Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

all internet browsers running like treacle doesnt matter which one


  • Please log in to reply

#1
tuufulhundin

tuufulhundin

    Member

  • Member
  • PipPipPip
  • 126 posts

 Chrome, explorer and firefox all running slow, slow, slow. Microsoft security essentials uptodate nothing detected.  Ran malwarebytes, found 12 pup files, quarantined then deleted them. 

 

No change, had done disk cleanup, no change..... Ran OTL, result file attached.

 

Using Cox as provider with 50mbps speed, which should be great for our needs, but sometimes cant even turn a page on a website.....................(sigh)

Attached Files

  • Attached File  OTL.Txt   137.25KB   75 downloads

  • 0

Advertisements


#2
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,967 posts

:welcome:

Please double-click OTL.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).

  • Copy the entire content of the quote box (except the word quote) below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :OTL
    O4 - HKCU..\RunOnce: [Uninstall C:\Users\Pettit Family\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Pettit Family\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112" File not found
    O4 - HKCU..\RunOnce: [Uninstall C:\Users\Pettit Family\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Pettit Family\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64" File not found
    O4 - HKCU..\RunOnce: [Uninstall C:\Users\Pettit Family\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Pettit Family\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627" File not found
    O4 - HKCU..\RunOnce: [Uninstall C:\Users\Pettit Family\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Pettit Family\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64" File not found
    O4 - HKCU..\RunOnce: [Uninstall C:\Users\Pettit Family\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Pettit Family\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811" File not found
    O4 - HKCU..\RunOnce: [Uninstall C:\Users\Pettit Family\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Pettit Family\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64" File not found
    O4 - HKCU..\RunOnce: [Uninstall C:\Users\Pettit Family\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Pettit Family\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217" File not found
    O4 - HKCU..\RunOnce: [Uninstall C:\Users\Pettit Family\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Pettit Family\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64" File not found

    :files
    C:\Windows\Installer\{e4903132-8a62-e4be-8c23-f8135ffb984a}
    C:\Users\Pettit Family\AppData\Local\{e4903132-8a62-e4be-8c23-f8135ffb984a}
    C:\Windows\assembly\Desktop.ini

  • Return to OTL, right click in the "Custom Scans/Fixes" window and choose Paste.
  • Click the red Run Fix button.
  • The computer will restart
  • A report will be produced and saved in the C:\_OTL\MovedFiles folder. Open that report and post its contents in a reply.

 

 

Download TFC by OldTimer to your desktop
 

  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Download : ADWCleaner to your desktop.

NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs and click on the AdwCleaner icon.

scan-results.jpg

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder. as AdwCleaner[S0].txt

bf_new.gif Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
  • Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

Once the above is completed, please rerun OTL.exe and post the new report.


  • 0

#3
tuufulhundin

tuufulhundin

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 126 posts
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\Pettit Family\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\Pettit Family\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\Pettit Family\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\Pettit Family\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\Pettit Family\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\Pettit Family\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\Pettit Family\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\Pettit Family\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64 deleted successfully.
========== FILES ==========
C:\Windows\Installer\{e4903132-8a62-e4be-8c23-f8135ffb984a}\U folder moved successfully.
C:\Windows\Installer\{e4903132-8a62-e4be-8c23-f8135ffb984a}\L folder moved successfully.
C:\Windows\Installer\{e4903132-8a62-e4be-8c23-f8135ffb984a} folder moved successfully.
C:\Users\Pettit Family\AppData\Local\{e4903132-8a62-e4be-8c23-f8135ffb984a}\U folder moved successfully.
C:\Users\Pettit Family\AppData\Local\{e4903132-8a62-e4be-8c23-f8135ffb984a}\L folder moved successfully.
C:\Users\Pettit Family\AppData\Local\{e4903132-8a62-e4be-8c23-f8135ffb984a} folder moved successfully.
C:\Windows\assembly\Desktop.ini moved successfully.
 
OTL by OldTimer - Version 3.2.53.0 log created on 05112014_200437

  • 0

#4
tuufulhundin

tuufulhundin

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 126 posts

I did what you said but my pc didnt start after, it just produced the report...fyi


  • 0

#5
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,967 posts
The computer is infected with Trojan Zero Access. Lets try this.
 
Please download Farbar Recovery Scan Tool and save it to a flash drive.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 
  • Plug the flash drive into the infected PC.
 
If you are using Vista or Windows 7 enter System Recovery Options.
 
To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
  • Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
To make a repair disk on Windows 7 consult: http://www.sevenforu...isc-create.html
 
 
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
  • On the System Recovery Options menu you will get the following options:
  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt
 
Once in the Command Prompt:
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
 
 

  • 0

#6
tuufulhundin

tuufulhundin

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 126 posts

this is instead of what I was in the midst of doing right?


  • 0

#7
tuufulhundin

tuufulhundin

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 126 posts

I took notes, it didnt work I did something wrong, I am great at using pc's not so good at fixing. Have now printed instructions and will try again. Thank you.....


  • 0

#8
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,967 posts
I did what you said but my pc didnt start after, it just produced the report...fyi

 

this is instead of what I was in the midst of doing right?

 

 

 

No I was assuming your PC was unbootable. If bootable, disregard the instructions on post #5 and continue with the scans.


  • 0

#9
tuufulhundin

tuufulhundin

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 126 posts

TFC LOG

 

Getting user folders.
 
Stopping running processes.
 
Emptying Temp folders.
 
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Elli
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Elli.PettitFamily-HP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Pettit Family
->Temp folder emptied: 631633 bytes
->Temporary Internet Files folder emptied: 2872885 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 8796270 bytes
->Flash cache emptied: 941 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5309997 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
 
Emptying RecycleBin. Do not interrupt.
 
RecycleBin emptied: 0 bytes
Process complete!
 
Total Files Cleaned = 17.00 mb
 
 now doing a restart as it didnt

  • 0

#10
tuufulhundin

tuufulhundin

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 126 posts
JRT LOG
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\cr_installer
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\competeinc
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\freeze.com
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011311134}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{1409340E-A225-42EF-8DC0-3B9F83B8F379}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npcouponprinter.dll"
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npmozcouponprinter.dll"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{0236C7FD-5F5E-458A-9AD9-E68C1A35221B}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{02D81DB6-957D-40C6-93C3-009EDE5E8E69}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{07810A24-1152-42FB-9EFD-C0014D2F270D}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{0891518E-9447-4159-A839-1E0C8443F704}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{11117AA3-BBF9-4EE0-8E1C-F75BE1C259E8}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{112C1B40-4027-4C3D-99CD-F405DF4451C2}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{13F3BCE6-A77C-4EFA-AF34-CF70D307CD45}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{15E4493D-3C3B-4E54-A86B-224FDE179F9D}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{1711F9F6-CB9D-499C-A219-216FE292F300}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{18D1C42F-89E5-4114-8E05-DCA4C00C1AE0}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{19873A88-6DD2-4695-9789-623544A2A09B}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{1BBDE8A5-3FE8-469C-8219-DC003FAC7FE2}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{1D7DACBB-4E27-4230-8CFA-829B2C5DCD57}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{1F5D7AB0-54F2-46E0-9492-30ED8051879B}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{208910EF-AA91-4C7F-9CE4-5C1DC723E252}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{21554E9A-B966-474B-B19B-D78EC1880A8B}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{22D9A196-25BC-492E-AE60-AEA35BDA71BD}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{23196A3C-EDF3-4787-AFE0-3CE17306DC40}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{2353D469-91AC-4601-A2F6-F84168B4D088}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{243DCC17-58F1-4AE3-913D-8572D379C0DC}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{2522B751-3479-45E0-9B1B-BC2350DA240E}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{2548136E-7FCD-424F-97D6-8A53BB034B73}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{25E690C7-0B3F-4C66-81F1-28687A482DD8}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{26602E27-30A4-4795-8B19-9A89C80DBD06}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{2D9FE131-4043-43C7-B6D1-A762215E08EB}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{317BDAEE-3C2F-49A7-B423-8E367FFC3D11}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{32970495-20E9-49E6-BB02-953229237D56}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{34DDF0A8-A639-4563-8FF5-721CCEA709D2}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{35D9B37D-0ECE-4108-9936-5CE0F8B67F59}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{366D4D82-A037-4E62-A998-10F5B9362456}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{37B53955-0B54-4E58-9D53-B9AA52563CD5}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{37E05426-A301-48BA-900B-2692450C5A4A}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{38FFBD64-CEAC-4542-B8CE-AEAA4AD777B9}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{39B26439-7AF9-4576-8E0B-C79F89C328D4}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{3B302696-331D-4F25-8752-4F91687AD9F6}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{3D79D2DB-30A8-4E9F-9D6D-FB0640E9F685}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{3F0BF1CD-7AAB-48C2-94B9-D38B735416A0}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{4228C82D-5D48-470B-BC00-C37B774CAE73}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{45EAA152-1EA7-4F83-AF4B-A456ADF9572C}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{47894AFE-068E-49CC-9C7A-C2F1D2F9C0A1}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{481E8F2A-33DE-41D8-A639-C280148F7870}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{49E7677A-6FEA-4A51-9BFD-9453EA5572DE}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{4C39ED11-0D28-4B00-B9EB-E66339CFBEE6}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{4DDFA97E-1CA2-456E-9FC1-0D36B5249088}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{4E4C92D0-45F8-4D27-8F19-1EFF23884093}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{50459634-4F7D-4343-B4EF-8FC02199CAB8}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{51DE82E2-9C83-402F-BF78-4F45585C5040}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{5272353F-516F-4804-9348-5399BD44D69D}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{542C15E3-D428-4F1A-A549-5D45DBDCFC33}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{57071D16-6486-4D91-AAD2-A258026595CF}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{5CB3BCC2-C6B0-4644-A836-1DE68A124F9C}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{5CF04E14-882E-4164-AD3C-77F793FE0D5D}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{606FB973-F5DC-42FB-9D75-3F662C30A44F}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{616EE5BA-E147-4C92-81E3-EAD55D66A43A}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{633443A6-0E5E-4A09-A889-65A9A02E56A5}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{674786D1-9C48-422B-B101-C257677BBE02}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{67FABE00-1592-4234-A5DF-226AA23F3DC2}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{6861554F-4C1E-41C2-B2F5-903CB5C796D5}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{687109EB-4AA5-4A7F-BE38-8D0E24BAC2D9}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{68B95927-D893-4CB1-A95B-B5921CEB2F91}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{68E8AC92-EDDC-4C61-BB34-830E7EAB68BC}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{69577E70-1581-4DA9-9569-4036E1BBBC95}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{6A370073-AE01-42FD-B3D7-177FA982B64F}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{6A9586F6-D3C8-4E31-8539-7D635E8AF63C}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{6BFAA6B0-6E1E-4870-A920-87D05B354039}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{6D7BEF64-A59E-4F34-BD88-BDDF0CC5CCE1}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{6D7BFE3E-2579-4009-84D9-36409F2FAC4C}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{6E0A6E43-7B5C-4967-BA2E-AE1857795CAA}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{6E3D2B66-0553-4F3F-AEC3-ED97E8463362}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{6F1C8C70-4CCA-4975-9F7C-0E1D8CC04B1C}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{6F52C8DA-253E-46DE-807C-5DF6C83BDD95}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{708CAFFA-2803-4576-B0AC-91F405A823D7}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{72B00B5C-8148-4276-B144-CA0C2FC74C91}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{73FB2683-F021-4A72-AAB9-109832A1237D}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{74CD1159-8DAA-4339-ADC9-94F30F53341D}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{74D7A342-589F-41A2-A5EC-2819BF59F7EE}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{752FCB62-85C4-4620-8CF4-5FED79D6BDAB}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{759C7893-67ED-484E-BCCF-AE475156797C}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{79210484-2E62-48C1-81CE-FF4A5C16C8F1}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{7B803457-E55E-43FD-9E39-32EE6934362F}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{7CC492BA-96B6-480A-8469-B49F08B8C784}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{7FC7166E-