Recommended Posts

Howdy and welcome to BestTechie !!!  

My name is flashh4 (Chuck) and i will be assisting you with the cleaning of your computer.

Run these 1 at a time & post each log as you get it ! Work them as your time permits you to !!

If you don't understand something, please don't hesitate to ask for clarification before proceeding !!! You can PM me if you need to !!
Do Not Remove anything or run any tools/programs until advised to do so !

Perform all actions in the order given.

Please stay with us until we give you the "All Clean Speech"! Just because the problem has stopped it may still need some clean-up !  

Please note that all instructions given are customized for this computer only, the tools used may cause damage if used on a computer with different infections.  

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.  


===================================


AdwCleaner
       
Please download adwcleaner by Xplode onto your desktop.
Double click on AdwCleaner.exe to run the tool again.
       Windows XP : Double click on the icon to run it.

       Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

    *Click on the Scan button.
    *AdwCleaner will begin to scan your computer like it did before.
    *After the scan has finished .......
    
    This time, click on the Clean button.
    
    *Press OK when asked to close all programs and follow the onscreen prompts.
    *Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    *After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
    *Copy and paste the contents of that logfile in your next reply.
    *A copy of that logfile will also be saved in the C:\AdwCleaner folder.



NEXT

thisisujrt-1.gif
    Please download Junkware Removal Tool and save to your desk top.

    Shut down your protection software now to avoid potential conflicts.

    * Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    * The tool will open and start scanning your system.
    * Please be patient as this can take a while to complete depending on your system's specifications.
    * On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    * Post the contents of JRT.txt into your next reply !

Re-Boot your computer now !!


NEXT


MALWAREBYTES with Pics:

Please download Malwarebytes' Anti-Malware to your desktop.


    * Double-click  mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to  Update Malwarebytes' Anti-Malware and  Launch Malwarebytes' Anti-Malware, then click  Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select  Perform quick scan, then click Scan.

mbam-1.jpg


When the scan is complete, click  OK, then  Show Results to view the results.

scan-finished.jpg

    *  Then click  Remove Selected .
    * When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
    * Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    Or via the Logs tab when the application is started.



Please don't attach the scans / logs, use "copy/paste".


Post next:
1. AdwCleaner Log
2. Junkware Removal Log
3. Malwarebytes log
Thanks
Chuck

Link to post
Share on other sites

# AdwCleaner v3.012 - Report created 20/11/2013 at 14:35:00
# Updated 11/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Ree'Dawn - REEDAWN-HP
# Running from : C:\Users\Ree'Dawn\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Program Files (x86)\BabylonToolbar
Folder Deleted : C:\Program Files (x86)\I Want This
Folder Deleted : C:\Program Files (x86)\iBryte
Folder Deleted : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Folder Deleted : C:\Users\Ree'Dawn\AppData\Local\Babylon
Folder Deleted : C:\Users\Ree'Dawn\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_mpfapcdfbbledbojijcbcclmlieaoogk_0
Folder Deleted : C:\Users\Ree'Dawn\AppData\Local\I Want This
Folder Deleted : C:\Users\Ree'Dawn\AppData\Local\Temp\AskSearch
Folder Deleted : C:\Users\Ree'Dawn\AppData\Local\Temp\BabylonToolbar
Folder Deleted : C:\Users\Ree'Dawn\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Ree'Dawn\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Ree'Dawn\AppData\LocalLow\iBryte
Folder Deleted : C:\Users\Ree'Dawn\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Ree'Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\kv6axn5y.default\Extensions\[email protected]
Folder Deleted : C:\Users\Ree'Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\kv6axn5y.default\Extensions\[email protected]
Folder Deleted : C:\Users\Ree'Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Program Files (x86)\Mozilla Firefox\.autoreg
File Deleted : C:\Users\Ree'Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\kv6axn5y.default\searchplugins\Askcom.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Babylon.xml
File Deleted : C:\Users\Ree'Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\kv6axn5y.default\user.js
File Deleted : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\b
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0002258.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0002258.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0002258.FBApi
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0002258.FBApi.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0002258.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0002258.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110011221158}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220022222258}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33333333-3333-3333-3333-330033223358}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055225558}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066226658}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077227758}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440044224458}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011221158}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011221158}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65BCD620-07DD-012F-819F-073CF1B8F7C6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{91607FA7-3C2F-4F90-93E3-D5337A6B0AC2}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055225558}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066226658}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077227758}
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files (x86)\iBryte\browseforchange\ibrytedesktop.exe]
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\I Want This
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BabylonToolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16736

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [start Page]

-\\ Mozilla Firefox v3.6.28 (en-US)

[ File : C:\Users\Ree'Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\kv6axn5y.default\prefs.js ]

Line Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Line Deleted : user_pref("browser.search.order.1", "Ask.com");

Line Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Line Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Line Deleted : user_pref("extensions.BabylonToolbar.babExt", "");
Line Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=110788");
Line Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 19);
Line Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Line Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", true);
Line Deleted : user_pref("extensions.BabylonToolbar.hmpg", true);
Line Deleted : user_pref("extensions.BabylonToolbar.id", "1c5cdab30000000000001c659d61c8e1");
Line Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15409");
Line Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");

Line Deleted : user_pref("extensions.BabylonToolbar.lastDP", 19);
Line Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.170:42:01");
Line Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "3.6");
Line Deleted : user_pref("extensions.BabylonToolbar.newTab", true);

Line Deleted : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Line Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Line Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 123477758);
Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 1);
Line Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Line Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Line Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "azb");
Line Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Line Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.170:42:01");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
Line Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110788");
Line Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "1c5cdab30000000000001c659d61c8e1");
Line Deleted : user_pref("extensions.BabylonToolbar_i.id", "1c5cdab30000000000001c659d61c8e1");
Line Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15409");
Line Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Line Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);
Line Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Line Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Line Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Line Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Line Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.170:42:01");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Line Deleted : user_pref("extensions.asktb.InstallDir", "C:\\Program Files (x86)\\Ask.com\\");
Line Deleted : user_pref("extensions.asktb.abar-war-timeout", "4000");
Line Deleted : user_pref("extensions.asktb.apn_dbr", "ff_3.6.23");
Line Deleted : user_pref("extensions.asktb.autofill-competitor-query-enabled", true);
Line Deleted : user_pref("extensions.asktb.cbid", "SV");
Line Deleted : user_pref("extensions.asktb.config-updated", false);
Line Deleted : user_pref("extensions.asktb.crumb", "2012.03.13+23.13.26-toolbar004iad-US-QmFzaW4sV1ksVW5pdGVkIFN0YXRlcw%3D%3D");

Line Deleted : user_pref("extensions.asktb.displaybehavior", "");
Line Deleted : user_pref("extensions.asktb.displaytext", "");
Line Deleted : user_pref("extensions.asktb.dtid", "YYYYYYBFUS");
Line Deleted : user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false);
Line Deleted : user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "USWY0014");
Line Deleted : user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "F");


Line Deleted : user_pref("extensions.asktb.first-restart-after-config-update", true);
Line Deleted : user_pref("extensions.asktb.guid", "049f8258-622c-4bf9-aee4-028ca0faa97f");

Line Deleted : user_pref("extensions.asktb.if", "first");
Line Deleted : user_pref("extensions.asktb.l", "dis");
Line Deleted : user_pref("extensions.asktb.last-config-req", "1336171519634");
Line Deleted : user_pref("extensions.asktb.last-v", "3.14.1.100010");
Line Deleted : user_pref("extensions.asktb.locale", "en_US");
Line Deleted : user_pref("extensions.asktb.location", "Basin,WY,United States");
Line Deleted : user_pref("extensions.asktb.lstation", "");
Line Deleted : user_pref("extensions.asktb.new-tab-enabled", true);
Line Deleted : user_pref("extensions.asktb.o", "13959");
Line Deleted : user_pref("extensions.asktb.pstate", "");
Line Deleted : user_pref("extensions.asktb.qsrc", "2871");
Line Deleted : user_pref("extensions.asktb.sa", "YES");
Line Deleted : user_pref("extensions.asktb.saguid", "30D1005B-14BE-48B1-9D70-5D7C5DC700D8");

Line Deleted : user_pref("extensions.asktb.search-suggestions-enabled", true);
Line Deleted : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
Line Deleted : user_pref("extensions.asktb.socialmini-first", true);
Line Deleted : user_pref("extensions.asktb.socialmini-interval", "1200000");
Line Deleted : user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
Line Deleted : user_pref("extensions.asktb.socialmini-max-items", "30");
Line Deleted : user_pref("extensions.asktb.socialmini-native-on", true);
Line Deleted : user_pref("extensions.asktb.socialmini-speed", "5000");
Line Deleted : user_pref("extensions.asktb.socialmini-transition-first-open", false);
Line Deleted : user_pref("extensions.asktb.themeid", "");
Line Deleted : user_pref("extensions.asktb.timeinstalled", "3/14/2012 12:14:52 AM");
Line Deleted : user_pref("extensions.asktb.to", "");
Line Deleted : user_pref("extensions.crossrider.bic", "13603f16e59cf5faa4d41af53c2bb3dc");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationThankYouPage", true);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationTime", 1331365496);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.searchUserConifrmation", false);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.setHomepage", false);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.setNewTab", false);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.setSearch", false);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.active", true);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.addressbar", "");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.affid", "0");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.backgroundjs", "\n\n//\n");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.backgroundver", 47);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.can_run_bg_code", true);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.certdomaininstaller", "");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.changeprevious", false);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.value", "1331365496");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_aoi.value", "1331365496");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_crr.value", "1365035897");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_hotfix20111102645.value", "%221%22");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_installer_params.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_installer_params.value", "%7B%22source_id%22%3A%2214351%22%2C%22sub_id%22%3A%22default%22%2C%22uzid%22%3A%2214351%26subid%3D%26pid%3D1086%22%7D[...]
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_parent_zoneid.value", "%2214351%22");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_pc_20120828.value", "1348441182245");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_pid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_pid.value", "%221086%22");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_product_id.value", "%221086%22");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_zoneid.value", "%2223499%22");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.dbtest.value", "1348441181483");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.description", "I Want This!");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.domain", "");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.emailsig", "");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.enablesearch", false);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.exposesites", "");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.fbremoteurl", "");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.group", 0);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.homepage", "");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.iframe", false);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_appVer.value", "86");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_lastVersion.value", "0");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_meta.value", "%7B%7D");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_queue.value", "%7B%7D");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GPL_=function(){_GPL_PLUGIN.started||_GPL_PLUGIN.prepare({pid:21,baseCDN:\"contentcache-a.akamaihd.net[...]
Line Deleted : user_pref("extensions.crossriderapp2258.2258.manifesturl", "");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.name", "I Want This");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.newtab", "");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.opensearch", "");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000014.code", "Array.prototype.indexOf||(Array.prototype.indexOf=function(B){if(void 0===this||null===this)throw new TypeError;var c=Object[...]
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000014.ver", 15);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000015.code", "var a=appAPI.db.getList(),cf_ran=!1,_GPL_BG={vars:{},rules:{},started:!1,allowed:!1,log:function(f){console.log(f)},factor:1[...]
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000015.name", "GPL Background (BG)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000015.ver", 35);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.code", "(function(a){a.selectedText=function(e,c){function d(){if(window.getSelection){return window.getSelection()}else{if(document.getS[...]
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.name", "CrossriderAppUtils");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.ver", 2);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefined\"){appAPI={}}appAPI.JSON={};if(typeof JSON!==\"undefined\"){appAPI.JSON=JSON}else{(function(){fun[...]
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.name", "CrossriderUtils");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.ver", 2);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!==true)&&(typeof _firefoxVersion!==\"undefined\"&&_firefoxVersion>14)&&type[...]
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.name", "FFAppAPIWrapper");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.ver", 5);

Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.name", "jQuery");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.ver", 3);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a);};}());var CrossRiderResourcesManager=(function(){var C={appId:([...]
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_47.name", "resources_background");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_47.ver", 2);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_64.code", "(function(){var h=\"__CR_EMPTY_CHANNEL__\";var d=function(j){return(typeof j===\"object\"&&j!==null);};var b=function(j){return(![...]
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_64.name", "appApiMessage");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_64.ver", 1);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_72.code", "if(appAPI.__should_activate_validation__===true){(function(){var k={};var f=appAPI.appInfo.name;var l=function(s,r,t){var q=\"[\"[...]
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_72.name", "appApiValidation");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_72.ver", 2);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_78.code", "if(typeof jQuery!==\"undefined\"&&(jQuery)&&typeof navigator!==\"undefined\"&&typeof navigator.userAgent!==\"undefined\"){(functi[...]
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_78.name", "CrossriderInfo");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_78.ver", 2);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_98.code", "(function(){var b=\"cr_\"+appAPI.appID+\"internalMessage\";var a=function(){var d=function(g){if(g===true){unsafeWindow.appAPI=ap[...]
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_98.name", "omniCommands");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_98.ver", 1);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins_lists.plugins_0", "14,78,16,64,47,72,98,1000015");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins_lists.plugins_1", "17,14,78,13,16,64,72,98,1000014");

Line Deleted : user_pref("extensions.crossriderapp2258.2258.pluginsversion", 62);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.premium", true);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.publisher", "215 Apps");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.searchstatus", 0);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.setnewtab", false);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.settingsurl", "");

Line Deleted : user_pref("extensions.crossriderapp2258.2258.updateinterval", 360);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.ver", 137);
Line Deleted : user_pref("extensions.crossriderapp2258.adsOldValue", -1);
Line Deleted : user_pref("extensions.crossriderapp2258.apps", "2258");
Line Deleted : user_pref("extensions.crossriderapp2258.bic", "13603f16e59cf5faa4d41af53c2bb3dc");
Line Deleted : user_pref("extensions.crossriderapp2258.cid", 2258);
Line Deleted : user_pref("extensions.crossriderapp2258.firstrun", false);
Line Deleted : user_pref("extensions.crossriderapp2258.hadappinstalled", true);
Line Deleted : user_pref("extensions.crossriderapp2258.installationdate", 1331506016);
Line Deleted : user_pref("extensions.crossriderapp2258.lastcheck", 23083017);
Line Deleted : user_pref("extensions.crossriderapp2258.lastcheckitem", 23083017);
Line Deleted : user_pref("extensions.crossriderapp2258.misc.lastBgWorkerTimer", "1384917746975");
Line Deleted : user_pref("extensions.crossriderapp2258.misc.lastDomWorkerTimer", "1384917746854");
Line Deleted : user_pref("extensions.crossriderapp2258.updating", true);
Line Deleted : user_pref("extensions.enabledItems", "{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120302,[email protected]:7.0.1426,[email protected]:0.2,[email protected]:0.80.26,ffxtlbr@ba[...]
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
Line Deleted : user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");

-\\ Google Chrome v31.0.1650.57

[ File : C:\Users\Ree'Dawn\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [38057 octets] - [20/11/2013 14:26:20]
AdwCleaner[s0].txt - [37696 octets] - [20/11/2013 14:35:00]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [37757 octets] ##########
 

Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Ree'Dawn on Wed 11/20/2013 at 14:47:45.24
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E3975008-1DEA-4D02-9F2F-B86EF257DA42}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{E3975008-1DEA-4D02-9F2F-B86EF257DA42}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{912C156F-05CF-4B62-851A-96E167A677B0}
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"



~~~ Files

Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npcouponprinter.dll"
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npmozcouponprinter.dll"



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
Successfully deleted: [Empty Folder] C:\Users\Ree'Dawn\appdata\local\{0083F059-6124-40E8-A35C-A19BEA8C041D}
Successfully deleted: [Empty Folder] C:\Users\Ree'Dawn\appdata\local\{054BBBCC-7395-44C5-A2F4-4DE3C94FEA55}
Successfully deleted: [Empty Folder] C:\Users\Ree'Dawn\appdata\local\{14F85B3F-2912-420F-81B2-69802058E232}
Successfully deleted: [Empty Folder] C:\Users\Ree'Dawn\appdata\local\{5C9937A8-F228-4033-90D7-3F938C4E48BA}
Successfully deleted: [Empty Folder] C:\Users\Ree'Dawn\appdata\local\{D04CC497-7889-47FF-9EC1-1A693491C1F1}
Successfully deleted: [Empty Folder] C:\Users\Ree'Dawn\appdata\local\{E61D4BAF-B0BD-44D9-B4E9-224D7DBA6A09}
Successfully deleted: [Empty Folder] C:\Users\Ree'Dawn\appdata\local\{E73A4687-2697-45C2-BE0F-6F8D07C68EC3}
Successfully deleted: [Empty Folder] C:\Users\Ree'Dawn\appdata\local\{F868CA5E-C943-4C2B-9A83-DFB222BE2824}



~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted: [Folder] C:\Users\Ree'Dawn\AppData\Roaming\mozilla\firefox\profiles\kv6axn5y.default\extensions\[email protected]
Successfully deleted the following from C:\Users\Ree'Dawn\AppData\Roaming\mozilla\firefox\profiles\kv6axn5y.default\prefs.js

user_pref("extensions.crossrider.bic", "142777621252b3f59bd1f8aa5f670b1b");
user_pref("extensions.crossriderapp2258.2258.InstallationTime", 1384983700);
user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.value", "1384983700");
user_pref("extensions.crossriderapp2258.bic", "142777621252b3f59bd1f8aa5f670b1b");
user_pref("extensions.crossriderapp2258.firstrun", false);
user_pref("extensions.crossriderapp2258.installationdate", 1384983700);
user_pref("extensions.crossriderapp2258.lastcheck", 23083062);
user_pref("extensions.crossriderapp2258.lastcheckitem", 23083071);
user_pref("extensions.crossriderapp2258.misc.lastBgWorkerTimer", "1384984244606");
user_pref("extensions.crossriderapp2258.misc.lastDomWorkerTimer", "1384984244593");
user_pref("ibryte_browseforchange.installpixelfired", true);
Emptied folder: C:\Users\Ree'Dawn\AppData\Roaming\mozilla\firefox\profiles\kv6axn5y.default\minidumps [4 files]



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Ree'Dawn\appdata\local\Google\Chrome\User Data\Default\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 11/20/2013 at 15:03:59.80
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Link to post
Share on other sites

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.20.12

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16736
Ree'Dawn :: REEDAWN-HP [administrator]

11/20/2013 3:42:37 PM
mbam-log-2013-11-20 (15-42-37).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 242859
Time elapsed: 9 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

Link to post
Share on other sites

Ok lets do some more cleaning.

 

Security Check

Please download and save SecurityCheck.exe to your Desktop from one of the links below.

Link 1 >>> http://screen317.spywareinfoforum.org/SecurityCheck.exe.

Link 2 >>> http://screen317.changelog.fr/SecurityCheck.exe

    * Double click SecurityCheck.exe and follow the onscreen instructions inside the black box.
    * A Notepad document should open automatically called checkup.txt
    * Please post the contents of that document in your next reply.


NEXT



Download RogueKiller to your desktop. >>> http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

    close all running programs
    for Windows Vista/Seven, right click -> run as administrator, for XP simply double-click on RogueKiller.exe
    when the prescan is finished, click on Scan
    click on Report and copy/paste the content in your next post.[/list
    If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next reply.


NEXT


Download DDS and save it to your Desktop.  >>> DDS


    Double click dds.scr to run the tool.
    If using Vista or Windows 7 you will be prompted by UAC, please allow the prompt.
    DDS will now scan your computer.
    When the scan is complete, DDS will open two (2) logs:
        DDS.txt
        Attach.txt
    If not saved these logs will be automatically deleted when closed, so save both to your Desktop.
    Please note it is important that you post BOTH logs in your topic.


Please note: DDS will ask you to attach the second log (Attach.txt), please ignore this notice and post the log instead.


Any problems downloading or running DDS.scr, try THIS alternate (DDS.com) version of DDS http://download.bleepingcomputer.com/sUBs/dds.com


NEXT
 

Download OldTimer to your desk top !
Links: http://oldtimer.geekstogo.com/OTL.com http://oldtimer.geekstogo.com/OTL.scr  
 
If you already have a copy of OTL delete it and use this version.  (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).

* Double click OTL.exe to launch the program.
* Check the following.

o Scan all users.
o Standard Output. o Lop check.
o Purity check. oExtra Registry > Use SafeList  

* Under Extra Registry section, select Use SafeList
* Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
* When finished it will produce two logs.

o OTL.txt (open on your desktop).
o Extras.txt (minimised in your taskbar) The Extras.txt file will only appear the very first time you run OTL.

* Please post me both logs. This may have to be broken into more than one post !   
 

Link to post
Share on other sites

 Results of screen317's Security Check version 0.99.77  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 45  
 Adobe Flash Player 11.9.900.117  
 Adobe Reader 9 Adobe Reader out of Date!
 Mozilla Firefox (3.6.28) Firefox out of Date!  
 Google Chrome 30.0.1599.101  
 Google Chrome 31.0.1650.57  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````
 

Link to post
Share on other sites

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/25/2010 9:40:36 AM
System Uptime: 11/20/2013 3:26:54 PM (1 hours ago)
.
Motherboard: Hewlett-Packard |  | 1484
Processor: Intel® Celeron® CPU          900  @ 2.20GHz | CPU | 2194/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 282 GiB total, 213.326 GiB free.
D: is FIXED (NTFS) - 16 GiB total, 2.295 GiB free.
E: is CDROM (UDF)
F: is Removable
G: is FIXED (FAT32) - 0 GiB total, 0.091 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP80: 9/4/2013 11:30:47 PM - Windows Update
RP81: 9/16/2013 6:20:26 PM - Windows Update
RP82: 10/2/2013 12:06:23 PM - Scheduled Checkpoint
RP83: 10/16/2013 11:36:09 AM - Removed Java 6 Update 31
RP84: 10/16/2013 11:41:37 AM - Installed Java 7 Update 45
RP85: 11/10/2013 6:26:42 PM - Windows Update
RP86: 11/17/2013 2:47:08 PM - Windows Update
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.0 MUI
