10:33:34 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2014/03/05 10:33:34 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2014/03/05 10:33:34 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2014/03/05 10:33:34 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2014/03/05 10:33:34 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2014/03/05 10:33:34 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2014/03/05 10:33:34 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2014/03/05 10:33:34 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2014/03/05 10:33:34 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2014/03/05 10:33:34 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/03/05 10:33:34 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2014/03/05 10:33:34 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2014/03/05 10:33:34 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2014/03/05 10:33:34 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2014/03/05 10:33:34 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2014/03/05 10:31:30 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll
[2014/03/05 10:31:30 | 001,247,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2014/03/05 10:31:30 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2014/03/05 10:31:30 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2014/03/05 10:31:30 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2014/03/05 10:31:30 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2014/03/05 10:31:30 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2014/03/05 10:31:30 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2014/03/05 10:31:30 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
[2014/03/05 10:31:30 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2014/03/05 10:31:30 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
[2014/03/05 10:31:30 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2014/03/05 10:31:30 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2014/03/05 10:31:29 | 001,080,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2014/03/05 10:31:29 | 000,604,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2014/03/05 10:31:29 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2014/03/05 10:31:29 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2014/03/05 10:31:29 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2014/03/05 10:31:29 | 000,207,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2014/03/05 10:31:29 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2014/03/05 10:31:29 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2014/02/13 08:00:00 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2014/02/11 22:10:58 | 000,001,955 | ---- | M] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk
[2014/02/11 22:09:39 | 000,002,214 | ---- | M] () -- C:\Users\Public\Desktop\HP Deskjet 3510 series.lnk
[2014/02/11 22:09:39 | 000,001,161 | ---- | M] () -- C:\Users\Public\Desktop\Shop for Supplies - HP Deskjet 3510 series.lnk
[2014/02/11 22:05:20 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[2014/02/11 17:39:32 | 000,001,148 | ---- | M] () -- C:\Users\Dawn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Weather Alerts.lnk
[1 C:\Users\Dawn\AppData\Local\*.tmp files -> C:\Users\Dawn\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/03/08 18:58:30 | 001,244,192 | ---- | C] () -- C:\Users\Dawn\Desktop\AdwCleaner.exe
[2014/03/08 17:08:21 | 000,065,536 | ---- | C] () -- C:\Windows\System32\Ikeext.etl
[2014/03/07 16:11:33 | 000,000,999 | ---- | C] () -- C:\Users\Dawn\Desktop\RMPrepUSB.lnk
[2014/03/05 13:34:24 | 000,001,419 | ---- | C] () -- C:\Users\Dawn\Desktop\Internet Explorer.lnk
[2014/03/05 10:45:30 | 000,001,419 | ---- | C] () -- C:\Users\Dawn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2014/03/05 10:45:30 | 000,001,413 | ---- | C] () -- C:\Users\Dawn\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/03/05 10:33:34 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2014/02/11 22:16:28 | 000,001,936 | ---- | C] () -- C:\Users\Dawn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3510 series.lnk
[2014/02/11 22:10:58 | 000,001,955 | ---- | C] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk
[2014/02/11 22:09:39 | 000,002,214 | ---- | C] () -- C:\Users\Public\Desktop\HP Deskjet 3510 series.lnk
[2014/02/11 22:09:39 | 000,001,161 | ---- | C] () -- C:\Users\Public\Desktop\Shop for Supplies - HP Deskjet 3510 series.lnk
[2014/02/11 22:05:20 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2014/02/11 17:39:32 | 000,001,148 | ---- | C] () -- C:\Users\Dawn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Weather Alerts.lnk
[2014/01/31 08:40:37 | 000,002,446 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/12/24 23:50:47 | 000,000,632 | RHS- | C] () -- C:\Users\Dawn\ntuser.pol
[2013/12/18 22:28:58 | 000,188,200 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/06/06 18:12:15 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/03/08 10:22:54 | 000,000,107 | ---- | C] () -- C:\Users\Dawn\webct_upload_applet.properties
[2011/01/20 00:31:31 | 000,065,024 | ---- | C] () -- C:\Users\Dawn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:DF9323A5

< End of report >
  • 0

#10
godawgs
Posted 09 March 2014 - 04:37 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello,

The OTL log looks good. We're gonna need to manually reset the Chrome search engine. Then we will scan for any residual malware files and check for out of date programs and system services.