AD6B-42D8-A5DB-0A0515641885}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{83D80F6D-BC4A-4BF3-8E9D-3311997E15B4}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{84A16D67-2D4A-44C6-9FBA-E0BE54DEBB43}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{85FEFB94-D842-4967-8EFD-CD1D13C687F3}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{87489529-70D2-4F5F-9394-98809738BAF9}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{8A68D9E9-2BEA-450A-A634-BB53F4B048EE}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{8A9D2C9E-4A0A-40B8-B742-801FDB98E001}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{8AAC03F4-170B-464D-A804-D5ED5002D605}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{8B178DFF-DEA9-478A-B5B8-D4CDC6A74156}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{8D657E07-C445-44EC-B0E7-9BA18AC9379F}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{8EEB5136-DF46-45E8-8AB1-7C8E47F823F4}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{900FA38A-6650-4C88-A476-5B399557ADD8}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{91B513A7-228E-42D0-8CD5-2BFD7348A8F3}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{930E5369-C2AF-4579-8F2C-62EC458942CD}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{94015D33-DB77-4402-9F8C-9E8CE89B508A}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{94BA1450-19CC-48E8-A218-96D5F3152192}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{94E1535D-270E-4920-B0C0-34430ED1CA60}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{97760DB7-E751-4E94-B499-FDC13C72EED0}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{97A18EE8-9A72-434C-8493-E05DD2AC888C}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{99C2816C-E1E1-4A7E-98FE-88B9E1720952}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{9CDC5E4E-6DD8-423D-9DC8-7EF57FFE825A}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{9D34F2A5-7900-4B88-BEA8-DA820BBA1F37}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{9DB98708-26A8-42C2-B75F-076E96D9BB14}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{9DCF20D3-AC32-4E99-A49A-10179F57539C}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{9EDDE19D-E1C7-4E89-ACB1-A521C019A23A}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{A087533D-D341-4728-A421-25AC41D21800}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{A0F9CA13-0BB9-4BA5-B0AD-0135AB1FCF1E}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{A2D5382A-39D5-4ED1-94B8-494D2A25B883}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{A515D774-DF5D-4269-B8F8-BF7FFFDD89A5}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{A5481709-BE60-4B89-9021-39EEAD0B03D2}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{A601699C-5097-4550-9D29-6670C4C530BA}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{A78FA5C7-E65A-4832-83A4-F59B1693337E}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{A7C65DF5-E006-40B9-BFE4-EE6C3D8D9971}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{A88CAC72-516B-4070-9586-39B372C7963D}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{A928B3D3-D888-4D9A-BE9E-4031F0122DB9}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{AC9CFD64-BDD7-43A8-970F-71A276BAD3D3}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{ACB18117-8D27-4DDC-9A92-720FE4C0D764}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{AE7E5BA9-987E-4066-8234-CA573114A85A}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{AF38563C-1C56-4339-A2B9-C1B564A2B748}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{AF8B6B0D-B63D-4A56-8561-4AA1BDCBACD3}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{B16DB25C-22D9-4E40-B3AE-A7AA1DB19A23}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{B178C653-F04C-4208-9450-489B8D45D074}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{B1A6EFFE-A23E-4D0B-A093-C49517AB2133}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{B854226F-BE01-4BF1-B889-BC5BD41A5677}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{B8D07DDF-A0D6-4BD6-BBFE-3DC4B7472E14}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{B8EB7DC6-1B7D-421B-9902-21619B223D0A}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{B979E640-A703-4DBB-BB37-920191FF0C6B}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{BD56084F-31B5-4430-8545-343A97883576}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{BE776BA2-80A3-460B-947A-1EE1399A272A}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{C24A6503-AFE3-47F8-AD06-2DC61E79BF1A}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{C24DFB06-BF1F-422D-8D7E-4AB4FB551FD4}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{C31F867E-2177-4F29-A85B-40E038F5133F}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{C3AF6E47-AF47-4BFC-A998-7F72A4E6AF67}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{C4C3FEE1-8081-4720-80F1-513E52600E2B}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{C5A2EBF5-8708-4EE7-AE53-821E6CB7946D}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{C8304A5A-CA0D-4D74-A2B0-D4711611D3A6}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{CA18BD8A-6638-4AC8-964A-A3425F85CC60}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{CAA03DB0-0E57-426D-91A0-D77481286CF7}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{CD585D15-8691-4E3A-8A08-D9F4C5F97F79}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{D1499A5C-F66A-4C16-ACB8-F6909E2FBE2B}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{D309297E-CAB4-42D3-AD72-D6959C52C65E}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{D34B2E4C-E48F-4341-8DA9-15463F37828B}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{D36D5F30-F8D2-493B-8BB5-8A79160C3BCA}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{D4332BD8-3955-4A8A-A311-1AF0815D6B93}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{D57B585E-0D33-4296-A47D-F7A79F640F03}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{D7A88C0B-0544-4961-8875-2DBC3BA345C8}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{D963CFB7-9087-4334-9283-9B42B768EA35}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{DAFCFE67-7161-4D5D-892F-6BFD97889B2F}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{DCC23C90-AB02-4E93-BA99-BD904E40E636}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{DF871691-6FED-4851-827F-8B857B0E88D7}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{E21B4815-B21D-4BC9-948B-3E911CF6F383}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{E2CB9B2A-60DD-4F43-B4CE-909F941C4B60}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{E2F001E4-BED0-4AC5-B3E7-4E1A07D28B9E}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{E6E84A27-7CFB-445E-9A04-4A1BEEF2185C}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{E717D5B1-C051-4D4F-B42E-B655CAA22617}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{E85638A1-9737-4CB9-8274-1E9E7ED643EB}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{E8CEE0C3-70CD-4133-A7F4-BC304FFCBC7A}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{EEFAA438-04AF-4027-A8AD-61E14B31E3C2}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{EF846DA2-E4BF-476C-9B01-8B6E0212D4D6}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{F108C078-E7A9-4FA5-A805-873B191FF3FD}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{F178832D-6CAA-4AB5-8AF8-803F26E0EBDB}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{F7D82D26-D0D6-4E5A-92D2-63827F83D696}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{F84B04C7-FFB5-4117-B568-B60DAC9390E0}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{F98F01AF-9CC6-42FA-94F2-E24663E3AEE2}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{FB84771B-4224-4879-A6DB-9FAD989AB123}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{FC752E6A-2E2F-4CC8-9F93-117A40DCC60E}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{FE21F7A1-6CD3-4F1A-BDB0-190B0E398303}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{FF328737-08BD-4B43-ABAC-8424B8EEBFBB}
Successfully deleted: [Empty Folder] C:\Users\Pettit Family\appdata\local\{FF938454-7F49-48B6-9E01-63966A7AE7E3}
Successfully deleted: [Folder] "C:\ProgramData\ask"
 
 
 
~~~ FireFox
 
Successfully deleted: [File] C:\Users\Pettit Family\AppData\Roaming\mozilla\firefox\profiles\kjdztwb7.default\searchplugins\askcom.xml
Successfully deleted: [Folder] C:\Users\Pettit Family\AppData\Roaming\mozilla\firefox\profiles\kjdztwb7.default\fctb
Successfully deleted the following from C:\Users\Pettit Family\AppData\Roaming\mozilla\firefox\profiles\kjdztwb7.default\prefs.js
 
user_pref("freecauseb987141395b701c469cf961a01420158.AutoSearchEventData", "auto%20search");
user_pref("freecauseb987141395b701c469cf961a01420158.ClearCacheDate", 11);
user_pref("freecauseb987141395b701c469cf961a01420158.DNSCatch", true);
user_pref("freecauseb987141395b701c469cf961a01420158.DisplayEULA", true);
user_pref("freecauseb987141395b701c469cf961a01420158.DnsCatchEventData", "dns%20catch");
user_pref("freecauseb987141395b701c469cf961a01420158.EBOMode", false);
user_pref("freecauseb987141395b701c469cf961a01420158.EnableDCAData_xx", true);
user_pref("freecauseb987141395b701c469cf961a01420158.EnableDCA_xx", false);
user_pref("freecauseb987141395b701c469cf961a01420158.FirstLaunchShown", true);
user_pref("freecauseb987141395b701c469cf961a01420158.InstallDomain", "upromise.com");
user_pref("freecauseb987141395b701c469cf961a01420158.InstallType", "one_click");
user_pref("freecauseb987141395b701c469cf961a01420158.LoadLayoutDate.100987", 11);
user_pref("freecauseb987141395b701c469cf961a01420158.NewTabSearchEventData", "tab%20search");
user_pref("freecauseb987141395b701c469cf961a01420158.ShowRecommendedOptions", true);
user_pref("freecauseb987141395b701c469cf961a01420158.StateReportDate", "1399734903183");
user_pref("freecauseb987141395b701c469cf961a01420158.TopRightSearchEventData", "top%20right%20search");
user_pref("freecauseb987141395b701c469cf961a01420158.beforeInstallSaved", true);
user_pref("freecauseb987141395b701c469cf961a01420158.beforeinstall.homepage", "hxxp%3A//www.goodsearch.com/");
user_pref("freecauseb987141395b701c469cf961a01420158.beforeinstall.search", "Google");
user_pref("freecauseb987141395b701c469cf961a01420158.comp.search.58.engine_img", "aHR0cHM6Ly9zdGF0aWMucmV3YXJ6LmNvbS9jbGllbnRzL1Vwcm9taXNlL3Rvb2xiYXJzL3Byb2R1Y3Rpb24vMTAwOTg3L
user_pref("freecauseb987141395b701c469cf961a01420158.comp.search.58.engine_url", "aHR0cDovL29sbWNkbi51cHJvbWlzZS5jb20vc2VhcmNoLmh0bWw/cXM9");
user_pref("freecauseb987141395b701c469cf961a01420158.comp.search.58.text", "Search%20the%20Web");
user_pref("freecauseb987141395b701c469cf961a01420158.comp.search.search_comp_cid.engine_img", "");
user_pref("freecauseb987141395b701c469cf961a01420158.comp.search.search_comp_cid.engine_url", "aHR0cDovL29sbWNkbi51cHJvbWlzZS5jb20vc2VhcmNoLmh0bWw/cXM9");
user_pref("freecauseb987141395b701c469cf961a01420158.comp.search.search_comp_cid.text", "Search%20the%20Web");
user_pref("freecauseb987141395b701c469cf961a01420158.customNewTab", false);
user_pref("freecauseb987141395b701c469cf961a01420158.dcaDefaultMode", false);
user_pref("freecauseb987141395b701c469cf961a01420158.dcaShowInstallerPage", false);
user_pref("freecauseb987141395b701c469cf961a01420158.dcaShowSurvey", true);
user_pref("freecauseb987141395b701c469cf961a01420158.helpUsImprove", true);
user_pref("freecauseb987141395b701c469cf961a01420158.hideOthers", true);
user_pref("freecauseb987141395b701c469cf961a01420158.partnerauth", false);
user_pref("freecauseb987141395b701c469cf961a01420158.processAddrBar", false);
user_pref("freecauseb987141395b701c469cf961a01420158.remove_homepage", true);
user_pref("freecauseb987141395b701c469cf961a01420158.remove_search", true);
user_pref("freecauseb987141395b701c469cf961a01420158.restoreSearch", false);
user_pref("freecauseb987141395b701c469cf961a01420158.searchHistory", false);
user_pref("freecauseb987141395b701c469cf961a01420158.session", "8FD6E7C7B18059F7381F6A559701426AAF7AF3D3F2E4453352B31EF79C5DD1E7CF952A4FE28EC8CB8B051A4F5DA20DE8B572DAD5069A736
user_pref("freecauseb987141395b701c469cf961a01420158.showFirstLaunchOptions", false);
user_pref("freecauseb987141395b701c469cf961a01420158.tb_lang", "en");
user_pref("freecauseb987141395b701c469cf961a01420158.tool_id", "100987");
user_pref("freecauseb987141395b701c469cf961a01420158.user_id", "20404");
user_pref("freecauseb987141395b701c469cf961a01420158.user_key", "6bc91166dff88bb77d8fa66235e73e2de84238c6");
user_pref("freecauseb987141395b701c469cf961a01420158.user_layouts", "100987");
user_pref("freecauseb987141395b701c469cf961a01420158.user_lnames", "Upromise%20RewardU%20Toolbar");
user_pref("freecauseb987141395b701c469cf961a01420158.xml_service_url", "cf2788bd15fe5bcbc566786e33a951d1");
user_pref("freecauseb987141395b701c469cf961a01420158.yahooSearch", false);
Emptied folder: C:\Users\Pettit Family\AppData\Roaming\mozilla\firefox\profiles\kjdztwb7.default\minidumps [105 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 05/12/2014 at  7:35:05.62
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • 0

Advertisements


#11
tuufulhundin

tuufulhundin

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 126 posts
# AdwCleaner v3.208 - Report created 12/05/2014 at 07:55:36
# Updated 11/05/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Pettit Family - PETTITFAMILY-HP
# Running from : C:\Users\Pettit Family\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\Elli\AppData\LocalLow\FunWebProducts
Folder Deleted : C:\Users\Elli\AppData\LocalLow\MyWebSearch
Folder Deleted : C:\Users\Elli.PettitFamily-HP\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Pettit Family\Downloads\Documents\PC Health Kit
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{01947140-417F-46B6-8751-A3A2B8345E1A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AFB130D4-7DD2-41EB-A9AD-4C90414657F4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17041
 
 
-\\ Mozilla Firefox v28.0 (en-US)
 
[ File : C:\Users\Elli\AppData\Roaming\Mozilla\Firefox\Profiles\p7wvjv3s.default\prefs.js ]
 
Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Line Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Line Deleted : user_pref("browser.search.order.1", "Ask.com");
Line Deleted : user_pref("browser.search.selectedEngine", "Ask.com");
Line Deleted : user_pref("dom.ipc.plugins.enabled.npmywebs.dll", false);
Line Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");
 
[ File : C:\Users\Elli.PettitFamily-HP\AppData\Roaming\Mozilla\Firefox\Profiles\xg528rkv.default\prefs.js ]
 
Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Line Deleted : user_pref("browser.search.order.1", "Ask.com");
Line Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");
 
[ File : C:\Users\Pettit Family\AppData\Roaming\Mozilla\Firefox\Profiles\kjdztwb7.default\prefs.js ]
 
Line Deleted : user_pref("browser.search.order.1", "Ask.com");
 
-\\ Google Chrome v34.0.1847.131
 
[ File : C:\Users\Elli\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Elli.PettitFamily-HP\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Pettit Family\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=05E7FC6C-C499-462A-93FA-F0436679BC86&apn_sauid=EED1AAE7-5FEA-4335-A615-3B7F99CF15F8
Deleted [Search Provider] : hxxp://ws.infospace.com/playsushi_tbar/ws/redir?_iceUrl=true&%20user_id=%userid&tool_id=60231&qkw={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [6778 octets] - [12/05/2014 07:54:56]
AdwCleaner[S0].txt - [6655 octets] - [12/05/2014 07:55:36]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6715 octets] ##########

  • 0

#12
tuufulhundin

tuufulhundin

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 126 posts
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 5/12/2014
Scan Time: 8:24:45 AM
Logfile: MBAM LOG.txt
Administrator: Yes
 
Version: 2.00.1.1004
Malware Database: v2014.05.12.05
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Pettit Family
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 347399
Time Elapsed: 13 min, 21 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 1
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1737900368-1643728146-1281706836-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [91f4d27ee29976c00b24fac7b350a25e], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

#13
tuufulhundin

tuufulhundin

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 126 posts
OTL logfile created on: 5/12/2014 8:30:33 AM - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Pettit Family\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
5.91 Gb Total Physical Memory | 3.28 Gb Available Physical Memory | 55.54% Memory free
11.81 Gb Paging File | 8.88 Gb Available in Paging File | 75.20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1382.58 Gb Total Space | 1241.29 Gb Free Space | 89.78% Space Free | Partition Type: NTFS
Drive D: | 14.59 Gb Total Space | 1.80 Gb Free Space | 12.37% Space Free | Partition Type: NTFS
Drive G: | 14.95 Gb Total Space | 14.95 Gb Free Space | 99.97% Space Free | Partition Type: FAT32
 
Computer Name: PETTITFAMILY-HP | User Name: Pettit Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/05/11 10:56:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Pettit Family\Downloads\OTL (1).exe
PRC - [2014/04/23 17:33:15 | 000,841,032 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/04/13 06:16:47 | 000,078,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
PRC - [2014/04/11 19:45:50 | 001,764,992 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2014/04/11 19:45:42 | 001,390,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2014/04/04 17:52:42 | 000,257,224 | ---- | M] (Microsoft Corporation) -- C:\Users\Pettit Family\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
PRC - [2014/04/03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/04/03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/04/03 09:49:06 | 006,963,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2013/12/20 23:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/11/20 16:43:26 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/08/19 14:28:22 | 000,445,232 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files (x86)\Hewlett-Packard\HP My Display TouchSmart Edition\OSDManager.exe
PRC - [2011/08/19 14:28:08 | 000,129,840 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2011/08/16 14:03:24 | 000,020,480 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
PRC - [2011/08/16 14:03:16 | 000,016,384 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
PRC - [2011/05/30 11:32:38 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
PRC - [2011/05/05 17:40:52 | 001,128,952 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2011/03/09 15:47:08 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
PRC - [2011/02/24 01:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2011/02/01 14:41:24 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/02/01 14:41:20 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2011/01/17 18:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 18:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/11/26 08:09:12 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
PRC - [2010/10/12 13:56:40 | 000,979,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2008/11/20 11:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/04/23 17:33:13 | 000,390,472 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppgooglenaclpluginchrome.dll
MOD - [2014/04/23 17:33:12 | 013,692,232 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll
MOD - [2014/04/23 17:33:10 | 004,081,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll
MOD - [2014/04/23 17:33:05 | 000,674,632 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libglesv2.dll
MOD - [2014/04/23 17:33:04 | 000,093,000 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libegl.dll
MOD - [2014/04/23 17:33:03 | 001,647,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll
MOD - [2014/04/23 17:33:01 | 000,065,352 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll
MOD - [2014/04/13 06:16:41 | 000,316,584 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
MOD - [2014/02/27 04:08:34 | 002,997,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\1e5e19d119e04b93da3d45153abd60fd\System.IdentityModel.ni.dll
MOD - [2014/02/27 04:08:32 | 019,693,056 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\24bf0c88c0465485f4b842df043b3f45\System.ServiceModel.ni.dll
MOD - [2014/02/27 04:07:59 | 002,868,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\9b7a5ab89ab75ec85de0cedebfde4c5f\ReachFramework.ni.dll
MOD - [2014/02/27 04:05:19 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c44490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll
MOD - [2014/02/27 04:05:15 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4889d9001d1c56af8\System.Xaml.ni.dll
MOD - [2014/02/27 04:05:13 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll
MOD - [2014/02/27 04:05:07 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll
MOD - [2014/02/27 04:05:06 | 002,825,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f6d7bb59f318c130d68816a89335d05e\System.Runtime.Serialization.ni.dll
MOD - [2014/02/27 04:05:06 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll
MOD - [2014/02/27 04:05:05 | 000,806,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\34b53ecafa1d7ccc7ca961d722b5d983\System.ServiceModel.Internals.ni.dll
MOD - [2014/02/27 04:05:05 | 000,122,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\78652b7fa68ee058bff6a118c657f565\SMDiagnostics.ni.dll
MOD - [2014/02/27 04:05:02 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll
MOD - [2014/02/27 04:05:02 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll
MOD - [2014/02/27 04:05:00 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll
MOD - [2014/02/27 04:04:58 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll
MOD - [2014/02/27 04:04:57 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
MOD - [2014/02/27 04:04:52 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2014/01/20 14:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/01/20 14:16:38 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/09/14 01:51:02 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
MOD - [2013/09/14 01:50:36 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
MOD - [2012/04/27 12:11:41 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2011/02/15 12:59:00 | 000,015,624 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP My Display TouchSmart Edition\ACPIDll.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/03/30 03:43:28 | 002,211,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe -- (ClickToRunSvc)
SRV:64bit: - [2014/03/11 12:34:10 | 000,347,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/03/11 12:34:10 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2014/03/06 01:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/03/26 18:13:08 | 000,230,416 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe -- (NitroReaderDriverReadSpool3)
SRV:64bit: - [2012/08/26 12:47:54 | 000,309,760 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2012/08/26 12:47:52 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2012/02/21 12:01:02 | 000,151,648 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04)
SRV:64bit: - [2011/06/09 13:01:00 | 000,555,392 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
SRV:64bit: - [2010/10/11 03:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2014/04/28 14:49:17 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/04/11 19:45:50 | 001,764,992 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2014/04/11 19:45:42 | 001,390,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2014/04/03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/04/03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/03/29 09:31:18 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/20 23:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/11/04 19:31:56 | 000,092,160 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/08/19 14:28:08 | 000,129,840 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2011/08/16 14:03:16 | 000,016,384 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe -- (CalendarSynchService)
SRV - [2011/06/09 06:37:18 | 000,264,008 | ---- | M] (HP) [Auto | Stopped] -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe -- (FPLService)
SRV - [2011/05/05 17:40:52 | 001,128,952 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2011/03/09 15:47:08 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2011/03/07 16:43:30 | 002,375,168 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011/02/24 01:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
SRV - [2011/02/01 14:41:24 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/01 14:41:20 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/11/26 08:09:12 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/05/12 08:10:49 | 000,119,512 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/04/03 09:51:16 | 000,063,192 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/04/03 09:50:58 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/03/11 09:52:30 | 000,133,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/12/14 17:19:58 | 000,016,384 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiUSBXp.sys -- (SIUSBXP)
DRV:64bit: - [2013/11/26 00:49:44 | 000,888,536 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2013/06/26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 19:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 19:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/12/06 09:42:12 | 002,350,176 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2012/08/26 12:47:55 | 000,535,040 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/05/29 15:53:30 | 000,027,456 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cpqdfw.sys -- (CpqDfw)
DRV:64bit: - [2012/03/08 19:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/15 03:21:35 | 000,031,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pmxdrv.sys -- (pmxdrv)
DRV:64bit: - [2011/12/15 02:44:49 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/12/15 02:44:49 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/06/26 19:55:49 | 012,231,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/06/23 14:48:22 | 000,016,152 | ---- | M] (n/a) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NWWakeFilterV.sys -- (NWWakeFilterV)
DRV:64bit: - [2011/06/23 14:48:18 | 000,016,152 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidkmdf.sys -- (hidkmdf)
DRV:64bit: - [2011/06/23 14:48:16 | 000,028,440 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NWVoltron.sys -- (NWVoltron)
DRV:64bit: - [2011/05/30 11:33:04 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2011/05/04 17:44:00 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011/04/21 05:07:22 | 000,399,944 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tixhci.sys -- (tixhci)
DRV:64bit: - [2011/04/21 05:07:22 | 000,131,656 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tihub3.sys -- (tihub3)
DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/06 01:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/07/13 05:57:08 | 000,069,736 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir)
DRV:64bit: - [2010/03/01 16:59:50 | 000,024,376 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cqcpu.sys -- (cqcpu)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://lty.s.upromise.com/member/home
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{9030DCAB-1770-8285-CB79-C4B3FE96F973}: "URL" = http://www.bing.com/...eferrer:source}
IE - HKCU\..\SearchScopes\{b167b83b-348e-4f8a-a00d-693f28ede787}: "URL" = http://search.expats...q={searchTerms}
IE - HKCU\..\SearchScopes\{F030A2BA-76D6-4BE7-A02B-21C9074385AC}: "URL" = http://www.google.co...ie7&rlz=1I7ACAW
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://lty.s.upromi...om/member/home"
FF - prefs.js..extensions.enabledAddons: FFToolbar%40upromise:7.1.0.5277
FF - prefs.js..extensions.enabledAddons: %7Bb9871413-95b7-01c4-69cf-961a01420158%7D:1.301.1
FF - prefs.js..extensions.enabledAddons: plugin%40starstable.com:1.0.0.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: c:\Program Files (x86)\Virtual Earth 3D\ [2011/12/15 03:02:11 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: c:\Program Files (x86)\Virtual Earth 3D\ [2011/12/15 03:02:11 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\Pettit Family\AppData\Local\Roblox\Versions\version-187659e292024b9d\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Pettit Family\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/03/29 09:31:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/05/12 07:31:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2014/04/30 08:18:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2014/04/30 08:18:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/03/29 09:31:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/05/12 07:31:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 24.5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2014/04/30 08:18:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 24.5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2014/04/30 08:18:13 | 000,000,000 | ---D | M]
 
[2012/04/06 18:55:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pettit Family\AppData\Roaming\Mozilla\Extensions
[2014/03/20 19:24:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pettit Family\AppData\Roaming\Mozilla\Firefox\Profiles\kjdztwb7.default\extensions
[2014/01/04 16:00:58 | 000,000,000 | ---D | M] ("Star Stable Online") -- C:\Users\Pettit Family\AppData\Roaming\Mozilla\Firefox\Profiles\kjdztwb7.default\extensions\[email protected]
[2012/04/11 16:42:46 | 000,455,818 | ---- | M] () (No name found) -- C:\Users\Pettit Family\AppData\Roaming\Mozilla\Firefox\Profiles\kjdztwb7.default\extensions\[email protected]
[2013/09/15 10:44:00 | 000,431,310 | ---- | M] () (No name found) -- C:\Users\Pettit Family\AppData\Roaming\Mozilla\Firefox\Profiles\kjdztwb7.default\extensions\{b9871413-95b7-01c4-69cf-961a01420158}.xpi
[2014/05/12 07:57:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/03/29 09:31:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2014/03/29 09:31:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2014/03/29 09:31:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2014/05/12 07:57:58 | 000,000,000 | ---D | M] (TrueSuite Website Logon) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2014/04/26 11:22:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/03/29 09:31:19 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/05/11 15:37:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions
[2014/05/11 15:37:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2014/05/11 15:37:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2014/05/11 15:37:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2014/05/11 15:37:11 | 000,000,000 | ---D | M] (TrueSuite Website Logon) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions\[email protected]
[2014/05/11 15:37:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\browser\extensions
[2014/05/11 15:37:31 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/06/14 09:09:02 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Simple Pass 2011 (Enabled) = C:\Users\Pettit Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpgfhihjicjofdejkbjgnjlaglaciobe\1.0_0\npwebsitelogon.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager  (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager  (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U32 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Pettit Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Pettit Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Upromise RewardU Toolbar = C:\Users\Pettit Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddpocmpoechljihmgemoaahhmadaenbc\1.3.0.1_0\
CHR - Extension: Website Logon = C:\Users\Pettit Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpgfhihjicjofdejkbjgnjlaglaciobe\1.0_0\
CHR - Extension: Skype Click to Call = C:\Users\Pettit Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.2.15747.10003_0\
CHR - Extension: Google Wallet = C:\Users\Pettit Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Pettit Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2012/06/28 09:30:26 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe (Hewlett-Packard )
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DT HPO] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe (Portrait Displays, Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [LTCM Client] C:\Program Files (x86)\LTCM Client\ltcmClient.exe (Leader Technologies Inc.)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKCU..\Run: [AppleIEDAV] C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe (Apple Inc.)
O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHBA.EXE /EPT "EPLTarget\P0000000000000000" /M "Epson Stylus NX430" File not found
O4 - HKCU..\Run: [EPLTarget\P0000000000000001] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHBA.EXE /EPT "EPLTarget\P0000000000000001" /M "Epson Stylus NX430" File not found
O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKCU..\Run: [SkyDrive] C:\Users\Pettit Family\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - Startup: C:\Users\Pettit Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}  (ExentInf Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.55.2)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.55.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{719EF350-65C7-490B-B4D1-634F4F28024D}: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B9312D85-6C28-4AB2-A4D8-7E0DFAE757A7}: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/05/12 08:10:37 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/05/12 08:10:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/05/12 08:10:20 | 000,088,280 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/05/12 08:10:20 | 000,063,192 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/05/12 08:10:20 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/05/12 08:10:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/05/12 08:05:51 | 000,000,000 | ---D | C] -- C:\Users\Pettit Family\AppData\Local\{C97A9B39-7554-41A5-95E2-084E8204EF9A}
[2014/05/12 07:55:10 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014/05/12 07:54:51 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/05/12 07:29:35 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/05/10 10:36:53 | 000,000,000 | ---D | C] -- C:\Users\Pettit Family\AppData\Local\PlumChoice, Inc
[2014/05/10 10:36:41 | 000,000,000 | ---D | C] -- C:\Users\Pettit Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cox, Inc
[2014/05/09 20:52:27 | 000,000,000 | ---D | C] -- C:\Users\Pettit Family\Desktop\Create your own passport photo for free - IDPhoto4You_files
[2014/05/07 03:00:41 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\CompatTel
[2014/05/06 15:30:42 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/05/06 15:30:33 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/05/06 15:30:33 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/05/06 15:30:33 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/05/06 07:33:04 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/05/06 07:33:04 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/04/30 08:18:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2014/04/23 21:02:58 | 000,000,000 | ---D | C] -- C:\Users\Pettit Family\AppData\Roaming\Upromise RewardU Toolbar
[2014/04/23 07:58:47 | 000,000,000 | -HSD | C] -- C:\Users\Pettit Family\AppData\Local\EmieUserList
[2014/04/23 07:58:47 | 000,000,000 | -HSD | C] -- C:\Users\Pettit Family\AppData\Local\EmieSiteList
[2014/04/22 03:01:18 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/04/22 03:01:18 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/04/22 03:01:12 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/04/22 03:01:07 | 000,586,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/04/22 03:01:07 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/04/22 03:01:07 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/04/22 03:01:07 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/04/22 03:01:05 | 000,752,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/04/22 03:01:05 | 000,628,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/04/22 03:01:05 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/04/22 03:01:05 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/04/22 03:01:05 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/04/22 03:01:05 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/04/22 03:01:04 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/04/22 03:01:04 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/04/22 03:01:04 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/04/22 03:01:04 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/04/22 03:01:04 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/04/22 03:01:03 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/04/22 03:01:01 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/04/22 03:01:01 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/04/22 03:01:01 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/04/22 03:01:01 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/04/22 03:01:00 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/04/22 03:01:00 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/04/22 03:00:59 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/04/22 03:00:57 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/04/22 03:00:57 | 001,967,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/04/22 03:00:53 | 005,784,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/04/18 15:38:58 | 000,000,000 | ---D | C] -- C:\Users\Pettit Family\AppData\Roaming\CartoonNetwork
[2014/04/13 06:17:49 | 000,000,000 | ---D | C] -- C:\Users\Pettit Family\AppData\Local\Skype
[2014/04/13 06:17:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014/04/13 06:17:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2014/04/12 16:24:58 | 000,000,000 | ---D | C] -- C:\Users\Pettit Family\AppData\Local\Kersh_Wellness
[2014/04/12 16:24:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activity Monitor Utility
[2014/04/12 16:24:56 | 000,024,576 | ---- | C] (Silicon Laboratories) -- C:\Windows\SysNative\drivers\SiLib.sys
[2014/04/12 16:24:56 | 000,016,384 | ---- | C] (Silicon Laboratories) -- C:\Windows\SysNative\drivers\SiUSBXp.sys
[2014/04/12 16:24:56 | 000,000,000 | ---D | C] -- C:\Program Files\Kersh Wellness
 
========== Files - Modified Within 30 Days ==========
 
[2014/05/12 08:23:00 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\PrintProjects Communicator.job
[2014/05/12 08:10:49 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/05/12 08:10:26 | 000,001,108 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/05/12 08:09:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/12 08:08:43 | 000,000,364 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForPettit Family.job
[2014/05/12 08:05:31 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/12 08:05:31 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/12 08:04:31 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/12 08:04:31 | 000,000,632 | RHS- | M] () -- C:\Users\Pettit Family\ntuser.pol
[2014/05/12 08:02:23 | 000,783,360 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/05/12 08:02:23 | 000,663,164 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/05/12 08:02:23 | 000,122,960 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/05/12 07:57:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/05/12 07:57:47 | 461,615,103 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/12 07:49:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/05/11 21:27:32 | 000,000,218 | ---- | M] () -- C:\Users\Pettit Family\.recently-used.xbel
[2014/05/11 15:24:39 | 000,001,371 | ---- | M] () -- C:\Users\Pettit Family\Desktop\ROBLOX Player.lnk
[2014/05/11 15:24:39 | 000,001,190 | ---- | M] () -- C:\Users\Pettit Family\Desktop\ROBLOX Studio 2013.lnk
[2014/05/10 13:28:22 | 000,032,561 | ---- | M] () -- C:\Users\Pettit Family\Desktop\DeltaDentalDentists.pdf
[2014/05/04 16:15:52 | 000,007,610 | ---- | M] () -- C:\Users\Pettit Family\AppData\Local\Resmon.ResmonCfg
[2014/05/01 16:48:42 | 000,004,880 | ---- | M] () -- C:\Users\Pettit Family\Desktop\CHILD SUPPORT ARREARS PLAN.ods
[2014/04/30 20:40:04 | 000,450,196 | ---- | M] () -- C:\Users\Pettit Family\Downloads\Documents\AnimalJam_1.jpg
[2014/04/30 13:03:04 | 000,004,988 | ---- | M] () -- C:\Users\Pettit Family\Desktop\IRS 2008 TAX BILL PAY OFF PLAN.ods
[2014/04/30 11:54:23 | 000,002,116 | ---- | M] () -- C:\Users\Pettit Family\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2014/04/30 07:55:06 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForPETTITFAMILY-HP$.job
[2014/04/28 14:49:17 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/04/28 14:49:17 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/04/25 23:05:50 | 000,823,005 | ---- | M] () -- C:\Users\Pettit Family\Desktop\London Itinerary.pdf
[2014/04/14 20:13:43 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/04/14 20:05:11 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/04/14 20:05:06 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/04/14 20:04:29 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/04/13 19:24:46 | 000,465,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/04/13 19:19:37 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/04/13 06:17:40 | 000,002,697 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/04/12 16:24:57 | 000,001,182 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Activity Monitor Utility.lnk
 
========== Files Created - No Company Name ==========
 
[2014/05/12 08:10:26 | 000,001,108 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/05/11 21:27:32 | 000,000,218 | ---- | C] () -- C:\Users\Pettit Family\.recently-used.xbel
[2014/05/10 13:28:22 | 000,032,561 | ---- | C] () -- C:\Users\Pettit Family\Desktop\DeltaDentalDentists.pdf
[2014/05/03 17:39:16 | 000,000,364 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForPettit Family.job
[2014/04/30 20:40:04 | 000,450,196 | ---- | C] () -- C:\Users\Pettit Family\Downloads\Documents\AnimalJam_1.jpg
[2014/04/25 23:05:42 | 000,823,005 | ---- | C] () -- C:\Users\Pettit Family\Desktop\London Itinerary.pdf
[2014/04/13 06:17:40 | 000,002,697 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/04/12 16:24:57 | 000,001,182 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Activity Monitor Utility.lnk
[2013/05/15 16:03:58 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2012/11/02 13:33:14 | 000,007,610 | ---- | C] () -- C:\Users\Pettit Family\AppData\Local\Resmon.ResmonCfg
[2012/06/28 09:23:10 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/28 09:23:10 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/28 09:23:10 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/28 09:23:10 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/28 09:23:10 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/16 09:08:10 | 000,000,632 | RHS- | C] () -- C:\Users\Pettit Family\ntuser.pol
[2012/04/28 08:47:55 | 000,037,412 | ---- | C] () -- C:\Users\Pettit Family\AppData\Local\tmpOriDSCF1358_2_CROP.1
[2012/04/28 08:47:53 | 000,028,973 | ---- | C] () -- C:\Users\Pettit Family\AppData\Local\tmpOriDSCF1358_2_CROP.0
[2011/12/15 03:22:31 | 000,002,792 | ---- | C] () -- C:\Program Files\HP SimplePass 2011
[2009/07/01 15:00:16 | 000,000,385 | ---- | C] () -- C:\Users\Pettit Family\Documents.lnk
 
========== ZeroAccess Check ==========
 
[2014/05/11 20:45:24 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 19:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 19:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll
 
< End of report >

  • 0

#14
tuufulhundin

tuufulhundin

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 126 posts

I have done everything now that was listed in the original reply and will await instructions......Thanks so much.


  • 0

#15
tuufulhundin

tuufulhundin

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 126 posts
I DON'T THINK I USED THE AD-WARE CLEANER CORRECTLY SO AM DOING IT AGAIN
 
# AdwCleaner v3.208 - Report created 12/05/2014 at 09:13:28
# Updated 11/05/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Pettit Family - PETTITFAMILY-HP
# Running from : C:\Users\Pettit Family\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17041
 
 
-\\ Mozilla Firefox v28.0 (en-US)
 
[ File : C:\Users\Elli\AppData\Roaming\Mozilla\Firefox\Profiles\p7wvjv3s.default\prefs.js ]
 
 
[ File : C:\Users\Elli.PettitFamily-HP\AppData\Roaming\Mozilla\Firefox\Profiles\xg528rkv.default\prefs.js ]
 
 
[ File : C:\Users\Pettit Family\AppData\Roaming\Mozilla\Firefox\Profiles\kjdztwb7.default\prefs.js ]
 
 
-\\ Google Chrome v34.0.1847.131
 
[ File : C:\Users\Elli\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Elli.PettitFamily-HP\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Pettit Family\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [6778 octets] - [12/05/2014 07:54:56]
AdwCleaner[R1].txt - [1461 octets] - [12/05/2014 09:12:22]
AdwCleaner[S0].txt - [6963 octets] - [12/05/2014 07:55:36]
AdwCleaner[S1].txt - [1382 octets] - [12/05/2014 09:13:28]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1442 octets] ##########

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP