Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

popups lpcloudsvr032 remarkit too many popups to use computer [Solved]


  • This topic is locked This topic is locked

#1
rustyhutto

rustyhutto

    New Member

  • Member
  • Pip
  • 7 posts
Hello,

A friend recommended this site for my problems. He helps out on it but has 5 threads at the moment.

My wife has a tendency to lick on ads, unfortunately she also uses this computer to pay bills. this has led to a computer too slow and with so many pop ups it is almost impossible to use. I have identified one of the culprits as lpcloudsvr302 and was researching on my own pc when i realized it was beyond my, shall we be generous and say "limited" computer skills. when trying to start this thread I noticed many of the popups were by "Remarket" if that helps any. I would appreciate any help you guys or gals could give me.
  • 0

Advertisements


#2
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Hello and welcome to Geeks to Go! My nickname is Pystryker :) , and I will be helping you with your issue today.

Please note: I am currently in training and all my fixes must be approved by my teacher before being posted. This gives you the advantage of having two people working to solve your problems.

Before we get started, I have a few things I need to go over with you

  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • Please subscribe to this topic. By subscribing, the board will notify you when a new reply is added to your topic. You can find instructions on how to do that by clicking here.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  • Please read through my instructions carefully and completely before executing them.
  • Please make sure that all the programs I ask you to download are downloaded to and run from your Desktop.
  • Please make sure you print out these instructions so that you will be able to refer to them while working on your machine. Part of the solution(s) to your problem may involve us working in Safe Mode and you will need them to go by.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • Please read through my instructions carefully and make sure you complete them from start to finish. I will make sure that I lay the instructions out in a step by step order to make them easy to follow
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • Please make sure you reply within 3 days to my responses, if there is no reply within 3 days, the topic will be closed and you will need to request the topic be reopened.
  • Before we get started, please remember we will do our best to get your machine repaired. However, there are some cases where the only solution is a reformat and reinstall of the operating system. This is a worst case scenario though.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If possible, please have your original Windows installation disks handy, just in case.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please copy and paste the contents of any requested logs in your replies. Do not attach the log files in your replies unless requested to do so.
  • Please remember, the fixes are for your machine and your machine ONLY!



Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future

Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)

Now, let's get started, shall we? :thumbsup:



Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Step 1: OTL Scan


Download OTL

Download OTL to your desktop by clicking here. If for some reason, that link is not working, please click here for a secondary site.

  • Close any open windows and then double click (Vista, Windows 7, 8, right click and then click Run as Administrator) the icon to start OTL.
  • Please make sure the following boxes are checked.
  • Scan All Users
  • Use Company-Name WhiteList
  • Skip Microsoft Files
  • Use No-Company-Name Whitelist
  • LOP Check
  • Purity Check
  • Please check Use Safelist is checked under Extra Registry.
  • Copy the contents of the quote box below Do not copy the word quote! and paste them into the Custom Scans/Fixes box at the bottom of OTL's control panel.

    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    dir "%systemdrive%\*" /S /A:L /C

  • Click the Run Scan button.

Posted Image

  • Please do not interrupt the scanning process. It may take a while to complete the scan, so please be patient. :)
  • When the scan is finished, it will generate 2 logs, OTL.txt and Extras.txt, each in a Notepad window. Both of these logs are saved in the same location as OTL. In this case, on your desktop.
  • Please post each log in your next reply.


Step 2: Scan with aswMBR


  • Please download aswMBR.exe to your desktop.
  • Double click the file to run it.
  • It will ask if you want to download the latest Avast! virus definitions, please answer yes.

Posted Image

  • Click the Scan button to begin the scan.

Posted Image

  • Once the scan has finished, click on Save Log, save it to your desktop as asw.txt, and please post it in your next reply.
  • Click Exit


Things I need to see in your next post:

OTL Log

Extras.txt Log

aswMBR Log

  • 0

#3
rustyhutto

rustyhutto

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thank you so much for your response. I will respond as soon as i can it may take some time to make sure i understand and carry them out.
  • 0

#4
rustyhutto

rustyhutto

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
OK Here are the 3 attached files. I think i did it correctly.

Attached Files


  • 0

#5
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts

OK Here are the 3 attached files. I think i did it correctly.


Close :) Attaching them makes it a bit harder to study, but no worries this time. When posting logs, all you have to do is copy the entire log, reply to the thread, then right click in the message body and select Paste. That will paste the entire body of the log into your response. :thumbsup:
  • 0

#6
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
I'll paste these into the thread and get started on them. :thumbsup:


OTL logfile created on: 1/28/2014 11:45:50 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\sherry\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.95 Gb Total Physical Memory | 1.34 Gb Available Physical Memory | 33.86% Memory free
7.90 Gb Paging File | 4.98 Gb Available in Paging File | 63.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 447.34 Gb Total Space | 382.58 Gb Free Space | 85.52% Space Free | Partition Type: NTFS
Drive D: | 14.26 Gb Total Space | 1.59 Gb Free Space | 11.14% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 1.08 Gb Free Space | 27.23% Space Free | Partition Type: FAT32

Computer Name: SHERRY-HP | User Name: sherry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/28 23:37:02 | 001,025,312 | ---- | M] (Conduit Ltd.) -- C:\Users\sherry\AppData\Local\NativeMessaging\CT3289663\1_0_0_10\TBMessagingHost.exe
PRC - [2014/01/28 23:13:38 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\sherry\Downloads\aswmbr.exe
PRC - [2014/01/28 21:53:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\sherry\Desktop\OTL.exe
PRC - [2014/01/22 23:57:02 | 000,866,584 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/01/20 04:59:56 | 004,329,248 | ---- | M] (Conduit) -- C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
PRC - [2014/01/20 04:59:56 | 002,301,216 | ---- | M] (Conduit) -- C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
PRC - [2013/12/21 00:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/12/16 19:34:22 | 000,247,968 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.EXE
PRC - [2013/11/26 10:43:10 | 001,933,392 | ---- | M] (Software Updater) -- C:\Program Files (x86)\Software Updater\SoftwareUpdater.exe
PRC - [2013/08/06 19:52:56 | 000,050,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Web Layers\updater.exe
PRC - [2013/08/06 19:52:54 | 000,046,368 | ---- | M] (Microsoft) -- C:\Users\sherry\AppData\Roaming\Web Layers\desktop.exe
PRC - [2013/05/20 22:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.4.0.40\ccsvchst.exe
PRC - [2013/05/13 20:09:12 | 000,270,624 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2012/03/05 12:38:38 | 000,578,944 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2012/03/05 12:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2011/12/06 15:00:14 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2011/12/06 15:00:14 | 000,214,896 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2011/09/13 16:49:46 | 001,098,296 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
PRC - [2011/08/19 14:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2011/06/28 03:41:08 | 000,168,504 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
PRC - [2011/06/15 18:58:28 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/05/20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/05/20 10:10:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/12/22 14:25:02 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/12/22 14:24:58 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/11/26 08:09:12 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
PRC - [2010/11/20 21:24:03 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
PRC - [2010/09/03 00:45:02 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe


========== Modules (No Company Name) ==========

MOD - [2014/01/22 23:57:00 | 000,399,640 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ppgooglenaclpluginchrome.dll
MOD - [2014/01/22 23:56:59 | 013,615,896 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\PepperFlash\pepflashplayer.dll
MOD - [2014/01/22 23:56:56 | 004,055,320 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\pdf.dll
MOD - [2014/01/22 23:56:02 | 000,715,544 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\libglesv2.dll
MOD - [2014/01/22 23:56:01 | 000,100,120 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\libegl.dll
MOD - [2014/01/22 23:55:58 | 001,634,584 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ffmpegsumo.dll
MOD - [2013/10/13 07:55:04 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2013/10/13 07:54:22 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll
MOD - [2013/10/13 07:54:00 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
MOD - [2013/09/11 22:53:42 | 011,914,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\6ebbfafc5521934f7e1c154937a2788b\System.Web.ni.dll
MOD - [2013/09/11 22:53:24 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll
MOD - [2013/08/20 13:04:31 | 000,492,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\97ce162bb354fcf9c8d9eae8252ee216\IAStorUtil.ni.dll
MOD - [2013/08/20 12:57:56 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/20 12:57:39 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/20 12:57:34 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/07/21 16:48:15 | 002,052,096 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2013/07/21 16:48:15 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2013/07/19 05:41:42 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\22d36f517c7545fdb65ccddae680a3eb\IAStorCommon.ni.dll
MOD - [2013/07/15 21:39:22 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2012/10/05 04:53:24 | 003,198,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012/05/30 08:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.4.0.40\wincfi39.dll
MOD - [2011/12/06 15:00:14 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe


========== Services (SafeList) ==========

SRV:64bit: - [2013/11/26 03:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/12/10 22:49:52 | 000,305,152 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/10/11 03:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2014/01/20 04:59:56 | 002,301,216 | ---- | M] (Conduit) [Auto | Running] -- C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe -- (CltMngSvc)
SRV - [2013/12/21 00:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/12/16 19:34:22 | 000,247,968 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.EXE -- (BBUpdate)
SRV - [2013/12/16 19:34:22 | 000,193,696 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.EXE -- (BBSvc)
SRV - [2013/12/10 21:11:40 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/11/04 18:31:56 | 000,092,160 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2013/08/06 19:52:56 | 000,050,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Web Layers\updater.exe -- (WebUpdater)
SRV - [2013/05/20 22:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.4.0.40\ccSvcHst.exe -- (N360)
SRV - [2013/05/13 20:09:12 | 000,270,624 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2012/10/05 09:08:42 | 000,109,064 | ---- | M] (Wajam) [On_Demand | Stopped] -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater)
SRV - [2012/03/05 12:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011/12/06 15:00:14 | 000,214,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2011/09/13 16:49:46 | 001,098,296 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv)
SRV - [2011/05/20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011/03/07 18:43:30 | 002,375,168 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010/12/22 14:25:02 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/22 14:24:58 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/11/26 08:09:12 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/03 00:45:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/06/17 20:44:12 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/05/22 23:25:28 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symefa64.sys -- (SymEFA)
DRV:64bit: - [2013/05/20 23:02:00 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symds64.sys -- (SymDS)
DRV:64bit: - [2013/05/15 23:02:14 | 000,796,760 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013/04/24 18:43:56 | 000,433,752 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symnets.sys -- (SymNetS)
DRV:64bit: - [2013/04/15 20:41:14 | 000,169,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\ccsetx64.sys -- (ccSet_N360)
DRV:64bit: - [2013/03/04 19:40:08 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\ironx64.sys -- (SymIRON)
DRV:64bit: - [2013/03/04 19:21:35 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/10 22:49:52 | 000,535,040 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/12/10 22:48:09 | 012,289,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/12/02 22:14:24 | 001,448,496 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/12/02 22:12:32 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/11/27 21:42:54 | 001,145,960 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2011/07/20 21:51:05 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/07/20 21:51:05 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/05/20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/04/08 13:25:18 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2010/11/20 21:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 21:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 21:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 18:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 03:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/07/28 10:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 18:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 15:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 15:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 15:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 14:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 14:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2014/01/24 12:27:37 | 000,521,944 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\IPSDefs\20140128.001\IDSviA64.sys -- (IDSVia64)
DRV - [2013/12/17 18:32:10 | 001,526,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\BASHDefs\20140121.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/11/21 20:02:55 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013/11/21 20:02:55 | 000,137,648 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/09/09 20:35:18 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20140128.008\ex64.sys -- (NAVEX15)
DRV - [2013/09/09 20:35:18 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20140128.008\eng64.sys -- (NAVENG)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{A23BCA6B-F4E6-44B3-ACD1-D91681B0BD3C}: "URL" = http://www.amazon.co...s={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
IE - HKLM\..\URLSearchHook: {07cbf788-1359-421b-a4e3-5a8d041b90a3} - SOFTWARE\Classes\CLSID\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\InprocServer32 File not found
IE - HKLM\..\URLSearchHook: {2421d847-721c-404f-87b4-bbd2b95d1087} - C:\Program Files (x86)\SocialSearchBar_App\prxtbSoc0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {393AD2BB-3960-4B42-8866-F2C95F6CC2F1}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/...q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{A23BCA6B-F4E6-44B3-ACD1-D91681B0BD3C}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-21-872590564-2947245251-117410151-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKU\S-1-5-21-872590564-2947245251-117410151-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-872590564-2947245251-117410151-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/...q={searchTerms}
IE - HKU\S-1-5-21-872590564-2947245251-117410151-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/...q={searchTerms}
IE - HKU\S-1-5-21-872590564-2947245251-117410151-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...A5C9A0837&SSPV=
IE - HKU\S-1-5-21-872590564-2947245251-117410151-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/...q={searchTerms}
IE - HKU\S-1-5-21-872590564-2947245251-117410151-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/...q={searchTerms}
IE - HKU\S-1-5-21-872590564-2947245251-117410151-1000\..\URLSearchHook: {07cbf788-1359-421b-a4e3-5a8d041b90a3} - SOFTWARE\Classes\CLSID\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\InprocServer32 File not found
IE - HKU\S-1-5-21-872590564-2947245251-117410151-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-872590564-2947245251-117410151-1000\..\SearchScopes,DefaultScope = {393AD2BB-3960-4B42-8866-F2C95F6CC2F1}
IE - HKU\S-1-5-21-872590564-2947245251-117410151-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/...q={searchTerms}
IE - HKU\S-1-5-21-872590564-2947245251-117410151-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-872590564-2947245251-117410151-1000\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKU\S-1-5-21-872590564-2947245251-117410151-1000\..\SearchScopes\{323ACA27-081D-42B1-8955-F80AC4437337}: "URL" = http://websearch.ask...D-A2566872D4DC
IE - HKU\S-1-5-21-872590564-2947245251-117410151-1000\..\SearchScopes\{393AD2BB-3960-4B42-8866-F2C95F6CC2F1}: "URL" = http://search.condui...1327662978&UM=2
IE - HKU\S-1-5-21-872590564-2947245251-117410151-1000\..\SearchScopes\{A23BCA6B-F4E6-44B3-ACD1-D91681B0BD3C}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKU\S-1-5-21-872590564-2947245251-117410151-1000\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKU\S-1-5-21-872590564-2947245251-117410151-1000\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKU\S-1-5-21-872590564-2947245251-117410151-1000\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKU\S-1-5-21-872590564-2947245251-117410151-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Mozilla FireFox\extensions\[email protected] [2012/12/06 09:34:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\coFFPlgn\ [2014/01/28 21:27:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\IPSFF [2013/10/11 22:07:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\UnfriendApp\Firefox\ [2012/10/23 08:48:46 | 000,000,000 | ---D | M]

[2012/12/06 09:34:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla FireFox\extensions
[2012/12/06 09:34:41 | 000,000,000 | ---D | M] (InfoAtoms) -- C:\Program Files (x86)\Mozilla FireFox\extensions\[email protected]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: Vafmusic2 = C:\Users\sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.22.3.518_0\
CHR - Extension: Vafmusic2 = C:\Users\sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.22.3.518_0\nativeMessaging\nmHost
CHR - Extension: Vafmusic2 = C:\Users\sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.22.5.510_0\
CHR - Extension: Vafmusic2 = C:\Users\sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.22.5.510_0\nativeMessaging\nmHost
CHR - Extension: Vafmusic2 = C:\Users\sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.23.0.822_0\
CHR - Extension: Vafmusic2 = C:\Users\sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.23.0.822_0\nativeMessaging\nmHost
CHR - Extension: Vafmusic2 = C:\Users\sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.26.0.540_0\
CHR - Extension: Vafmusic2 = C:\Users\sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.26.0.540_0\nativeMessaging\nmHost
CHR - Extension: Vafmusic2 = C:\Users\sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.26.0.540_1\
CHR - Extension: Vafmusic2 = C:\Users\sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.26.0.540_1\nativeMessaging\nmHost
CHR - Extension: Vafmusic2 = C:\Users\sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.26.0.540_2\
CHR - Extension: Vafmusic2 = C:\Users\sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.26.0.540_2\nativeMessaging\nmHost
CHR - Extension: Vafmusic2 = C:\Users\sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.26.2.507_0\
CHR - Extension: Vafmusic2 = C:\Users\sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.26.2.507_0\nativeMessaging\nmHost
CHR - Extension: Adblock Plus = C:\Users\sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_0\
CHR - Extension: Adblock Plus = C:\Users\sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.7.2_0\
CHR - Extension: Web Layers = C:\Users\sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghdomkkcnldpmfcefiaaahchgoinofkb\1.0.0_0\
CHR - Extension: InfoAtoms = C:\Users\sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhbgpoakplhahbklhkcfbpicgjcaoglk\1.4.0.0_0\
CHR - Extension: Wajam = C:\Users\sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\
CHR - Extension: Wajam = C:\Users\sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.32_0\
CHR - Extension: Wajam = C:\Users\sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.34_0\
CHR - Extension: Norton Identity Protection = C:\Users\sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.3.4_0\
CHR - Extension: Norton Identity Protection = C:\Users\sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.5.2_0\
CHR - Extension: InternetHelper3.1 = C:\Users\sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.22.2.530_0\
CHR - Extension: InternetHelper3.1 = C:\Users\sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.22.2.530_0\nativeMessaging\nmHost
CHR - Extension: InternetHelper3.1 = C:\Users\sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.22.3.518_0\
CHR - Extension: InternetHelper3.1 = C:\Users\sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.22.3.518_0\nativeMessaging\nmHost
CHR - Extension: InternetHelper3.1 = C:\Users\sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.22.5.510_0\
CHR - Extension: InternetHelper3.1 = C:\Users\sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.22.5.510_0\nativeMessaging\nmHost
CHR - Extension: InternetHelper3.1 = C:\Users\sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.23.0.822_0\
CHR - Extension: InternetHelper3.1 = C:\Users\sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.23.0.822_0\nativeMessaging\nmHost
CHR - Extension: InternetHelper3.1 = C:\Users\sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.26.0.540_0\
CHR - Extension: InternetHelper3.1 = C:\Users\sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.26.0.540_0\nativeMessaging\nmHost
CHR - Extension: InternetHelper3.1 = C:\Users\sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.26.0.540_1\
CHR - Extension: InternetHelper3.1 = C:\Users\sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.26.0.540_1\nativeMessaging\nmHost
CHR - Extension: InternetHelper3.1 = C:\Users\sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.26.0.540_2\
CHR - Extension: InternetHelper3.1 = C:\Users\sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.26.0.540_2\nativeMessaging\nmHost
CHR - Extension: InternetHelper3.1 = C:\Users\sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.26.2.507_0\
CHR - Extension: InternetHelper3.1 = C:\Users\sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.26.2.507_0\nativeMessaging\nmHost
CHR - Extension: Facebook Notifications = C:\Users\sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmameahlembdcigphohgiodcgjomcgeo\1.27_0\
CHR - Extension: Google Wallet = C:\Users\sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Google Wallet = C:\Users\sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Google Wallet = C:\Users\sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (FreePriceAlerts) - {A7C0A55C-300E-4193-8FB5-5DB8E6533D35} - C:\Program Files (x86)\FreePriceAlerts\win64\vbobho.dll File not found
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (InternetHelper3.1 Toolbar) - {07cbf788-1359-421b-a4e3-5a8d041b90a3} - C:\Program Files (x86)\InternetHelper3.1\prxtbInte.dll File not found
O2 - BHO: (InfoAtoms) - {103089DA-0F31-4A8B-843F-7D24A7FE8345} - C:\Program Files (x86)\InfoAtoms\IE32\InfoAtomsClientIE.dll (InfoAtoms Inc.)
O2 - BHO: (SocialSearchBar_App Toolbar) - {2421d847-721c-404f-87b4-bbd2b95d1087} - C:\Program Files (x86)\SocialSearchBar_App\prxtbSoc0.dll (Conduit Ltd.)
O2 - BHO: (UnfriendApp) - {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - C:\Program Files (x86)\UnfriendApp\IE\common.dll (UnfriendApp)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Web Layers) - {976d7863-9e6c-4066-8c67-0993db9de35f} - C:\Program Files (x86)\Web Layers\IEClient.dll (Web Layers)
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (FreePriceAlerts) - {A7C0A55C-300E-4193-8FB5-5DB8E6533D35} - C:\Program Files (x86)\FreePriceAlerts\vbobho.dll File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O2 - BHO: (Fast Free Converter 4.1) - {F5580E24-8416-4DFD-90B3-078D4EDF4FCB} - C:\PROGRA~2\FASTFR~1\FASTFR~1\FASTFR~1.DLL File not found
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (InternetHelper3.1 Toolbar) - {07cbf788-1359-421b-a4e3-5a8d041b90a3} - C:\Program Files (x86)\InternetHelper3.1\prxtbInte.dll File not found
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (SocialSearchBar_App Toolbar) - {2421d847-721c-404f-87b4-bbd2b95d1087} - C:\Program Files (x86)\SocialSearchBar_App\prxtbSoc0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKU\S-1-5-21-872590564-2947245251-117410151-1000\..\Toolbar\WebBrowser: (InternetHelper3.1 Toolbar) - {07CBF788-1359-421B-A4E3-5A8D041B90A3} - C:\Program Files (x86)\InternetHelper3.1\prxtbInte.dll File not found
O3 - HKU\S-1-5-21-872590564-2947245251-117410151-1000\..\Toolbar\WebBrowser: (SocialSearchBar_App Toolbar) - {2421D847-721C-404F-87B4-BBD2B95D1087} - C:\Program Files (x86)\SocialSearchBar_App\prxtbSoc0.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.)
O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" File not found
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPQuickWebProxy] C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-872590564-2947245251-117410151-1000..\Run: [NextLive] C:\Users\sherry\AppData\Roaming\newnext.me\nengine.dll (NewNextDotMe)
O4 - HKU\S-1-5-21-872590564-2947245251-117410151-1000..\Run: [TBHostSupport] C:\Users\sherry\AppData\Local\TBHostSupport\TBHostSupport_0.dll (Conduit Ltd.)
O4 - HKU\S-1-5-21-872590564-2947245251-117410151-1000..\Run: [Web Desktop] C:\Users\sherry\AppData\Roaming\Web Layers\desktop.exe (Microsoft)
O4 - HKU\.DEFAULT..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect" File not found
O4 - HKU\S-1-5-18..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect" File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\S-1-5-21-872590564-2947245251-117410151-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-872590564-2947245251-117410151-1000\..Trusted Domains: //@surf.mar@/ ([]money in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5C5E964C-8B58-4A1A-809E-3BDF9E376A90}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll (Conduit)
O20 - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll (Conduit)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{32c73757-cd69-11e1-ba99-78e3b55edd25}\Shell - "" = AutoRun
O33 - MountPoints2\{32c73757-cd69-11e1-ba99-78e3b55edd25}\Shell\AutoRun\command - "" = G:\MotoCastSetup.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\MotoCastSetup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/28 21:53:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\sherry\Desktop\OTL.exe
[2014/01/26 19:51:51 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/01/26 19:50:50 | 000,000,000 | ---D | C] -- C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
[2014/01/24 18:29:41 | 000,000,000 | ---D | C] -- C:\MATS
[2014/01/13 19:42:58 | 000,000,000 | ---D | C] -- C:\Users\sherry\.android
[2014/01/13 19:42:56 | 000,000,000 | ---D | C] -- C:\Users\sherry\AppData\Local\cache
[2014/01/13 19:42:51 | 000,000,000 | ---D | C] -- C:\Users\sherry\AppData\Roaming\newnext.me
[2014/01/13 19:42:51 | 000,000,000 | ---D | C] -- C:\Users\sherry\Documents\Mobogenie
[2014/01/13 19:42:51 | 000,000,000 | ---D | C] -- C:\Users\sherry\AppData\Local\Mobogenie
[2014/01/13 19:42:51 | 000,000,000 | ---D | C] -- C:\Users\sherry\AppData\Local\genienext
[2014/01/13 19:42:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mobogenie
[2014/01/13 19:42:11 | 000,000,000 | ---D | C] -- C:\Users\sherry\Documents\Optimizer Pro
[2014/01/09 22:54:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Software Updater
[2014/01/09 22:54:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Software Updater
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/01/28 23:38:39 | 000,000,512 | ---- | M] () -- C:\Users\sherry\Desktop\MBR.dat
[2014/01/28 23:16:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/28 23:11:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/28 23:08:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/28 22:35:12 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/01/28 22:16:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/28 21:53:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\sherry\Desktop\OTL.exe
[2014/01/28 21:33:57 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/28 21:33:57 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/28 21:32:28 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/01/28 21:32:28 | 000,624,412 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/01/28 21:32:28 | 000,106,756 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/01/28 21:30:26 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForsherry.job
[2014/01/28 21:25:54 | 3180,220,416 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/26 19:54:27 | 000,002,217 | ---- | M] () -- C:\Users\sherry\Desktop\HP Support Assistant.lnk
[2014/01/24 12:03:45 | 000,275,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/01/13 19:43:32 | 000,002,279 | ---- | M] () -- C:\Users\sherry\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/01/10 08:43:08 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSHERRY-HP$.job
[2014/01/09 22:54:13 | 000,001,116 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftwareUpdater.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/01/28 23:38:39 | 000,000,512 | ---- | C] () -- C:\Users\sherry\Desktop\MBR.dat
[2014/01/26 19:54:26 | 000,002,217 | ---- | C] () -- C:\Users\sherry\Desktop\HP Support Assistant.lnk
[2014/01/09 22:54:13 | 000,001,116 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftwareUpdater.lnk
[2013/06/29 16:00:26 | 000,000,258 | RHS- | C] () -- C:\Users\sherry\ntuser.pol

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 20:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/11/25 20:23:44 | 000,000,000 | ---D | M] -- C:\Users\sherry\AppData\Roaming\Blio
[2012/02/10 09:09:41 | 000,000,000 | ---D | M] -- C:\Users\sherry\AppData\Roaming\Motorola
[2014/01/28 21:26:33 | 000,000,000 | ---D | M] -- C:\Users\sherry\AppData\Roaming\newnext.me
[2012/02/02 17:31:10 | 000,000,000 | ---D | M] -- C:\Users\sherry\AppData\Roaming\RIFT
[2014/01/24 18:29:23 | 000,000,000 | ---D | M] -- C:\Users\sherry\AppData\Roaming\Strongvault
[2011/11/25 19:10:29 | 000,000,000 | ---D | M] -- C:\Users\sherry\AppData\Roaming\Synaptics
[2014/01/28 21:26:23 | 000,000,000 | ---D | M] -- C:\Users\sherry\AppData\Roaming\Web Layers
[2011/12/13 03:45:03 | 000,000,000 | ---D | M] -- C:\Users\sherry\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/07/20 21:49:29 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/07/20 21:49:29 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/07/20 21:49:29 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/07/20 21:49:29 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 21:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/07/20 21:49:29 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/07/20 21:49:29 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 21:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: SERVICES >
[2009/06/10 15:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.CFG >
[2012/09/23 20:43:36 | 000,603,848 | R--- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744BA0000000010\11.0.0\services.cfg
[2013/12/21 00:04:16 | 000,559,392 | ---- | M] () MD5=F9FBA73F44366AB3514BD1985707F178 -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Services\Services.cfg

< MD5 for: SERVICES.EXE >
[2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2010/11/21 01:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Users\sherry\AppData\Local\Temp\services.exe.mui
[2010/11/21 01:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2010/11/21 01:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/13 22:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 22:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 14:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 14:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2010/11/21 01:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 14:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2010/11/21 01:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 15:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2010/11/21 01:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 14:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2010/11/21 01:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 15:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 14:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 14:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SERVICES.WEBSPECTATOR[1].XML >
[2014/01/24 19:04:56 | 000,000,013 | ---- | M] () MD5=C1DDEA3EF6BBEF3E7060A1A9AD89E4C5 -- C:\Users\sherry\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\6U3HAPTR\services.webspectator[1].xml

< MD5 for: SVCHOST.EXE >
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 21:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 21:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 21:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 21:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 21:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 21:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is EA25-A1D1
Directory of C:\
07/13/2009 11:08 PM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
07/13/2009 11:08 PM <JUNCTION> Application Data [C:\ProgramData]
07/13/2009 11:08 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/13/2009 11:08 PM <JUNCTION> Documents [C:\Users\Public\Documents]
07/13/2009 11:08 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/13/2009 11:08 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009 11:08 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
07/13/2009 11:08 PM <SYMLINKD> All Users [C:\ProgramData]
07/13/2009 11:08 PM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
07/13/2009 11:08 PM <JUNCTION> Application Data [C:\ProgramData]
07/13/2009 11:08 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/13/2009 11:08 PM <JUNCTION> Documents [C:\Users\Public\Documents]
07/13/2009 11:08 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/13/2009 11:08 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009 11:08 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/13/2009 11:08 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
07/13/2009 11:08 PM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/13/2009 11:08 PM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
07/13/2009 11:08 PM <JUNCTION> My Documents [C:\Users\Default\Documents]
07/13/2009 11:08 PM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/13/2009 11:08 PM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/13/2009 11:08 PM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/13/2009 11:08 PM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/13/2009 11:08 PM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/13/2009 11:08 PM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/13/2009 11:08 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
07/13/2009 11:08 PM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/13/2009 11:08 PM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/13/2009 11:08 PM <JUNCTION> My Music [C:\Users\Default\Music]
07/13/2009 11:08 PM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
07/13/2009 11:08 PM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
07/13/2009 11:08 PM <JUNCTION> My Music [C:\Users\Public\Music]
07/13/2009 11:08 PM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/13/2009 11:08 PM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\sherry
11/25/2011 06:59 PM <JUNCTION> Application Data [C:\Users\sherry\AppData\Roaming]
11/25/2011 06:59 PM <JUNCTION> Cookies [C:\Users\sherry\AppData\Roaming\Microsoft\Windows\Cookies]
11/25/2011 06:59 PM <JUNCTION> Local Settings [C:\Users\sherry\AppData\Local]
11/25/2011 06:59 PM <JUNCTION> My Documents [C:\Users\sherry\Documents]
11/25/2011 06:59 PM <JUNCTION> NetHood [C:\Users\sherry\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
11/25/2011 06:59 PM <JUNCTION> PrintHood [C:\Users\sherry\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
11/25/2011 06:59 PM <JUNCTION> Recent [C:\Users\sherry\AppData\Roaming\Microsoft\Windows\Recent]
11/25/2011 06:59 PM <JUNCTION> SendTo [C:\Users\sherry\AppData\Roaming\Microsoft\Windows\SendTo]
11/25/2011 06:59 PM <JUNCTION> Start Menu [C:\Users\sherry\AppData\Roaming\Microsoft\Windows\Start Menu]
11/25/2011 06:59 PM <JUNCTION> Templates [C:\Users\sherry\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\sherry\AppData\Local
11/25/2011 06:59 PM <JUNCTION> Application Data [C:\Users\sherry\AppData\Local]
11/25/2011 06:59 PM <JUNCTION> History [C:\Users\sherry\AppData\Local\Microsoft\Windows\History]
11/25/2011 06:59 PM <JUNCTION> Temporary Internet Files [C:\Users\sherry\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\sherry\Documents
11/25/2011 06:59 PM <JUNCTION> My Music [C:\Users\sherry\Music]
11/25/2011 06:59 PM <JUNCTION> My Pictures [C:\Users\sherry\Pictures]
11/25/2011 06:59 PM <JUNCTION> My Videos [C:\Users\sherry\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
50 Dir(s) 410,807,959,552 bytes free

========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:373E1720

< End of report >




OTL Extras logfile created on: 1/28/2014 10:02:16 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\sherry\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.95 Gb Total Physical Memory | 2.57 Gb Available Physical Memory | 65.03% Memory free
7.90 Gb Paging File | 6.29 Gb Available in Paging File | 79.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 447.34 Gb Total Space | 383.04 Gb Free Space | 85.63% Space Free | Partition Type: NTFS
Drive D: | 14.26 Gb Total Space | 1.59 Gb Free Space | 11.14% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 1.08 Gb Free Space | 27.23% Space Free | Partition Type: FAT32

Computer Name: SHERRY-HP | User Name: sherry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-872590564-2947245251-117410151-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files (x86)\File Type Helper\FileTypeHelper.exe "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files (x86)\File Type Helper\FileTypeHelper.exe "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0780AE68-F839-4F71-A496-D9C9D378F41F}" = lport=137 | protocol=17 | dir=in | app=system |
"{16B28660-48B8-4128-845B-38FD3417F583}" = lport=10243 | protocol=6 | dir=in | app=system |
"{1F04C736-47D5-45C3-8889-B3EB43A45A8B}" = lport=138 | protocol=17 | dir=in | app=system |
"{3748F9DA-E1DF-4ABA-AB34-230498D82441}" = rport=138 | protocol=17 | dir=out | app=system |
"{3F5B29F2-C454-42B9-B344-6A72D5CDDB25}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4F09FA68-2F49-47D3-9F67-78E15A0AAE19}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{54177E0B-DCD4-47E5-9370-78B4568403F4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{579266CA-C6DB-49C7-8A35-6382C3336A15}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{644888DA-EEE8-42D5-88FD-38E670E33A86}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{64B54A5C-966F-43E7-8CE6-DB72790F1218}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{756936AC-1026-4E60-AA18-0BEB955C749E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{893B1365-0A6A-4B19-B0DF-564B0D6C0716}" = lport=445 | protocol=6 | dir=in | app=system |
"{8F68A775-23EA-4159-94BB-68F48B81D758}" = rport=10243 | protocol=6 | dir=out | app=system |
"{95ACD133-9B07-47C5-B50B-A7BE575159E0}" = rport=445 | protocol=6 | dir=out | app=system |
"{9BE25292-1143-4272-9DAA-9272FA4CE5CA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A67E19EC-B2C5-4EEA-8316-E8B249C0B436}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AD20CCA8-20AA-433B-83CC-48DC2A86F774}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B4629ACA-EAD1-4396-A0E9-635578E47F00}" = rport=137 | protocol=17 | dir=out | app=system |
"{B965653A-0703-4EA7-806C-C4DA291BFE7C}" = lport=139 | protocol=6 | dir=in | app=system |
"{D03515CD-36B1-44E6-9C6B-AA6A310C4023}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{F0F67055-947A-44F7-97C5-BC77B6F238D3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FA3A9426-C52B-4ED4-B492-BF690194D8E3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FABE7E1D-40D7-499E-84FB-E62CBBD5ECF5}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05FD51C0-D349-4E83-BFA4-4818FF26B18D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{120D33D3-44F7-47BF-A83D-7A1A36B33E85}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{18F727DD-45EF-4BA0-B1C0-F688CBE7FC61}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1CCEBBF0-81F3-407D-9D60-98886A97FC78}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe |
"{2A1DBE1C-0D35-4073-9D35-62688E6193FE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{322097DF-880C-4D83-AF60-7FE164CB6196}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{33CEDAB6-00D3-4F3F-AE56-0F35D93D8A5F}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{3CD00C4D-006E-4BA2-A1FA-9015646CCF36}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{46362F0D-20BD-45C4-88DC-DEF7EECC2B82}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{492BAFA0-CC6F-4CEA-8FBC-F699FE1A42A4}" = protocol=58 | dir=in | [email protected],-28545 |
"{598A8582-E438-40E4-AD1D-457EEE28A30B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5B116E05-CA44-4A1C-8B70-25C45608EB24}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{602BFADD-EFE5-4E1B-BB07-35B7004B5FBA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6ED9BE41-9C2D-4CFC-B319-8FA5FA0E40E3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{76803800-D980-4A5F-ADC3-9D5E10F08260}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe |
"{79BE6A49-F2DC-4EB3-AD57-72DC6E7E8E8E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7B26D5AA-38D7-45E2-BDB2-1B90A47FC83D}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{8188AAAA-CC0F-4D94-B1BC-F2DFC8AB0A93}" = protocol=1 | dir=out | [email protected],-28544 |
"{89BD027F-B46D-4231-A2F9-D8A03C11E9D0}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{9DAF29AC-EBF7-4736-A984-C457544C397F}" = protocol=1 | dir=in | [email protected],-28543 |
"{A07EF93C-8B43-470A-9783-631D212D70D5}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe |
"{A9D0FCB7-1D0C-4778-84E9-AE25B66EE99B}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{B11328D0-2FCD-4F5D-BB33-CE3BA19DD4CC}" = protocol=58 | dir=out | [email protected],-28546 |
"{B6FDA580-1505-4D23-AE78-DF73ADDC746C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BECC85C1-1E33-4445-AA90-5C94C8CB7A11}" = protocol=6 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
"{BFBFB24C-8871-4FFB-8FA7-FC6E49F717A9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C8C85879-4AFB-4130-AE1C-0DF80255BFF1}" = protocol=6 | dir=out | app=system |
"{C95755A3-1104-4968-8841-A995514391F8}" = protocol=17 | dir=in | app=c:\users\sherry\appdata\local\temp\sweetimsetup_20130620.exe |
"{D53191E9-102F-4159-9C87-F0A1AE5D21EC}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DD21E7D7-B57D-4D19-8199-F03550143278}" = protocol=6 | dir=in | app=c:\users\sherry\appdata\local\temp\sweetimsetup_20130620.exe |
"{DD9DCBC0-D723-4C69-9F9F-EBFA83F33C40}" = dir=in | app=c:\users\sherry\appdata\local\gcc\controller.exe |
"{DFDBA119-84A0-41FF-B069-C57AF8A9EAB2}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe |
"{F33E2DC5-A2E4-48C3-B790-F08A7FED8798}" = protocol=17 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
"{F45DEDF5-DAC4-40E6-8209-3553ADAC8D86}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5A847522-375C-4D05-BD3D-88C450CC047F}" = HP Launch Box
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{7D220A57-969F-4D09-9297-D48195A8ABDD}" = HP Deskjet 3050 J610 series Basic Device Software
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{860B418B-F90B-465A-BC1D-04B518045C72}" = HP Deskjet 3050 J610 series Product Improvement Study
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B0C6CCC9-0BAB-4636-A06F-B43B6FBC25DF}" = Motorola Mobile Drivers Installation 5.4.0
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics TouchPad Driver
"Web Layers" = Web Layers 3.0.0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5036764A-435D-40C9-869C-31085A3D741D}" = HP Setup
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{53B17A98-5BF0-40BC-AAFF-850A357975AC}" = HP Quick Launch
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.2.3
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8B52057C-15DB-433E-957C-E279BC7D07E3}" = HP QuickWeb
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{962CB079-85E6-405F-8704-1C62365AE46F}" = HP Software Framework
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4123-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{AEDA8713-5521-4600-9AC2-81674A9EDC4F}" = Blio
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B65FCAA5-F3A6-4B3F-ABEE-CBC2B085796B}" = HP Connection Manager
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
"{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}" = HP Power Manager
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager
"{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}" = Internet Explorer Toolbar 4.8 by SweetPacks
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}" = HP Support Assistant
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E56E5D38-5972-420A-9BAF-0F84471E0142}" = HP Documentation
"{E96CAA2A-0244-4A2A-8403-0C3C9534778B}" = ESU for Microsoft Windows 7 SP1
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}" = HP Deskjet 3050 J610 series Help
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF6DD716-7B10-4269-9F19-FFB07AC4CD95}" = Bing Bar
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Google Chrome" = Google Chrome
"HP Photo Creations" = HP Photo Creations
"InfoAtoms" = InfoAtoms
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
"InternetHelper3.1 Toolbar" = InternetHelper3.1 Toolbar
"McAfee Security Scan" = McAfee Security Scan Plus
"MotoHelper" = MotoHelper 2.1.32 Driver 5.4.0
"N360" = Norton 360 Premier Edition
"SearchProtect" = Search Protect
"SocialSearchBar_App Toolbar" = SocialSearchBar_App Toolbar
"Software Updater_is1" = Software Updater version 1.8.3
"UnfriendApp" = UnfriendApp
"Wajam" = Wajam
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WTA-0815ccda-dc62-4613-b89a-381ce59b66d9" = Chuzzle Deluxe
"WTA-0fa3a419-bbe4-49d3-8ec5-b47b423e7432" = Mystery of Mortlake Mansion
"WTA-117120d9-dabe-4481-a071-c14a2bdb8bec" = FATE
"WTA-1c449dc6-856d-4f43-af80-7b4c52ec7077" = Slingo Supreme
"WTA-2bc60d80-c4f6-4ac9-b41b-19d989e36e78" = Penguins!
"WTA-2ecc600e-baca-498d-bbbe-3a7ee62253b7" = Polar Bowler
"WTA-2f67bf99-2386-462d-857b-711998be121d" = Cradle of Rome 2
"WTA-351ed7de-619a-4ccf-9e5e-e48b96bc552e" = Blasterball 3
"WTA-3cbcb228-dc9b-4bc4-92d3-4f4998bb9022" = Chronicles of Albian
"WTA-64fe7da2-a23b-40a2-8b9f-7c5b99e1c3a8" = Agatha Christie - Peril at End House
"WTA-713a647c-42e7-4c1f-bd8e-184d7e2aa27b" = Virtual Villagers 5 - New Believers
"WTA-772bad45-b4fb-43bf-b9f8-4af394d837a0" = Farm Frenzy
"WTA-7bb13454-e7af-4c95-a8e2-a8d905517919" = Plants vs. Zombies - Game of the Year
"WTA-8ce79824-8b2c-402c-bb32-a906e0111dc8" = Bejeweled 3
"WTA-8dc9463a-9618-4937-a552-a51a3f229a37" = Mah Jong Medley
"WTA-8e9b51e6-0464-417e-90e8-81f17d229747" = Jewel Quest: The Sleepless Star - Collector's Edition
"WTA-9438a424-dc9b-49af-9865-5dfbbe841200" = Polar Golfer
"WTA-99829259-94f1-41a3-b1c1-de9e35ccd100" = Zuma Deluxe
"WTA-9bdfc44f-6371-4c74-9bd0-54879bd93941" = Poker Superstars III
"WTA-9f3242c8-7254-4ee8-b847-ba5040f4163b" = Governor of Poker 2 Premium Edition
"WTA-ad96fb30-9fc5-4f0c-ad34-4a35ea95cc57" = Namco All-Stars: PAC-MAN
"WTA-c78f41fb-c293-4267-9d63-c147f2eb2910" = Blackhawk Striker 2
"WTA-d2aa2e8a-c241-4dd9-bf55-fda0b0aadef8" = Bounce Symphony
"WTA-da02f56b-9e3e-4995-b2ab-8c987d2b70c0" = Cake Mania
"WTA-e1790771-83ef-477d-91f7-cad91dd344d9" = Vacation Quest - The Hawaiian Islands

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-872590564-2947245251-117410151-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/9/2013 10:13:18 PM | Computer Name = sherry-HP | Source = WinMgmt | ID = 10
Description =

Error - 11/9/2013 10:23:16 PM | Computer Name = sherry-HP | Source = Windows Backup | ID = 4103
Description =

Error - 11/11/2013 11:40:51 AM | Computer Name = sherry-HP | Source = Windows Backup | ID = 4103
Description =

Error - 11/13/2013 7:21:05 PM | Computer Name = sherry-HP | Source = WinMgmt | ID = 10
Description =

Error - 11/15/2013 8:41:34 AM | Computer Name = sherry-HP | Source = WinMgmt | ID = 10
Description =

Error - 11/16/2013 10:01:48 AM | Computer Name = sherry-HP | Source = WinMgmt | ID = 10
Description =

Error - 11/19/2013 7:50:57 PM | Computer Name = sherry-HP | Source = WinMgmt | ID = 10
Description =

Error - 11/21/2013 9:41:16 PM | Computer Name = sherry-HP | Source = WinMgmt | ID = 10
Description =

Error - 11/21/2013 9:51:00 PM | Computer Name = sherry-HP | Source = Windows Backup | ID = 4103
Description =

Error - 11/25/2013 1:11:14 PM | Computer Name = sherry-HP | Source = Windows Backup | ID = 4103
Description =

Error - 11/28/2013 10:11:25 AM | Computer Name = sherry-HP | Source = WinMgmt | ID = 10
Description =

[ Hewlett-Packard Events ]
Error - 5/13/2012 10:27:31 PM | Computer Name = sherry-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 5/13/2012 10:28:17 PM | Computer Name = sherry-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 5/17/2012 11:36:10 PM | Computer Name = sherry-HP | Source = hpsa_service.exe | ID = 2000
Description =

Error - 5/17/2012 11:36:14 PM | Computer Name = sherry-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 5/27/2012 7:27:03 PM | Computer Name = sherry-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 5/27/2012 7:28:40 PM | Computer Name = sherry-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 7/6/2012 2:26:48 AM | Computer Name = sherry-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 7/19/2012 12:01:36 AM | Computer Name = sherry-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 9/19/2012 10:00:31 AM | Computer Name = sherry-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 12/16/2012 10:47:57 PM | Computer Name = sherry-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Message:
Object reference not set to an instance of an object. StackTrace: at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Source:
HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program
Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 4043
Ram
Utilization: 50 TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()


[ HP Connection Manager Events ]
Error - 1/24/2014 8:54:49 PM | Computer Name = sherry-HP | Source = hpCMSrv | ID = 5
Description = 2014/01/24 18:54:49.565|00000B60|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 1/24/2014 8:54:50 PM | Computer Name = sherry-HP | Source = hpCMSrv | ID = 5
Description = 2014/01/24 18:54:50.626|00000B60|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 1/24/2014 8:54:52 PM | Computer Name = sherry-HP | Source = hpCMSrv | ID = 5
Description = 2014/01/24 18:54:52.576|00000B60|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 1/24/2014 8:55:05 PM | Computer Name = sherry-HP | Source = hpCMSrv | ID = 5
Description = 2014/01/24 18:55:05.617|00000B60|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 1/24/2014 8:56:04 PM | Computer Name = sherry-HP | Source = hpCMSrv | ID = 5
Description = 2014/01/24 18:56:04.484|00000B60|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 1/24/2014 8:56:07 PM | Computer Name = sherry-HP | Source = hpCMSrv | ID = 5
Description = 2014/01/24 18:56:07.851|00000B60|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 1/26/2014 4:18:22 PM | Computer Name = sherry-HP | Source = hpCMSrv | ID = 5
Description = 2014/01/26 14:18:22.933|00001B5C|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 1/26/2014 4:18:41 PM | Computer Name = sherry-HP | Source = hpCMSrv | ID = 5
Description = 2014/01/26 14:18:41.433|00001B5C|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 1/26/2014 11:44:41 PM | Computer Name = sherry-HP | Source = hpCMSrv | ID = 5
Description = 2014/01/26 21:44:41.764|00000A34|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 1/26/2014 11:44:43 PM | Computer Name = sherry-HP | Source = hpCMSrv | ID = 5
Description = 2014/01/26 21:44:43.636|00000A34|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

[ HP Software Framework Events ]
Error - 4/22/2012 11:57:53 PM | Computer Name = sherry-HP | Source = CaslWmi | ID = 5
Description = 2012/04/22 22:57:53.807|00000170|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 5/8/2012 10:40:19 PM | Computer Name = sherry-HP | Source = CaslWmi | ID = 5
Description = 2012/05/08 21:40:19.698|00000EA4|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 5/8/2012 10:41:47 PM | Computer Name = sherry-HP | Source = CaslWmi | ID = 5
Description = 2012/05/08 21:41:47.728|000017C8|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 5/8/2012 10:41:53 PM | Computer Name = sherry-HP | Source = CaslWmi | ID = 5
Description = 2012/05/08 21:41:53.730|00001784|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 5/8/2012 10:42:00 PM | Computer Name = sherry-HP | Source = CaslWmi | ID = 5
Description = 2012/05/08 21:42:00.737|00001498|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 6/24/2012 7:24:04 AM | Computer Name = sherry-HP | Source = CaslSmBios | ID = 5
Description = 2012/06/24 06:24:04.490|00001638|Error |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
occurred in querying WMI for WmiMonitorBrightness: 'Not supported '

Error - 6/24/2012 7:25:16 AM | Computer Name = sherry-HP | Source = CaslSmBios | ID = 5
Description = 2012/06/24 06:25:15.936|000014F8|Error |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
occurred in querying WMI for WmiMonitorBrightness: 'Not supported '

Error - 8/19/2012 6:57:48 PM | Computer Name = sherry-HP | Source = CaslSmBios | ID = 5
Description = 2012/08/19 17:57:48.633|000009A8|Error |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
occurred in querying WMI for WmiMonitorBrightness: 'Not supported '

Error - 8/19/2012 6:59:14 PM | Computer Name = sherry-HP | Source = CaslSmBios | ID = 5
Description = 2012/08/19 17:59:14.077|00001358|Error |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
occurred in querying WMI for WmiMonitorBrightness: 'Not supported '

Error - 10/6/2012 10:29:03 AM | Computer Name = sherry-HP | Source = CaslSmBios | ID = 5
Description = 2012/10/06 09:29:03.575|00001378|Error |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
occurred in querying WMI for WmiMonitorBrightness: 'Not supported '

[ Media Center Events ]
Error - 1/20/2012 10:41:44 PM | Computer Name = sherry-HP | Source = MCUpdate | ID = 0
Description = 8:41:44 PM - Failed to retrieve Broadband (Error: Unable to connect
to the remote server)

Error - 1/24/2012 11:14:05 PM | Computer Name = sherry-HP | Source = MCUpdate | ID = 0
Description = 9:14:03 PM - Failed to retrieve Broadband (Error: Unable to connect
to the remote server)

Error - 2/3/2012 6:18:20 PM | Computer Name = sherry-HP | Source = MCUpdate | ID = 0
Description = 4:18:19 PM - Failed to retrieve SportsV2 (Error: Unable to connect
to the remote server)

Error - 2/27/2012 8:19:57 PM | Computer Name = sherry-HP | Source = MCUpdate | ID = 0
Description = 6:19:32 PM - Failed to retrieve SportsV2 (Error: Unable to connect
to the remote server)

Error - 3/4/2012 8:39:14 AM | Computer Name = sherry-HP | Source = MCUpdate | ID = 0
Description = 6:38:53 AM - Failed to retrieve SportsV2 (Error: Unable to connect
to the remote server)

Error - 3/5/2012 9:39:56 AM | Computer Name = sherry-HP | Source = MCUpdate | ID = 0
Description = 7:39:56 AM - Failed to retrieve SportsSchedule (Error: Unable to connect
to the remote server)

Error - 3/11/2012 12:03:55 AM | Computer Name = sherry-HP | Source = MCUpdate | ID = 0
Description = 10:03:55 PM - Failed to retrieve SportsV2 (Error: Unable to connect
to the remote server)

Error - 3/20/2012 9:55:56 PM | Computer Name = sherry-HP | Source = MCUpdate | ID = 0
Description = 8:55:55 PM - Failed to retrieve SportsV2 (Error: Unable to connect
to the remote server)

Error - 3/24/2012 11:00:40 PM | Computer Name = sherry-HP | Source = MCUpdate | ID = 0
Description = 10:00:40 PM - Failed to retrieve NetTV (Error: Unable to connect to
the remote server)

Error - 3/26/2012 10:04:56 PM | Computer Name = sherry-HP | Source = MCUpdate | ID = 0
Description = 9:04:27 PM - Failed to retrieve SportsV2 (Error: Unable to connect
to the remote server)

[ System Events ]
Error - 8/21/2013 9:13:31 PM | Computer Name = sherry-HP | Source = Service Control Manager | ID = 7000
Description = The Computer Backup (MyPC Backup) service failed to start due to the
following error: %%1053

Error - 8/21/2013 9:13:31 PM | Computer Name = sherry-HP | Source = Service Control Manager | ID = 7000
Description = The FastFreeConverterUpdt service failed to start due to the following
error: %%2

Error - 8/21/2013 9:14:18 PM | Computer Name = sherry-HP | Source = DCOM | ID = 10016
Description =

Error - 8/21/2013 9:14:36 PM | Computer Name = sherry-HP | Source = bowser | ID = 8003
Description =

Error - 8/27/2013 1:28:52 PM | Computer Name = sherry-HP | Source = Service Control Manager | ID = 7000
Description = The FastFreeConverterUpdt service failed to start due to the following
error: %%2

Error - 8/27/2013 1:39:11 PM | Computer Name = sherry-HP | Source = bowser | ID = 8003
Description =

Error - 8/27/2013 1:40:26 PM | Computer Name = sherry-HP | Source = DCOM | ID = 10005
Description =

Error - 8/27/2013 1:40:26 PM | Computer Name = sherry-HP | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Microsoft
Software Shadow Copy Provider service to connect.

Error - 8/27/2013 1:40:26 PM | Computer Name = sherry-HP | Source = Service Control Manager | ID = 7000
Description = The Microsoft Software Shadow Copy Provider service failed to start
due to the following error: %%1053

Error - 8/27/2013 2:47:35 PM | Computer Name = sherry-HP | Source = Service Control Manager | ID = 7000
Description = The FastFreeConverterUpdt service failed to start due to the following
error: %%2


< End of report >



aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-01-28 23:13:49
-----------------------------
23:13:49.756 OS Version: Windows x64 6.1.7601 Service Pack 1
23:13:49.757 Number of processors: 2 586 0x2A07
23:13:49.757 ComputerName: SHERRY-HP UserName: sherry
23:13:52.869 Initialize success
23:15:40.886 AVAST engine defs: 14012801
23:15:47.144 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:15:47.148 Disk 0 Vendor: SAMSUNG_ 2AJ1 Size: 476940MB BusType: 3
23:15:47.316 Disk 0 MBR read successfully
23:15:47.322 Disk 0 MBR scan
23:15:47.333 Disk 0 Windows 7 default MBR code
23:15:47.358 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
23:15:47.365 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 458075 MB offset 409600
23:15:47.399 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 14601 MB offset 938547200
23:15:47.412 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 4063 MB offset 968450048
23:15:47.500 Disk 0 scanning C:\Windows\system32\drivers
23:15:59.114 Service scanning
23:16:24.170 Modules scanning
23:16:24.189 Disk 0 trace - called modules:
23:16:24.220 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
23:16:24.225 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800715f370]
23:16:24.230 3 CLASSPNP.SYS[fffff88001e0843f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004a30050]
23:16:24.922 AVAST engine scan C:\Windows
23:16:26.896 AVAST engine scan C:\Windows\system32
23:19:26.128 AVAST engine scan C:\Windows\system32\drivers
23:19:47.327 AVAST engine scan C:\Users\sherry
23:27:15.828 AVAST engine scan C:\ProgramData
23:29:10.194 Scan finished successfully
23:38:39.904 Disk 0 MBR has been saved successfully to "C:\Users\sherry\Desktop\MBR.dat"
23:38:39.909 The log file has been saved successfully to "C:\Users\sherry\Desktop\aswMBR.txt"
  • 0

#7
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Hello, we have some work to do, so let's get started. :)

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Windows Sidebar and Program Uninstalls


Windows Fix It

You have Windows Sidebar running on your machine and it is known to have some security problems. Microsoft Corporation has an article about these issues, and you can read it by clicking here . Please disable it by using Fix It.

You can download Fix It by clicking here.


Program Uninstalls


There are several programs on your machine that need uninstalling. The programs in question are some of the infections on your machine. Please follow the instructions below to remove the programs.


  • Open Programs and Features by clicking the Start button, then Control Panel, then click Programs, and then click Programs and Features, and then choose Uninstall a Program.
  • Select a program, and then click Uninstall. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
  • If one of the programs in the list below isn't in your list of installed programs, don't worry about it, move on to the next one.


Programs to Uninstall

InfoAtoms

Web Layers 3.0.0

InternetHelper3.1 Toolbar

Search Protect

SocialSearchBar_App Toolbar

Software Updater version 1.8.3

UnfriendApp

Wajam



Step 2: Uninstall Chrome Extensions


There are some extensions in Chrome that need to be removed, please follow the instructions below to remove them.

Start Chrome and type this into the address bar: chrome:extensions

This will display a page of all the installed extensions. Please remove the extensions in the list below by clicking the trash can icon beside each one.

If one of the extensions I've asked you to remove is not listed, don't worry about it. Just move on to the next one in the list. :)


Extensions to Uninstall


Vafmusic2

InfoAtoms

Web Layers

Wajam

Internet Helper 3.1


Step 3: OTL Fix


Let's run an OTL fix:

Warning: This fix is to be used on this system and this system ONLY. Using this fix on any other machine other than yours can seriously damage it.

Be advised that when the fix commences, it will shut down all running processes and you may lose the desktop and icons, they will return on reboot.

Run OTL by double clicking it (Windows Vista, Windows 7, and 8, right click and select "Run as Administrator)

  • Copy the text in the quote box below (do not copy the word "quote") and paste in the in the box marked Custom Scans/Fixes as shown in the graphic below.

Posted Image

:Commands
[createrestorepoint]

:OTL
SRV - [2014/01/20 04:59:56 | 002,301,216 | ---- | M] (Conduit) [Auto | Running] -- C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe -- (CltMngSvc)
SRV - [2012/10/05 09:08:42 | 000,109,064 | ---- | M] (Wajam) [On_Demand | Stopped] -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater)
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKLM\..\URLSearchHook: {07cbf788-1359-421b-a4e3-5a8d041b90a3} - SOFTWARE\Classes\CLSID\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\InprocServer32 File not found
IE - HKLM\..\URLSearchHook: {2421d847-721c-404f-87b4-bbd2b95d1087} - C:\Program Files (x86)\SocialSearchBar_App\prxtbSoc0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {393AD2BB-3960-4B42-8866-F2C95F6CC2F1}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/...q={searchTerms}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKU\S-1-5-21-872590564-2947245251-117410151-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/...q={searchTerms}
IE - HKU\S-1-5-21-872590564-2947245251-117410151-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/...q={searchTerms}
IE - HKU\S-1-5-21-872590564-2947245251-117410151-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...A5C9A0837&SSPV=
IE - HKU\S-1-5-21-872590564-2947245251-117410151-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/...q={searchTerms}
IE - HKU\S-1-5-21-872590564-2947245251-117410151-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/...q={searchTerms}
IE - HKU\S-1-5-21-872590564-2947245251-117410151-1000\..\URLSearchHook: {07cbf788-1359-421b-a4e3-5a8d041b90a3} - SOFTWARE\Classes\CLSID\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\InprocServer32 File not found
IE - HKU\S-1-5-21-872590564-2947245251-117410151-1000\..\SearchScopes,DefaultScope = {393AD2BB-3960-4B42-8866-F2C95F6CC2F1}
IE - HKU\S-1-5-21-872590564-2947245251-117410151-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/...q={searchTerms}
IE - HKU\S-1-5-21-872590564-2947245251-117410151-1000\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKU\S-1-5-21-872590564-2947245251-117410151-1000\..\SearchScopes\{323ACA27-081D-42B1-8955-F80AC4437337}: "URL" = http://websearch.ask...D-A2566872D4DC
IE - HKU\S-1-5-21-872590564-2947245251-117410151-1000\..\SearchScopes\{393AD2BB-3960-4B42-8866-F2C95F6CC2F1}: "URL" = http://search.condui...1327662978&UM=2
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Mozilla FireFox\extensions\[email protected] [2012/12/06 09:34:41 | 000,000,000 | ---D | M]
[2012/12/06 09:34:41 | 000,000,000 | ---D | M] (InfoAtoms) -- C:\Program Files (x86)\Mozilla FireFox\extensions\[email protected]
O2:64bit: - BHO: (FreePriceAlerts) - {A7C0A55C-300E-4193-8FB5-5DB8E6533D35} - C:\Program Files (x86)\FreePriceAlerts\win64\vbobho.dll File not found
O2 - BHO: (InternetHelper3.1 Toolbar) - {07cbf788-1359-421b-a4e3-5a8d041b90a3} - C:\Program Files (x86)\InternetHelper3.1\prxtbInte.dll File not found
O2 - BHO: (InfoAtoms) - {103089DA-0F31-4A8B-843F-7D24A7FE8345} - C:\Program Files (x86)\InfoAtoms\IE32\InfoAtomsClientIE.dll (InfoAtoms Inc.)
O2 - BHO: (SocialSearchBar_App Toolbar) - {2421d847-721c-404f-87b4-bbd2b95d1087} - C:\Program Files (x86)\SocialSearchBar_App\prxtbSoc0.dll (Conduit Ltd.)
O2 - BHO: (UnfriendApp) - {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - C:\Program Files (x86)\UnfriendApp\IE\common.dll (UnfriendApp)
O2 - BHO: (Web Layers) - {976d7863-9e6c-4066-8c67-0993db9de35f} - C:\Program Files (x86)\Web Layers\IEClient.dll (Web Layers)
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (FreePriceAlerts) - {A7C0A55C-300E-4193-8FB5-5DB8E6533D35} - C:\Program Files (x86)\FreePriceAlerts\vbobho.dll File not found
O2 - BHO: (Fast Free Converter 4.1) - {F5580E24-8416-4DFD-90B3-078D4EDF4FCB} - C:\PROGRA~2\FASTFR~1\FASTFR~1\FASTFR~1.DLL File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (InternetHelper3.1 Toolbar) - {07cbf788-1359-421b-a4e3-5a8d041b90a3} - C:\Program Files (x86)\InternetHelper3.1\prxtbInte.dll File not found
O3 - HKLM\..\Toolbar: (SocialSearchBar_App Toolbar) - {2421d847-721c-404f-87b4-bbd2b95d1087} - C:\Program Files (x86)\SocialSearchBar_App\prxtbSoc0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKU\S-1-5-21-872590564-2947245251-117410151-1000\..\Toolbar\WebBrowser: (InternetHelper3.1 Toolbar) - {07CBF788-1359-421B-A4E3-5A8D041B90A3} - C:\Program Files (x86)\InternetHelper3.1\prxtbInte.dll File not found
O3 - HKU\S-1-5-21-872590564-2947245251-117410151-1000\..\Toolbar\WebBrowser: (SocialSearchBar_App Toolbar) - {2421D847-721C-404F-87B4-BBD2B95D1087} - C:\Program Files (x86)\SocialSearchBar_App\prxtbSoc0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" File not found
O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe ()
O4 - HKU\S-1-5-21-872590564-2947245251-117410151-1000..\Run: [NextLive] C:\Users\sherry\AppData\Roaming\newnext.me\nengine.dll (NewNextDotMe)
O4 - HKU\S-1-5-21-872590564-2947245251-117410151-1000..\Run: [TBHostSupport] C:\Users\sherry\AppData\Local\TBHostSupport\TBHostSupport_0.dll (Conduit Ltd.)
O4 - HKU\S-1-5-21-872590564-2947245251-117410151-1000..\Run: [Web Desktop] C:\Users\sherry\AppData\Roaming\Web Layers\desktop.exe (Microsoft)
O4 - HKU\.DEFAULT..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect" File not found
O4 - HKU\S-1-5-18..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect" File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-872590564-2947245251-117410151-1000\..Trusted Domains: //@surf.mar@/ ([]money in Local intranet)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll (Conduit)
O20 - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll (Conduit)
[2014/01/13 19:42:51 | 000,000,000 | ---D | C] -- C:\Users\sherry\AppData\Roaming\newnext.me
[2014/01/13 19:42:51 | 000,000,000 | ---D | C] -- C:\Users\sherry\Documents\Mobogenie
[2014/01/13 19:42:51 | 000,000,000 | ---D | C] -- C:\Users\sherry\AppData\Local\Mobogenie
[2014/01/13 19:42:51 | 000,000,000 | ---D | C] -- C:\Users\sherry\AppData\Local\genienext
[2014/01/13 19:42:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mobogenie
[2014/01/13 19:42:11 | 000,000,000 | ---D | C] -- C:\Users\sherry\Documents\Optimizer Pro
[2014/01/09 22:54:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Software Updater
[2014/01/09 22:54:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Software Updater
[2014/01/28 21:26:23 | 000,000,000 | ---D | M] -- C:\Users\sherry\AppData\Roaming\Web Layers

:Files
C:\Users\sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko
C:\Users\sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghdomkkcnldpmfcefiaaahchgoinofkb
C:\Users\sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhbgpoakplhahbklhkcfbpicgjcaoglk
C:\Users\sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
C:\Users\sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim
C:\Users\sherry\AppData\Local\NativeMessaging
C:\Program Files (x86)\SearchProtect
netsh advfirewall reset /c
netsh advfirewall set allprofiles state on /c


:Commands
[emptytemp]
[resethosts]



  • Click the Run Fix button at the top of the OTL control panel.
  • Let the program run until it's finished and then reboot the computer.
  • Once your machine has rebooted, a log will open. Please post that log in your next reply.

If you have any problems, questions, or need further explanation, please post a message in this thread and I will get back to you asap.



Step 4: AdwCleaner


Download ADWcleaner by clicking here. Please save it to your Desktop


Posted Image

  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, "Pending, uncheck elements you don't want to remove."
    click the Clean button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
  • Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.
This report is also saved at C:\AdwCleaner[R0].txt

Step 5: Junkware Removal Tool


Posted Image Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


Step 6: OTL Quick Scan


  • Start OTL and this time click the Quick Scan button
  • OTL will scan your system and produce one log when finished.
  • Please post that log in your next reply.


Things I need to see in your next post:


OTL Fix Log

AdwCleaner Log

Junkware Removal Tool Log

OTL Quick Scan Log

  • 0

#8
rustyhutto

rustyhutto

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
OK lets see if I got it right this time.

OTL fix:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Error: No service named CltMngSvc was found to stop!
Service\Driver key CltMngSvc not found.
File C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe not found.
Error: No service named WajamUpdater was found to stop!
Service\Driver key WajamUpdater not found.
File C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{07cbf788-1359-421b-a4e3-5a8d041b90a3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{2421d847-721c-404f-87b4-bbd2b95d1087} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2421d847-721c-404f-87b4-bbd2b95d1087}\ not found.
File C:\Program Files (x86)\SocialSearchBar_App\prxtbSoc0.dll not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
HKU\S-1-5-21-872590564-2947245251-117410151-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-21-872590564-2947245251-117410151-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKU\S-1-5-21-872590564-2947245251-117410151-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-872590564-2947245251-117410151-1000\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKU\S-1-5-21-872590564-2947245251-117410151-1000\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-872590564-2947245251-117410151-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{07cbf788-1359-421b-a4e3-5a8d041b90a3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\ not found.
HKEY_USERS\S-1-5-21-872590564-2947245251-117410151-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-872590564-2947245251-117410151-1000\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
Registry key HKEY_USERS\S-1-5-21-872590564-2947245251-117410151-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_USERS\S-1-5-21-872590564-2947245251-117410151-1000\Software\Microsoft\Internet Explorer\SearchScopes\{323ACA27-081D-42B1-8955-F80AC4437337}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{323ACA27-081D-42B1-8955-F80AC4437337}\ not found.
Registry key HKEY_USERS\S-1-5-21-872590564-2947245251-117410151-1000\Software\Microsoft\Internet Explorer\SearchScopes\{393AD2BB-3960-4B42-8866-F2C95F6CC2F1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{393AD2BB-3960-4B42-8866-F2C95F6CC2F1}\ not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected] not found.
File C:\Program Files (x86)\Mozilla FireFox\extensions\[email protected] not found.
Folder C:\Program Files (x86)\Mozilla FireFox\extensions\[email protected]\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7C0A55C-300E-4193-8FB5-5DB8E6533D35}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7C0A55C-300E-4193-8FB5-5DB8E6533D35}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{103089DA-0F31-4A8B-843F-7D24A7FE8345}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{103089DA-0F31-4A8B-843F-7D24A7FE8345}\ not found.
File C:\Program Files (x86)\InfoAtoms\IE32\InfoAtomsClientIE.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2421d847-721c-404f-87b4-bbd2b95d1087}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2421d847-721c-404f-87b4-bbd2b95d1087}\ not found.
File C:\Program Files (x86)\SocialSearchBar_App\prxtbSoc0.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44ed99e2-16a6-4b89-80d6-5b21cf42e78b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44ed99e2-16a6-4b89-80d6-5b21cf42e78b}\ not found.
File C:\Program Files (x86)\UnfriendApp\IE\common.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{976d7863-9e6c-4066-8c67-0993db9de35f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{976d7863-9e6c-4066-8c67-0993db9de35f}\ not found.
File C:\Program Files (x86)\Web Layers\IEClient.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}\ not found.
File C:\Program Files (x86)\Wajam\IE\priam_bho.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7C0A55C-300E-4193-8FB5-5DB8E6533D35}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7C0A55C-300E-4193-8FB5-5DB8E6533D35}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5580E24-8416-4DFD-90B3-078D4EDF4FCB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F5580E24-8416-4DFD-90B3-078D4EDF4FCB}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{07cbf788-1359-421b-a4e3-5a8d041b90a3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2421d847-721c-404f-87b4-bbd2b95d1087} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2421d847-721c-404f-87b4-bbd2b95d1087}\ not found.
File C:\Program Files (x86)\SocialSearchBar_App\prxtbSoc0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-872590564-2947245251-117410151-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{07CBF788-1359-421B-A4E3-5A8D041B90A3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07CBF788-1359-421B-A4E3-5A8D041B90A3}\ not found.
Registry value HKEY_USERS\S-1-5-21-872590564-2947245251-117410151-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2421D847-721C-404F-87B4-BBD2B95D1087} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2421D847-721C-404F-87B4-BBD2B95D1087}\ not found.
File C:\Program Files (x86)\SocialSearchBar_App\prxtbSoc0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\mobilegeni daemon deleted successfully.
C:\Program Files (x86)\Mobogenie\DaemonProcess.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-872590564-2947245251-117410151-1000\Software\Microsoft\Windows\CurrentVersion\Run\\NextLive deleted successfully.
C:\Users\sherry\AppData\Roaming\newnext.me\nengine.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-872590564-2947245251-117410151-1000\Software\Microsoft\Windows\CurrentVersion\Run\\TBHostSupport deleted successfully.
C:\Users\sherry\AppData\Local\TBHostSupport\TBHostSupport_0.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-872590564-2947245251-117410151-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Web Desktop not found.
File C:\Users\sherry\AppData\Roaming\Web Layers\desktop.exe not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-872590564-2947245251-117410151-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//@surf.mar@/\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll deleted successfully.
File C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll deleted successfully.
File C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll not found.
C:\Users\sherry\AppData\Roaming\newnext.me\cache folder moved successfully.
C:\Users\sherry\AppData\Roaming\newnext.me folder moved successfully.
C:\Users\sherry\Documents\Mobogenie folder moved successfully.
C:\Users\sherry\AppData\Local\Mobogenie\Version\OldVersion folder moved successfully.
C:\Users\sherry\AppData\Local\Mobogenie\Version\NewVersion folder moved successfully.
C:\Users\sherry\AppData\Local\Mobogenie\Version\CacheVersion folder moved successfully.
C:\Users\sherry\AppData\Local\Mobogenie\Version folder moved successfully.
C:\Users\sherry\AppData\Local\Mobogenie\driver folder moved successfully.
C:\Users\sherry\AppData\Local\Mobogenie\Download\Video folder moved successfully.
C:\Users\sherry\AppData\Local\Mobogenie\Download\Picture folder moved successfully.
C:\Users\sherry\AppData\Local\Mobogenie\Download\Music folder moved successfully.
C:\Users\sherry\AppData\Local\Mobogenie\Download\Apk folder moved successfully.
C:\Users\sherry\AppData\Local\Mobogenie\Download folder moved successfully.
C:\Users\sherry\AppData\Local\Mobogenie\device folder moved successfully.
C:\Users\sherry\AppData\Local\Mobogenie\Data folder moved successfully.
C:\Users\sherry\AppData\Local\Mobogenie\backup folder moved successfully.
C:\Users\sherry\AppData\Local\Mobogenie folder moved successfully.
C:\Users\sherry\AppData\Local\genienext folder moved successfully.
C:\Program Files (x86)\Mobogenie folder moved successfully.
C:\Users\sherry\Documents\Optimizer Pro folder moved successfully.
Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Software Updater\ not found.
Folder C:\Program Files (x86)\Software Updater\ not found.
Folder C:\Users\sherry\AppData\Roaming\Web Layers\ not found.
========== FILES ==========
File\Folder C:\Users\sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko not found.
File\Folder C:\Users\sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghdomkkcnldpmfcefiaaahchgoinofkb not found.
File\Folder C:\Users\sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhbgpoakplhahbklhkcfbpicgjcaoglk not found.
File\Folder C:\Users\sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp not found.
File\Folder C:\Users\sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim not found.
C:\Users\sherry\AppData\Local\NativeMessaging\CT3289663\1_0_0_9 folder moved successfully.
C:\Users\sherry\AppData\Local\NativeMessaging\CT3289663\1_0_0_6 folder moved successfully.
C:\Users\sherry\AppData\Local\NativeMessaging\CT3289663\1_0_0_4 folder moved successfully.
C:\Users\sherry\AppData\Local\NativeMessaging\CT3289663\1_0_0_2 folder moved successfully.
C:\Users\sherry\AppData\Local\NativeMessaging\CT3289663\1_0_0_10 folder moved successfully.
C:\Users\sherry\AppData\Local\NativeMessaging\CT3289663 folder moved successfully.
C:\Users\sherry\AppData\Local\NativeMessaging folder moved successfully.
File\Folder C:\Program Files (x86)\SearchProtect not found.
< netsh advfirewall reset /c >
Ok.
C:\Users\sherry\Desktop\cmd.bat deleted successfully.
C:\Users\sherry\Desktop\cmd.txt deleted successfully.
< netsh advfirewall set allprofiles state on /c >
Ok.
C:\Users\sherry\Desktop\cmd.bat deleted successfully.
C:\Users\sherry\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: sherry
->Temp folder emptied: 5411561 bytes
->Temporary Internet Files folder emptied: 606 bytes
->Java cache emptied: 29764 bytes
->Google Chrome cache emptied: 10859152 bytes
->Flash cache emptied: 2258 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42287513 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 56.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 02012014_111043

Files\Folders moved on Reboot...
File\Folder C:\Users\sherry\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File move failed. C:\Users\sherry\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...




ADWCleaner log:

# AdwCleaner v3.018 - Report created 01/02/2014 at 11:20:43
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : sherry - SHERRY-HP
# Running from : C:\Users\sherry\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : FastFreeConverterUpdt

***** [ Files / Folders ] *****

Folder Deleted : C:\Searchprotect
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Fast Free Converter
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\SweetIM
Folder Deleted : C:\Windows\SysWOW64\Searchprotect
Folder Deleted : C:\Users\sherry\AppData\Local\Conduit
Folder Deleted : C:\Users\sherry\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\sherry\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\sherry\AppData\LocalLow\Fast Free Converter
Folder Deleted : C:\Users\sherry\AppData\LocalLow\internethelper3.1
Folder Deleted : C:\Users\sherry\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\sherry\AppData\Roaming\strongvault
File Deleted : C:\END
File Deleted : C:\Users\Public\Desktop\eBay.lnk

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3239904
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289663
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3294791
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07CBF788-1359-421B-A4E3-5A8D041B90A3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{103089DA-0F31-4A8B-843F-7D24A7FE8345}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F5580E24-8416-4DFD-90B3-078D4EDF4FCB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07CBF788-1359-421B-A4E3-5A8D041B90A3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{103089DA-0F31-4A8B-843F-7D24A7FE8345}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F5580E24-8416-4DFD-90B3-078D4EDF4FCB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8D86EF42-CB7C-433F-9628-210E40FEEEE5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{05DB8A6D-4F58-4EF9-BA5E-AB1193F50C86}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\smartbar
Key Deleted : HKCU\Software\SoftwareUpdater
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKCU\Software\AppDataLow\Software\InternetHelper3.1
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Fast Free Converter
Key Deleted : HKLM\Software\InfoAtoms
Key Deleted : HKLM\Software\InternetHelper3.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Google Chrome v32.0.1700.102

[ File : C:\Users\sherry\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [7851 octets] - [01/02/2014 11:19:37]
AdwCleaner[S0].txt - [6854 octets] - [01/02/2014 11:20:43]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6914 octets] ##########



JUNKWARE removal log:


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Home Premium x64
Ran by sherry on Sat 02/01/2014 at 11:28:31.73
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{976D7863-9E6C-4066-8C67-0993DB9DE35F}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{976D7863-9E6C-4066-8C67-0993DB9DE35F}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-872590564-2947245251-117410151-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\caphyon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\strongvaultapp_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\strongvaultapp_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\prompt_installer-conduit_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\prompt_installer-conduit_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dealcabby-20120921_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dealcabby-20120921_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\prompt_installer-conduit_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\prompt_installer-conduit_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dealcabby-20120921_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dealcabby-20120921_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A23BCA6B-F4E6-44B3-ACD1-D91681B0BD3C}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{A23BCA6B-F4E6-44B3-ACD1-D91681B0BD3C}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\strongvault online backup"
Successfully deleted: [Folder] "C:\Users\sherry\appdata\local\cre"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
Successfully deleted: [Folder] "C:\ai_recyclebin"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\sherry\appdata\local\{01148E1D-CACA-40F6-AB48-F7165C47E3C3}
Successfully deleted: [Empty Folder] C:\Users\sherry\appdata\local\{0358CDE2-9F32-421F-B01D-05E9BA7B0AA6}
Successfully deleted: [Empty Folder] C:\Users\sherry\appdata\local\{0F0C32AB-9A00-4ECC-A23A-C1115FFDCBDF}
Successfully deleted: [Empty Folder] C:\Users\sherry\appdata\local\{104FC89E-E1AA-4E26-8C59-2669D3B49091}
Successfully deleted: [Empty Folder] C:\Users\sherry\appdata\local\{14BCC512-38D4-4D58-ABC4-F31CF2CCF112}
Successfully deleted: [Empty Folder] C:\Users\sherry\appdata\local\{18DFECB2-54BA-4413-9565-48802F7B5D35}
Successfully deleted: [Empty Folder] C:\Users\sherry\appdata\local\{48FBF33F-AF46-4DC2-B333-4E7A7FA186B2}
Successfully deleted: [Empty Folder] C:\Users\sherry\appdata\local\{4CBB1E33-5B3F-47CC-938F-19FF13C5C713}
Successfully deleted: [Empty Folder] C:\Users\sherry\appdata\local\{6086226F-7EAA-494C-B908-5A5818398DAD}
Successfully deleted: [Empty Folder] C:\Users\sherry\appdata\local\{7E3E3C65-79B2-4F80-81C5-66CF7D954194}
Successfully deleted: [Empty Folder] C:\Users\sherry\appdata\local\{865418BD-F72B-4173-A554-8E76E09E98E7}
Successfully deleted: [Empty Folder] C:\Users\sherry\appdata\local\{8662F1D8-C0EF-4B00-8943-82DF403AB012}
Successfully deleted: [Empty Folder] C:\Users\sherry\appdata\local\{87D8848F-EF11-4F7C-B518-AF5544ECBF5F}
Successfully deleted: [Empty Folder] C:\Users\sherry\appdata\local\{88DFBF86-D1E4-48D0-9200-5E2CC086332E}
Successfully deleted: [Empty Folder] C:\Users\sherry\appdata\local\{961CD3DB-1EED-4DE9-B8E9-31A395BBDEE3}
Successfully deleted: [Empty Folder] C:\Users\sherry\appdata\local\{97BBDA57-D84F-4C82-BC77-341F3D09D0F6}
Successfully deleted: [Empty Folder] C:\Users\sherry\appdata\local\{9AD8D9E7-8246-4860-8135-C6F58EF14A98}
Successfully deleted: [Empty Folder] C:\Users\sherry\appdata\local\{A102A47F-CB8E-4F1C-B2EE-D551F6A75D5D}
Successfully deleted: [Empty Folder] C:\Users\sherry\appdata\local\{A5D04FAD-F982-420A-BAD6-4870C8BF9F33}
Successfully deleted: [Empty Folder] C:\Users\sherry\appdata\local\{A874F82B-6561-4575-904C-3989117F1301}
Successfully deleted: [Empty Folder] C:\Users\sherry\appdata\local\{B0329F9F-35E9-401F-A132-4396F19B9348}
Successfully deleted: [Empty Folder] C:\Users\sherry\appdata\local\{B9CE6092-07B1-4749-83BF-E6B86FD6BF3C}
Successfully deleted: [Empty Folder] C:\Users\sherry\appdata\local\{D1690CBB-137B-4BA0-9FBA-DEE9BF3E7ECC}
Successfully deleted: [Empty Folder] C:\Users\sherry\appdata\local\{D1737E29-10E2-4744-8E6D-963CB976D04F}
Successfully deleted: [Empty Folder] C:\Users\sherry\appdata\local\{EBDB0457-B1B8-4435-9A1F-AFFED11AACAC}
Successfully deleted: [Empty Folder] C:\Users\sherry\appdata\local\{EBE81A98-9237-4179-9B8E-BE034590537C}
Successfully deleted: [Empty Folder] C:\Users\sherry\appdata\local\{F5C8D748-46FB-4B05-A9D7-E042B68A0BB5}



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 02/01/2014 at 11:35:40.59
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




OTL Quick scan log:


OTL logfile created on: 2/1/2014 11:38:34 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\sherry\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.95 Gb Total Physical Memory | 2.54 Gb Available Physical Memory | 64.24% Memory free
7.90 Gb Paging File | 6.35 Gb Available in Paging File | 80.48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 447.34 Gb Total Space | 380.74 Gb Free Space | 85.11% Space Free | Partition Type: NTFS
Drive D: | 14.26 Gb Total Space | 1.59 Gb Free Space | 11.14% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 1.08 Gb Free Space | 27.23% Space Free | Partition Type: FAT32

Computer Name: SHERRY-HP | User Name: sherry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/28 21:53:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\sherry\Desktop\OTL.exe
PRC - [2013/12/21 00:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/12/16 19:34:22 | 000,247,968 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.EXE
PRC - [2013/12/16 19:34:22 | 000,193,696 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.EXE
PRC - [2013/05/20 22:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.4.0.40\ccsvchst.exe
PRC - [2013/05/13 20:09:12 | 000,270,624 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2012/03/05 12:38:38 | 000,578,944 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2012/03/05 12:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2011/12/06 15:00:14 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2011/12/06 15:00:14 | 000,214,896 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2011/09/13 16:49:46 | 001,098,296 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
PRC - [2011/08/19 14:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2011/06/28 03:41:08 | 000,168,504 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
PRC - [2011/06/15 18:58:28 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/05/20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/05/20 10:10:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/12/22 14:25:02 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/12/22 14:24:58 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/11/26 08:09:12 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/13 07:55:04 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2013/10/13 07:54:22 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll
MOD - [2013/10/13 07:54:00 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
MOD - [2013/09/11 22:53:42 | 011,914,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\6ebbfafc5521934f7e1c154937a2788b\System.Web.ni.dll
MOD - [2013/09/11 22:53:24 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll
MOD - [2013/08/20 13:04:31 | 000,492,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\97ce162bb354fcf9c8d9eae8252ee216\IAStorUtil.ni.dll
MOD - [2013/08/20 12:57:56 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/20 12:57:39 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/20 12:57:34 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/07/19 05:41:42 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\22d36f517c7545fdb65ccddae680a3eb\IAStorCommon.ni.dll
MOD - [2013/07/15 21:39:22 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2012/05/30 08:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.4.0.40\wincfi39.dll
MOD - [2011/12/06 15:00:14 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe


========== Services (SafeList) ==========

SRV:64bit: - [2013/11/26 03:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/09/06 11:32:06 | 000,288,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe -- (McComponentHostService)
SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/12/10 22:49:52 | 000,305,152 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/10/11 03:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2013/12/21 00:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/12/16 19:34:22 | 000,247,968 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.EXE -- (BBUpdate)
SRV - [2013/12/16 19:34:22 | 000,193,696 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.EXE -- (BBSvc)
SRV - [2013/12/10 21:11:40 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/11/04 18:31:56 | 000,092,160 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2013/05/20 22:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.4.0.40\ccSvcHst.exe -- (N360)
SRV - [2013/05/13 20:09:12 | 000,270,624 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2012/03/05 12:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011/12/06 15:00:14 | 000,214,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2011/09/13 16:49:46 | 001,098,296 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv)
SRV - [2011/05/20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011/03/07 18:43:30 | 002,375,168 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010/12/22 14:25:02 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/22 14:24:58 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/11/26 08:09:12 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/06/17 20:44:12 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/05/22 23:25:28 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symefa64.sys -- (SymEFA)
DRV:64bit: - [2013/05/20 23:02:00 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symds64.sys -- (SymDS)
DRV:64bit: - [2013/05/15 23:02:14 | 000,796,760 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013/04/24 18:43:56 | 000,433,752 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symnets.sys -- (SymNetS)
DRV:64bit: - [2013/04/15 20:41:14 | 000,169,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\ccsetx64.sys -- (ccSet_N360)
DRV:64bit: - [2013/03/04 19:40:08 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\ironx64.sys -- (SymIRON)
DRV:64bit: - [2013/03/04 19:21:35 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/10 22:49:52 | 000,535,040 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/12/10 22:48:09 | 012,289,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/12/02 22:14:24 | 001,448,496 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/12/02 22:12:32 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/11/27 21:42:54 | 001,145,960 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2011/07/20 21:51:05 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/07/20 21:51:05 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/05/20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/04/08 13:25:18 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2010/11/20 21:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 21:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 21:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 18:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 03:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/07/28 10:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 18:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 15:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 15:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 15:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 14:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 14:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2014/01/29 03:51:57 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20140131.002\ex64.sys -- (NAVEX15)
DRV - [2014/01/29 03:51:57 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20140131.002\eng64.sys -- (NAVENG)
DRV - [2014/01/24 12:27:37 | 000,521,944 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\IPSDefs\20140131.001\IDSviA64.sys -- (IDSVia64)
DRV - [2013/12/17 18:32:10 | 001,526,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\BASHDefs\20140121.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/11/21 20:02:55 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013/11/21 20:02:55 | 000,137,648 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{A23BCA6B-F4E6-44B3-ACD1-D91681B0BD3C}: "URL" = http://www.amazon.co...s={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\coFFPlgn\ [2014/02/01 11:24:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\IPSFF [2013/10/11 22:07:06 | 000,000,000 | ---D | M]

[2014/02/01 10:55:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla FireFox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: Adblock Plus = C:\Users\sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.7.4_0\
CHR - Extension: Norton Identity Protection = C:\Users\sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.7.3_0\
CHR - Extension: Facebook Notifications = C:\Users\sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmameahlembdcigphohgiodcgjomcgeo\1.27_0\
CHR - Extension: Google Wallet = C:\Users\sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\

O1 HOSTS File: ([2014/02/01 11:11:28 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPQuickWebProxy] C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O1364bit: - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5C5E964C-8B58-4A1A-809E-3BDF9E376A90}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{32c73757-cd69-11e1-ba99-78e3b55edd25}\Shell - "" = AutoRun
O33 - MountPoints2\{32c73757-cd69-11e1-ba99-78e3b55edd25}\Shell\AutoRun\command - "" = G:\MotoCastSetup.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\MotoCastSetup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/02/01 11:28:29 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/02/01 11:18:30 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/02/01 11:11:12 | 000,000,000 | ---D | C] -- C:\Users\sherry\AppData\Roaming\newnext.me
[2014/02/01 11:10:43 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/01/29 13:14:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2014/01/29 13:14:13 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2014/01/28 21:53:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\sherry\Desktop\OTL.exe
[2014/01/26 19:50:50 | 000,000,000 | ---D | C] -- C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
[2014/01/24 18:29:41 | 000,000,000 | ---D | C] -- C:\MATS
[2014/01/13 19:42:58 | 000,000,000 | ---D | C] -- C:\Users\sherry\.android
[2014/01/13 19:42:56 | 000,000,000 | ---D | C] -- C:\Users\sherry\AppData\Local\cache

========== Files - Modified Within 30 Days ==========

[2014/02/01 11:34:37 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForsherry.job
[2014/02/01 11:29:45 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/01 11:29:45 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/01 11:27:12 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/02/01 11:27:12 | 000,624,412 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/02/01 11:27:12 | 000,106,756 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/02/01 11:22:49 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/01 11:22:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/01 11:22:18 | 3180,220,416 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/01 11:16:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/01 11:11:28 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2014/02/01 11:11:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/29 13:14:15 | 000,001,931 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2014/01/28 23:38:39 | 000,000,512 | ---- | M] () -- C:\Users\sherry\Desktop\MBR.dat
[2014/01/28 22:35:12 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/01/28 21:53:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\sherry\Desktop\OTL.exe
[2014/01/26 19:54:27 | 000,002,217 | ---- | M] () -- C:\Users\sherry\Desktop\HP Support Assistant.lnk
[2014/01/24 12:03:45 | 000,275,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/01/13 19:43:32 | 000,002,279 | ---- | M] () -- C:\Users\sherry\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/01/10 08:43:08 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSHERRY-HP$.job

========== Files Created - No Company Name ==========

[2014/01/28 23:38:39 | 000,000,512 | ---- | C] () -- C:\Users\sherry\Desktop\MBR.dat
[2014/01/26 19:54:26 | 000,002,217 | ---- | C] () -- C:\Users\sherry\Desktop\HP Support Assistant.lnk
[2013/06/29 16:00:26 | 000,000,258 | RHS- | C] () -- C:\Users\sherry\ntuser.pol

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 20:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/11/25 20:23:44 | 000,000,000 | ---D | M] -- C:\Users\sherry\AppData\Roaming\Blio
[2012/02/10 09:09:41 | 000,000,000 | ---D | M] -- C:\Users\sherry\AppData\Roaming\Motorola
[2014/02/01 11:11:12 | 000,000,000 | ---D | M] -- C:\Users\sherry\AppData\Roaming\newnext.me
[2012/02/02 17:31:10 | 000,000,000 | ---D | M] -- C:\Users\sherry\AppData\Roaming\RIFT
[2011/11/25 19:10:29 | 000,000,000 | ---D | M] -- C:\Users\sherry\AppData\Roaming\Synaptics
[2011/12/13 03:45:03 | 000,000,000 | ---D | M] -- C:\Users\sherry\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:373E1720

< End of report >
  • 0

#9
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts

OK lets see if I got it right this time.


Perfect! :thumbsup:

Let's run a sweep for remnants and check for out of date programs on your machine.

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.



Step 1: Scan with Malwarebytes


Posted Image Please download Malwarebytes' Anti-Malware from Here.

  • Double Click mbam-setup.exe to install the application (Windows 7 users, right click and select Run as Administrator.)
  • Proceed through the setup
    • Choose your language
    • Accept the License Agreement
    • Select Destination Location
    • Select Start Menu Folder
    • Select Addtional Tasks
    • Click Install
    • In the Completeing the Malwarebytes Anti-Malware Setup Wizard Window
      • Uncheck Enable free trial of Malwarebytes Anti-Malware PRO
      • Keep the check mark beside Update Malwarebytes' Anti-Malware
      • Keep the check mark beside Launch Malwarebytes' Anti-Malware
    • Click Finish.
    • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan
  • Click Scan. The scan may take some time to finish,so please be patient.

    Posted Image
  • When the scan is complete, click OK, then Show Results to view the results.

    Posted Image
  • Make sure that everything is checked, and click Remove Selected.

    Posted Image
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply.






Step 2: Scan with ESET Online Scanner


Please note: You can use Internet Explorer or Firefox for this step. Either browser used will have to be ran in admin mode.

Right click on either the Internet Explorer icon or the Firefox icon in the Start Menu or Quick Launch Bar on the Task bar and select Run as Administrator from the menu.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->Posted Image

  • Select the option YES, I accept the Terms of Use then click on Start
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • Now click on Finish
  • Use notepad to open the logfile located at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.


Step 3: SecurityCheck Scan


Download Security CheckPosted Image by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Things I need to see in your next post:

  • ESET Scan Log
  • MBAM Log
  • SecurityCheck Log

  • 0

#10
rustyhutto

rustyhutto

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
ok here goes


MAMB log:


Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.01.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
sherry :: SHERRY-HP [administrator]

2/1/2014 10:15:01 PM
mbam-log-2014-02-01 (22-15-01).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 204936
Time elapsed: 3 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
C:\Users\sherry\AppData\Local\TBHostSupport (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\Users\sherry\AppData\Roaming\newnext.me (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.

Files Detected: 14
C:\Users\sherry\Downloads\Chrome_Setup (1).exe (PUP.Optional.Ibryte) -> Quarantined and deleted successfully.
C:\Users\sherry\Downloads\Chrome_Setup (2).exe (PUP.Optional.Ibryte) -> Quarantined and deleted successfully.
C:\Users\sherry\Downloads\Chrome_Setup.exe (PUP.Optional.Ibryte) -> Quarantined and deleted successfully.
C:\Users\sherry\Downloads\Extreme_Flash_Player_Setup (1).exe (PUP.Optional.IBryte) -> Quarantined and deleted successfully.
C:\Users\sherry\Downloads\Extreme_Flash_Player_Setup (2).exe (PUP.Optional.IBryte) -> Quarantined and deleted successfully.
C:\Users\sherry\Downloads\Extreme_Flash_Player_Setup (3).exe (PUP.Optional.IBryte) -> Quarantined and deleted successfully.
C:\Users\sherry\Downloads\Extreme_Flash_Player_Setup.exe (PUP.Optional.IBryte) -> Quarantined and deleted successfully.
C:\Users\sherry\Downloads\MicrosoftMoneySetup.exe (PUP.Optional.Installcore) -> Quarantined and deleted successfully.
C:\Users\sherry\Downloads\Setup (1).exe (PUP.MSIL.Launcher) -> Quarantined and deleted successfully.
C:\Users\sherry\Downloads\Setup (2).exe (PUP.MSIL.Launcher) -> Quarantined and deleted successfully.
C:\Users\sherry\Downloads\Setup.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
C:\Windows\Installer\bc2fd6.msi (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\Users\sherry\AppData\Local\TBHostSupport\TBHostSupport.dll (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\Users\sherry\AppData\Roaming\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.

(end)




ESET LOG:


ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=02b6a45e09b17f478672803297eb6d73
# engine=16904
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-02-02 03:28:16
# local_time=2014-02-02 09:28:16 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3592 16777213 100 91 0 141930992 0 0
# compatibility_mode=5893 16776574 100 94 16488131 142898346 0 0
# scanned=139878
# found=2
# cleaned=0
# scan_time=36281
sh=8E6A6992A3C7FEC4000FA1A4D764DD597109E0B5 ft=1 fh=c71c0011cd00713e vn="Win32/NextLive.A application" ac=I fn="C:\_OTL\MovedFiles\02012014_111043\C_Users\sherry\AppData\Local\genienext\nengine.dll"
sh=8E6A6992A3C7FEC4000FA1A4D764DD597109E0B5 ft=1 fh=c71c0011cd00713e vn="Win32/NextLive.A application" ac=I fn="C:\_OTL\MovedFiles\02012014_111043\C_Users\sherry\AppData\Roaming\newnext.me\nengine.dll"




SECURITY CHECK Log:


Results of screen317's Security Check version 0.99.79
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Norton 360 Premier Edition
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 17
Java version out of Date!
Adobe Reader XI
Google Chrome 32.0.1700.102
Google Chrome 32.0.1700.76
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
  • 0

Advertisements


#11
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Looking good! :thumbsup:

Let's run an OTL fix:

Warning: This fix is to be used on this system and this system ONLY. Using this fix on any other machine other than yours can seriously damage it.

Be advised that when the fix commences, it will shut down all running processes and you may lose the desktop and icons, they will return on reboot.

Run OTL by double clicking it (Windows Vista, Windows 7, and 8, right click and select "Run as Administrator)

  • Copy the text in the quote box below (do not copy the word "quote") and paste in the in the box marked Custom Scans/Fixes as shown in the graphic below.

Posted Image

:Commands
[createrestorepoint]

:OTL
[2014/02/01 11:11:12 | 000,000,000 | ---D | M] -- C:\Users\sherry\AppData\Roaming\newnext.me
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:373E1720

:Commands
[reboot]



  • Click the Run Fix button at the top of the OTL control panel.
  • Let the program run until it's finished and then reboot the computer.
  • Once your machine has rebooted, please post the log that will be found here: C:\_OTL\MovedFiles

If you have any problems, questions, or need further explanation, please post a message in this thread and I will get back to you asap.


Things I need to see in your next post:

OTL Fix Log

  • 0

#12
rustyhutto

rustyhutto

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
it's short and sweet



========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Folder C:\Users\sherry\AppData\Roaming\newnext.me\ not found.
ADS C:\ProgramData\Temp:373E1720 deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.69.0 log created on 02032014_164712
  • 0

#13
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Hello :)

Great news, your logs are CLEAN! :thumbsup: :) But we still have a few things we need to address namely:

  • I need to remove the tools we installed on your machine.
  • We also have some programs on your machine that need updating to help protect you in the future.
  • We also need to install some security programs on your machine to reduce your chances of infection.

Ok, here we go:


Step 1: Delete old restore points and create a new one.


We're going to delete your old restore points and create a new one. We do this in case you need to do a system restore, you will have a clean restore point.

Please follow the instructions below:

  • Start OTL and copy the text in the quote box below.
  • Paste the contents into the Custom Scans/Fixes box and click the Run Fix button.
  • OTL will delete the old restore points and create a new one.

:Files
%systemroot%\sysnative\vssadmin delete shadows /for=c: /all /quiet /c

:Commands
[CreateRestorePoint]




Step 2: Java Warning and Update and FileHippo Installation.


A word about Java

Java has become the #1 program exploited by thieves and hackers as of today. It's gotten so bad, the Department of Homeland Security recently recommended that users disable Java on their machines.

For more information regarding this, see the two articles below:

Forbes: US Department of Homeland Security Calls on user do disable Java

US warns on Java software

Unless you have software on your machine that absolutely requires Java, I highly recommend you completely remove it from your system.

If you do have software that requires it, then disable it until such time as it's needed by those programs.

Please click the link below for instructions to disable Java.

How to Disable Java in your Web Browser


If you wish to continue to use Java on your machine, please be sure to keep it updated by following the instructions below.



  • Click on this link Java Website and click Do I Have Java?
  • Then click the Verify Java Version button. It will scan your current version and show you if you have the most current version.

You can also download a tool called JavaRa that will automatically search for new updates and remove older versions of Java.
Click the link below to go to the download page to get the tool.

JavaRa

Once you have downloaded JavaRa

  • Unzip the files to the directory of your choice.
  • Double click the JavaRa icon in the directory and choose your language preference.
  • Click Remove Older Versions from the menu.
  • Click Yes.
  • If you get a warning that Internet Explorer needs to be closed, close it, then click ok.
  • JavaRa will then search for and remove old versions of Java from your machine.

You can find instructions for manually removing older versions for Windows XP, Vista, and 7 by clicking the link below:

Instructions for manually removing old versions of Java


Keeping your software updated

Another weapon against malicious programs and viruses is to keeping other programs updated. There are several programs out there that can check for out of date programs on your computer. One is Filehippo. You can run this on a weekly or monthly basis to check your programs for updates and then it will provide a link for you to download them.

Download Filehippo Updatechecker



Step 3: Installation of Avast Antivirus


Please click the link below to download and install Avast! antivirus on your machine. This is a free antivirus program and it's a very good one. You can register it for free and it will give you a registration key that's good for a year. After which you can register again and get another key for another year.

Avast


Step 4: Tool Removal


Tool Deletions

You can delete aswMBR from your desktop.

You can delete Junkware Removal Tool from your desktop.

You can delete SecurityCheck from your desktop.


Tool Uninstalls

Start AdwCleaner and click the Uninstall button. It will remove it's quarantined files and uninstall itself.

You can uninstall ESET Online Scanner at this time.

Start OTL and click the Cleanup button. OTL will delete it's quarantined files and then uninstall itself.

I recommend keeping Malwarebytes Anti-Malware installed. Make sure to update it and run it at least once a week. If it finds objects called PUP's (Potentially Unwanted Programs), you can let Malwarebytes delete them. However, if you see something like a trojan, come see us. :)


Step 5: Tips, Information, and protection against CryptoLocker


Watch what you open in your emails. If you get an email from an unknown source with any attached files, do not open it.

Be careful of the websites you visit.

When installing new programs, don't be "click happy" and click through the screens. Many programs come with adware in them and are set to install them by default. Several programs require that you uncheck or select no to prevent the installation. Take you time and read each screen as you go. :)

To help protect yourself while on the web, I recommend you read How did I get infected in the first place?

A warning about CryptoLocker

CryptoLocker is a ransomware program that was released around the beginning of September 2013 that targets all versions of Windows including Windows XP, Windows Vista, Windows 7, and Windows 8. This ransomware will encrypt certain files using a mixture of RSA & AES encryption. When it has finished encrypting your files, it will display a CryptoLocker payment program that prompts you to send a ransom of either $100 or $300 in order to decrypt the files. This screen will also display a timer stating that you have 72 hours, or 4 days, to pay the ransom or it will delete your encryption key and you will not have any way to decrypt your files. This ransom must be paid using MoneyPak vouchers or Bitcoins. Once you send the payment and it is verified, the program will decrypt the files that it encrypted.

Please download and install CryptoPrevent to lock your machine down from this infection.

Posted Image


Are there any further issues I can assist you with?
  • 0

#14
rustyhutto

rustyhutto

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
oh I have many issues, just ask my friends, however this one with my wife's computer has been resolved. Thank you so much for your help. I am very grateful for this site and glad there are people out there willing to help those of us that are less than "proficient" when it comes to computers and hbow they really work.
  • 0

#15
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts

oh I have many issues, just ask my friends, however this one with my wife's computer has been resolved. Thank you so much for your help. I am very grateful for this site and glad there are people out there willing to help those of us that are less than "proficient" when it comes to computers and hbow they really work.



:lol: You're very welcome, and if you need us again, don't hesitate to come back. :thumbsup:

Safe surfing :wave:

Pystryker
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP