ReeDawnOhman Posted November 20, 2013 Report Share Posted November 20, 2013 My internet machine is not responding fast as I would like it to. Link to post Share on other sites
flashh4 Posted November 20, 2013 Report Share Posted November 20, 2013 Howdy and welcome to BestTechie !!! My name is flashh4 (Chuck) and i will be assisting you with the cleaning of your computer.Run these 1 at a time & post each log as you get it ! Work them as your time permits you to !!If you don't understand something, please don't hesitate to ask for clarification before proceeding !!! You can PM me if you need to !!Do Not Remove anything or run any tools/programs until advised to do so !Perform all actions in the order given.Please stay with us until we give you the "All Clean Speech"! Just because the problem has stopped it may still need some clean-up ! Please note that all instructions given are customized for this computer only, the tools used may cause damage if used on a computer with different infections. If you think you have similar problems, please post a log in the Malware Removal forum and wait for help. ===================================AdwCleaner Please download adwcleaner by Xplode onto your desktop.Double click on AdwCleaner.exe to run the tool again. Windows XP : Double click on the icon to run it. Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator" *Click on the Scan button. *AdwCleaner will begin to scan your computer like it did before. *After the scan has finished ....... This time, click on the Clean button. *Press OK when asked to close all programs and follow the onscreen prompts. *Press OK again to allow AdwCleaner to restart the computer and complete the removal process. *After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically. *Copy and paste the contents of that logfile in your next reply. *A copy of that logfile will also be saved in the C:\AdwCleaner folder.NEXT Please download Junkware Removal Tool and save to your desk top. Shut down your protection software now to avoid potential conflicts. * Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". * The tool will open and start scanning your system. * Please be patient as this can take a while to complete depending on your system's specifications. * On completion, a log (JRT.txt) is saved to your desktop and will automatically open. * Post the contents of JRT.txt into your next reply ! Re-Boot your computer now !!NEXTMALWAREBYTES with Pics:Please download Malwarebytes' Anti-Malware to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform quick scan, then click Scan.When the scan is complete, click OK, then Show Results to view the results. * Then click Remove Selected . * When completed, a log will open in Notepad. Please save it to a convenient location and post the results. * Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt Or via the Logs tab when the application is started.Please don't attach the scans / logs, use "copy/paste".Post next:1. AdwCleaner Log2. Junkware Removal Log3. Malwarebytes logThanksChuck Link to post Share on other sites
ReeDawnOhman Posted November 20, 2013 Author Report Share Posted November 20, 2013 # AdwCleaner v3.012 - Report created 20/11/2013 at 14:35:00# Updated 11/11/2013 by Xplode# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : Ree'Dawn - REEDAWN-HP# Running from : C:\Users\Ree'Dawn\Downloads\adwcleaner.exe# Option : Clean***** [ Services ] ********** [ Files / Folders ] *****Folder Deleted : C:\ProgramData\BabylonFolder Deleted : C:\Program Files (x86)\Ask.comFolder Deleted : C:\Program Files (x86)\BabylonToolbarFolder Deleted : C:\Program Files (x86)\I Want ThisFolder Deleted : C:\Program Files (x86)\iBryteFolder Deleted : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}Folder Deleted : C:\Users\Ree'Dawn\AppData\Local\BabylonFolder Deleted : C:\Users\Ree'Dawn\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_mpfapcdfbbledbojijcbcclmlieaoogk_0Folder Deleted : C:\Users\Ree'Dawn\AppData\Local\I Want ThisFolder Deleted : C:\Users\Ree'Dawn\AppData\Local\Temp\AskSearchFolder Deleted : C:\Users\Ree'Dawn\AppData\Local\Temp\BabylonToolbarFolder Deleted : C:\Users\Ree'Dawn\AppData\LocalLow\AskToolbarFolder Deleted : C:\Users\Ree'Dawn\AppData\LocalLow\BabylonToolbarFolder Deleted : C:\Users\Ree'Dawn\AppData\LocalLow\iBryteFolder Deleted : C:\Users\Ree'Dawn\AppData\Roaming\BabylonFolder Deleted : C:\Users\Ree'Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\kv6axn5y.default\Extensions\[email protected]Folder Deleted : C:\Users\Ree'Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\kv6axn5y.default\Extensions\[email protected]Folder Deleted : C:\Users\Ree'Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpfapcdfbbledbojijcbcclmlieaoogkFile Deleted : C:\Users\Public\Desktop\eBay.lnkFile Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnkFile Deleted : C:\Program Files (x86)\Mozilla Firefox\.autoregFile Deleted : C:\Users\Ree'Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\kv6axn5y.default\searchplugins\Askcom.xmlFile Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Babylon.xmlFile Deleted : C:\Users\Ree'Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\kv6axn5y.default\user.jsFile Deleted : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar***** [ Shortcuts ] ********** [ Registry ] *****Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogkValue Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLLKey Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLLKey Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLLKey Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLLKey Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXEKey Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLLKey Deleted : HKLM\SOFTWARE\Classes\bKey Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBndKey Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCoreKey Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlprKey Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0002258.BHOKey Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0002258.BHO.1Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0002258.FBApiKey Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0002258.FBApi.1Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0002258.SandboxKey Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0002258.Sandbox.1Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPaneKey Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvcKey Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWndKey Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1Key Deleted : HKLM\SOFTWARE\Classes\Prod.capValue Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancsKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCSValue Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110011221158}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220022222258}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33333333-3333-3333-3333-330033223358}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055225558}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066226658}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077227758}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440044224458}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011221158}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011221158}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65BCD620-07DD-012F-819F-073CF1B8F7C6}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{91607FA7-3C2F-4F90-93E3-D5337A6B0AC2}Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055225558}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066226658}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077227758}Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files (x86)\iBryte\browseforchange\ibrytedesktop.exe]Key Deleted : HKCU\Software\APNKey Deleted : HKCU\Software\Ask.comKey Deleted : HKCU\Software\BabylonToolbarKey Deleted : HKCU\Software\Cr_InstallerKey Deleted : HKCU\Software\InstallCoreKey Deleted : HKCU\Software\AppDataLow\Software\AskToolbarKey Deleted : HKCU\Software\AppDataLow\Software\CrossriderKey Deleted : HKCU\Software\AppDataLow\Software\I Want ThisKey Deleted : HKLM\Software\APNKey Deleted : HKLM\Software\AskToolbarKey Deleted : HKLM\Software\BabylonKey Deleted : HKLM\Software\BabylonToolbarKey Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbarKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want ThisKey Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEFKey Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF***** [ Browsers ] *****-\\ Internet Explorer v10.0.9200.16736Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [start Page]-\\ Mozilla Firefox v3.6.28 (en-US)[ File : C:\Users\Ree'Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\kv6axn5y.default\prefs.js ]Line Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");Line Deleted : user_pref("browser.search.order.1", "Ask.com");Line Deleted : user_pref("extensions.BabylonToolbar.admin", false);Line Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");Line Deleted : user_pref("extensions.BabylonToolbar.babExt", "");Line Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=110788");Line Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 19);Line Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");Line Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", true);Line Deleted : user_pref("extensions.BabylonToolbar.hmpg", true);Line Deleted : user_pref("extensions.BabylonToolbar.id", "1c5cdab30000000000001c659d61c8e1");Line Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15409");Line Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");Line Deleted : user_pref("extensions.BabylonToolbar.lastDP", 19);Line Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.170:42:01");Line Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "3.6");Line Deleted : user_pref("extensions.BabylonToolbar.newTab", true);Line Deleted : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);Line Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");Line Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 123477758);Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 1);Line Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");Line Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true);Line Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "azb");Line Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");Line Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");Line Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");Line Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.170:42:01");Line Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");Line Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");Line Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");Line Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110788");Line Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "1c5cdab30000000000001c659d61c8e1");Line Deleted : user_pref("extensions.BabylonToolbar_i.id", "1c5cdab30000000000001c659d61c8e1");Line Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15409");Line Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");Line Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);Line Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");Line Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");Line Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");Line Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");Line Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.170:42:01");Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");Line Deleted : user_pref("extensions.asktb.InstallDir", "C:\\Program Files (x86)\\Ask.com\\");Line Deleted : user_pref("extensions.asktb.abar-war-timeout", "4000");Line Deleted : user_pref("extensions.asktb.apn_dbr", "ff_3.6.23");Line Deleted : user_pref("extensions.asktb.autofill-competitor-query-enabled", true);Line Deleted : user_pref("extensions.asktb.cbid", "SV");Line Deleted : user_pref("extensions.asktb.config-updated", false);Line Deleted : user_pref("extensions.asktb.crumb", "2012.03.13+23.13.26-toolbar004iad-US-QmFzaW4sV1ksVW5pdGVkIFN0YXRlcw%3D%3D");Line Deleted : user_pref("extensions.asktb.displaybehavior", "");Line Deleted : user_pref("extensions.asktb.displaytext", "");Line Deleted : user_pref("extensions.asktb.dtid", "YYYYYYBFUS");Line Deleted : user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false);Line Deleted : user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "USWY0014");Line Deleted : user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "F");Line Deleted : user_pref("extensions.asktb.first-restart-after-config-update", true);Line Deleted : user_pref("extensions.asktb.guid", "049f8258-622c-4bf9-aee4-028ca0faa97f");Line Deleted : user_pref("extensions.asktb.if", "first");Line Deleted : user_pref("extensions.asktb.l", "dis");Line Deleted : user_pref("extensions.asktb.last-config-req", "1336171519634");Line Deleted : user_pref("extensions.asktb.last-v", "3.14.1.100010");Line Deleted : user_pref("extensions.asktb.locale", "en_US");Line Deleted : user_pref("extensions.asktb.location", "Basin,WY,United States");Line Deleted : user_pref("extensions.asktb.lstation", "");Line Deleted : user_pref("extensions.asktb.new-tab-enabled", true);Line Deleted : user_pref("extensions.asktb.o", "13959");Line Deleted : user_pref("extensions.asktb.pstate", "");Line Deleted : user_pref("extensions.asktb.qsrc", "2871");Line Deleted : user_pref("extensions.asktb.sa", "YES");Line Deleted : user_pref("extensions.asktb.saguid", "30D1005B-14BE-48B1-9D70-5D7C5DC700D8");Line Deleted : user_pref("extensions.asktb.search-suggestions-enabled", true);Line Deleted : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);Line Deleted : user_pref("extensions.asktb.socialmini-first", true);Line Deleted : user_pref("extensions.asktb.socialmini-interval", "1200000");Line Deleted : user_pref("extensions.asktb.socialmini-max-char-ticker", "33");Line Deleted : user_pref("extensions.asktb.socialmini-max-items", "30");Line Deleted : user_pref("extensions.asktb.socialmini-native-on", true);Line Deleted : user_pref("extensions.asktb.socialmini-speed", "5000");Line Deleted : user_pref("extensions.asktb.socialmini-transition-first-open", false);Line Deleted : user_pref("extensions.asktb.themeid", "");Line Deleted : user_pref("extensions.asktb.timeinstalled", "3/14/2012 12:14:52 AM");Line Deleted : user_pref("extensions.asktb.to", "");Line Deleted : user_pref("extensions.crossrider.bic", "13603f16e59cf5faa4d41af53c2bb3dc");Line Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationThankYouPage", true);Line Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationTime", 1331365496);Line Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.searchUserConifrmation", false);Line Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.setHomepage", false);Line Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.setNewTab", false);Line Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.setSearch", false);Line Deleted : user_pref("extensions.crossriderapp2258.2258.active", true);Line Deleted : user_pref("extensions.crossriderapp2258.2258.addressbar", "");Line Deleted : user_pref("extensions.crossriderapp2258.2258.affid", "0");Line Deleted : user_pref("extensions.crossriderapp2258.2258.backgroundjs", "\n\n//\n");Line Deleted : user_pref("extensions.crossriderapp2258.2258.backgroundver", 47);Line Deleted : user_pref("extensions.crossriderapp2258.2258.can_run_bg_code", true);Line Deleted : user_pref("extensions.crossriderapp2258.2258.certdomaininstaller", "");Line Deleted : user_pref("extensions.crossriderapp2258.2258.changeprevious", false);Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.value", "1331365496");Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_aoi.value", "1331365496");Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_crr.value", "1365035897");Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_hotfix20111102645.value", "%221%22");Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_installer_params.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_installer_params.value", "%7B%22source_id%22%3A%2214351%22%2C%22sub_id%22%3A%22default%22%2C%22uzid%22%3A%2214351%26subid%3D%26pid%3D1086%22%7D[...]Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_parent_zoneid.value", "%2214351%22");Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_pc_20120828.value", "1348441182245");Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_pid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_pid.value", "%221086%22");Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_product_id.value", "%221086%22");Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_zoneid.value", "%2223499%22");Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.dbtest.value", "1348441181483");Line Deleted : user_pref("extensions.crossriderapp2258.2258.description", "I Want This!");Line Deleted : user_pref("extensions.crossriderapp2258.2258.domain", "");Line Deleted : user_pref("extensions.crossriderapp2258.2258.emailsig", "");Line Deleted : user_pref("extensions.crossriderapp2258.2258.enablesearch", false);Line Deleted : user_pref("extensions.crossriderapp2258.2258.exposesites", "");Line Deleted : user_pref("extensions.crossriderapp2258.2258.fbremoteurl", "");Line Deleted : user_pref("extensions.crossriderapp2258.2258.group", 0);Line Deleted : user_pref("extensions.crossriderapp2258.2258.homepage", "");Line Deleted : user_pref("extensions.crossriderapp2258.2258.iframe", false);Line Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");Line Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_appVer.value", "86");Line Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");Line Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_lastVersion.value", "0");Line Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");Line Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_meta.value", "%7B%7D");Line Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");Line Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_queue.value", "%7B%7D");Line Deleted : user_pref("extensions.crossriderapp2258.2258.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GPL_=function(){_GPL_PLUGIN.started||_GPL_PLUGIN.prepare({pid:21,baseCDN:\"contentcache-a.akamaihd.net[...]Line Deleted : user_pref("extensions.crossriderapp2258.2258.manifesturl", "");Line Deleted : user_pref("extensions.crossriderapp2258.2258.name", "I Want This");Line Deleted : user_pref("extensions.crossriderapp2258.2258.newtab", "");Line Deleted : user_pref("extensions.crossriderapp2258.2258.opensearch", "");Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000014.code", "Array.prototype.indexOf||(Array.prototype.indexOf=function({if(void 0===this||null===this)throw new TypeError;var c=Object[...]Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000014.name", "GPL Plugin (Loader)");Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000014.ver", 15);Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000015.code", "var a=appAPI.db.getList(),cf_ran=!1,_GPL_BG={vars:{},rules:{},started:!1,allowed:!1,log:function(f){console.log(f)},factor:1[...]Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000015.name", "GPL Background (BG)");Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000015.ver", 35);Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.code", "(function(a){a.selectedText=function(e,c){function d(){if(window.getSelection){return window.getSelection()}else{if(document.getS[...]Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.name", "CrossriderAppUtils");Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.ver", 2);Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefined\"){appAPI={}}appAPI.JSON={};if(typeof JSON!==\"undefined\"){appAPI.JSON=JSON}else{(function(){fun[...]Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.name", "CrossriderUtils");Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.ver", 2);Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!==true)&&(typeof _firefoxVersion!==\"undefined\"&&_firefoxVersion>14)&&type[...]Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.name", "FFAppAPIWrapper");Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.ver", 5);Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.name", "jQuery");Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.ver", 3);Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a);};}());var CrossRiderResourcesManager=(function(){var C={appId:([...]Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_47.name", "resources_background");Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_47.ver", 2);Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_64.code", "(function(){var h=\"__CR_EMPTY_CHANNEL__\";var d=function(j){return(typeof j===\"object\"&&j!==null);};var b=function(j){return(![...]Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_64.name", "appApiMessage");Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_64.ver", 1);Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_72.code", "if(appAPI.__should_activate_validation__===true){(function(){var k={};var f=appAPI.appInfo.name;var l=function(s,r,t){var q=\"[\"[...]Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_72.name", "appApiValidation");Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_72.ver", 2);Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_78.code", "if(typeof jQuery!==\"undefined\"&&(jQuery)&&typeof navigator!==\"undefined\"&&typeof navigator.userAgent!==\"undefined\"){(functi[...]Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_78.name", "CrossriderInfo");Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_78.ver", 2);Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_98.code", "(function(){var b=\"cr_\"+appAPI.appID+\"internalMessage\";var a=function(){var d=function(g){if(g===true){unsafeWindow.appAPI=ap[...]Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_98.name", "omniCommands");Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_98.ver", 1);Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins_lists.plugins_0", "14,78,16,64,47,72,98,1000015");Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins_lists.plugins_1", "17,14,78,13,16,64,72,98,1000014");Line Deleted : user_pref("extensions.crossriderapp2258.2258.pluginsversion", 62);Line Deleted : user_pref("extensions.crossriderapp2258.2258.premium", true);Line Deleted : user_pref("extensions.crossriderapp2258.2258.publisher", "215 Apps");Line Deleted : user_pref("extensions.crossriderapp2258.2258.searchstatus", 0);Line Deleted : user_pref("extensions.crossriderapp2258.2258.setnewtab", false);Line Deleted : user_pref("extensions.crossriderapp2258.2258.settingsurl", "");Line Deleted : user_pref("extensions.crossriderapp2258.2258.updateinterval", 360);Line Deleted : user_pref("extensions.crossriderapp2258.2258.ver", 137);Line Deleted : user_pref("extensions.crossriderapp2258.adsOldValue", -1);Line Deleted : user_pref("extensions.crossriderapp2258.apps", "2258");Line Deleted : user_pref("extensions.crossriderapp2258.bic", "13603f16e59cf5faa4d41af53c2bb3dc");Line Deleted : user_pref("extensions.crossriderapp2258.cid", 2258);Line Deleted : user_pref("extensions.crossriderapp2258.firstrun", false);Line Deleted : user_pref("extensions.crossriderapp2258.hadappinstalled", true);Line Deleted : user_pref("extensions.crossriderapp2258.installationdate", 1331506016);Line Deleted : user_pref("extensions.crossriderapp2258.lastcheck", 23083017);Line Deleted : user_pref("extensions.crossriderapp2258.lastcheckitem", 23083017);Line Deleted : user_pref("extensions.crossriderapp2258.misc.lastBgWorkerTimer", "1384917746975");Line Deleted : user_pref("extensions.crossriderapp2258.misc.lastDomWorkerTimer", "1384917746854");Line Deleted : user_pref("extensions.crossriderapp2258.updating", true);Line Deleted : user_pref("extensions.enabledItems", "{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120302,[email protected]:7.0.1426,[email protected]:0.2,[email protected]:0.80.26,ffxtlbr@ba[...]Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");Line Deleted : user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");-\\ Google Chrome v31.0.1650.57[ File : C:\Users\Ree'Dawn\AppData\Local\Google\Chrome\User Data\Default\preferences ]*************************AdwCleaner[R0].txt - [38057 octets] - [20/11/2013 14:26:20]AdwCleaner[s0].txt - [37696 octets] - [20/11/2013 14:35:00]########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [37757 octets] ########## Link to post Share on other sites
flashh4 Posted November 20, 2013 Report Share Posted November 20, 2013 ReeDawn, thats a lot of junk ! It's gonna run a lot smoother when we are done ! Thanks Link to post Share on other sites
ReeDawnOhman Posted November 20, 2013 Author Report Share Posted November 20, 2013 Thanks flashh4 for all the help! Link to post Share on other sites
ReeDawnOhman Posted November 20, 2013 Author Report Share Posted November 20, 2013 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.0.8 (11.05.2013:1)OS: Windows 7 Home Premium x64Ran by Ree'Dawn on Wed 11/20/2013 at 14:47:45.24~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Services~~~ Registry Values~~~ Registry KeysSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E3975008-1DEA-4D02-9F2F-B86EF257DA42}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{E3975008-1DEA-4D02-9F2F-B86EF257DA42}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{912C156F-05CF-4B62-851A-96E167A677B0}Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"~~~ FilesSuccessfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npcouponprinter.dll"Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npmozcouponprinter.dll"~~~ FoldersSuccessfully deleted: [Folder] "C:\Program Files (x86)\coupons"Successfully deleted: [Empty Folder] C:\Users\Ree'Dawn\appdata\local\{0083F059-6124-40E8-A35C-A19BEA8C041D}Successfully deleted: [Empty Folder] C:\Users\Ree'Dawn\appdata\local\{054BBBCC-7395-44C5-A2F4-4DE3C94FEA55}Successfully deleted: [Empty Folder] C:\Users\Ree'Dawn\appdata\local\{14F85B3F-2912-420F-81B2-69802058E232}Successfully deleted: [Empty Folder] C:\Users\Ree'Dawn\appdata\local\{5C9937A8-F228-4033-90D7-3F938C4E48BA}Successfully deleted: [Empty Folder] C:\Users\Ree'Dawn\appdata\local\{D04CC497-7889-47FF-9EC1-1A693491C1F1}Successfully deleted: [Empty Folder] C:\Users\Ree'Dawn\appdata\local\{E61D4BAF-B0BD-44D9-B4E9-224D7DBA6A09}Successfully deleted: [Empty Folder] C:\Users\Ree'Dawn\appdata\local\{E73A4687-2697-45C2-BE0F-6F8D07C68EC3}Successfully deleted: [Empty Folder] C:\Users\Ree'Dawn\appdata\local\{F868CA5E-C943-4C2B-9A83-DFB222BE2824}~~~ FireFoxSuccessfully deleted: [File] C:\user.jsSuccessfully deleted: [Folder] C:\Users\Ree'Dawn\AppData\Roaming\mozilla\firefox\profiles\kv6axn5y.default\extensions\[email protected]Successfully deleted the following from C:\Users\Ree'Dawn\AppData\Roaming\mozilla\firefox\profiles\kv6axn5y.default\prefs.jsuser_pref("extensions.crossrider.bic", "142777621252b3f59bd1f8aa5f670b1b");user_pref("extensions.crossriderapp2258.2258.InstallationTime", 1384983700);user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.value", "1384983700");user_pref("extensions.crossriderapp2258.bic", "142777621252b3f59bd1f8aa5f670b1b");user_pref("extensions.crossriderapp2258.firstrun", false);user_pref("extensions.crossriderapp2258.installationdate", 1384983700);user_pref("extensions.crossriderapp2258.lastcheck", 23083062);user_pref("extensions.crossriderapp2258.lastcheckitem", 23083071);user_pref("extensions.crossriderapp2258.misc.lastBgWorkerTimer", "1384984244606");user_pref("extensions.crossriderapp2258.misc.lastDomWorkerTimer", "1384984244593");user_pref("ibryte_browseforchange.installpixelfired", true);Emptied folder: C:\Users\Ree'Dawn\AppData\Roaming\mozilla\firefox\profiles\kv6axn5y.default\minidumps [4 files]~~~ ChromeSuccessfully deleted: [Folder] C:\Users\Ree'Dawn\appdata\local\Google\Chrome\User Data\Default\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk~~~ Event Viewer Logs were cleared~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Wed 11/20/2013 at 15:03:59.80End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Link to post Share on other sites
flashh4 Posted November 20, 2013 Report Share Posted November 20, 2013 More junk & unwanted stuff in that log was removed !! ThanksChuck Link to post Share on other sites
ReeDawnOhman Posted November 20, 2013 Author Report Share Posted November 20, 2013 Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.orgDatabase version: v2013.11.20.12Windows 7 Service Pack 1 x64 NTFSInternet Explorer 10.0.9200.16736Ree'Dawn :: REEDAWN-HP [administrator]11/20/2013 3:42:37 PMmbam-log-2013-11-20 (15-42-37).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 242859Time elapsed: 9 minute(s), 58 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end) Link to post Share on other sites
flashh4 Posted November 20, 2013 Report Share Posted November 20, 2013 Ok lets do some more cleaning. Security Check Please download and save SecurityCheck.exe to your Desktop from one of the links below.Link 1 >>> http://screen317.spywareinfoforum.org/SecurityCheck.exe.Link 2 >>> http://screen317.changelog.fr/SecurityCheck.exe * Double click SecurityCheck.exe and follow the onscreen instructions inside the black box. * A Notepad document should open automatically called checkup.txt * Please post the contents of that document in your next reply.NEXTDownload RogueKiller to your desktop. >>> http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe close all running programs for Windows Vista/Seven, right click -> run as administrator, for XP simply double-click on RogueKiller.exe when the prescan is finished, click on Scan click on Report and copy/paste the content in your next post.[/list If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exePlease post the contents of the RKreport.txt in your next reply.NEXTDownload DDS and save it to your Desktop. >>> DDS Double click dds.scr to run the tool. If using Vista or Windows 7 you will be prompted by UAC, please allow the prompt. DDS will now scan your computer. When the scan is complete, DDS will open two (2) logs: DDS.txt Attach.txt If not saved these logs will be automatically deleted when closed, so save both to your Desktop. Please note it is important that you post BOTH logs in your topic.Please note: DDS will ask you to attach the second log (Attach.txt), please ignore this notice and post the log instead.Any problems downloading or running DDS.scr, try THIS alternate (DDS.com) version of DDS http://download.bleepingcomputer.com/sUBs/dds.comNEXT Download OldTimer to your desk top !Links: http://oldtimer.geekstogo.com/OTL.com http://oldtimer.geekstogo.com/OTL.scr If you already have a copy of OTL delete it and use this version. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).* Double click OTL.exe to launch the program.* Check the following.o Scan all users.o Standard Output. o Lop check.o Purity check. oExtra Registry > Use SafeList * Under Extra Registry section, select Use SafeList* Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).* When finished it will produce two logs.o OTL.txt (open on your desktop).o Extras.txt (minimised in your taskbar) The Extras.txt file will only appear the very first time you run OTL.* Please post me both logs. This may have to be broken into more than one post ! Link to post Share on other sites
ReeDawnOhman Posted November 20, 2013 Author Report Share Posted November 20, 2013 Results of screen317's Security Check version 0.99.77 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 Out of date!``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 7 Update 45 Adobe Flash Player 11.9.900.117 Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox (3.6.28) Firefox out of Date! Google Chrome 30.0.1599.101 Google Chrome 31.0.1650.57 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 3%````````````````````End of Log`````````````````````` Link to post Share on other sites
ReeDawnOhman Posted November 20, 2013 Author Report Share Posted November 20, 2013 .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Home PremiumBoot Device: \Device\HarddiskVolume1Install Date: 12/25/2010 9:40:36 AMSystem Uptime: 11/20/2013 3:26:54 PM (1 hours ago).Motherboard: Hewlett-Packard | | 1484Processor: Intel® Celeron® CPU 900 @ 2.20GHz | CPU | 2194/800mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 282 GiB total, 213.326 GiB free.D: is FIXED (NTFS) - 16 GiB total, 2.295 GiB free.E: is CDROM (UDF)F: is RemovableG: is FIXED (FAT32) - 0 GiB total, 0.091 GiB free..==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP80: 9/4/2013 11:30:47 PM - Windows UpdateRP81: 9/16/2013 6:20:26 PM - Windows UpdateRP82: 10/2/2013 12:06:23 PM - Scheduled CheckpointRP83: 10/16/2013 11:36:09 AM - Removed Java 6 Update 31RP84: 10/16/2013 11:41:37 AM - Installed Java 7 Update 45RP85: 11/10/2013 6:26:42 PM - Windows UpdateRP86: 11/17/2013 2:47:08 PM - Windows Update.==== Installed Programs ======================.64 Bit HP CIO Components InstallerAcrobat.comAdobe AIRAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Reader 9.5.0 MUIAdobe Shockwave Player 11.5Apple Application SupportApple Mobile Device SupportApple Software UpdateARO 2012avast! Free AntivirusBejeweled 2 DeluxeBing BarBing Bar PlatformBlackhawk Striker 2BonjourBrowse For ChangeBufferChmBuild-a-lot 2Chuzzle DeluxeCinemaNow Media ManagerCisco EAP-FAST ModuleCisco LEAP ModuleCisco PEAP ModuleCoupon Printer for WindowsCyberLink DVD SuiteCyberLink MediaShowCyberLink PowerDVD 9CyberLink YouCamD110D3DX10DestinationsDeviceDiscoveryDiner Dash 2 Restaurant RescueDora's Carnival AdventureEasy-Hide-IP 4.1.4.1Energy Star Digital LogoEscape Rosecliff IslandESU for Microsoft Windows 7Facebook Video Calling 1.2.0.287FATEFinal Drive NitroFoxTab PDF CreatorGoogle ChromeGoogle Talk PluginGoogle Update HelperGPBaseService2Heroes of Hellas 2 - OlympiaHewlett-Packard ACLM.NET v1.1.2.0HP Customer Experience EnhancementsHP Customer Participation Program 14.0HP DocumentationHP Game ConsoleHP GamesHP Imaging Device Functions 14.0HP MediaSmart CinemaNow 2.0HP Photo CreationsHP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7HP Power ManagerHP Quick LaunchHP SetupHP Smart Web Printing 4.60HP Software FrameworkHP Solution Center 14.0HP Support AssistantHP UpdateHP Wireless AssistantHPAppStudioHPPhotoGadgetHPProductAssistantHPSSupplyiCloudIntel® Control CenterIntel® Graphics Media Accelerator DriverIntel® Rapid Storage TechnologyiTunesJava 7 Update 45Java Auto UpdaterJava 6 Update 20 (64-bit)Jewel Quest 3Jewel Quest Solitaire 2Junk Mail filter updateLabelPrintLightScribe System SoftwareMalwarebytes Anti-Malware version 1.75.0.1300MarketResearchMcAfee Security Scan PlusMesh RuntimeMessenger CompanionMicrosoft Application Error ReportingMicrosoft Default ManagerMicrosoft Office 2010Microsoft Office Access MUI (English) 2010Microsoft Office Access Setup Metadata MUI (English) 2010Microsoft Office Excel MUI (English) 2010Microsoft Office Home and Student 2010Microsoft Office Office 64-bit Components 2010Microsoft Office OneNote MUI (English) 2010Microsoft Office Outlook ConnectorMicrosoft Office Outlook MUI (English) 2010Microsoft Office PowerPoint MUI (English) 2010Microsoft Office Proof (English) 2010Microsoft Office Proof (French) 2010Microsoft Office Proof (Spanish) 2010Microsoft Office Proofing (English) 2010Microsoft Office Publisher MUI (English) 2010Microsoft Office Shared 64-bit MUI (English) 2010Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010Microsoft Office Shared MUI (English) 2010Microsoft Office Shared Setup Metadata MUI (English) 2010Microsoft Office Single Image 2010Microsoft Office Word MUI (English) 2010Microsoft Search Enhancement PackMicrosoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft WSE 3.0 RuntimeMobileMe Control PanelMozilla Firefox (3.6.28)MSVCRTMSVCRT_amd64MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)Network64Penguins!PhotoNow!Plants vs. ZombiesPoker Superstars IIIPolar BowlerPolar GolferPower2GoPowerDirectorPS_AIO_07_D110_SW_MinQuickTimeQuickTransferRealtek Ethernet Controller Driver For Windows 7Realtek High Definition Audio DriverRealtek USB 2.0 Card ReaderREALTEK Wireless LAN SoftwareRecovery ManagerRoxio CinemaNow 2.0RtVOsdSafariScanShop for HP SuppliesSkypeâ„¢ 4.2SmartWebPrintingSolutionCenterStatusSynaptics Pointing Device DriverToolboxTrayAppVirtual FamiliesVirtual Villagers - The Secret CityWebRegWheel of Fortune 2Windows Live Communications PlatformWindows Live EssentialsWindows Live Family SafetyWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live Language SelectorWindows Live MailWindows Live MeshWindows Live Mesh ActiveX Control for Remote ConnectionsWindows Live MessengerWindows Live Messenger Companion CoreWindows Live MIME IFilterWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live Remote ClientWindows Live Remote Client ResourcesWindows Live Remote ServiceWindows Live Remote Service ResourcesWindows Live SOXEWindows Live SOXE DefinitionsWindows Live SyncWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer ResourcesZuma Deluxe.==== Event Viewer Messages From Past Week ========.11/20/2013 3:38:36 PM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.11/20/2013 3:37:21 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.11/20/2013 3:27:53 PM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error..==== End Of File =========================== Link to post Share on other sites
ReeDawnOhman Posted November 20, 2013 Author Report Share Posted November 20, 2013 DDS (Ver_2012-11-20.01) - NTFS_AMD64Internet Explorer: 10.0.9200.16736 BrowserJavaVersion: 10.45.2Run by Ree'Dawn at 16:05:11 on 2013-11-20Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3003.1562 [GMT -7:00].AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k NetworkServiceC:\Program Files\AVAST Software\Avast\AvastSvc.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\Realtek\Audio\HDA\AERTSr64.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exeC:\Program Files\Easy-Hide-IP\rdr\EasyRedirect.exeC:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exeC:\Windows\SysWOW64\svchost.exe -k hpdevmgmtC:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exeC:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exeC:\Windows\System32\svchost.exe -k HPZ12C:\Windows\System32\svchost.exe -k HPZ12C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\System32\svchost.exe -k secsvcsC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\System32\alg.exeC:\Windows\system32\svchost.exe -k HPServiceC:\Windows\system32\WUDFHost.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exeC:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\Synaptics\SynTP\SynTPHelper.exeC:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exeC:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXEC:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exeC:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\mswinext.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exeC:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exeC:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exeC:\Program Files\AVAST Software\Avast\AvastUI.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exeC:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exeC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exeC:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exeC:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exeC:\Program Files\Realtek\RtVOsd\RtVOsdService.exeC:\Program Files\Realtek\RtVOsd\RtVOsd.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exeC:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exeC:\Windows\Explorer.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exeC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dllBHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLLBHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllBHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllTB: @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dllTB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dllEB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dlluRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hiddenuRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunuRun: [AROReminder] C:\Program Files (x86)\ARO 2012\ARO.exe -remuRun: [Easy-Hide-IP] C:\Program Files\Easy-Hide-IP\easy-hide-ip.exeuRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exeuRun: [Facebook Update] "C:\Users\Ree'Dawn\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserveruRun: [Google Update] "C:\Users\Ree'Dawn\AppData\Local\Google\Update\GoogleUpdate.exe" /cmRun: [bing Bar] "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\mswinext.exe"mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resumemRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exemRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exemRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exemRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /noguimRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"dRunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601StartupFolder: C:\Users\Ree'Dawn\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXEStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exemPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllIE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllLSP: C:\Windows\System32\EasyRedirect.dllTCP: NameServer = 192.168.1.254TCP: Interfaces\{1DA07FD3-F68A-435A-967F-E2993BEFAD15} : DHCPNameServer = 69.145.248.4 69.146.17.2 69.144.49.29TCP: Interfaces\{1DA07FD3-F68A-435A-967F-E2993BEFAD15}\4496A7A79735973616D6F62756D27657563747 : DHCPNameServer = 69.145.248.50 69.145.232.4TCP: Interfaces\{D2A208A8-4A2E-41A6-A524-737E7487FADB} : DHCPNameServer = 63.227.167.1TCP: Interfaces\{DD031F8A-1E0D-41AE-9425-2D426827BB59} : DHCPNameServer = 192.168.1.254TCP: Interfaces\{DD031F8A-1E0D-41AE-9425-2D426827BB59}\051445259434B4 : DHCPNameServer = 192.168.2.1TCP: Interfaces\{DD031F8A-1E0D-41AE-9425-2D426827BB59}\05346474 : DHCPNameServer = 72.21.65.13 72.21.65.14TCP: Interfaces\{DD031F8A-1E0D-41AE-9425-2D426827BB59}\2656C6B696E6534376 : DHCPNameServer = 192.168.2.1 72.21.65.13 72.21.65.14TCP: Interfaces\{DD031F8A-1E0D-41AE-9425-2D426827BB59}\26F6E6563723 : DHCPNameServer = 192.168.2.1TCP: Interfaces\{DD031F8A-1E0D-41AE-9425-2D426827BB59}\F686D616E6 : DHCPNameServer = 192.168.2.1Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllmASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dllx64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLLx64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllx64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dllx64-Run: [igfxTray] C:\Windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exex64-Run: [Persistence] C:\Windows\System32\igfxpers.exex64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exex64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -sx64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hiddenx64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dllx64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dllx64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLx64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-Notify: igfxcui - igfxdev.dll.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Ree'Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\kv6axn5y.default\FF - prefs.js: browser.search.selectedEngine - GoogleFF - prefs.js: network.proxy.type - 0FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLLFF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLLFF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Java\jre6\bin\npdeployJava1.dllFF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dllFF - plugin: C:\Program Files (x86)\Java\jre7\bin\npjpi170_45.dllFF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dllFF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dllFF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllFF - plugin: C:\Users\Ree'Dawn\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dllFF - plugin: C:\Users\Ree'Dawn\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dllFF - plugin: C:\Users\Ree'Dawn\AppData\Roaming\Mozilla\plugins\npgoogletalk.dllFF - plugin: C:\Users\Ree'Dawn\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dllFF - plugin: C:\Users\Ree'Dawn\AppData\Roaming\Mozilla\plugins\npo1d.dllFF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dllFF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}FF - Ext: avast! WebRep: [email protected] - C:\Program Files\AVAST Software\Avast\WebRep\FFFF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}FF - Ext: Browse For Change: [email protected] - %profile%\extensions\[email protected].============= SERVICES / DRIVERS ===============.R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-2-25 819032]R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-2-25 337240]R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-7-8 98208]R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-2-25 24408]R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-2-25 69976]R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-4-7 44768]R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-5-21 140272]R2 EasyRedirect;EasyRedirect;C:\Program Files\Easy-Hide-IP\rdr\EasyRedirect.exe [2012-3-15 3325768]R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992]R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-11-20 418376]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-11-20 701512]R2 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-6-24 315392]R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2010-7-8 144896]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-11-20 25928]R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-7-8 245792]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-7-8 347680]R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\System32\drivers\rtl8192se.sys [2010-7-8 1093152]S3 athur;Wireless Network Adapter Service;C:\Windows\System32\drivers\athurx.sys [2012-1-21 1918976]S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-2-3 48488]S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-9-2 227232]S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-2-25 59392]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-2-24 1255736]S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184].=============== Created Last 30 ================.2013-11-20 22:11:51 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys2013-11-20 22:11:50 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-11-20 22:11:31 -------- d-----w- C:\Users\Ree'Dawn\AppData\Local\Programs2013-11-20 21:47:42 -------- d-----w- C:\Windows\ERUNT2013-11-20 21:25:49 -------- d-----w- C:\AdwCleaner2013-11-17 21:52:59 108032 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll2013-11-17 21:52:58 817664 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll2013-11-17 21:52:58 1084928 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll2013-11-17 21:52:57 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll2013-11-17 21:52:56 2241536 ----a-w- C:\Windows\System32\wininet.dll2013-11-17 21:51:58 10280728 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{09E323AF-0A46-4660-B9EB-3F315C70DE53}\mpengine.dll2013-11-13 03:10:40 1474048 ----a-w- C:\Windows\System32\crypt32.dll2013-11-13 03:10:38 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll2013-11-13 03:10:33 497152 ----a-w- C:\Windows\System32\drivers\afd.sys.==================== Find3M ====================.2013-10-16 17:43:06 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll2013-10-12 08:43:37 3959808 ----a-w- C:\Windows\System32\jscript9.dll2013-10-12 08:43:32 67072 ----a-w- C:\Windows\System32\iesetup.dll2013-10-12 08:43:32 136704 ----a-w- C:\Windows\System32\iesysprep.dll2013-10-12 07:02:33 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-10-12 07:02:29 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll2013-10-12 07:02:29 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll2013-10-12 06:35:26 2706432 ----a-w- C:\Windows\System32\mshtml.tlb2013-10-12 06:08:58 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-10-12 05:44:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe2013-10-12 05:15:39 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL2013-10-09 20:09:42 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-10-09 20:09:42 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe2013-09-03 20:35:10 278800 ------w- C:\Windows\System32\MpSigStub.exe2013-08-28 01:21:06 3155968 ----a-w- C:\Windows\System32\win32k.sys.============= FINISH: 16:06:08.89 =============== Link to post Share on other sites
ReeDawnOhman Posted November 20, 2013 Author Report Share Posted November 20, 2013 OTL logfile created on: 11/20/2013 4:08:46 PM - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ree'Dawn\Downloads64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.10.9200.16736)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.93 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 51.00% Memory free5.86 Gb Paging File | 4.05 Gb Available in Paging File | 69.04% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 281.88 Gb Total Space | 213.33 Gb Free Space | 75.68% Space Free | Partition Type: NTFSDrive D: | 15.91 Gb Total Space | 2.29 Gb Free Space | 14.42% Space Free | Partition Type: NTFSDrive E: | 4.38 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDFDrive F: | 1.84 Gb Total Space | 1.76 Gb Free Space | 95.53% Space Free | Partition Type: FATDrive G: | 99.34 Mb Total Space | 93.53 Mb Free Space | 94.15% Space Free | Partition Type: FAT32 Computer Name: REEDAWN-HP | User Name: Ree'Dawn | Logged in as Administrator.Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit ScansCompany Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/11/20 16:08:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ree'Dawn\Downloads\OTL.comPRC - [2013/10/09 13:09:42 | 001,862,536 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exePRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exePRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exePRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exePRC - [2012/03/18 02:32:06 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exePRC - [2012/03/06 16:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exePRC - [2012/03/06 16:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exePRC - [2012/02/28 13:23:04 | 003,325,768 | ---- | M] (EasyTech) -- C:\Program Files\Easy-Hide-IP\rdr\EasyRedirect.exePRC - [2012/02/23 11:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exePRC - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exePRC - [2010/11/09 14:20:36 | 000,586,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exePRC - [2010/11/09 14:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exePRC - [2010/09/02 23:45:02 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exePRC - [2010/05/21 01:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exePRC - [2010/04/13 20:13:52 | 000,243,544 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\mswinext.exe ========== Modules (No Company Name) ========== MOD - [2013/10/09 13:09:41 | 016,233,864 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dllMOD - [2012/03/18 02:32:06 | 001,014,744 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\js3250.dllMOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dllMOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dllMOD - [2010/05/19 10:05:58 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dllMOD - [2010/05/19 10:05:58 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dllMOD - [2010/05/19 10:05:58 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ========== Services (SafeList) ========== SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)SRV:64bit: - [2012/03/06 16:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)SRV:64bit: - [2012/02/28 13:23:04 | 003,325,768 | ---- | M] (EasyTech) [Auto | Running] -- C:\Program Files\Easy-Hide-IP\rdr\EasyRedirect.exe -- (EasyRedirect)SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)SRV:64bit: - [2010/06/24 14:24:12 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)SRV:64bit: - [2010/06/18 16:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)SRV:64bit: - [2009/11/17 19:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)SRV - [2013/10/09 13:09:43 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)SRV - [2011/09/09 16:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)SRV - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)SRV - [2010/11/09 14:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)SRV - [2010/09/02 23:45:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe -- (McComponentHostService)SRV - [2010/05/21 01:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)SRV - [2010/04/03 16:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)SRV - [2010/01/30 00:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)DRV:64bit: - [2012/04/02 00:43:05 | 001,390,640 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)DRV:64bit: - [2012/03/06 16:04:06 | 000,819,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)DRV:64bit: - [2012/03/06 16:04:04 | 000,337,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)DRV:64bit: - [2012/03/06 16:02:20 | 000,053,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)DRV:64bit: - [2012/03/06 16:01:57 | 000,059,224 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)DRV:64bit: - [2012/03/06 16:01:52 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)DRV:64bit: - [2012/03/06 16:01:32 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)DRV:64bit: - [2012/02/15 10:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)DRV:64bit: - [2010/12/03 11:08:42 | 001,918,976 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur)DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)DRV:64bit: - [2010/11/20 06:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)DRV:64bit: - [2010/11/20 06:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)DRV:64bit: - [2010/11/20 02:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)DRV:64bit: - [2010/05/07 12:19:58 | 000,245,792 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)DRV:64bit: - [2010/04/13 09:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)DRV:64bit: - [2010/03/22 18:57:20 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)DRV:64bit: - [2010/03/05 12:57:18 | 000,144,896 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)DRV:64bit: - [2010/03/05 12:57:00 | 010,300,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)DRV:64bit: - [2010/02/04 20:06:00 | 001,093,152 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)DRV:64bit: - [2009/06/10 13:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)DRV:64bit: - [2009/06/10 13:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {4259AC01-F6A2-4A70-A8E4-9BE0CC046871}IE:64bit: - HKLM\..\SearchScopes\{4259AC01-F6A2-4A70-A8E4-9BE0CC046871}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBoxIE:64bit: - HKLM\..\SearchScopes\{89502D89-2EC5-4E93-AB72-3AA92ECE22A9}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushplIE:64bit: - HKLM\..\SearchScopes\{9F5FE331-8BCF-4828-AB81-CED4D4650173}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDFIE:64bit: - HKLM\..\SearchScopes\{E3975008-1DEA-4D02-9F2F-B86EF257DA42}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmIE - HKLM\..\SearchScopes,DefaultScope =IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKLM\..\SearchScopes\{4259AC01-F6A2-4A70-A8E4-9BE0CC046871}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBoxIE - HKLM\..\SearchScopes\{89502D89-2EC5-4E93-AB72-3AA92ECE22A9}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushplIE - HKLM\..\SearchScopes\{9F5FE331-8BCF-4828-AB81-CED4D4650173}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.comIE - HKCU\..\SearchScopes,DefaultScope =IE - HKCU\..\SearchScopes\{4259AC01-F6A2-4A70-A8E4-9BE0CC046871}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBoxIE - HKCU\..\SearchScopes\{89502D89-2EC5-4E93-AB72-3AA92ECE22A9}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushplIE - HKCU\..\SearchScopes\{9F5FE331-8BCF-4828-AB81-CED4D4650173}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDFIE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q="FF - prefs.js..browser.search.selectedEngine: "Google"FF - prefs.js..browser.search.useDBForOrder: trueFF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120302FF - prefs.js..extensions.enabledItems: [email protected]:7.0.1426FF - prefs.js..extensions.enabledItems: [email protected]:0.2FF - prefs.js..network.proxy.no_proxies_on: "*.local"FF - prefs.js..network.proxy.type: 0FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not foundFF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Ree'Dawn\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Ree'Dawn\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Ree'Dawn\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Ree'Dawn\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ree'Dawn\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ree'Dawn\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\Firefox [2010/07/08 01:49:50 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/07/08 01:49:56 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/12/25 15:30:24 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/04/07 11:23:13 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/10/02 11:49:24 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/11/20 14:53:31 | 000,000,000 | ---D | M]FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/12/25 15:30:24 | 000,000,000 | ---D | M] [2010/12/25 12:33:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ree'Dawn\AppData\Roaming\Mozilla\Extensions[2013/11/20 15:04:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ree'Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\kv6axn5y.default\extensions[2012/05/06 22:24:18 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Ree'Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\kv6axn5y.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}[2012/03/10 00:45:07 | 000,000,000 | ---D | M] (Browse For Change) -- C:\Users\Ree'Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\kv6axn5y.default\extensions\[email protected][2011/05/10 22:17:43 | 000,001,832 | ---- | M] () -- C:\Users\Ree'Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\kv6axn5y.default\searchplugins\bing.xml[2013/10/16 10:38:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions[2012/04/07 11:23:13 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF ========== Chrome ========== CHR - default_search_provider: Google (Enabled)CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},CHR - Extension: Google Docs = C:\Users\Ree'Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\CHR - Extension: Google Drive = C:\Users\Ree'Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\CHR - Extension: YouTube = C:\Users\Ree'Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\CHR - Extension: Google Search = C:\Users\Ree'Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\CHR - Extension: avast! WebRep = C:\Users\Ree'Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\CHR - Extension: Google Wallet = C:\Users\Ree'Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\CHR - Extension: Google Wallet = C:\Users\Ree'Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\CHR - Extension: Gmail = C:\Users\Ree'Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012/02/24 09:44:22 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll (Microsoft Corporation)O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)O3 - HKLM\..\Toolbar: (no name) - {06C7AD57-B655-418D-9AB8-9526A6D2E052} - No CLSID value found.O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll (Microsoft Corporation)O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)O4 - HKLM..\Run: [] File not foundO4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)O4 - HKLM..\Run: [bing Bar] C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\mswinext.exe (Microsoft Corp.)O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)O4 - HKCU..\Run: [AROReminder] C:\Program Files (x86)\ARO 2012\ARO.exe (Support.com, Inc.)O4 - HKCU..\Run: [Easy-Hide-IP] C:\Program Files\Easy-Hide-IP\easy-hide-ip.exe (Easy Hide IP)O4 - HKCU..\Run: [Facebook Update] C:\Users\Ree'Dawn\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\EasyRedirect64.dll (EasyTech)O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\EasyRedirect64.dll (EasyTech)O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\EasyRedirect64.dll (EasyTech)O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\EasyRedirect64.dll (EasyTech)O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Windows\SysNative\EasyRedirect64.dll (EasyTech)O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\EasyRedirect.dll (EasyTech)O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\EasyRedirect.dll (EasyTech)O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\EasyRedirect.dll (EasyTech)O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\EasyRedirect.dll (EasyTech)O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysWow64\EasyRedirect.dll (EasyTech)O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1DA07FD3-F68A-435A-967F-E2993BEFAD15}: DhcpNameServer = 69.145.248.4 69.146.17.2 69.144.49.29O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D2A208A8-4A2E-41A6-A524-737E7487FADB}: DhcpNameServer = 63.227.167.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DD031F8A-1E0D-41AE-9425-2D426827BB59}: DhcpNameServer = 192.168.1.254O18:64bit: - Protocol\Handler\livecall - No CLSID value foundO18:64bit: - Protocol\Handler\ms-help - No CLSID value foundO18:64bit: - Protocol\Handler\msnim - No CLSID value foundO18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value foundO18:64bit: - Protocol\Handler\wlpg - No CLSID value foundO20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)O32 - HKLM CDRom: AutoRun - 1O34 - HKLM BootExecute: (autocheck autochk *)O35:64bit: - HKLM\..comfile [open] -- "%1" %*O35:64bit: - HKLM\..exefile [open] -- "%1" %*O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/11/20 16:02:25 | 000,000,000 | ---D | C] -- C:\Users\Ree'Dawn\Desktop\RK_Quarantine[2013/11/20 15:11:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware[2013/11/20 15:11:51 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys[2013/11/20 15:11:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware[2013/11/20 15:11:31 | 000,000,000 | ---D | C] -- C:\Users\Ree'Dawn\AppData\Local\Programs[2013/11/20 14:47:42 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT[2013/11/20 14:25:49 | 000,000,000 | ---D | C] -- C:\AdwCleaner ========== Files - Modified Within 30 Days ========== [2013/11/20 16:08:01 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job[2013/11/20 15:56:01 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2381287234-3346836390-1390942574-1000UA.job[2013/11/20 15:36:22 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[2013/11/20 15:36:22 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[2013/11/20 15:33:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job[2013/11/20 15:29:32 | 000,003,400 | ---- | M] () -- C:\Windows\SysWow64\EasyRedirect.ini[2013/11/20 15:29:32 | 000,002,008 | ---- | M] () -- C:\Windows\SysWow64\EasyRedirectOff.ini[2013/11/20 15:29:32 | 000,002,008 | ---- | M] () -- C:\Windows\SysNative\EasyRedirectOff.ini[2013/11/20 15:27:36 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job[2013/11/20 15:27:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2013/11/20 15:27:04 | 2361,593,856 | -HS- | M] () -- C:\hiberfil.sys[2013/11/20 15:11:55 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2013/11/20 14:44:56 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI[2013/11/20 14:44:56 | 000,615,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat[2013/11/20 14:44:56 | 000,103,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat[2013/11/20 13:56:56 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForRee'Dawn.job[2013/11/20 13:56:53 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2381287234-3346836390-1390942574-1000UA.job[2013/11/19 19:49:02 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2381287234-3346836390-1390942574-1000Core.job[2013/11/19 19:21:26 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk[2013/11/19 19:04:56 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2381287234-3346836390-1390942574-1000Core.job[2013/11/12 19:16:17 | 000,427,152 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT[2013/11/05 18:35:21 | 000,002,283 | ---- | M] () -- C:\Users\Ree'Dawn\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk ========== Files Created - No Company Name ========== [2013/11/20 15:11:55 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2012/04/04 18:28:58 | 000,000,032 | ---- | C] () -- C:\Users\Ree'Dawn\jagex_cl_runescape_LIVE.dat[2012/03/15 20:32:50 | 000,003,400 | ---- | C] () -- C:\Windows\SysWow64\EasyRedirect.ini[2012/03/15 20:32:50 | 000,002,008 | ---- | C] () -- C:\Windows\SysWow64\EasyRedirectOff.ini[2012/03/10 00:41:50 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll[2011/08/22 16:08:12 | 000,000,129 | ---- | C] () -- C:\Users\Ree'Dawn\jagex_runescape_preferences2.dat[2011/08/22 16:06:16 | 000,000,035 | ---- | C] () -- C:\Users\Ree'Dawn\jagex_runescape_preferences.dat ========== ZeroAccess Check ========== [2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 19:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011/09/07 21:56:55 | 000,000,000 | ---D | M] -- C:\Users\Ree'Dawn\AppData\Roaming\EstraniaV2.1[2011/09/23 14:08:27 | 000,000,000 | ---D | M] -- C:\Users\Ree'Dawn\AppData\Roaming\EstraniaV3[2012/03/10 13:43:15 | 000,000,000 | ---D | M] -- C:\Users\Ree'Dawn\AppData\Roaming\MisthalinV5.2[2011/02/07 23:42:39 | 000,000,000 | ---D | M] -- C:\Users\Ree'Dawn\AppData\Roaming\Paltalk[2012/03/13 23:15:19 | 000,000,000 | ---D | M] -- C:\Users\Ree'Dawn\AppData\Roaming\Sammsoft[2012/01/21 23:27:57 | 000,000,000 | ---D | M] -- C:\Users\Ree'Dawn\AppData\Roaming\WildTangent[2011/05/10 22:11:52 | 000,000,000 | ---D | M] -- C:\Users\Ree'Dawn\AppData\Roaming\Windows Live Writer[2012/03/09 17:07:41 | 000,000,000 | ---D | M] -- C:\Users\Ree'Dawn\AppData\Roaming\ZanarisV1 ========== Purity Check ========== < End of report > Link to post Share on other sites
flashh4 Posted November 20, 2013 Report Share Posted November 20, 2013 ReeDawn, i will need about half an hour to read threw this & will be back with a OTL fix for you to run !! Thank ya !Chuck Link to post Share on other sites
flashh4 Posted November 20, 2013 Report Share Posted November 20, 2013 ReeDawn please run this OTL Fix for me. it will produce a log when done copy & paste that log ! We need to Run an OTL fix !!Warning This fix is only relevant for this system and no other, using on another computer may cause problems.Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot * Double-click OTL.exe to start the program. * Copy and Paste the following code into the . text box of the OTL tool/program ! Start with and include the colon plus OTL . :OTL:OTLIE:64bit: - HKLM\..\SearchScopes,DefaultScope = {4259AC01-F6A2-4A70-A8E4-9BE0CC046871}IE:64bit: - HKLM\..\SearchScopes\{4259AC01-F6A2-4A70-A8E4-9BE0CC046871}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBoxIE:64bit:'>http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBoxIE:64bit: - HKLM\..\SearchScopes\{89502D89-2EC5-4E93-AB72-3AA92ECE22A9}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushplIE:64bit:'>http://www.ask.com/web?q={searchterms}&l=dis&o=ushplIE:64bit: - HKLM\..\SearchScopes\{9F5FE331-8BCF-4828-AB81-CED4D4650173}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDFIE:64bit:'>http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDFIE:64bit: - HKLM\..\SearchScopes\{E3975008-1DEA-4D02-9F2F-B86EF257DA42}: "URL" = http://en.wikipedia....:Search?search={searchTerms}IE - HKLM\..\SearchScopes,DefaultScope =IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKLM\..\SearchScopes\{4259AC01-F6A2-4A70-A8E4-9BE0CC046871}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBoxIE - HKLM\..\SearchScopes\{89502D89-2EC5-4E93-AB72-3AA92ECE22A9}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushplIE - HKLM\..\SearchScopes\{9F5FE331-8BCF-4828-AB81-CED4D4650173}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDFIE - HKCU\..\SearchScopes,DefaultScope =IE - HKCU\..\SearchScopes\{4259AC01-F6A2-4A70-A8E4-9BE0CC046871}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBoxIE - HKCU\..\SearchScopes\{89502D89-2EC5-4E93-AB72-3AA92ECE22A9}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushplIE - HKCU\..\SearchScopes\{9F5FE331-8BCF-4828-AB81-CED4D4650173}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDFFF - user.js - File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not foundFF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found[2010/12/25 12:33:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ree'Dawn\AppData\Roaming\Mozilla\Extensions[2013/11/20 15:04:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ree'Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\kv6axn5y.default\extensions[2013/10/16 10:38:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensionsO3 - HKLM\..\Toolbar: (no name) - {06C7AD57-B655-418D-9AB8-9526A6D2E052} - No CLSID value found.O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)O4 - HKLM..\Run: [] File not foundO18:64bit: - Protocol\Handler\livecall - No CLSID value foundO18:64bit: - Protocol\Handler\ms-help - No CLSID value foundO18:64bit: - Protocol\Handler\msnim - No CLSID value foundO18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value foundO18:64bit: - Protocol\Handler\wlpg - No CLSID value found:Commands[emptyjava][emptyflash][EMPTYTEMP][RESETHOSTS][CREATERESTOREPOINT][Reboot]# Then click the Run Fix button at the top.# Click # Please post the contents of the fix log file back here if you are prompted to open the file. It can also be found at C:\_OTL\Moved Files as MMDDYYY_HHMMSS.log where MMDDYYY is date format and HHMMSS is time format.Remember to enable your real time protection.Post that return OTL fix log next !ThanksChuck Link to post Share on other sites
flashh4 Posted November 26, 2013 Report Share Posted November 26, 2013 ReeDawn, i will keep this open a little longer by request !! Chuck Link to post Share on other sites
flashh4 Posted November 27, 2013 Report Share Posted November 27, 2013 Due to lack of response this topic is now closed !! If you need it re-opened please PM me or another Mod ! ThanksChuck Link to post Share on other sites
Recommended Posts