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ARO 2012
avast! Free Antivirus
Bejeweled 2 Deluxe
Bing Bar
Bing Bar Platform
Blackhawk Striker 2
Bonjour
Browse For Change
BufferChm
Build-a-lot 2
Chuzzle Deluxe
CinemaNow Media Manager
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Coupon Printer for Windows
CyberLink DVD Suite
CyberLink MediaShow
CyberLink PowerDVD 9
CyberLink YouCam
D110
D3DX10
Destinations
DeviceDiscovery
Diner Dash 2 Restaurant Rescue
Dora's Carnival Adventure
Easy-Hide-IP 4.1.4.1
Energy Star Digital Logo
Escape Rosecliff Island
ESU for Microsoft Windows 7
Facebook Video Calling 1.2.0.287
FATE
Final Drive Nitro
FoxTab PDF Creator
Google Chrome
Google Talk Plugin
Google Update Helper
GPBaseService2
Heroes of Hellas 2 - Olympia
Hewlett-Packard ACLM.NET v1.1.2.0
HP Customer Experience Enhancements
HP Customer Participation Program 14.0
HP Documentation
HP Game Console
HP Games
HP Imaging Device Functions 14.0
HP MediaSmart CinemaNow 2.0
HP Photo Creations
HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7
HP Power Manager
HP Quick Launch
HP Setup
HP Smart Web Printing 4.60
HP Software Framework
HP Solution Center 14.0
HP Support Assistant
HP Update
HP Wireless Assistant
HPAppStudio
HPPhotoGadget
HPProductAssistant
HPSSupply
iCloud
Intel® Control Center
Intel® Graphics Media Accelerator Driver
Intel® Rapid Storage Technology
iTunes
Java 7 Update 45
Java Auto Updater
Java 6 Update 20 (64-bit)
Jewel Quest 3
Jewel Quest Solitaire 2
Junk Mail filter update
LabelPrint
LightScribe System Software
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
McAfee Security Scan Plus
Mesh Runtime
Messenger Companion
Microsoft Application Error Reporting
Microsoft Default Manager
Microsoft Office 2010
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft WSE 3.0 Runtime
MobileMe Control Panel
Mozilla Firefox (3.6.28)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network64
Penguins!
PhotoNow!
Plants vs. Zombies
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
PowerDirector
PS_AIO_07_D110_SW_Min
QuickTime
QuickTransfer
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
REALTEK Wireless LAN Software
Recovery Manager
Roxio CinemaNow 2.0
RtVOsd
Safari
Scan
Shop for HP Supplies
Skypeâ„¢ 4.2
SmartWebPrinting
SolutionCenter
Status
Synaptics Pointing Device Driver
Toolbox
TrayApp
Virtual Families
Virtual Villagers - The Secret City
WebReg
Wheel of Fortune 2
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
11/20/2013 3:38:36 PM, Error: iaStor [9]  - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
11/20/2013 3:37:21 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
11/20/2013 3:27:53 PM, Error: Microsoft-Windows-SharedAccess_NAT [31004]  - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
.
==== End Of File ===========================
 

Link to post
Share on other sites

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16736  BrowserJavaVersion: 10.45.2
Run by Ree'Dawn at 16:05:11 on 2013-11-20
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3003.1562 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Program Files\Easy-Hide-IP\rdr\EasyRedirect.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\mswinext.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Windows\Explorer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [AROReminder] C:\Program Files (x86)\ARO 2012\ARO.exe -rem
uRun: [Easy-Hide-IP] C:\Program Files\Easy-Hide-IP\easy-hide-ip.exe
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [Facebook Update] "C:\Users\Ree'Dawn\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Google Update] "C:\Users\Ree'Dawn\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [bing Bar] "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\mswinext.exe"
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\Users\Ree'Dawn\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
LSP: C:\Windows\System32\EasyRedirect.dll
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{1DA07FD3-F68A-435A-967F-E2993BEFAD15} : DHCPNameServer = 69.145.248.4 69.146.17.2 69.144.49.29
TCP: Interfaces\{1DA07FD3-F68A-435A-967F-E2993BEFAD15}\4496A7A79735973616D6F62756D27657563747 : DHCPNameServer = 69.145.248.50 69.145.232.4
TCP: Interfaces\{D2A208A8-4A2E-41A6-A524-737E7487FADB} : DHCPNameServer = 63.227.167.1
TCP: Interfaces\{DD031F8A-1E0D-41AE-9425-2D426827BB59} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{DD031F8A-1E0D-41AE-9425-2D426827BB59}\051445259434B4 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{DD031F8A-1E0D-41AE-9425-2D426827BB59}\05346474 : DHCPNameServer = 72.21.65.13 72.21.65.14
TCP: Interfaces\{DD031F8A-1E0D-41AE-9425-2D426827BB59}\2656C6B696E6534376 : DHCPNameServer = 192.168.2.1 72.21.65.13 72.21.65.14
TCP: Interfaces\{DD031F8A-1E0D-41AE-9425-2D426827BB59}\26F6E6563723 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{DD031F8A-1E0D-41AE-9425-2D426827BB59}\F686D616E6 : DHCPNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll


x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Ree'Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\kv6axn5y.default\

FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\npjpi170_45.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Ree'Dawn\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Ree'Dawn\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: C:\Users\Ree'Dawn\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Ree'Dawn\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Ree'Dawn\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: avast! WebRep: [email protected] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Browse For Change: [email protected] - %profile%\extensions\[email protected]
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-2-25 819032]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-2-25 337240]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-7-8 98208]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-2-25 24408]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-2-25 69976]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-4-7 44768]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-5-21 140272]
R2 EasyRedirect;EasyRedirect;C:\Program Files\Easy-Hide-IP\rdr\EasyRedirect.exe [2012-3-15 3325768]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-11-20 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-11-20 701512]
R2 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-6-24 315392]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2010-7-8 144896]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-11-20 25928]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-7-8 245792]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-7-8 347680]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\System32\drivers\rtl8192se.sys [2010-7-8 1093152]
S3 athur;Wireless Network Adapter Service;C:\Windows\System32\drivers\athurx.sys [2012-1-21 1918976]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-2-3 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-9-2 227232]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-2-25 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-2-24 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-11-20 22:11:51    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-11-20 22:11:50    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-20 22:11:31    --------    d-----w-    C:\Users\Ree'Dawn\AppData\Local\Programs
2013-11-20 21:47:42    --------    d-----w-    C:\Windows\ERUNT
2013-11-20 21:25:49    --------    d-----w-    C:\AdwCleaner
2013-11-17 21:52:59    108032    ----a-w-    C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll
2013-11-17 21:52:58    817664    ----a-w-    C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-11-17 21:52:58    1084928    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-11-17 21:52:57    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-11-17 21:52:56    2241536    ----a-w-    C:\Windows\System32\wininet.dll
2013-11-17 21:51:58    10280728    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{09E323AF-0A46-4660-B9EB-3F315C70DE53}\mpengine.dll
2013-11-13 03:10:40    1474048    ----a-w-    C:\Windows\System32\crypt32.dll
2013-11-13 03:10:38    1168384    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-11-13 03:10:33    497152    ----a-w-    C:\Windows\System32\drivers\afd.sys
.
==================== Find3M  ====================
.
2013-10-16 17:43:06    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-12 08:43:37    3959808    ----a-w-    C:\Windows\System32\jscript9.dll
2013-10-12 08:43:32    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-10-12 08:43:32    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-10-12 07:02:33    2877952    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-10-12 07:02:29    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-10-12 07:02:29    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-10-12 06:35:26    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-10-12 06:08:58    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-10-12 05:44:38    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2013-10-12 05:15:39    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-10-12 02:30:42    830464    ----a-w-    C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21    859648    ----a-w-    C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08    324096    ----a-w-    C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:03:08    656896    ----a-w-    C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25    216576    ----a-w-    C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-09 20:09:42    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-09 20:09:42    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-10-03 02:23:48    404480    ----a-w-    C:\Windows\System32\gdi32.dll
2013-10-03 02:00:44    311808    ----a-w-    C:\Windows\SysWow64\gdi32.dll
2013-09-25 02:26:40    95680    ----a-w-    C:\Windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40    154560    ----a-w-    C:\Windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:33    28672    ----a-w-    C:\Windows\System32\sspisrv.dll
2013-09-25 02:23:33    135680    ----a-w-    C:\Windows\System32\sspicli.dll
2013-09-25 02:23:01    28160    ----a-w-    C:\Windows\System32\secur32.dll
2013-09-25 02:22:59    340992    ----a-w-    C:\Windows\System32\schannel.dll
2013-09-25 02:21:50    307200    ----a-w-    C:\Windows\System32\ncrypt.dll
2013-09-25 02:21:07    1447936    ----a-w-    C:\Windows\System32\lsasrv.dll
2013-09-25 01:58:17    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2013-09-25 01:57:26    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2013-09-25 01:57:24    247808    ----a-w-    C:\Windows\SysWow64\schannel.dll
2013-09-25 01:56:42    220160    ----a-w-    C:\Windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24    30720    ----a-w-    C:\Windows\System32\lsass.exe
2013-09-03 20:35:10    278800    ------w-    C:\Windows\System32\MpSigStub.exe
2013-08-28 01:21:06    3155968    ----a-w-    C:\Windows\System32\win32k.sys
.
============= FINISH: 16:06:08.89 ===============
 

Link to post
Share on other sites

OTL logfile created on: 11/20/2013 4:08:46 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Ree'Dawn\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.93 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 51.00% Memory free
5.86 Gb Paging File | 4.05 Gb Available in Paging File | 69.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 281.88 Gb Total Space | 213.33 Gb Free Space | 75.68% Space Free | Partition Type: NTFS
Drive D: | 15.91 Gb Total Space | 2.29 Gb Free Space | 14.42% Space Free | Partition Type: NTFS
Drive E: | 4.38 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 1.84 Gb Total Space | 1.76 Gb Free Space | 95.53% Space Free | Partition Type: FAT
Drive G: | 99.34 Mb Total Space | 93.53 Mb Free Space | 94.15% Space Free | Partition Type: FAT32
 
Computer Name: REEDAWN-HP | User Name: Ree'Dawn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/11/20 16:08:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ree'Dawn\Downloads\OTL.com
PRC - [2013/10/09 13:09:42 | 001,862,536 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/03/18 02:32:06 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/03/06 16:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/06 16:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/02/28 13:23:04 | 003,325,768 | ---- | M] (EasyTech) -- C:\Program Files\Easy-Hide-IP\rdr\EasyRedirect.exe
PRC - [2012/02/23 11:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/11/09 14:20:36 | 000,586,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2010/11/09 14:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2010/09/02 23:45:02 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
PRC - [2010/05/21 01:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2010/04/13 20:13:52 | 000,243,544 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\mswinext.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/10/09 13:09:41 | 016,233,864 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
MOD - [2012/03/18 02:32:06 | 001,014,744 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\js3250.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/05/19 10:05:58 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2010/05/19 10:05:58 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2010/05/19 10:05:58 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/03/06 16:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012/02/28 13:23:04 | 003,325,768 | ---- | M] (EasyTech) [Auto | Running] -- C:\Program Files\Easy-Hide-IP\rdr\EasyRedirect.exe -- (EasyRedirect)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/06/24 14:24:12 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)
SRV:64bit: - [2010/06/18 16:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2009/11/17 19:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2013/10/09 13:09:43 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011/09/09 16:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/11/09 14:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/09/02 23:45:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/05/21 01:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2010/04/03 16:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/01/30 00:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/04/02 00:43:05 | 001,390,640 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012/03/06 16:04:06 | 000,819,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/03/06 16:04:04 | 000,337,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/03/06 16:02:20 | 000,053,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/03/06 16:01:57 | 000,059,224 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/03/06 16:01:52 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/03/06 16:01:32 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 10:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/12/03 11:08:42 | 001,918,976 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 02:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/05/07 12:19:58 | 000,245,792 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/04/13 09:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/03/22 18:57:20 | 000,347,680 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/03/05 12:57:18 | 000,144,896 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2010/03/05 12:57:00 | 010,300,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/02/04 20:06:00 | 001,093,152 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 13:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 13:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {4259AC01-F6A2-4A70-A8E4-9BE0CC046871}
IE:64bit: - HKLM\..\SearchScopes\{4259AC01-F6A2-4A70-A8E4-9BE0CC046871}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{89502D89-2EC5-4E93-AB72-3AA92ECE22A9}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE:64bit: - HKLM\..\SearchScopes\{9F5FE331-8BCF-4828-AB81-CED4D4650173}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{E3975008-1DEA-4D02-9F2F-B86EF257DA42}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{4259AC01-F6A2-4A70-A8E4-9BE0CC046871}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{89502D89-2EC5-4E93-AB72-3AA92ECE22A9}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKLM\..\SearchScopes\{9F5FE331-8BCF-4828-AB81-CED4D4650173}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{4259AC01-F6A2-4A70-A8E4-9BE0CC046871}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{89502D89-2EC5-4E93-AB72-3AA92ECE22A9}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKCU\..\SearchScopes\{9F5FE331-8BCF-4828-AB81-CED4D4650173}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120302
FF - prefs.js..extensions.enabledItems: [email protected]:7.0.1426
FF - prefs.js..extensions.enabledItems: [email protected]:0.2
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Ree'Dawn\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Ree'Dawn\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Ree'Dawn\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Ree'Dawn\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ree'Dawn\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ree'Dawn\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\Firefox [2010/07/08 01:49:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/07/08 01:49:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/12/25 15:30:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/04/07 11:23:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/10/02 11:49:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/11/20 14:53:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/12/25 15:30:24 | 000,000,000 | ---D | M]
 
[2010/12/25 12:33:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ree'Dawn\AppData\Roaming\Mozilla\Extensions
[2013/11/20 15:04:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ree'Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\kv6axn5y.default\extensions
[2012/05/06 22:24:18 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Ree'Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\kv6axn5y.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/03/10 00:45:07 | 000,000,000 | ---D | M] (Browse For Change) -- C:\Users\Ree'Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\kv6axn5y.default\extensions\[email protected]
[2011/05/10 22:17:43 | 000,001,832 | ---- | M] () -- C:\Users\Ree'Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\kv6axn5y.default\searchplugins\bing.xml
[2013/10/16 10:38:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/04/07 11:23:13 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - Extension: Google Docs = C:\Users\Ree'Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Ree'Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Ree'Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Ree'Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: avast! WebRep = C:\Users\Ree'Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: Google Wallet = C:\Users\Ree'Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Google Wallet = C:\Users\Ree'Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Gmail = C:\Users\Ree'Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012/02/24 09:44:22 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {06C7AD57-B655-418D-9AB8-9526A6D2E052} - No CLSID value found.
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [bing Bar] C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKCU..\Run: [AROReminder] C:\Program Files (x86)\ARO 2012\ARO.exe (Support.com, Inc.)
O4 - HKCU..\Run: [Easy-Hide-IP] C:\Program Files\Easy-Hide-IP\easy-hide-ip.exe (Easy Hide IP)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Ree'Dawn\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\EasyRedirect64.dll (EasyTech)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\EasyRedirect64.dll (EasyTech)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\EasyRedirect64.dll (EasyTech)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\EasyRedirect64.dll (EasyTech)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Windows\SysNative\EasyRedirect64.dll (EasyTech)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\EasyRedirect.dll (EasyTech)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\EasyRedirect.dll (EasyTech)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\EasyRedirect.dll (EasyTech)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\EasyRedirect.dll (EasyTech)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysWow64\EasyRedirect.dll (EasyTech)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1DA07FD3-F68A-435A-967F-E2993BEFAD15}: DhcpNameServer = 69.145.248.4 69.146.17.2 69.144.49.29
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D2A208A8-4A2E-41A6-A524-737E7487FADB}: DhcpNameServer = 63.227.167.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DD031F8A-1E0D-41AE-9425-2D426827BB59}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/11/20 16:02:25 | 000,000,000 | ---D | C] -- C:\Users\Ree'Dawn\Desktop\RK_Quarantine
[2013/11/20 15:11:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/11/20 15:11:51 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/11/20 15:11:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/11/20 15:11:31 | 000,000,000 | ---D | C] -- C:\Users\Ree'Dawn\AppData\Local\Programs
[2013/11/20 14:47:42 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/11/20 14:25:49 | 000,000,000 | ---D | C] -- C:\AdwCleaner
 
========== Files - Modified Within 30 Days ==========
 
[2013/11/20 16:08:01 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/20 15:56:01 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2381287234-3346836390-1390942574-1000UA.job
[2013/11/20 15:36:22 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/20 15:36:22 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/20 15:33:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/20 15:29:32 | 000,003,400 | ---- | M] () -- C:\Windows\SysWow64\EasyRedirect.ini
[2013/11/20 15:29:32 | 000,002,008 | ---- | M] () -- C:\Windows\SysWow64\EasyRedirectOff.ini
[2013/11/20 15:29:32 | 000,002,008 | ---- | M] () -- C:\Windows\SysNative\EasyRedirectOff.ini
[2013/11/20 15:27:36 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/20 15:27:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/20 15:27:04 | 2361,593,856 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/20 15:11:55 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/20 14:44:56 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/20 14:44:56 | 000,615,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/20 14:44:56 | 000,103,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/11/20 13:56:56 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForRee'Dawn.job
[2013/11/20 13:56:53 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2381287234-3346836390-1390942574-1000UA.job
[2013/11/19 19:49:02 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2381287234-3346836390-1390942574-1000Core.job
[2013/11/19 19:21:26 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/11/19 19:04:56 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2381287234-3346836390-1390942574-1000Core.job
[2013/11/12 19:16:17 | 000,427,152 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/11/05 18:35:21 | 000,002,283 | ---- | M] () -- C:\Users\Ree'Dawn\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
 
========== Files Created - No Company Name ==========
 
[2013/11/20 15:11:55 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/04 18:28:58 | 000,000,032 | ---- | C] () -- C:\Users\Ree'Dawn\jagex_cl_runescape_LIVE.dat
[2012/03/15 20:32:50 | 000,003,400 | ---- | C] () -- C:\Windows\SysWow64\EasyRedirect.ini
[2012/03/15 20:32:50 | 000,002,008 | ---- | C] () -- C:\Windows\SysWow64\EasyRedirectOff.ini
[2012/03/10 00:41:50 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2011/08/22 16:08:12 | 000,000,129 | ---- | C] () -- C:\Users\Ree'Dawn\jagex_runescape_preferences2.dat
[2011/08/22 16:06:16 | 000,000,035 | ---- | C] () -- C:\Users\Ree'Dawn\jagex_runescape_preferences.dat
 
========== ZeroAccess Check ==========
 
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 19:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011/09/07 21:56:55 | 000,000,000 | ---D | M] -- C:\Users\Ree'Dawn\AppData\Roaming\EstraniaV2.1
[2011/09/23 14:08:27 | 000,000,000 | ---D | M] -- C:\Users\Ree'Dawn\AppData\Roaming\EstraniaV3
[2012/03/10 13:43:15 | 000,000,000 | ---D | M] -- C:\Users\Ree'Dawn\AppData\Roaming\MisthalinV5.2
[2011/02/07 23:42:39 | 000,000,000 | ---D | M] -- C:\Users\Ree'Dawn\AppData\Roaming\Paltalk
[2012/03/13 23:15:19 | 000,000,000 | ---D | M] -- C:\Users\Ree'Dawn\AppData\Roaming\Sammsoft
[2012/01/21 23:27:57 | 000,000,000 | ---D | M] -- C:\Users\Ree'Dawn\AppData\Roaming\WildTangent
[2011/05/10 22:11:52 | 000,000,000 | ---D | M] -- C:\Users\Ree'Dawn\AppData\Roaming\Windows Live Writer
[2012/03/09 17:07:41 | 000,000,000 | ---D | M] -- C:\Users\Ree'Dawn\AppData\Roaming\ZanarisV1
 
========== Purity Check ==========
 
 

< End of report >
 

Link to post
Share on other sites

ReeDawn please run this OTL Fix for me. it will produce a log when done copy & paste that log !

 

We need to Run an OTL fix !!
Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

    * Double-click OTL.exe to start the program.
    * Copy and Paste the following code into the customFix.png.  text box of the OTL tool/program ! Start with and include the colon plus OTL . :OTL

:OTLIE:64bit: - HKLM\..\SearchScopes,DefaultScope = {4259AC01-F6A2-4A70-A8E4-9BE0CC046871}IE:64bit: - HKLM\..\SearchScopes\{4259AC01-F6A2-4A70-A8E4-9BE0CC046871}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBoxIE:64bit:'>http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBoxIE:64bit: - HKLM\..\SearchScopes\{89502D89-2EC5-4E93-AB72-3AA92ECE22A9}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushplIE:64bit:'>http://www.ask.com/web?q={searchterms}&l=dis&o=ushplIE:64bit: - HKLM\..\SearchScopes\{9F5FE331-8BCF-4828-AB81-CED4D4650173}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDFIE:64bit:'>http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDFIE:64bit: - HKLM\..\SearchScopes\{E3975008-1DEA-4D02-9F2F-B86EF257DA42}: "URL" = http://en.wikipedia....:Search?search={searchTerms}IE - HKLM\..\SearchScopes,DefaultScope =IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKLM\..\SearchScopes\{4259AC01-F6A2-4A70-A8E4-9BE0CC046871}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBoxIE - HKLM\..\SearchScopes\{89502D89-2EC5-4E93-AB72-3AA92ECE22A9}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushplIE - HKLM\..\SearchScopes\{9F5FE331-8BCF-4828-AB81-CED4D4650173}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDFIE - HKCU\..\SearchScopes,DefaultScope =IE - HKCU\..\SearchScopes\{4259AC01-F6A2-4A70-A8E4-9BE0CC046871}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBoxIE - HKCU\..\SearchScopes\{89502D89-2EC5-4E93-AB72-3AA92ECE22A9}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushplIE - HKCU\..\SearchScopes\{9F5FE331-8BCF-4828-AB81-CED4D4650173}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDFFF - user.js - File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not foundFF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found[2010/12/25 12:33:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ree'Dawn\AppData\Roaming\Mozilla\Extensions[2013/11/20 15:04:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ree'Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\kv6axn5y.default\extensions[2013/10/16 10:38:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensionsO3 - HKLM\..\Toolbar: (no name) - {06C7AD57-B655-418D-9AB8-9526A6D2E052} - No CLSID value found.O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)O4 - HKLM..\Run: []  File not foundO18:64bit: - Protocol\Handler\livecall - No CLSID value foundO18:64bit: - Protocol\Handler\ms-help - No CLSID value foundO18:64bit: - Protocol\Handler\msnim - No CLSID value foundO18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value foundO18:64bit: - Protocol\Handler\wlpg - No CLSID value found:Commands[emptyjava][emptyflash][EMPTYTEMP][RESETHOSTS][CREATERESTOREPOINT][Reboot]

# Then click the Run Fix button at the top.
# Click btnOK.png
# Please post the contents of the fix log file back here if you are prompted to open the file. It can also be found at C:\_OTL\Moved Files as MMDDYYY_HHMMSS.log where MMDDYYY is date format and HHMMSS is time format.
Remember to enable your real time protection.

Post that return OTL fix log next !

Thanks
Chuck
 
Link to post
Share on other sites
Guest
This topic is now closed to further replies.