Step-1.

Reset/Delete a Search engine in Chrome

Open the Chrome browser

  • Click the tools menu icon Posted Image on the browser toolbar.
  • Select Settings and find the "Search" section.
  • Click Manage search engines.
    • Remove a search engine: Select the Web (Enabled) and feed.helperbar (or any other entry you don't recognize) search engine and click the x or trash can that appears at the end of the row.
  • Close the browser
Set your default search engine

  • Click the Chrome menu Posted Image on the browser toolbar.
  • Select Settings and find the Search section.
  • Select the search engine you want to use from the menu (like Google). If the search engine you want to use doesn't appear in the menu, click Manage search engines.
  • In the Search Engines dialog that appears, select the search engine that you'd like to use from the list, like Google.
  • Click the Make default button that appears at the end of the row or just mouse over the item and click Make Default.

Step-2

Posted ImageMalwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Once downloaded, close all programs and browsers on your computer and disable any screen saver you might have running.

Double Click the mbam-setup.exe file to install the application. (Windows Vista/7 users will need to right click on the file and click Run As Administrator, then click the Continue button on the UAC window.)
  • When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings.
  • When the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    Posted Image
    • MBAM will now automatically start and you will see a message stating that you should update the program before performing a scan.
    • As MBAM will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main program as shown below.
    NOTE: When the program loads, Decline the Malwarebytes' Anti-Malware Trial (You can activate this when we've finished, if you so wish)

    Posted Image
  • On the Scanner tab, make sure the the Perform full scan option is selected and then click on the Scan button to start scanning your computer.
    MBAM will now start scanning your computer for malware. This process can take quite a while, so I suggest you go and do something else and periodically check on the status of the scan. When MBAM is scanning it will look like the image below.

    Posted Image
  • When the scan is finished a message box will appear as shown in the image below.

    Posted Image

    You should click on the OK button to close the message box and continue with the removal process.
  • You will now be back at the main Scanner screen. At this point you should click on the Show Results button.
  • A screen displaying all the malware that the program found will be shown as seen in the image below. Please note that the infections found may be different than what is shown in the image.

    Posted Image
  • Make sure that everything is checked EXCEPT items in System Restore (see the image below), and click Remove Selected<---Very Important.

    Posted Image
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
I would suggest that you keep this antimalware program. Run a Quick Scan frequently and a Full Scan every week or so. Update the definition files before running a scan. Click the Update tab and update from there.


Step-3.

Run ESET Online Scanner:

Note: Optimized for Internet Explorer but you can use Chrome or Mozilla FireFox for this scan.

Important! You will need to disable your currently installed Anti-Virus program, how to do so can be read here.

Vista / 7 users: You will need to to right-click on either the Internet Explorer or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here then click on:

    Posted Image

    Note: If using Mozilla Firefox a window will open telling you that you will need to download the ESET Smart Installer. Click on esetsmartinstaller_enu.exe to download the Smart Installer. Save it to the desktop.
    When prompted double click on the Posted Image icon on the desktop. After successful installation of ESET Smart Installer ESET Online Scanner is launched in a new window.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • A new window will open:

    Posted Image
  • Select the option YES, I accept the Terms of Use then click on:

    Posted Image
  • When prompted allow the Add-On/Active X to install. The following window will open:

    Posted Image

    • Uncheck the box beside Remove Found Threats
    • Check the box Scan archives.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Wait for the scan to finish. Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
When The Scan is Complete:

A.
If No Threats Were Found:
  • Put a checkmark in Uninstall application on close
  • Close the program
  • Report to me that nothing was found
B.
If Threats Were Found:
  • Click on list of threats found
  • Click on export to text file and save it to the desktop as ESET SCAN.txt
  • Click on Back
  • Put a checkmark in Uninstall application on close Be sure you have saved the file first
  • Click on Finish
  • Close the program
Don't forget to enable your Antivirus program and screen saver.


Step-4.

Run Farbar Service Scanner

Please download Farbar Service Scanner to the desktop.
  • Right click the FSS.exe file, click Run as Administrator and OK any UAC prompts.

    Posted Image
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Step-5.

Run Security Check

Download Security Check from here or here and save it to the Desktop.
  • Right click the SecurityCheck icon Posted Image and click Run as Administrator to run the application. Allow any UAC warnings.
  • Follow the onscreen instructions inside of the black box.

    Posted Image
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.


Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. How is the computer behaving now?
2. The MalwareBytes log
3. The ESET scan log (IF it found anything). If it didn't find anything just let me know.
4. The FSS.txt log
5. The checkup.txt log
  • 0

Advertisements

#11
wisdom89
Posted 10 March 2014 - 02:33 AM

wisdom89

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
its running better but i still getting some pop up

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.09.09

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16798
Dawn :: DAWN-PC [administrator]

3/9/2014 6:21:59 PM
mbam-log-2014-03-09 (18-21-59).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 671289
Time elapsed: 3 hour(s), 21 minute(s), 40 second(s)

Memory Processes Detected: 1
C:\Users\Dawn\AppData\Local\WeatherAlerts\WeatherAlerts.exe (PUP.Optional.WeatherAlerts) -> 2192 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DesktopWeatherAlerts (PUP.Optional.WeatherAlerts.A) -> Quarantined and deleted successfully.
HKCU\Software\AppDataLow\Software\MediaPlayerEnhance (PUP.Optional.MediaPlayerEnhance.A) -> Quarantined and deleted successfully.
HKLM\Software\MediaPlayerEnhance (PUP.Optional.MediaPlayerEnhance.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 14
C:\Users\Dawn\AppData\Local\Local_Weather_LLC (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Dawn\AppData\Local\Local_Weather_LLC\WeatherAlerts.exe_Url_5tj1nkyhxqseqpxndbvbnbxxmj2ezpea (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Dawn\AppData\Local\Local_Weather_LLC\WeatherAlerts.exe_Url_5tj1nkyhxqseqpxndbvbnbxxmj2ezpea\1.4.0.0 (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Dawn\AppData\Local\WeatherAlerts (PUP.Optional.WeatherAlerts) -> Delete on reboot.
C:\Users\Dawn\AppData\Local\WeatherAlerts\0213204058 (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Dawn\AppData\Local\WeatherAlerts\0214124850 (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Dawn\AppData\Local\WeatherAlerts\0214134302 (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Dawn\AppData\Local\WeatherAlerts\0217205454 (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Dawn\AppData\Local\WeatherAlerts\0217214852 (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Dawn\AppData\Local\WeatherAlerts\0224052549 (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Dawn\AppData\Local\WeatherAlerts\0301001229 (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Dawn\AppData\Local\WeatherAlerts\0303185441 (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Dawn\AppData\Local\WeatherAlerts\0306202106 (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Dawn\AppData\Local\WeatherAlerts\0307025013 (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.

Files Detected: 59
C:\temp\t.msi (PUP.Optional.Adpeak) -> Quarantined and deleted successfully.
C:\Users\Dawn\.frostwire5\updates\frostwire-5.3.8.windows.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Dawn\AppData\Local\WeatherAlerts\DesktopWeatherAlertsuninstall.exe (PUP.Optional.WeatherAlerts.A) -> Quarantined and deleted successfully.
C:\Users\Dawn\Downloads\mediaplayer.exe (PUP.Optional.SafeInstall.A) -> Quarantined and deleted successfully.
C:\Users\Dawn\Downloads\setup (1).exe (PUP.Optional.AirInstaller) -> Quarantined and deleted successfully.
C:\Users\Dawn\Downloads\setup (2).exe (PUP.Optional.AirInstaller) -> Quarantined and deleted successfully.
C:\Users\Dawn\Downloads\Setup (3).exe (PUP.MSIL.Launcher) -> Quarantined and deleted successfully.
C:\Users\Dawn\Downloads\setup.exe (PUP.Optional.AirInstaller) -> Quarantined and deleted successfully.
C:\Users\Dawn\Downloads\setup.exe (1).exe (PUP.Optional.AirAdInstaller) -> Quarantined and deleted successfully.
C:\Users\Dawn\Downloads\setup.exe.exe (PUP.Optional.AirAdInstaller) -> Quarantined and deleted successfully.
C:\Users\Dawn\Downloads\frostwire-5.2.11.windows.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Dawn\Downloads\java.exe (PUP.Optional.OutBrowse) -> Quarantined and deleted successfully.
C:\Users\Rodney\Downloads\ArcadeFrontierGames (1).exe (PUP.Optional.ArcadeFrontier.A) -> Quarantined and deleted successfully.
C:\Users\Rodney\Downloads\ArcadeFrontierGames (2).exe (PUP.Optional.ArcadeFrontier.A) -> Quarantined and deleted successfully.
C:\Users\Rodney\Downloads\ArcadeFrontierGames (3).exe (PUP.Optional.ArcadeFrontier.A) -> Quarantined and deleted successfully.
C:\Users\Rodney\Downloads\ArcadeFrontierGames (4).exe (PUP.Optional.ArcadeFrontier.A) -> Quarantined and deleted successfully.
C:\Users\Rodney\Downloads\ArcadeFrontierGames.exe (PUP.Optional.ArcadeFrontier.A) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\03082014_160538\C_Program Files\MediaPlayerEnhance\utils.exe (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\03082014_160538\C_Users\Dawn\AppData\Local\Conduit\CT3247201\InternetHelper1.5AutoUpdateHelper.exe (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files\Conduit\Community Alerts\Alert.dll.vir (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\Dawn\AppData\LocalLow\InternetHelper1.5\hk64tbInt0.dll.vir (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\Dawn\AppData\LocalLow\InternetHelper1.5\hktbInt0.dll.vir (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\Dawn\AppData\LocalLow\InternetHelper1.5\ldrtbInt0.dll.vir (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\CCE_Quarantine\{52FD1C5E-25B3-411E-9F9A-770AC62F2301} (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\CCE_Quarantine\{0F4A1DB5-B4A9-4DCA-9339-A072ADC09439} (PUP.Optional.OutBrowse) -> Quarantined and deleted successfully.
C:\CCE_Quarantine\{5D332D6F-D650-4CD6-AB5B-78D8B38A7A99} (PUP.Optional.Adpeak) -> Quarantined and deleted successfully.
C:\CCE_Quarantine\{FCE83A77-57B1-45E2-AA7D-4F1D5C1808C7} (PUP.Optional.Softonic.A) -> Quarantined and deleted successfully.
C:\Users\Dawn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Weather Alerts.lnk (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Dawn\AppData\Local\Local_Weather_LLC\WeatherAlerts.exe_Url_5tj1nkyhxqseqpxndbvbnbxxmj2ezpea\1.4.0.0\user.config (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Dawn\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp0.dat (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Dawn\AppData\Local\WeatherAlerts\DesktopWeatherAlertsBrowser.exe (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Dawn\AppData\Local\WeatherAlerts\DesktopWeatherAlertsK.dat (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Dawn\AppData\Local\WeatherAlerts\DesktopWeatherAlertsU.dat (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Dawn\AppData\Local\WeatherAlerts\ICSharpCode.SharpZipLib.dll (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Dawn\AppData\Local\WeatherAlerts\mod.DesktopWeatherAlertsApp0.dat (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Dawn\AppData\Local\WeatherAlerts\uninstall.exe (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Dawn\AppData\Local\WeatherAlerts\WAUpdater.exe (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Dawn\AppData\Local\WeatherAlerts\WeatherAlerts.exe (PUP.Optional.WeatherAlerts) -> Delete on reboot.
C:\Users\Dawn\AppData\Local\WeatherAlerts\WeatherAlerts.exe.config (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Dawn\AppData\Local\WeatherAlerts\0213204058\3663.3663.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Dawn\AppData\Local\WeatherAlerts\0213204058\mergetree (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Dawn\AppData\Local\WeatherAlerts\0214124850\3664.3664.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Dawn\AppData\Local\WeatherAlerts\0214124850\mergetree (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Dawn\AppData\Local\WeatherAlerts\0214134302\3664.3664.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Dawn\AppData\Local\WeatherAlerts\0214134302\mergetree (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Dawn\AppData\Local\WeatherAlerts\0217205454\3667.3667.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Dawn\AppData\Local\WeatherAlerts\0217205454\mergetree (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Dawn\AppData\Local\WeatherAlerts\0217214852\3667.3667.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Dawn\AppData\Local\WeatherAlerts\0217214852\mergetree (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Dawn\AppData\Local\WeatherAlerts\0224052549\3674.3674.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Dawn\AppData\Local\WeatherAlerts\0224052549\mergetree (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Dawn\AppData\Local\WeatherAlerts\0301001229\3678.3678.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Dawn\AppData\Local\WeatherAlerts\0301001229\mergetree (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Dawn\AppData\Local\WeatherAlerts\0303185441\3682.3682.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Dawn\AppData\Local\WeatherAlerts\0303185441\mergetree (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Dawn\AppData\Local\WeatherAlerts\0306202106\3686.3686.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Dawn\AppData\Local\WeatherAlerts\0306202106\mergetree (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Dawn\AppData\Local\WeatherAlerts\0307025013\3687.3687.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Dawn\AppData\Local\WeatherAlerts\0307025013\mergetree (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.

(end)


C:\AdwCleaner\Quarantine\C\Users\Dawn\AppData\LocalLow\InternetHelper1.5\ldrtbInte.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Dawn\AppData\LocalLow\InternetHelper1.5\tbInt1.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Dawn\AppData\LocalLow\InternetHelper1.5\tbInte.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\CCE_Quarantine\{00CDC692-1DFE-4C20-BA8A-4A77FA8B236D} multiple threats
C:\CCE_Quarantine\{05D9C7BD-CB3A-4808-9E3E-FC9A476A6932} multiple threats
C:\CCE_Quarantine\{BC7082CE-6FCF-4B62-A20F-908BA23B2E05} a variant of Win32/AdWare.SpeedingUpMyPC.D application
C:\CCE_Quarantine\{CA878ACB-BCB3-4EB4-8AC2-780AC113B511} a variant of MSIL/Adware.StrongVault.A application
C:\Users\Dawn\.frostwire5\updates\frostwire-5.5.6.windows.exe Win32/OpenCandy potentially unsafe application
C:\Users\Dawn\Downloads\Shockwave_Installer_Slim (1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Dawn\Downloads\Shockwave_Installer_Slim (2).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Dawn\Downloads\Shockwave_Installer_Slim.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Mr Morgan\AppData\LocalLow\WeLoveFilms_-_US\ldrtbWeLo.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\Users\Mr Morgan\AppData\LocalLow\WeLoveFilms_-_US\tbWeLo.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\Windows\System32\Adobe\Shockwave 12\gt.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\_OTL\MovedFiles\03082014_160538\C_Program Files\InternetHelper1.5\prxtbInte.dll Win32/Toolbar.Conduit.O potentially unwanted application
C:\_OTL\MovedFiles\03082014_160538\C_Program Files\MediaPlayerEnhance\44150.crx JS/Toolbar.Crossrider.B potentially unwanted application
C:\_OTL\MovedFiles\03082014_160538\C_Program Files\MediaPlayerEnhance\44150.xpi JS/Toolbar.Crossrider.B potentially unwanted application
C:\_OTL\MovedFiles\03082014_160538\C_Program Files\Re-Markable-soft\Re-Markable155.exe a variant of Win32/AdWare.AD150.A application
C:\_OTL\MovedFiles\03082014_160538\C_Program Files\Re-Markable-soft\Re-Markable_wd.exe a variant of Win32/AdWare.AD150.A application
C:\_OTL\MovedFiles\03082014_160538\C_Users\Dawn\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll Win32/Toolbar.Conduit.Y potentially unwanted application
C:\_OTL\MovedFiles\03082014_160538\C_Users\Dawn\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.1.dll Win32/Toolbar.Conduit.Y potentially unwanted application
C:\_OTL\MovedFiles\03082014_160538\C_Users\Dawn\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.2.dll Win32/Toolbar.Conduit.Y potentially unwanted application
C:\_OTL\MovedFiles\03082014_160538\C_Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\102_dealply_m.js JS/Toolbar.Crossrider.B potentially unwanted application
C:\_OTL\MovedFiles\03082014_160538\C_Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\104_jollywallet_m.js JS/Toolbar.Crossrider.B potentially unwanted application
C:\_OTL\MovedFiles\03082014_160538\C_Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\123_intext_adv_m.js JS/Toolbar.Crossrider.B potentially unwanted application
C:\_OTL\MovedFiles\03082014_160538\C_Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\126_revizer_ws_m.js JS/Toolbar.Crossrider.B potentially unwanted application
C:\_OTL\MovedFiles\03082014_160538\C_Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\127_revizer_p_m.js JS/Toolbar.Crossrider.B potentially unwanted application
C:\_OTL\MovedFiles\03082014_160538\C_Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js JS/Toolbar.Crossrider.B potentially unwanted application
C:\_OTL\MovedFiles\03082014_160538\C_Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\91_monetizationLoader.js.js JS/Toolbar.Crossrider.B potentially unwanted application
C:\_OTL\MovedFiles\03082014_160538\C_Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\wditxiun.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\93_superfish_no_coupons_m.js JS/Toolbar.Crossrider.B potentially unwanted application
C:\_OTL\MovedFiles\03082014_160538\C_Users\Dawn\AppData\Roaming\OpenCandy\DC5CBF94AEA047A3BF168A83D9468030\OCBrowserHelper_1.0.3.85.dll a variant of Win32/OpenCandy.A potentially unsafe application
C:\_OTL\MovedFiles\03082014_160538\C_Users\Dawn\AppData\Roaming\OpenCandy\DC5CBF94AEA047A3BF168A83D9468030\SaveValet_p1v1.exe a variant of Win32/OpenCandy.A potentially unsafe application
C:\_OTL\MovedFiles\03092014_003533\C_Program Files\InternetHelper1.5\InternetHelper1.5ToolbarHelper.exe Win32/Toolbar.Conduit.Q potentially unwanted application
C:\_OTL\MovedFiles\03092014_003533\C_Program Files\InternetHelper1.5\ldrtbInte.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\_OTL\MovedFiles\03092014_003533\C_Program Files\InternetHelper1.5\tbInte.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application


Farbar Service Scanner Version: 25-02-2014
Ran by Dawn (administrator) on 10-03-2014 at 03:11:14
Running from "C:\Users\Dawn\Downloads"
Microsoft Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys
[2013-12-06 15:05] - [2013-09-13 19:48] - 0338944 ____A (Microsoft Corporation) F81BB7E487EDCEAB630A7EE66CF23913

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-12-06 15:05] - [2013-09-07 21:07] - 1294272 ____A (Microsoft Corporation) CA59F7C570AF70BC174F477CFE2D9EE3

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2013-12-06 14:23] - [2013-07-08 23:46] - 0140288 ____A (Microsoft Corporation) 7CA1BECEA5DE2643ADDAD32670E7A4C9

C:\Program Files\Windows Defender\MpSvc.dll
[2013-12-06 14:50] - [2013-05-26 23:57] - 0680960 ____A (Microsoft Corporation) 082CF481F659FAE0DE51AD060881EB47

C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

Results of screen317's Security Check version 0.99.80
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
(On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 51
Adobe Flash Player 13.0.0.154
Adobe Reader 10.1.9 Adobe Reader out of Date!
Google Chrome 31.0.1650.63
Google Chrome 32.0.1700.76
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Client Antimalware NisSrv.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 4%
````````````````````End of Log``````````````````````
  • 0

#12
godawgs
Posted 10 March 2014 - 07:21 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Were you able to change the search engine in Chrome successfully? Can you describe the pop ups? Does this happen in all browsers or just one? Which browser(s) does this happen in?

Let's remove the things that ESET found and update Adobe Reader.


Step-1.

Posted Image OTL Fix

Please close all open windows and browsers

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:FILES
C:\CCE_Quarantine\{00CDC692-1DFE-4C20-BA8A-4A77FA8B236D}
C:\CCE_Quarantine\{05D9C7BD-CB3A-4808-9E3E-FC9A476A6932}
C:\CCE_Quarantine\{BC7082CE-6FCF-4B62-A20F-908BA23B2E05}
C:\CCE_Quarantine\{CA878ACB-BCB3-4EB4-8AC2-780AC113B511}
C:\Users\Dawn\.frostwire5
C:\Users\Dawn\Downloads\Shockwave_Installer_Slim (1).exe
C:\Users\Dawn\Downloads\Shockwave_Installer_Slim (2).exe
C:\Users\Dawn\Downloads\Shockwave_Installer_Slim.exe
C:\Users\Mr Morgan\AppData\LocalLow\WeLoveFilms_-_US\ldrtbWeLo.dll
C:\Users\Mr Morgan\AppData\LocalLow\WeLoveFilms_-_US\tbWeLo.dll
C:\Windows\System32\Adobe\Shockwave 12\gt.exe

:COMMANDS
[emptytemp]


Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop. To do that:
  • Vista and 7 users: Right click the icon and click Run as Administrator
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-2.

Update Adobe Reader

Earlier versions of Adobe Reader have known security flaws so it is recommended that you update your copy.
  • Go to Start > Control Panel > Add/Remove Programs
  • Click the Start Orb and click Control Panel. Under the Programs heading click Uninstall a program
  • Remove ALL instances of Adobe Reader. The version(s) I see on the computer are:
    • Adobe Reader 10.1.9
  • Right click each program and cilck Uninstall
  • Re-boot your computer as required.
  • Once ALL versions of Adobe Reader have been uninstalled, download the latest version of Adobe Reader from Here.
  • Remove the check mark next to Yes, install McAfee Security Scan Plus-optional box.
  • Click the Download Now button to download Adobe Reader and follow the directions.
Alternative Option: After uninstalling Adobe Reader, you could try installing Foxit Reader from HERE. Foxit Reader is a much smaller program. It has fewer add-ons therefore loads more quickly.
NOTE: When installing FoxitReader, be careful not to install anything to do with AskBar or any other 3rd party software.


Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. Answer my questions above
2. Let me know how the Adobe update went.
3. The OTL fixes log.
  • 0

#13
wisdom89
Posted 10 March 2014 - 09:53 AM

wisdom89

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
hey godawgs

the search engine on chrome was a success and the pop up slides on the page but not every page but like ebay other adds come on. it happens on chrome
as for adobe it was a success.


All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
C:\CCE_Quarantine\{00CDC692-1DFE-4C20-BA8A-4A77FA8B236D} moved successfully.
C:\CCE_Quarantine\{05D9C7BD-CB3A-4808-9E3E-FC9A476A6932} moved successfully.
C:\CCE_Quarantine\{BC7082CE-6FCF-4B62-A20F-908BA23B2E05} moved successfully.
C:\CCE_Quarantine\{CA878ACB-BCB3-4EB4-8AC2-780AC113B511} moved successfully.
C:\Users\Dawn\.frostwire5\updates folder moved successfully.
C:\Users\Dawn\.frostwire5\themes folder moved successfully.
C:\Users\Dawn\.frostwire5\search_db\search_db folder moved successfully.
C:\Users\Dawn\.frostwire5\search_db folder moved successfully.
C:\Users\Dawn\.frostwire5\library_db\library_db folder moved successfully.
C:\Users\Dawn\.frostwire5\library_db folder moved successfully.
C:\Users\Dawn\.frostwire5\jd_home folder moved successfully.
C:\Users\Dawn\.frostwire5\image_cache\static.frostwire.com\images\overlays folder moved successfully.
C:\Users\Dawn\.frostwire5\image_cache\static.frostwire.com\images folder moved successfully.
C:\Users\Dawn\.frostwire5\image_cache\static.frostwire.com folder moved successfully.
C:\Users\Dawn\.frostwire5\image_cache folder moved successfully.
C:\Users\Dawn\.frostwire5\azureus\tmp folder moved successfully.
C:\Users\Dawn\.frostwire5\azureus\net folder moved successfully.
C:\Users\Dawn\.frostwire5\azureus\logs\save folder moved successfully.
C:\Users\Dawn\.frostwire5\azureus\logs folder moved successfully.
C:\Users\Dawn\.frostwire5\azureus\dht folder moved successfully.
C:\Users\Dawn\.frostwire5\azureus\active\B5BFC97A0C58063861BD19CCA5FCB2FFB7BBED54 folder moved successfully.
C:\Users\Dawn\.frostwire5\azureus\active\9C85DD5E8330AA0D0589777AE98283F7E86E18C7 folder moved successfully.
C:\Users\Dawn\.frostwire5\azureus\active\6BE5BCF4428F604BE2843764FE318A5F14CBEDD5 folder moved successfully.
C:\Users\Dawn\.frostwire5\azureus\active folder moved successfully.
C:\Users\Dawn\.frostwire5\azureus folder moved successfully.
C:\Users\Dawn\.frostwire5\appwork\tmp folder moved successfully.
C:\Users\Dawn\.frostwire5\appwork\logs folder moved successfully.
C:\Users\Dawn\.frostwire5\appwork\cfg folder moved successfully.
C:\Users\Dawn\.frostwire5\appwork folder moved successfully.
C:\Users\Dawn\.frostwire5 folder moved successfully.
C:\Users\Dawn\Downloads\Shockwave_Installer_Slim (1).exe moved successfully.
C:\Users\Dawn\Downloads\Shockwave_Installer_Slim (2).exe moved successfully.
C:\Users\Dawn\Downloads\Shockwave_Installer_Slim.exe moved successfully.
C:\Users\Mr Morgan\AppData\LocalLow\WeLoveFilms_-_US\ldrtbWeLo.dll moved successfully.
C:\Users\Mr Morgan\AppData\LocalLow\WeLoveFilms_-_US\tbWeLo.dll moved successfully.
C:\Windows\System32\Adobe\Shockwave 12\gt.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Dawn
->Temp folder emptied: 2881163 bytes
->Temporary Internet Files folder emptied: 12226647 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 350222185 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 492 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes

User: kaycie
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mr Morgan
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Rodney
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1359417 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 127438 bytes

Total Files Cleaned = 350.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 03102014_101340

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#14
godawgs
Posted 10 March 2014 - 04:01 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Make sure the Chrome browser is configured to stop pop ups.
Click here
Go to item 2 and verify that the browser is set to prevent popups.
You can also click the Manage Options button and see if any sites are allowing popups.

If that didn't help:

Clear your cache and browsing history

  • Click the Chrome menu.
  • Select Tools.
  • Select Clear browsing data.
  • Select the “Clear browsing history” and “Empty the cache” checkboxes.
  • In the drop-down at the top of the dialog box, select a timeframe close to when this issue started.
  • Click Clear browsing data. If the issue isn't resolved, repeat the steps, selecting a longer timeframe. Continue repeating up until the beginning of time. Repeating in this way will help you avoid unnecessarily having to clear all of your cache and browsing history

Let me know if that helped.
  • 0

#15
wisdom89
Posted 10 March 2014 - 05:53 PM

wisdom89

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
yes it has stopped the pop ups
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP