Page 1 of 3 123 LastLast
Results 1 to 10 of 22
  1. #1
    Member
    Join Date
    Jan 2008
    Location
    Oregon
    Posts
    18
    Points
    0

    Default Dell Pavilion dv4 has been hijacked

    Hello I have a Dell dv4 that is having problems on the internet, web pages are redirected and pop-ups are many. OS is Window 7. The Dell basically cannot be used to access the internet any longer. The problems started after my daughter attempted to download some video editing software. Please help.

    Here is the HJT log:

    Logfile of Trend Micro HijackThis v2.0.5
    Scan saved at 9:04:10 PM, on 7/21/2014
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v10.0 (10.00.9200.16798)


    Boot mode: Normal

    Running processes:
    C:\Windows\SysWOW64\mjcm\dnkt.exe
    C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
    c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
    E:\HijackThis (1).exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL - News, Sports, Weather, Entertainment, Local & Lifestyle
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = XFINITY by Comcast -- Official Customer Site | Email | Watch TV Online
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8118;https=127.0.0.1:8118
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: CrossriderApp0059568 - {11111111-1111-1111-1111-110511951168} - C:\Program Files (x86)\CinemaHDplus-V1.8\CinemaHDplus-V1.8-bho.dll
    O2 - BHO: PasswordBox Helper - {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll
    O2 - BHO: Funmoods Helper Object - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\PROGRA~2\Funmoods\1.5.23.22\bh\escort.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_22\bin\ssv.dll
    O2 - BHO: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
    O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.7.600\AVG SafeGuard toolbar_toolbar.dll
    O2 - BHO: HelloWorldBHO - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.24.6\bh\delta.dll
    O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.6.0_22\bin\jp2ssv.dll
    O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
    O3 - Toolbar: Funmoods Toolbar - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\PROGRA~2\Funmoods\1.5.23.22\escorTlbr.dll
    O3 - Toolbar: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.7.600\AVG SafeGuard toolbar_toolbar.dll
    O3 - Toolbar: Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.24.6\deltaTlbr.dll
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
    O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
    O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
    O4 - HKLM\..\Run: [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
    O4 - HKLM\..\Run: [IminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
    O4 - HKLM\..\RunOnce: [removeSettingsManagerdatamngr] cmd.exe /c RD /S /Q "C:\Program Files (x86)\Settings Manager"
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1
    O4 - HKCU\..\Run: [ContentExplorer] "C:\Users\Ethan\AppData\Roaming\ContentExplorer\ContentExplorer.exe"
    O4 - HKCU\..\Run: [Itibiti.exe] C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.7\ViProtocol.dll
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O20 - AppInit_DLLs:
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_dc6a6e8ef654da29\AESTSr64.exe
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
    O23 - Service: globalUpdate Update Service (globalUpdate) (globalUpdate) - globalUpdate - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
    O23 - Service: globalUpdate Update Service (globalUpdatem) (globalUpdatem) - globalUpdate - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
    O23 - Service: IBUpdaterService - Unknown owner - C:\Windows\system32\dmwu.exe (file missing)
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: PasswordBox - PasswordBox, Inc. - C:\Program Files (x86)\PasswordBox\pbbtnService.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: sogr - Unknown owner - C:\Windows\Microsoft\sogr\WindowsUpdater.exe
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_dc6a6e8ef654da29\STacSV64.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: vToolbarUpdater18.1.7 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 17025 bytes

    SASW log:

    SUPERAntiSpyware Scan Log
    SUPERAntiSpyware | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    Generated 07/21/2014 at 07:39 AM

    Application Version : 4.30.1004

    Core Rules Database Version : 8206
    Trace Rules Database Version: 6017

    Scan type : Quick Scan
    Total Scan Time : 00:37:10

    Memory items scanned : 752
    Memory threats detected : 0
    Registry items scanned : 523
    Registry threats detected : 46
    File items scanned : 49165
    File threats detected : 34

    Adware.Tracking Cookie
    C:\Users\Ethan\AppData\Roaming\Microsoft\Windows\Cookies\3VP807QU.txt
    C:\Users\Ethan\AppData\Roaming\Microsoft\Windows\Cookies\9NS52BMC.txt
    C:\Users\Ethan\AppData\Roaming\Microsoft\Windows\Cookies\H13C9KQF.txt
    C:\Users\Ethan\AppData\Roaming\Microsoft\Windows\Cookies\WYDANPRJ.txt
    C:\Users\Ethan\AppData\Roaming\Microsoft\Windows\Cookies\J0XK4B5B.txt
    C:\Users\Ethan\AppData\Roaming\Microsoft\Windows\Cookies\VVA9SE3Z.txt
    C:\Users\Ethan\AppData\Roaming\Microsoft\Windows\Cookies\6VX0JOSW.txt
    C:\Users\Ethan\AppData\Roaming\Microsoft\Windows\Cookies\L6QC7M06.txt
    C:\Users\Ethan\AppData\Roaming\Microsoft\Windows\Cookies\RT3AK084.txt
    C:\Users\Ethan\AppData\Roaming\Microsoft\Windows\Cookies\Q85AUTY3.txt
    C:\Users\Ethan\AppData\Roaming\Microsoft\Windows\Cookies\5INZI76M.txt
    C:\Users\Ethan\AppData\Roaming\Microsoft\Windows\Cookies\BH12M9ZV.txt
    C:\Users\Ethan\AppData\Roaming\Microsoft\Windows\Cookies\GVSW4J9V.txt
    C:\Users\Ethan\AppData\Roaming\Microsoft\Windows\Cookies\00TGQ84K.txt
    C:\Users\Ethan\AppData\Roaming\Microsoft\Windows\Cookies\LCB0WV0C.txt
    C:\Users\Ethan\AppData\Roaming\Microsoft\Windows\Cookies\3R8ROQ1V.txt
    C:\Users\Ethan\AppData\Roaming\Microsoft\Windows\Cookies\URI9LVCV.txt
    C:\Users\Ethan\AppData\Roaming\Microsoft\Windows\Cookies\QCUQHFGV.txt
    C:\Users\Ethan\AppData\Roaming\Microsoft\Windows\Cookies\EBHEFSIE.txt
    C:\Users\Ethan\AppData\Roaming\Microsoft\Windows\Cookies\T458QNYQ.txt
    C:\Users\Ethan\AppData\Roaming\Microsoft\Windows\Cookies\IJMQLR2R.txt
    C:\Users\Ethan\AppData\Roaming\Microsoft\Windows\Cookies\FNQ2I8JQ.txt
    C:\Users\Ethan\AppData\Roaming\Microsoft\Windows\Cookies\L99Y667N.txt
    C:\Users\Ethan\AppData\Roaming\Microsoft\Windows\Cookies\PLX0HXBY.txt
    C:\Users\Ethan\AppData\Roaming\Microsoft\Windows\Cookies\KIAVI0K1.txt
    C:\Users\Ethan\AppData\Roaming\Microsoft\Windows\Cookies\0DH69JSY.txt
    C:\Users\Ethan\AppData\Roaming\Microsoft\Windows\Cookies\JXYSASTY.txt
    C:\Users\Ethan\AppData\Roaming\Microsoft\Windows\Cookies\W1DES2UI.txt
    C:\Users\Ethan\AppData\Roaming\Microsoft\Windows\Cookies\42VGHKF3.txt
    C:\Users\Ethan\AppData\Roaming\Microsoft\Windows\Cookies\T9G1Q2OX.txt
    C:\Users\Ethan\AppData\Roaming\Microsoft\Windows\Cookies\27LDNQBW.txt
    C:\Users\Ethan\AppData\Roaming\Microsoft\Windows\Cookies\QV7PAA4G.txt
    C:\Users\Ethan\AppData\Roaming\Microsoft\Windows\Cookies\5FPP3VII.txt
    C:\Users\Ethan\AppData\Roaming\Microsoft\Windows\Cookies\IG33JWNK.txt

    Security.HiJack[ImageFileExecutionOptions]
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BITGUARD.EXE
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BITGUARD.EXE#debugger
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BPROTECT.EXE
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BPROTECT.EXE#debugger
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BPSVC.EXE
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BPSVC.EXE#debugger
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BROWSERDEFENDER.EXE
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BROWSERDEFENDER.EXE#debugger
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BROWSERPROTECT.EXE
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BROWSERPROTECT.EXE#debugger
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BROWSERSAFEGUARD.EXE
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BROWSERSAFEGUARD.EXE#debugger
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DPROTECTSVC.EXE
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DPROTECTSVC.EXE#debugger
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\JUMPFLIP
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\JUMPFLIP#debugger
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PROTECTEDSEARCH.EXE
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PROTECTEDSEARCH.EXE#debugger
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SEARCHINSTALLER.EXE
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SEARCHINSTALLER.EXE#debugger
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SEARCHPROTECTION.EXE
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SEARCHPROTECTION.EXE#debugger
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SEARCHPROTECTOR.EXE
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SEARCHPROTECTOR.EXE#debugger
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SEARCHSETTINGS.EXE
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SEARCHSETTINGS.EXE#debugger
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SEARCHSETTINGS64.EXE
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SEARCHSETTINGS64.EXE#debugger
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SNAPDO.EXE
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SNAPDO.EXE#debugger
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\STINST32.EXE
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\STINST32.EXE#debugger
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\STINST64.EXE
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\STINST64.EXE#debugger
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UMBRELLA.EXE
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UMBRELLA.EXE#debugger
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UTILJUMPFLIP.EXE
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UTILJUMPFLIP.EXE#debugger
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VOLARO
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VOLARO#debugger
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VONTEERA
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VONTEERA#debugger
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WEBSTEROIDS.EXE
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WEBSTEROIDS.EXE#debugger
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WEBSTEROIDSSERVICE.EXE
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WEBSTEROIDSSERVICE.EXE#debugger

    MBAM log:

    Malwarebytes' Anti-Malware 1.41
    Database version: 3195
    Windows 6.1.7601 Service Pack 1

    7/21/2014 2:03:23 AM
    mbam-log-2014-07-21 (02-03-23).txt

    Scan type: Full Scan (C:\|D:\|)
    Objects scanned: 400044
    Time elapsed: 2 hour(s), 8 minute(s), 13 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

  2. #2
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Hello estein275
    ,
    • Welcome to Help2Go.
    • My name is fireman4it and I will be helping you with your Malware problem.

      Please take note of some guidelines for this fix:
    • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
    • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
    • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".

      .

    • Finally, please reply using the Submit Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
    • I will be analyzing your log. I will get back to you with instructions.


    1.

    Please download AdwCleaner by Xplode and save to your Desktop.
    • Double click on AdwCleaner.exe to run the tool .
    • Click on the Scan button.[/*]
    • AdwCleaner will begin to scan your computer.[/*]
    • After the scan has finished...
    • Click on the Clean button.[/*]
    • Press OK when asked to close all programs and follow the onscreen prompts.[/*]
    • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.[/*]
    • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).[/*]
    • Copy and paste the contents of that logfile in your next reply.[/*]
    • A copy of that logfile will also be saved in the C:\AdwCleaner folder.[/*]


    2.
    Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will produce a log called FRST.txt in the same directory the tool is run from.
    • Please copy and paste log back here.
    • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  3. #3
    Member
    Join Date
    Jan 2008
    Location
    Oregon
    Posts
    18
    Points
    0

    Default

    The required logs are below. The Dell Pavilion is not working on the web, so i had to save the logs to dvd and use a different PC to post. I did my best to scan the dvd. I hope that I am not at risk of infecting another PC.

    # AdwCleaner v3.216 - Report created 22/07/2014 at 20:51:19
    # Updated 17/07/2014 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : Ethan - ETHAN-PC
    # Running from : E:\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****

    [#] Service Deleted : globalUpdate
    [#] Service Deleted : globalUpdatem
    [#] Service Deleted : IBUpdaterService
    Service Deleted : vToolbarUpdater18.1.7

    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar
    Folder Deleted : C:\ProgramData\AVG Secure Search
    Folder Deleted : C:\ProgramData\Babylon
    Folder Deleted : C:\ProgramData\BitGuard
    Folder Deleted : C:\ProgramData\DataMngr
    Folder Deleted : C:\ProgramData\PC Optimizer Pro
    Folder Deleted : C:\ProgramData\torchcrashhandler
    Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\open it!
    Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar
    Folder Deleted : C:\Program Files (x86)\CinemaHDplus-V1.8
    Folder Deleted : C:\Program Files (x86)\Delta
    Folder Deleted : C:\Program Files (x86)\Funmoods
    Folder Deleted : C:\Program Files (x86)\globalUpdate
    Folder Deleted : C:\Program Files (x86)\Linkey
    Folder Deleted : C:\Program Files (x86)\openit
    Folder Deleted : C:\Program Files (x86)\Optimizer Pro
    Folder Deleted : C:\Program Files (x86)\SearchProtect
    Folder Deleted : C:\Program Files (x86)\Settings Manager
    Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
    Folder Deleted : C:\Windows\SysWOW64\ARFC
    Folder Deleted : C:\Windows\SysWOW64\jmdp
    Folder Deleted : C:\Windows\SysWOW64\WNLT
    Folder Deleted : C:\Program Files\003
    Folder Deleted : C:\Program Files\PC Optimizer Pro
    Folder Deleted : C:\Program Files\SupraSavings
    Folder Deleted : C:\Windows\System32\ljkb
    [!] Folder Deleted : C:\Users\Ethan\AppData\Local\AVG SafeGuard toolbar
    Folder Deleted : C:\Users\Ethan\AppData\Local\globalUpdate
    Folder Deleted : C:\Users\Ethan\AppData\Local\SearchProtect
    Folder Deleted : C:\Users\Ethan\AppData\Local\Temp\Iminent
    Folder Deleted : C:\Users\Ethan\AppData\LocalLow\AVG SafeGuard toolbar
    Folder Deleted : C:\Users\Ethan\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
    Folder Deleted : C:\Users\Ethan\AppData\Roaming\BabSolution
    Folder Deleted : C:\Users\Ethan\AppData\Roaming\Babylon
    Folder Deleted : C:\Users\Ethan\AppData\Roaming\Delta
    Folder Deleted : C:\Users\Ethan\AppData\Roaming\DSite
    Folder Deleted : C:\Users\Ethan\AppData\Roaming\file scout
    Folder Deleted : C:\Users\Ethan\AppData\Roaming\Settings Manager
    Folder Deleted : C:\Users\Ethan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
    Folder Deleted : C:\Users\Ethan\Documents\Optimizer Pro
    Folder Deleted : C:\Users\Savannah\AppData\Local\AVG SafeGuard toolbar
    Folder Deleted : C:\Users\Savannah\AppData\Local\iLivid
    Folder Deleted : C:\Users\Savannah\AppData\Local\Mysearchdial
    Folder Deleted : C:\Users\Savannah\AppData\Local\SearchProtect
    Folder Deleted : C:\Users\Savannah\AppData\Local\torch
    Folder Deleted : C:\Users\Savannah\AppData\Local\Temp\Iminent
    Folder Deleted : C:\Users\Savannah\AppData\LocalLow\AVG SafeGuard toolbar
    Folder Deleted : C:\Users\Savannah\AppData\Roaming\DigitalSites
    Folder Deleted : C:\Users\Savannah\AppData\Roaming\DSite
    Folder Deleted : C:\Users\Savannah\AppData\Roaming\Mysearchdial
    Folder Deleted : C:\Users\Savannah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\torch
    Folder Deleted : C:\Users\Savannah\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdihkdldaicijakhchgojcokhpamkibi
    Folder Deleted : C:\Users\Savannah\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc
    Folder Deleted : C:\Users\Ethan\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
    Folder Deleted : C:\Users\Ethan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdloijijlkoblmigdofommgnheckmaki
    Folder Deleted : C:\Users\Ethan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
    File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
    File Deleted : C:\Windows\System32\dmwu.exe
    File Deleted : C:\Windows\System32\ImhxxpComm.dll
    File Deleted : C:\Users\Ethan\AppData\Local\funmoods.crx
    File Deleted : C:\Users\Ethan\AppData\LocalLow\SkwConfig.bin
    File Deleted : C:\Users\Savannah\AppData\LocalLow\SkwConfig.bin
    File Deleted : C:\Users\Savannah\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\iLivid.lnk
    File Deleted : C:\Users\Savannah\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Torch.lnk
    File Deleted : C:\Users\Savannah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
    File Deleted : C:\Users\Savannah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk
    File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\default-search.xml
    File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\default-search.xml
    File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\safeguard-secure-search.xml
    File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
    File Deleted : C:\Users\Ethan\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
    File Deleted : C:\Users\Savannah\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
    File Deleted : C:\Users\Ethan\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
    File Deleted : C:\Users\Savannah\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
    File Deleted : C:\Users\Ethan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage
    File Deleted : C:\Users\Ethan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
    File Deleted : C:\Users\Savannah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
    File Deleted : C:\Users\Ethan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.golsearch.com_0.localstorage
    File Deleted : C:\Users\Ethan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.golsearch.com_0.localstorage-journal
    File Deleted : C:\Users\Ethan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.iminent.com_0.localstorage
    File Deleted : C:\Users\Ethan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.iminent.com_0.localstorage-journal
    File Deleted : C:\Users\Ethan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
    File Deleted : C:\Users\Savannah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
    File Deleted : C:\Users\Ethan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
    File Deleted : C:\Users\Savannah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
    File Deleted : C:\Users\Ethan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage
    File Deleted : C:\Users\Savannah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage
    File Deleted : C:\Users\Ethan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journal
    File Deleted : C:\Users\Savannah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journal
    File Deleted : C:\Users\Ethan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.livelyrics00.live-lyrics.com_0.localstorage
    File Deleted : C:\Users\Ethan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.livelyrics00.live-lyrics.com_0.localstorage-journal
    File Deleted : C:\Windows\Tasks\DSite.job
    File Deleted : C:\Windows\System32\Tasks\DSite
    File Deleted : C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
    File Deleted : C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
    File Deleted : C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
    File Deleted : C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
    File Deleted : C:\Windows\Tasks\MySearchDial.job
    File Deleted : C:\Windows\System32\Tasks\MySearchDial
    File Deleted : C:\Windows\Tasks\4e8a9e43-7094-4ab2-9ed5-1dba635bbf30-1.job
    File Deleted : C:\Windows\System32\Tasks\4e8a9e43-7094-4ab2-9ed5-1dba635bbf30-1
    File Deleted : C:\Windows\Tasks\4e8a9e43-7094-4ab2-9ed5-1dba635bbf30-11.job
    File Deleted : C:\Windows\System32\Tasks\4e8a9e43-7094-4ab2-9ed5-1dba635bbf30-11
    File Deleted : C:\Windows\Tasks\4e8a9e43-7094-4ab2-9ed5-1dba635bbf30-2.job
    File Deleted : C:\Windows\System32\Tasks\4e8a9e43-7094-4ab2-9ed5-1dba635bbf30-2
    File Deleted : C:\Windows\Tasks\4e8a9e43-7094-4ab2-9ed5-1dba635bbf30-3.job
    File Deleted : C:\Windows\System32\Tasks\4e8a9e43-7094-4ab2-9ed5-1dba635bbf30-3
    File Deleted : C:\Windows\Tasks\4e8a9e43-7094-4ab2-9ed5-1dba635bbf30-4.job
    File Deleted : C:\Windows\System32\Tasks\4e8a9e43-7094-4ab2-9ed5-1dba635bbf30-4
    File Deleted : C:\Windows\Tasks\4e8a9e43-7094-4ab2-9ed5-1dba635bbf30-5.job
    File Deleted : C:\Windows\System32\Tasks\4e8a9e43-7094-4ab2-9ed5-1dba635bbf30-5
    File Deleted : C:\Windows\Tasks\4e8a9e43-7094-4ab2-9ed5-1dba635bbf30-5_user.job
    File Deleted : C:\Windows\System32\Tasks\4e8a9e43-7094-4ab2-9ed5-1dba635bbf30-5_user
    File Deleted : C:\Windows\Tasks\4e8a9e43-7094-4ab2-9ed5-1dba635bbf30-6.job
    File Deleted : C:\Windows\System32\Tasks\4e8a9e43-7094-4ab2-9ed5-1dba635bbf30-6
    File Deleted : C:\Windows\Tasks\4e8a9e43-7094-4ab2-9ed5-1dba635bbf30-7.job
    File Deleted : C:\Windows\System32\Tasks\4e8a9e43-7094-4ab2-9ed5-1dba635bbf30-7

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
    Key Deleted : HKCU\Software\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
    Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
    Key Deleted : HKLM\SOFTWARE\Classes\*\shell\filescout
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
    Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
    Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
    Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
    Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore
    Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
    Key Deleted : HKLM\SOFTWARE\Classes\delta.deltadskBnd
    Key Deleted : HKLM\SOFTWARE\Classes\delta.deltadskBnd.1
    Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaHlpr
    Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1
    Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
    Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
    Key Deleted : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
    Key Deleted : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
    Key Deleted : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc
    Key Deleted : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1
    Key Deleted : HKLM\SOFTWARE\Classes\f
    Key Deleted : HKLM\SOFTWARE\Classes\funmoods.dskBnd
    Key Deleted : HKLM\SOFTWARE\Classes\funmoods.dskBnd.1
    Key Deleted : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr
    Key Deleted : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr.1
    Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore
    Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
    Key Deleted : HKLM\SOFTWARE\Classes\S
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyDeltaTB_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyDeltaTB_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetimsetup_rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetimsetup_rasmancs
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Iminent]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [IminentMessenger]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
    Value Deleted : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x64]
    Value Deleted : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x86]
    Key Deleted : HKCU\Software\536d6dfe76de813
    Key Deleted : HKLM\SOFTWARE\536d6dfe76de813
    Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0059568.BHO
    Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0059568.BHO.1
    Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0059568.Sandbox
    Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0059568.Sandbox.1
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7CD74AFF-3433-4E34-92E2-D98DFDB30754}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511951168}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522952268}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555955568}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566956668}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544954468}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511951168}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{54739D49-AC03-4C57-9264-C5195596B3A1}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110511951168}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{82E1477C-B154-48D3-9891-33D83C26BCD3}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{84FF7BD6-B47F-46F8-9130-01B2696B36CB}]
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511951168}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522952268}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555955568}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566956668}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511951168}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKCU\Software\AVG SafeGuard toolbar
    Key Deleted : HKCU\Software\BABSOLUTION
    Key Deleted : HKCU\Software\Cr_Installer
    Key Deleted : HKCU\Software\DataMngr
    [#] Key Deleted : HKCU\Software\DataMngr_Toolbar
    Key Deleted : HKCU\Software\Delta
    Key Deleted : HKCU\Software\dsiteproducts
    Key Deleted : HKCU\Software\GlobalUpdate
    Key Deleted : HKCU\Software\IM
    Key Deleted : HKCU\Software\ImInstaller
    Key Deleted : HKCU\Software\InstallCore
    Key Deleted : HKCU\Software\Linkey
    Key Deleted : HKCU\Software\pc optimizer pro
    Key Deleted : HKCU\Software\SweetIM
    Key Deleted : HKCU\Software\WNLT
    Key Deleted : HKCU\Software\YahooPartnerToolbar
    Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
    Key Deleted : HKCU\Software\AppDataLow\Software\suprasavings
    Key Deleted : HKLM\Software\AVG SafeGuard toolbar
    Key Deleted : HKLM\Software\AVG Security Toolbar
    Key Deleted : HKLM\Software\DataMngr
    Key Deleted : HKLM\Software\Delta
    Key Deleted : HKLM\Software\GlobalUpdate
    Key Deleted : HKLM\Software\Iminent
    Key Deleted : HKLM\Software\installedbrowserextensions
    Key Deleted : HKLM\Software\InstallIQ
    Key Deleted : HKLM\Software\SearchProtect
    Key Deleted : HKLM\Software\SweetIM
    Key Deleted : HKLM\Software\SystemK
    Key Deleted : HKLM\Software\WNLT
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DSite
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods Web Search
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\openit open it!
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
    Key Deleted : [x64] HKLM\SOFTWARE\Iminent
    Key Deleted : [x64] HKLM\SOFTWARE\installedbrowserextensions
    Key Deleted : [x64] HKLM\SOFTWARE\suprasavings
    Key Deleted : [x64] HKLM\SOFTWARE\WNLT
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\suprasavings

    ***** [ Browsers ] *****

    -\\ Internet Explorer v10.0.9200.16798


    -\\ Google Chrome v36.0.1985.125

    [ File : C:\Users\Savannah\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    Deleted [Startup_urls] : hxxp://start.iminent.com/?appId=636411F7-9EAE-4F72-8523-B1573FAECAA4
    Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
    Deleted [Extension] : cdihkdldaicijakhchgojcokhpamkibi
    Deleted [Extension] : ejocekekgcaldnmjngfdbmbeebcekelc
    Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
    Deleted [Extension] : ogccgbmabaphcakpiclgcnmcnimhokcj

    *************************

    AdwCleaner[R0].txt - [33695 octets] - [22/07/2014 20:48:35]
    AdwCleaner[S0].txt - [31478 octets] - [22/07/2014 20:51:19]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [31539 octets] ##########


    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2014
    Ran by Ethan (administrator) on ETHAN-PC on 22-07-2014 21:00:38
    Running from E:\
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 10
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool
    Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

    ==================== Processes (Whitelisted) =================

    (AMD) C:\Windows\System32\atiesrxx.exe
    (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_dc6a6e8ef654da29\stacsv64.exe
    (Hewlett-Packard) C:\Windows\System32\hpservice.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_dc6a6e8ef654da29\AESTSr64.exe
    (LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    (PasswordBox, Inc.) C:\Program Files (x86)\PasswordBox\pbbtnService.exe
    () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    () C:\Windows\Microsoft\sogr\WindowsUpdater.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (The Privoxy team - Privoxy - Home Page) C:\Program Files (x86)\Speed Optimizer Guru\runtime\Privoxy\privoxy.exe
    (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
    () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    (Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
    (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
    (SUPERAntiSpyware.com) C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
    (ContentExplorer) C:\Users\Ethan\AppData\Roaming\ContentExplorer\ContentExplorer.exe
    (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    ( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    (CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    (CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    () C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe


    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [318464 2009-05-14] (Alps Electric Co., Ltd.)
    HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-29] (IDT, Inc.)
    HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610872 2009-07-21] ()
    HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre6\bin\jusched.exe [171520 2009-08-24] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-02] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [HPCam_Menu] => c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.)
    HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [320056 2009-06-24] ( Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [Malwarebytes Anti-Malware (reboot)] => C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe [1312080 2009-09-10] (Malwarebytes Corporation)
    HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [500792 2010-05-20] (Hewlett-Packard Company)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-07-05] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2011-08-19] (Apple Inc.)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [4086432 2014-07-20] (AVAST Software)
    HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-07-08] (Hewlett-Packard)
    Winlogon\Notify\!SASWinLogon-x32: C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
    HKU\.DEFAULT\...\Policies\system: [WallpaperStyle] 2
    HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
    HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
    HKU\S-1-5-21-3619020360-3904815862-2617846312-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2010-03-19] (Hewlett-Packard Company)
    HKU\S-1-5-21-3619020360-3904815862-2617846312-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe [2001648 2009-11-11] (SUPERAntiSpyware.com)
    HKU\S-1-5-21-3619020360-3904815862-2617846312-1000\...\Run: [Weather] => C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1
    HKU\S-1-5-21-3619020360-3904815862-2617846312-1000\...\Run: [ContentExplorer] => C:\Users\Ethan\AppData\Roaming\ContentExplorer\ContentExplorer.exe [2429680 2014-07-01] (ContentExplorer)
    HKU\S-1-5-21-3619020360-3904815862-2617846312-1000\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
    HKU\S-1-5-21-3619020360-3904815862-2617846312-1000\...\Policies\system: [WallpaperStyle] 2
    HKU\S-1-5-21-3619020360-3904815862-2617846312-1000\...\Policies\system: [LogonHoursAction] 2
    HKU\S-1-5-21-3619020360-3904815862-2617846312-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
    Startup: C:\Users\Ethan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
    ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
    ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
    ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
    ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
    ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShA64.dll (AVAST Software)
    ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers-x32: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
    ShellIconOverlayIdentifiers-x32: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
    ShellIconOverlayIdentifiers-x32: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
    ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers-x32: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File

    ==================== Internet (Whitelisted) ====================

    ProxyEnable: Internet Explorer proxy is enabled.
    ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = XFINITY by Comcast -- Official Customer Site | Email | Watch TV Online
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL - News, Sports, Weather, Entertainment, Local & Lifestyle
    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM - {26D0B1F1-F5C7-4908-94A4-6C9F2C247C45} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2496} URL = http://www.default-search.net/search?sid=496&aid=101&itype=n&ver=12565&tm=397&src=ds&p={searchTerms}
    SearchScopes: HKLM-x32 - DefaultScope value is missing.
    SearchScopes: HKLM-x32 - {26D0B1F1-F5C7-4908-94A4-6C9F2C247C45} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2496} URL = http://www.default-search.net/search?sid=496&aid=101&itype=n&ver=12565&tm=397&src=ds&p={searchTerms}
    SearchScopes: HKCU - {26D0B1F1-F5C7-4908-94A4-6C9F2C247C45} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2496} URL = http://www.default-search.net/search?sid=496&aid=101&itype=n&ver=12565&tm=397&src=ds&p={searchTerms}
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
    BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
    BHO-x32: PasswordBox Helper -> {5DB69B97-934B-451D-94DB-32EF802A01CD} -> C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.6.0_22\bin\ssv.dll (Sun Microsystems, Inc.)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: hpBHO Class -> {ABD3B5E1-B268-407B-A150-2641DAB8D898} -> C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)
    BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.6.0_22\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
    BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
    Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
    Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
    Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    ShellExecuteHooks-x32: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL [77824 2008-05-13] (SuperAdBlocker.com)

    FireFox:
    ========
    FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin-x32: @java.com/DTPlugin - C:\Program Files (x86)\Java\jre1.6.0_22\bin\npDeployJava1.dll (Sun Microsystems, Inc.)
    FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre1.6.0_22\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.0.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKCU: @movenetworks.com/Quantum Media Player - C:\Users\Ethan\AppData\Roaming\Move Networks\plugins\npqmp071705000014.dll (Move Networks)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
    FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-03-18]
    FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} [2013-03-18]
    FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009-08-24]
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
    FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-05-25]
    FF HKLM-x32\...\Firefox\Extensions: [firefox@passwordbox.com] - C:\Program Files (x86)\PasswordBox\Firefox
    FF Extension: PasswordBox - C:\Program Files (x86)\PasswordBox\Firefox [2013-11-21]
    FF HKCU\...\Firefox\Extensions: [moveplayer@movenetworks.com] - C:\Users\Ethan\AppData\Roaming\Move Networks
    FF Extension: Move Media Player - C:\Users\Ethan\AppData\Roaming\Move Networks [2009-11-24]

    Chrome:
    =======
    Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
    CHR Extension: (Google Drive) - C:\Users\Ethan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-11-15]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ethan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-28]
    CHR Extension: (YouTube) - C:\Users\Ethan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-05-25]
    CHR Extension: (Google Search) - C:\Users\Ethan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-05-25]
    CHR Extension: (No Name) - C:\Users\Ethan\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde [2013-09-07]
    CHR Extension: (No Name) - C:\Users\Ethan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdloijijlkoblmigdofommgnheckmaki [2012-07-02]
    CHR Extension: (No Name) - C:\Users\Ethan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2013-08-22]
    CHR Extension: (Google Wallet) - C:\Users\Ethan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
    CHR Extension: (Gmail) - C:\Users\Ethan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-05-25]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2014-07-20]

    ==================== Services (Whitelisted) =================

    R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_dc6a6e8ef654da29\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
    R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-07-20] (AVAST Software)
    R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
    R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
    R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
    R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [923136 2009-05-21] (Hewlett-Packard Co.) [File not signed]
    R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-03-19] (Hewlett-Packard Company) [File not signed]
    R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
    R2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2014-05-14] (PasswordBox, Inc.) [File not signed]
    R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
    R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-01-21] ()
    R2 sogr; C:\Windows\Microsoft\sogr\WindowsUpdater.exe [18944 2014-06-19] () [File not signed]
    R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_dc6a6e8ef654da29\STacSV64.exe [240128 2009-06-29] (IDT, Inc.)

    ==================== Drivers (Whitelisted) ====================

    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-20] ()
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-20] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-20] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-20] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-20] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-20] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-20] (AVAST Software)
    R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-12-19] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-20] ()
    R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-06-24] (AVG Technologies)
    S1 SASDIFSV; C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS [9968 2009-11-11] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [File not signed]
    S3 SASENUM; C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [7408 2009-11-11] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [File not signed]
    S1 SASKUTIL; C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys [74480 2009-11-11] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [File not signed]

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2014-07-22 20:58 - 2014-07-22 21:01 - 00000000 ____D () C:\FRST
    2014-07-22 20:48 - 2014-07-22 20:52 - 00000000 ____D () C:\AdwCleaner
    2014-07-21 19:59 - 2014-07-21 19:59 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ethan\Downloads\mbam-setup-2.0.2.1012 (1).exe
    2014-07-21 19:34 - 2014-07-21 19:35 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ethan\Downloads\mbam-setup-2.0.2.1012.exe
    2014-07-21 19:21 - 2014-07-21 19:21 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForEthan
    2014-07-20 09:57 - 2014-07-20 09:57 - 00000000 ____D () C:\Users\Ethan\AppData\Roaming\DropboxMaster
    2014-07-20 09:56 - 2014-07-20 09:56 - 00000000 ____D () C:\Users\Ethan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    2014-07-20 09:55 - 2014-07-20 09:57 - 00000000 ____D () C:\Users\Ethan\AppData\Roaming\Dropbox
    2014-07-20 09:38 - 2014-07-20 09:38 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
    2014-07-20 09:38 - 2014-07-20 09:38 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
    2014-07-17 19:32 - 2014-07-17 19:32 - 00000000 ____D () C:\Users\Ethan\AppData\Roaming\aipai
    2014-07-17 19:31 - 2014-07-20 08:25 - 00000000 ____D () C:\SmartPixel
    2014-07-17 19:31 - 2014-07-17 19:31 - 00001596 _____ () C:\Users\Savannah\Desktop\SmartPixel.lnk
    2014-07-17 19:31 - 2014-07-17 19:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartPixel
    2014-07-03 16:13 - 2014-07-10 21:00 - 00000000 ____D () C:\Users\Ethan\.gimp-2.6
    2014-07-03 16:13 - 2014-07-03 16:13 - 00000000 ____D () C:\Users\Ethan\.gegl-0.0
    2014-07-03 16:09 - 2014-02-18 22:52 - 00159032 _____ (Microsoft Corporation) C:\Windows\system32\ATL90.dll
    2014-07-03 13:40 - 2014-07-03 13:40 - 00251081 _____ () C:\Users\Ethan\Downloads\MVI_0558 (1).MOV
    2014-07-02 16:37 - 2014-07-02 16:37 - 00003460 _____ () C:\Windows\System32\Tasks\ProPCCleaner_Popup
    2014-07-02 16:37 - 2014-07-02 16:37 - 00003196 _____ () C:\Windows\System32\Tasks\ProPCCleaner_Start
    2014-07-02 16:36 - 2014-07-02 16:37 - 00000000 ____D () C:\Users\Ethan\Documents\ProPCCleaner
    2014-07-02 16:36 - 2014-07-02 16:36 - 00000000 ____D () C:\Users\Ethan\AppData\Local\Pro_PC_Cleaner
    2014-07-01 14:13 - 2014-07-01 14:14 - 00000000 ____D () C:\Users\Savannah\Downloads\BiblioCraft Mod Installer 1.6.4
    2014-07-01 14:01 - 2014-07-17 11:45 - 00000000 ____D () C:\Users\Ethan\AppData\Roaming\ContentExplorer
    2014-07-01 13:53 - 2014-07-02 17:53 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
    2014-07-01 13:52 - 2014-07-01 14:02 - 00000000 ____D () C:\Program Files (x86)\Speed Optimizer Guru
    2014-07-01 13:49 - 2014-07-01 13:49 - 00420128 _____ (Setup Process) C:\Users\Savannah\Downloads\Bibliocraft1.6.4.exe
    2014-07-01 13:43 - 2014-07-01 13:44 - 15914540 _____ (Montoyo Systems, vInc.) C:\Users\Savannah\Downloads\WDI_0.9.exe
    2014-07-01 13:29 - 2014-07-01 13:30 - 00000000 ____D () C:\Users\Savannah\AppData\Roaming\skyz
    2014-07-01 13:23 - 2014-07-01 14:19 - 00000000 ____D () C:\Minecraft_Backup
    2014-07-01 13:20 - 2014-07-22 19:34 - 00000000 ____D () C:\Windows\SysWOW64\mjcm
    2014-07-01 13:20 - 2014-07-22 19:34 - 00000000 ____D () C:\Windows\system32\tprb
    2014-07-01 13:10 - 2014-07-01 13:10 - 00588979 _____ () C:\Users\Savannah\Downloads\Rpg Inventory Mod Installer 1.6.4.zip
    2014-06-25 21:03 - 2014-06-25 21:03 - 00000000 ____D () C:\Users\Savannah\Tracing
    2014-06-25 20:53 - 2014-06-25 20:53 - 00000000 ____D () C:\Windows\en
    2014-06-25 20:52 - 2014-06-25 20:52 - 00001374 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
    2014-06-25 20:52 - 2014-06-25 20:52 - 00001305 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
    2014-06-25 20:52 - 2014-06-25 20:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
    2014-06-25 20:52 - 2014-06-25 20:52 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
    2014-06-25 20:51 - 2014-06-25 20:51 - 00001458 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
    2014-06-25 20:50 - 2014-06-25 20:50 - 00002486 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
    2014-06-25 20:48 - 2014-06-25 20:48 - 00000000 ____D () C:\Program Files\Windows Live
    2014-06-25 20:39 - 2014-06-25 20:39 - 01239752 _____ (Microsoft Corporation) C:\Users\Savannah\Downloads\wlsetup-web (1).exe
    2014-06-25 20:22 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
    2014-06-25 20:22 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
    2014-06-25 20:22 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
    2014-06-25 20:22 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
    2014-06-25 20:22 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
    2014-06-25 20:22 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
    2014-06-25 20:22 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
    2014-06-25 20:22 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
    2014-06-25 20:21 - 2014-06-25 20:21 - 00772430 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
    2014-06-25 20:19 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
    2014-06-25 20:19 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
    2014-06-25 20:17 - 2014-06-25 20:43 - 00000556 _____ () C:\Windows\DirectX.log
    2014-06-25 20:16 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
    2014-06-25 20:16 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
    2014-06-25 19:55 - 2014-06-25 19:55 - 00002187 _____ () C:\Users\Savannah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
    2014-06-25 19:55 - 2014-06-25 19:55 - 00002104 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
    2014-06-25 19:55 - 2014-06-25 19:55 - 00002104 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
    2014-06-25 19:55 - 2014-06-25 19:55 - 00000000 ___RD () C:\Users\Savannah\OneDrive
    2014-06-25 19:55 - 2014-06-25 19:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft OneDrive
    2014-06-25 19:55 - 2014-06-25 19:55 - 00000000 ____D () C:\c2d5b4e7bd2975652066cb
    2014-06-25 19:54 - 2014-06-25 19:54 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
    2014-06-25 19:53 - 2014-07-17 15:38 - 00000000 ____D () C:\Users\Ethan\AppData\Local\Windows Live
    2014-06-25 19:51 - 2014-06-25 19:51 - 01239752 _____ (Microsoft Corporation) C:\Users\Savannah\Downloads\wlsetup-web.exe

    ==================== One Month Modified Files and Folders =======

    2014-07-22 21:02 - 2009-07-13 21:45 - 00023024 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-07-22 21:02 - 2009-07-13 21:45 - 00023024 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-07-22 21:01 - 2014-07-22 20:58 - 00000000 ____D () C:\FRST
    2014-07-22 21:01 - 2009-10-20 14:46 - 01465229 _____ () C:\Windows\WindowsUpdate.log
    2014-07-22 20:56 - 2011-12-24 18:03 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-07-22 20:55 - 2011-12-24 18:03 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-07-22 20:54 - 2014-04-23 19:36 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForEthan.job
    2014-07-22 20:54 - 2013-08-22 21:49 - 00000000 ____D () C:\Users\Ethan\AppData\Local\AVG SafeGuard toolbar
    2014-07-22 20:54 - 2009-10-20 15:02 - 00415186 _____ () C:\Windows\PFRO.log
    2014-07-22 20:54 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-07-22 20:54 - 2009-07-13 21:51 - 00820683 _____ () C:\Windows\setupact.log
    2014-07-22 20:52 - 2014-07-22 20:48 - 00000000 ____D () C:\AdwCleaner
    2014-07-22 20:06 - 2012-04-12 12:28 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-07-22 19:34 - 2014-07-01 13:20 - 00000000 ____D () C:\Windows\SysWOW64\mjcm
    2014-07-22 19:34 - 2014-07-01 13:20 - 00000000 ____D () C:\Windows\system32\tprb
    2014-07-21 19:59 - 2014-07-21 19:59 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ethan\Downloads\mbam-setup-2.0.2.1012 (1).exe
    2014-07-21 19:35 - 2014-07-21 19:34 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ethan\Downloads\mbam-setup-2.0.2.1012.exe
    2014-07-21 19:30 - 2013-03-18 16:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-07-21 19:30 - 2009-11-20 18:53 - 00000000 ____D () C:\Users\Ethan\AppData\Roaming\Mozilla
    2014-07-21 19:28 - 2012-03-18 10:29 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2014-07-21 19:27 - 2009-11-20 18:53 - 00000000 ____D () C:\Users\Ethan\AppData\Local\Mozilla
    2014-07-21 19:21 - 2014-07-21 19:21 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForEthan
    2014-07-21 19:21 - 2012-07-09 13:29 - 00004184 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
    2014-07-21 19:21 - 2009-11-18 14:19 - 00000000 ____D () C:\Users\Ethan
    2014-07-20 09:57 - 2014-07-20 09:57 - 00000000 ____D () C:\Users\Ethan\AppData\Roaming\DropboxMaster
    2014-07-20 09:57 - 2014-07-20 09:55 - 00000000 ____D () C:\Users\Ethan\AppData\Roaming\Dropbox
    2014-07-20 09:56 - 2014-07-20 09:56 - 00000000 ____D () C:\Users\Ethan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    2014-07-20 09:38 - 2014-07-20 09:38 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
    2014-07-20 09:38 - 2014-07-20 09:38 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
    2014-07-20 09:38 - 2013-12-26 12:38 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
    2014-07-20 09:38 - 2013-12-26 12:21 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
    2014-07-20 09:38 - 2013-12-26 12:21 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
    2014-07-20 09:38 - 2012-12-22 15:15 - 00001977 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    2014-07-20 09:38 - 2012-03-18 09:54 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
    2014-07-20 09:38 - 2011-05-25 17:27 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
    2014-07-20 09:38 - 2011-01-20 21:15 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
    2014-07-20 09:38 - 2009-11-18 18:36 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
    2014-07-20 09:38 - 2009-11-18 18:36 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
    2014-07-20 08:50 - 2010-01-07 17:34 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
    2014-07-20 08:49 - 2011-10-29 16:51 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
    2014-07-20 08:25 - 2014-07-17 19:31 - 00000000 ____D () C:\SmartPixel
    2014-07-20 07:58 - 2013-11-21 17:45 - 00000000 ____D () C:\Program Files (x86)\PasswordBox
    2014-07-17 19:32 - 2014-07-17 19:32 - 00000000 ____D () C:\Users\Ethan\AppData\Roaming\aipai
    2014-07-17 19:31 - 2014-07-17 19:31 - 00001596 _____ () C:\Users\Savannah\Desktop\SmartPixel.lnk
    2014-07-17 19:31 - 2014-07-17 19:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartPixel
    2014-07-17 15:38 - 2014-06-25 19:53 - 00000000 ____D () C:\Users\Ethan\AppData\Local\Windows Live
    2014-07-17 12:07 - 2012-06-26 11:33 - 00000000 ____D () C:\Users\Ethan\AppData\Roaming\vlc
    2014-07-17 11:45 - 2014-07-01 14:01 - 00000000 ____D () C:\Users\Ethan\AppData\Roaming\ContentExplorer
    2014-07-17 11:43 - 2009-07-13 22:08 - 00032616 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2014-07-16 03:10 - 2013-09-26 16:37 - 00829264 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100.dll
    2014-07-16 03:10 - 2013-09-26 16:37 - 00608080 _____ (Microsoft Corporation) C:\Windows\system32\msvcp100.dll
    2014-07-10 21:00 - 2014-07-03 16:13 - 00000000 ____D () C:\Users\Ethan\.gimp-2.6
    2014-07-10 15:58 - 2013-03-16 09:14 - 00000000 ____D () C:\Users\Ethan\AppData\Roaming\.minecraft
    2014-07-10 14:06 - 2012-04-12 12:28 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2014-07-10 14:06 - 2012-04-12 12:28 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2014-07-10 14:06 - 2011-10-23 10:14 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-07-03 16:13 - 2014-07-03 16:13 - 00000000 ____D () C:\Users\Ethan\.gegl-0.0
    2014-07-03 13:42 - 2009-12-24 15:06 - 00000000 ____D () C:\Users\Ethan\AppData\Local\HP
    2014-07-03 13:40 - 2014-07-03 13:40 - 00251081 _____ () C:\Users\Ethan\Downloads\MVI_0558 (1).MOV
    2014-07-03 13:23 - 2013-04-07 11:30 - 00000632 __RSH () C:\Users\Ethan\ntuser.pol
    2014-07-02 17:53 - 2014-07-01 13:53 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
    2014-07-02 17:49 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
    2014-07-02 17:47 - 2009-08-24 14:13 - 00000000 ____D () C:\ProgramData\Temp
    2014-07-02 16:37 - 2014-07-02 16:37 - 00003460 _____ () C:\Windows\System32\Tasks\ProPCCleaner_Popup
    2014-07-02 16:37 - 2014-07-02 16:37 - 00003196 _____ () C:\Windows\System32\Tasks\ProPCCleaner_Start
    2014-07-02 16:37 - 2014-07-02 16:36 - 00000000 ____D () C:\Users\Ethan\Documents\ProPCCleaner
    2014-07-02 16:36 - 2014-07-02 16:36 - 00000000 ____D () C:\Users\Ethan\AppData\Local\Pro_PC_Cleaner
    2014-07-01 15:32 - 2013-05-27 17:04 - 00000000 ____D () C:\Users\Savannah\AppData\Roaming\.minecraft
    2014-07-01 14:19 - 2014-07-01 13:23 - 00000000 ____D () C:\Minecraft_Backup
    2014-07-01 14:14 - 2014-07-01 14:13 - 00000000 ____D () C:\Users\Savannah\Downloads\BiblioCraft Mod Installer 1.6.4
    2014-07-01 14:02 - 2014-07-01 13:52 - 00000000 ____D () C:\Program Files (x86)\Speed Optimizer Guru
    2014-07-01 13:49 - 2014-07-01 13:49 - 00420128 _____ (Setup Process) C:\Users\Savannah\Downloads\Bibliocraft1.6.4.exe
    2014-07-01 13:44 - 2014-07-01 13:43 - 15914540 _____ (Montoyo Systems, vInc.) C:\Users\Savannah\Downloads\WDI_0.9.exe
    2014-07-01 13:30 - 2014-07-01 13:29 - 00000000 ____D () C:\Users\Savannah\AppData\Roaming\skyz
    2014-07-01 13:10 - 2014-07-01 13:10 - 00588979 _____ () C:\Users\Savannah\Downloads\Rpg Inventory Mod Installer 1.6.4.zip
    2014-07-01 11:25 - 2013-08-22 19:37 - 00000072 _____ () C:\Users\Savannah\AppData\Roaming\WB.CFG
    2014-06-25 21:18 - 2009-07-13 22:13 - 00778150 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-06-25 21:03 - 2014-06-25 21:03 - 00000000 ____D () C:\Users\Savannah\Tracing
    2014-06-25 21:03 - 2013-05-27 16:58 - 00000000 ____D () C:\Users\Savannah
    2014-06-25 20:53 - 2014-06-25 20:53 - 00000000 ____D () C:\Windows\en
    2014-06-25 20:52 - 2014-06-25 20:52 - 00001374 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
    2014-06-25 20:52 - 2014-06-25 20:52 - 00001305 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
    2014-06-25 20:52 - 2014-06-25 20:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
    2014-06-25 20:52 - 2014-06-25 20:52 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
    2014-06-25 20:51 - 2014-06-25 20:51 - 00001458 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
    2014-06-25 20:51 - 2009-08-24 13:06 - 00000000 ____D () C:\Program Files (x86)\Windows Live
    2014-06-25 20:50 - 2014-06-25 20:50 - 00002486 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
    2014-06-25 20:48 - 2014-06-25 20:48 - 00000000 ____D () C:\Program Files\Windows Live
    2014-06-25 20:47 - 2009-07-13 20:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
    2014-06-25 20:43 - 2014-06-25 20:17 - 00000556 _____ () C:\Windows\DirectX.log
    2014-06-25 20:39 - 2014-06-25 20:39 - 01239752 _____ (Microsoft Corporation) C:\Users\Savannah\Downloads\wlsetup-web (1).exe
    2014-06-25 20:21 - 2014-06-25 20:21 - 00772430 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
    2014-06-25 19:55 - 2014-06-25 19:55 - 00002187 _____ () C:\Users\Savannah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
    2014-06-25 19:55 - 2014-06-25 19:55 - 00002104 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
    2014-06-25 19:55 - 2014-06-25 19:55 - 00002104 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
    2014-06-25 19:55 - 2014-06-25 19:55 - 00000000 ___RD () C:\Users\Savannah\OneDrive
    2014-06-25 19:55 - 2014-06-25 19:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft OneDrive
    2014-06-25 19:55 - 2014-06-25 19:55 - 00000000 ____D () C:\c2d5b4e7bd2975652066cb
    2014-06-25 19:54 - 2014-06-25 19:54 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
    2014-06-25 19:51 - 2014-06-25 19:51 - 01239752 _____ (Microsoft Corporation) C:\Users\Savannah\Downloads\wlsetup-web.exe
    2014-06-24 11:36 - 2013-12-09 10:43 - 00003749 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
    2014-06-24 11:35 - 2013-08-22 21:48 - 00050464 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys

    Some content of TEMP:
    ====================
    C:\Users\Ethan\AppData\Local\Temp\aswV5Hlp.dll
    C:\Users\Ethan\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpg1l4v7.dll
    C:\Users\Ethan\AppData\Local\Temp\Extract.exe
    C:\Users\Ethan\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe
    C:\Users\Ethan\AppData\Local\Temp\HPHelpUpdater.exe
    C:\Users\Ethan\AppData\Local\Temp\HPQSi.exe
    C:\Users\Ethan\AppData\Local\Temp\ICReinstall_winzip175-mediafire.exe
    C:\Users\Ethan\AppData\Local\Temp\IMsetup.exe
    C:\Users\Ethan\AppData\Local\Temp\jre-6u17-windows-i586-iftw-rv.exe
    C:\Users\Ethan\AppData\Local\Temp\jre-6u20-windows-i586-iftw-rv.exe
    C:\Users\Ethan\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe
    C:\Users\Ethan\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe
    C:\Users\Ethan\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
    C:\Users\Ethan\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
    C:\Users\Ethan\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
    C:\Users\Ethan\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe
    C:\Users\Ethan\AppData\Local\Temp\jre-6u34-windows-i586-iftw.exe
    C:\Users\Ethan\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
    C:\Users\Ethan\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
    C:\Users\Ethan\AppData\Local\Temp\jre-6u38-windows-i586-iftw.exe
    C:\Users\Ethan\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe
    C:\Users\Ethan\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
    C:\Users\Ethan\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
    C:\Users\Ethan\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
    C:\Users\Ethan\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe
    C:\Users\Ethan\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
    C:\Users\Ethan\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
    C:\Users\Ethan\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
    C:\Users\Ethan\AppData\Local\Temp\mgsqlite3.dll
    C:\Users\Ethan\AppData\Local\Temp\MsiToExe.SpeedOptimizerGuruSetup.exe
    C:\Users\Ethan\AppData\Local\Temp\nseE358.exe
    C:\Users\Ethan\AppData\Local\Temp\nsj80A9.exe
    C:\Users\Ethan\AppData\Local\Temp\nsj858A.exe
    C:\Users\Ethan\AppData\Local\Temp\nsj8AB9.exe
    C:\Users\Ethan\AppData\Local\Temp\nsoE819.exe
    C:\Users\Ethan\AppData\Local\Temp\nszEDD5.exe
    C:\Users\Ethan\AppData\Local\Temp\oi_{C6A90F0B-EA0B-4D39-987D-4C586D19233D}.exe
    C:\Users\Ethan\AppData\Local\Temp\optprosetup.exe
    C:\Users\Ethan\AppData\Local\Temp\Quarantine.exe
    C:\Users\Ethan\AppData\Local\Temp\Resource.exe
    C:\Users\Ethan\AppData\Local\Temp\Shortcut_IMsetup.exe
    C:\Users\Ethan\AppData\Local\Temp\SkypeSetup.exe
    C:\Users\Ethan\AppData\Local\Temp\SP45229.exe
    C:\Users\Ethan\AppData\Local\Temp\sp46005.exe
    C:\Users\Ethan\AppData\Local\Temp\SP47025.exe
    C:\Users\Ethan\AppData\Local\Temp\sp47326.exe
    C:\Users\Ethan\AppData\Local\Temp\SP47997.exe
    C:\Users\Ethan\AppData\Local\Temp\sp48071.exe
    C:\Users\Ethan\AppData\Local\Temp\SP48094.exe
    C:\Users\Ethan\AppData\Local\Temp\SP48296.exe
    C:\Users\Ethan\AppData\Local\Temp\SP48392.exe
    C:\Users\Ethan\AppData\Local\Temp\SP48488.exe
    C:\Users\Ethan\AppData\Local\Temp\SP48792.exe
    C:\Users\Ethan\AppData\Local\Temp\SP49018.exe
    C:\Users\Ethan\AppData\Local\Temp\sp49174.exe
    C:\Users\Ethan\AppData\Local\Temp\sp50843.exe.exe
    C:\Users\Ethan\AppData\Local\Temp\sp52110.exe.exe
    C:\Users\Ethan\AppData\Local\Temp\SP52131.exe
    C:\Users\Ethan\AppData\Local\Temp\sp54373.exe
    C:\Users\Ethan\AppData\Local\Temp\sp54620.exe
    C:\Users\Ethan\AppData\Local\Temp\sp58915.exe
    C:\Users\Ethan\AppData\Local\Temp\sp64126.exe
    C:\Users\Ethan\AppData\Local\Temp\SPSetup.exe
    C:\Users\Ethan\AppData\Local\Temp\SSUPDATE.EXE
    C:\Users\Ethan\AppData\Local\Temp\SweetIESetup.exe
    C:\Users\Ethan\AppData\Local\Temp\SweetIMInstallValidator.exe
    C:\Users\Ethan\AppData\Local\Temp\SweetIMSetup.exe
    C:\Users\Ethan\AppData\Local\Temp\SymCCIS.dll
    C:\Users\Ethan\AppData\Local\Temp\UninstallHPSA.exe
    C:\Users\Ethan\AppData\Local\Temp\UninstallHPTCA.exe
    C:\Users\Ethan\AppData\Local\Temp\WSSetup.exe
    C:\Users\Savannah\AppData\Local\Temp\BundleSweetIMSetup.exe
    C:\Users\Savannah\AppData\Local\Temp\ICReinstall_ZipOpenerSetup.exe
    C:\Users\Savannah\AppData\Local\Temp\MybabylonTB.exe
    C:\Users\Savannah\AppData\Local\Temp\propsys.dll
    C:\Users\Savannah\AppData\Local\Temp\SkypeSetup.exe
    C:\Users\Savannah\AppData\Local\Temp\SPSetup.exe


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-06-30 18:31

    ==================== End Of Log ============================


    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-07-2014
    Ran by Ethan at 2014-07-22 21:05:22
    Running from E:\
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
    Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
    Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
    Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version: - )
    Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
    Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.03) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
    Adobe Shockwave Player (HKLM-x32\...\{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}) (Version: 11.0 - Adobe Systems, Inc.)
    Alps Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: - ALPS ELECTRIC CO., LTD.)
    AMD USB Filter Driver (x32 Version: 1.0.11.86 - Advanced Micro Devices, Inc.) Hidden
    Apple Application Support (HKLM-x32\...\{B3575D00-27EF-49C2-B9E0-14B3D954E992}) (Version: 1.5.2 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{439760BC-7737-4386-9B1D-A90A3E8A22EA}) (Version: 3.4.1.2 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
    ATI Catalyst Install Manager (HKLM\...\{E1BCA059-1F06-65C0-3229-58337BE5E373}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
    avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)
    BeerSmith (HKLM-x32\...\BeerSmith) (Version: - )
    Bonjour (HKLM\...\{CA0D2F09-F811-48D4-843E-C87696C6A9D9}) (Version: 3.0.0.2 - Apple Inc.)
    BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
    C309g-m (x32 Version: 130.0.396.000 - Hewlett-Packard) Hidden
    Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
    Catalyst Control Center Core Implementation (x32 Version: 2009.0702.1239.20840 - ATI) Hidden
    Catalyst Control Center Graphics Full Existing (x32 Version: 2009.0702.1239.20840 - ATI) Hidden
    Catalyst Control Center Graphics Full New (x32 Version: 2009.0702.1239.20840 - ATI) Hidden
    Catalyst Control Center Graphics Light (x32 Version: 2009.0702.1239.20840 - ATI) Hidden
    Catalyst Control Center Graphics Previews Common (x32 Version: 2009.0702.1239.20840 - ATI) Hidden
    Catalyst Control Center Graphics Previews Vista (x32 Version: 2009.0702.1239.20840 - ATI) Hidden
    Catalyst Control Center InstallProxy (x32 Version: 2009.0702.1239.20840 - ATI Technologies, Inc.) Hidden
    Catalyst Control Center Localization All (x32 Version: 2009.0702.1239.20840 - ATI) Hidden
    CCC Help Chinese Standard (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
    CCC Help Chinese Traditional (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
    CCC Help Czech (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
    CCC Help Danish (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
    CCC Help Dutch (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
    CCC Help English (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
    CCC Help Finnish (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
    CCC Help French (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
    CCC Help German (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
    CCC Help Greek (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
    CCC Help Hungarian (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
    CCC Help Italian (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
    CCC Help Japanese (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
    CCC Help Korean (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
    CCC Help Norwegian (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
    CCC Help Polish (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
    CCC Help Portuguese (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
    CCC Help Russian (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
    CCC Help Spanish (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
    CCC Help Swedish (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
    CCC Help Thai (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
    CCC Help Turkish (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
    ccc-core-static (x32 Version: 2009.0702.1239.20840 - ATI) Hidden
    ccc-utility64 (Version: 2009.0702.1239.20840 - ATI) Hidden
    CinemaHDplus-V1.8 (HKLM-x32\...\CinemaHDplus-V1.8) (Version: 1.34.6.10 - ChannelHD)
    Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
    Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
    Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
    Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    ContentExplorer (HKLM-x32\...\ContentExplorer) (Version: 1.0.0.0 - ContentExplorer.net)
    CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3101 - CyberLink Corp.)
    CyberLink DVD Suite (x32 Version: 6.0.3101 - CyberLink Corp.) Hidden
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
    DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden
    Dropbox (HKCU\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
    ENE CIR Receiver Driver (HKLM\...\5F4DD0919B4763856B77AD385DEEEFCDF01784A8) (Version: 2.7.3.519 - ENE)
    Free RAR Extract Frog (HKLM-x32\...\Free RAR Extract Frog) (Version: 4.30 - Philipp Winterberg)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
    Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
    GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
    Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
    Homepage Protection (HKLM-x32\...\Homepage Protection) (Version: - AOL Products)
    HP 3D DriveGuard (HKLM\...\{85A42FF0-F0D0-44A3-B226-C124D6E8B1D5}) (Version: 4.0.3.1 - Hewlett-Packard)
    HP Advisor (HKLM-x32\...\{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}) (Version: 3.2.8946.3086 - Hewlett-Packard)
    HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
    HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
    HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
    HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
    HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.0.3123 - Hewlett-Packard)
    HP MediaSmart DVD (x32 Version: 3.0.3123 - Hewlett-Packard) Hidden
    HP MediaSmart Internet TV (HKLM-x32\...\InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}) (Version: 3.0.1916 - Hewlett-Packard)
    HP MediaSmart Internet TV (x32 Version: 3.0.1916 - Hewlett-Packard) Hidden
    HP MediaSmart Live TV (HKLM-x32\...\InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}) (Version: 3.0.1924 - Hewlett-Packard)
    HP MediaSmart Live TV (x32 Version: 3.0.1924 - Hewlett-Packard) Hidden
    HP MediaSmart Movie Themes (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.0.3102 - Hewlett-Packard)
    HP MediaSmart Movie Themes (x32 Version: 3.0.3102 - Hewlett-Packard) Hidden
    HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.0.3123 - Hewlett-Packard)
    HP MediaSmart Music/Photo/Video (x32 Version: 3.0.3123 - Hewlett-Packard) Hidden
    HP MediaSmart SlingPlayer (HKLM-x32\...\{90F6051D-A69F-4159-9203-7E20430E1056}) (Version: 2.1.1.60 - Sling Media, Inc.)
    HP MediaSmart SmartMenu (HKLM\...\{88E60521-1E4E-4785-B9F1-1798A4BD0C30}) (Version: 3.0.30.1 - Hewlett-Packard)
    HP MediaSmart Software Notebook Demo (HKLM-x32\...\{82A213BD-B6AA-4281-A2D3-59D51893CC56}) (Version: 1.00.0000 - Hewlett-Packard)
    HP MediaSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.1913 - Hewlett-Packard)
    HP MediaSmart Webcam (x32 Version: 3.0.1913 - Hewlett-Packard) Hidden
    HP Photosmart Premium C309g-m All-In-One Driver Software 13.0 Rel .6 (HKLM\...\{181AC4C7-B83C-4B5F-B566-E19BF2472429}) (Version: 13.0 - HP)
    HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP)
    HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.3.1 - Hewlett-Packard)
    HP Setup (HKLM-x32\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard)
    HP Smart Web Printing (HKLM-x32\...\HP Smart Web Printing) (Version: 131.1.35898 - Hewlett-Packard)
    HP Smart Web Printing (x32 Version: 131.1.35898 - Hewlett-Packard) Hidden
    HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
    HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
    HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
    HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
    HP User Guides 0146 (HKLM-x32\...\{45E5D641-3C82-4F95-92FB-AE5459DF2988}) (Version: 1.02.0002 - Hewlett-Packard)
    HP Wireless Assistant (HKLM-x32\...\{F9A43C0C-F274-4EC0-B02E-202C15C09C00}) (Version: 3.50.12.1 - Hewlett-Packard)
    HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
    hpPrintProjects (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
    HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
    HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
    hpWLPGInstaller (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
    IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6217.0 - IDT)
    Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
    iTunes (HKLM\...\{997C9EC4-B53D-479D-81B7-0AEC8D174BA1}) (Version: 10.4.1.10 - Apple Inc.)
    Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.510 - Oracle)
    Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
    Java(TM) 6 Update 14 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416014FF}) (Version: 6.0.140 - Sun Microsystems, Inc.)
    Java(TM) 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022F0}) (Version: 6.0.220 - Oracle)
    JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.31.3 - JMicron Technology Corp.)
    Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    KONICA MINOLTA bizhub C353 Series (HKLM\...\KONICA MINOLTA bizhub C353 Series Installer) (Version: - KONICA MINOLTA)
    LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1913 - CyberLink Corp.)
    LabelPrint (x32 Version: 2.5.1913 - CyberLink Corp.) Hidden
    LightScribe System Software (HKLM-x32\...\{3744B641-61DE-417F-BCDC-9CCED4224DF8}) (Version: 1.18.13.1 - LightScribe)
    LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.97 - LSI Corporation)
    Malwarebytes' Anti-Malware (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: - Malwarebytes Corporation)
    MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
    Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
    Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.560.0 - Microsoft Live Search Toolbar)
    Microsoft Live Search Toolbar (x32 Version: 3.0.560.0 - Microsoft Corporation) Hidden
    Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version: - )
    Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
    Move Media Player (HKCU\...\Move Media Player) (Version: - Move Networks)
    Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
    MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Network64 (Version: 130.0.374.000 - Hewlett-Packard) Hidden
    OpenOffice.org 3.3 (HKLM-x32\...\{3E171899-0175-47CC-84C4-562ACDD4C021}) (Version: 3.3.9567 - OpenOffice.org)
    PDF Creator (HKLM\...\PDF Creator) (Version: - )
    PDF Writer Packages (HKCU\...\PDF Writer Packages) (Version: - ) <==== ATTENTION
    Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.)
    Power2Go (x32 Version: 6.0.3101 - CyberLink Corp.) Hidden
    PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.)
    PowerDirector (x32 Version: 7.0.3101 - CyberLink Corp.) Hidden
    PowerRecover (x32 Version: 5.5.1923 - CyberLink Corp.) Hidden
    PS_AIO_06_C309g-m_SW_Min (x32 Version: 130.0.396.000 - Hewlett-Packard) Hidden
    QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden
    QuickTime (HKLM-x32\...\{C9E14402-3631-4182-B377-6B0DFB1C0339}) (Version: 7.70.80.34 - Apple Inc.)
    Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek)
    Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
    Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
    Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8312 - Skype Technologies S.A.)
    Skype™ 5.5 (HKLM-x32\...\{AA59DDE4-B672-4621-A016-4C248204957A}) (Version: 5.5.124 - Skype Technologies S.A.)
    SlingBoxWatchYourTVAnyWhere (HKLM-x32\...\{4313E16C-811B-469F-8815-6EB98085F8B2}) (Version: 2.1.1.58 - Sling Media)
    SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
    Speed Optimizer Guru runtime (HKLM-x32\...\{AEB719FD-EDB0-43E9-B524-90F97C1E6499}) (Version: 1.0.0 - Speed Optimizer Guru)
    Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
    SUPERAntiSpyware Free Edition (HKLM-x32\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 4.30.0.1004 - SUPERAntiSpyware.com)
    Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
    TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden
    VLC media player 2.0.0 (HKLM-x32\...\VLC media player) (Version: 2.0.0 - VideoLAN)
    WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
    Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
    Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
    Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Windows Live Mail (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Windows Live Messenger (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Windows Live MIME IFilter (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Windows Live Writer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Windows Live Writer Resources (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

    ==================== Restore Points =========================

    16-06-2014 01:02:02 Scheduled Checkpoint
    25-06-2014 21:23:31 Scheduled Checkpoint
    26-06-2014 02:53:17 Windows Live Essentials
    26-06-2014 03:15:50 Installed DirectX
    26-06-2014 03:17:15 Installed DirectX
    26-06-2014 03:19:37 Installed DirectX
    26-06-2014 03:41:05 Windows Live Essentials
    26-06-2014 03:42:04 Installed DirectX
    26-06-2014 03:43:41 Installed DirectX
    26-06-2014 03:44:41 Installed DirectX
    26-06-2014 03:47:43 WLSetup
    20-07-2014 16:34:57 avast! antivirus system restore point

    ==================== Hosts content: ==========================

    2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    Task: {10E0EC90-5ABD-40CD-B6B3-E389A44EE8DC} - System32\Tasks\CapSchedInst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapSchedInst.exe [2009-07-24] (CL)
    Task: {10E18D9B-552C-4248-837A-C038E1F006AF} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2014-07-20] (AVAST Software)
    Task: {12F0ACC3-892D-4D04-9439-C66F2A026206} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {1BE26831-5B37-4F67-87E8-7F513EF6AECC} - System32\Tasks\CapUninst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapUninst.exe [2009-07-24] (CL)
    Task: {2BA7AE6A-A087-487C-9C14-57C209A7EB09} - \MySearchDial No Task File <==== ATTENTION
    Task: {36EE5E49-3A0E-4258-A641-135781C10E7B} - \4e8a9e43-7094-4ab2-9ed5-1dba635bbf30-5 No Task File <==== ATTENTION
    Task: {39507C23-8AD3-4C01-B559-F4032E89B950} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe
    Task: {3D4CF17F-46B4-4F55-974E-60476F6FF243} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-24] (Google Inc.)
    Task: {3E73BB41-A434-4AF8-B6E4-C448149297EE} - System32\Tasks\HPCeeScheduleForEthan => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
    Task: {5D7CC408-B9DD-420B-BBDE-935D0DF457C8} - \4e8a9e43-7094-4ab2-9ed5-1dba635bbf30-7 No Task File <==== ATTENTION
    Task: {5E7431F1-7D11-4C29-97FE-31809B92CD04} - \4e8a9e43-7094-4ab2-9ed5-1dba635bbf30-4 No Task File <==== ATTENTION
    Task: {63CB6DBC-540A-48EF-9F7D-716722530157} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {71A3CAD3-28CD-4C88-93C0-2CAC6276D0DC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
    Task: {72CEDC64-1F61-4E95-9B6B-14F7E23B0E42} - \4e8a9e43-7094-4ab2-9ed5-1dba635bbf30-1 No Task File <==== ATTENTION
    Task: {75ED6049-B61C-4417-A62C-5CFA9457D3BB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-10] (Adobe Systems Incorporated)
    Task: {863245D1-9554-4D74-A1A8-E1244E016BC7} - \4e8a9e43-7094-4ab2-9ed5-1dba635bbf30-6 No Task File <==== ATTENTION
    Task: {8E6C3ECD-D833-44A2-B817-F148A04E28B8} - System32\Tasks\CapSvcInst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapSvcInst.exe [2009-07-24] (CL)
    Task: {90C64F66-6BC4-4F52-A4AA-70D4EFE78353} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {923667DD-FE8D-401A-995E-C34555C468BD} - \4e8a9e43-7094-4ab2-9ed5-1dba635bbf30-11 No Task File <==== ATTENTION
    Task: {9D34EE28-83E4-4C10-879C-C82EFA1EEF5E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-24] (Google Inc.)
    Task: {AC186BE5-D430-45C6-B53B-5135BF5FEF90} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-07-23] (CyberLink)
    Task: {B1A76458-1E23-4A2F-8C0E-A5226E77346C} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
    Task: {BC152188-7E08-4FDD-BE22-C4D5C8DCF176} - System32\Tasks\TVAgent => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe [2009-07-24] (CyberLink Corp.)
    Task: {BD82854B-3181-427B-8200-0EDFB4ABEF1B} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe
    Task: {C817B589-BA86-49C4-B509-395D18D8C49A} - \4e8a9e43-7094-4ab2-9ed5-1dba635bbf30-2 No Task File <==== ATTENTION
    Task: {D333E8E6-E139-498F-B6D4-EAFC008B3B11} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
    Task: {E3B97480-6563-4A6A-AD5F-715A604A9CA3} - \DSite No Task File <==== ATTENTION
    Task: {E7AAABEF-A0B3-4753-A537-A822B5866AD8} - \4e8a9e43-7094-4ab2-9ed5-1dba635bbf30-3 No Task File <==== ATTENTION
    Task: {E94C915F-D04D-43E9-9B23-0EF52FD228FD} - \4e8a9e43-7094-4ab2-9ed5-1dba635bbf30-5_user No Task File <==== ATTENTION
    Task: {F4A3BD12-EDA2-42FC-9A4C-369FCB399207} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
    Task: {F68B15A9-3DAE-4689-9BD0-826FD70A0C86} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [2009-07-23] (CyberLink Corp.)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\HPCeeScheduleForEthan.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

    ==================== Loaded Modules (whitelisted) =============

    2007-02-09 10:41 - 2007-02-09 10:41 - 00014848 _____ () C:\Windows\System32\KOAZXJ_L.dll
    2007-02-09 10:41 - 2007-02-09 10:41 - 00014848 _____ () C:\Windows\System32\KOAZXA_L.dll
    2013-08-22 21:47 - 2011-10-04 22:43 - 00087552 _____ () C:\Windows\System32\custmon64i.dll
    2009-08-24 14:51 - 2009-01-21 11:47 - 00247152 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    2014-07-01 13:52 - 2014-06-19 11:08 - 00018944 _____ () C:\Windows\Microsoft\sogr\WindowsUpdater.exe
    2009-07-21 10:34 - 2009-07-21 10:34 - 00610872 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    2009-07-07 11:56 - 2009-07-07 11:56 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
    2009-10-20 14:45 - 2009-10-20 14:45 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
    2009-07-01 15:44 - 2009-07-01 15:44 - 00632888 _____ () C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
    2014-07-20 09:37 - 2014-07-20 09:37 - 00301152 _____ () C:\Program Files\Alwil Software\Avast5\aswProperty.dll
    2014-07-22 19:33 - 2014-07-22 19:33 - 02794496 _____ () C:\Program Files\Alwil Software\Avast5\defs\14072201\algo.dll
    2014-05-14 09:45 - 2014-05-14 09:45 - 00090624 _____ () C:\Program Files (x86)\PasswordBox\libwebsocketswin32.dll
    2014-07-01 13:52 - 2014-06-19 11:08 - 00007168 _____ () C:\Windows\Microsoft\sogr\ConfigurationData.dll
    2014-07-01 13:52 - 2014-06-19 11:08 - 00015872 _____ () C:\Windows\Microsoft\sogr\Installer.dll
    2014-07-01 13:52 - 2014-06-19 11:08 - 00015360 _____ () C:\Windows\Microsoft\sogr\BaseLibrary.dll
    2014-07-01 13:52 - 2014-06-19 11:08 - 00055296 _____ () C:\Windows\Microsoft\sogr\InstallerLibrary.dll
    2014-07-01 13:52 - 2014-07-22 20:55 - 00086528 _____ () C:\Program Files (x86)\Speed Optimizer Guru\runtime\Privoxy\mgwz.dll
    2010-03-19 10:45 - 2010-03-19 10:45 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
    2010-03-19 10:45 - 2010-03-19 10:45 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
    2010-03-19 10:45 - 2010-03-19 10:45 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
    2009-12-28 20:15 - 2010-01-08 22:27 - 00052224 _____ () C:\Users\Ethan\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
    2011-05-26 13:42 - 2011-05-26 13:42 - 00067872 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2011-01-17 16:19 - 2011-06-16 13:48 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
    2009-07-23 11:37 - 2009-07-23 11:37 - 00931112 ____N () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
    2014-07-20 09:37 - 2014-07-20 09:37 - 19329904 _____ () C:\Program Files\Alwil Software\Avast5\libcef.dll

    ==================== Alternate Data Streams (whitelisted) =========

    AlternateDataStreams: C:\ProgramData\Temp:373E1720

    ==================== Safe Mode (whitelisted) ===================

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

    ==================== EXE Association (whitelisted) =============


    ==================== MSCONFIG/TASK MANAGER disabled items =========


    ==================== Faulty Device Manager Devices =============

    Name: Photosmart Premium C309g-m
    Description: Photosmart Premium C309g-m
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: Photosmart Premium C309g-m
    Description: Photosmart Premium C309g-m
    Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
    Manufacturer: HP
    Service:
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: Photosmart Premium C309g-m
    Description: Photosmart Premium C309g-m
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: Photosmart Premium C309g-m
    Description: Photosmart Premium C309g-m
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: Photosmart Premium C309g-m
    Description: Photosmart Premium C309g-m
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: Photosmart Premium C309g-m
    Description: Photosmart Premium C309g-m
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: Photosmart Premium C309g-m
    Description: Photosmart Premium C309g-m
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: Photosmart Premium C309g-m
    Description: Photosmart Premium C309g-m
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: Photosmart Premium C309g-m
    Description: Photosmart Premium C309g-m
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: Photosmart Premium C309g-m
    Description: Photosmart Premium C309g-m
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: Photosmart Premium C309g-m
    Description: Photosmart Premium C309g-m
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: Photosmart Premium C309g-m
    Description: Photosmart Premium C309g-m
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: Photosmart Premium C309g-m
    Description: Photosmart Premium C309g-m
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: Photosmart Premium C309g-m
    Description: Photosmart Premium C309g-m
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: Photosmart Premium C309g-m
    Description: Photosmart Premium C309g-m
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: Photosmart Premium C309g-m
    Description: Photosmart Premium C309g-m
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: Photosmart Premium C309g-m
    Description: Photosmart Premium C309g-m
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: Photosmart Premium C309g-m
    Description: Photosmart Premium C309g-m
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: Photosmart Premium C309g-m
    Description: Photosmart Premium C309g-m
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: Photosmart Premium C309g-m
    Description: Photosmart Premium C309g-m
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: Photosmart Premium C309g-m
    Description: Photosmart Premium C309g-m
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (07/22/2014 07:35:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

    Error: (07/22/2014 07:35:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

    Error: (07/21/2014 07:29:16 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Au_.exe, version: 0.0.0.449, time stamp: 0x51a7092b
    Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp: 0x51fb1116
    Exception code: 0xe06d7363
    Fault offset: 0x0000c41f
    Faulting process id: 0xe14
    Faulting application start time: 0xAu_.exe0
    Faulting application path: Au_.exe1
    Faulting module path: Au_.exe2
    Report Id: Au_.exe3

    Error: (07/20/2014 08:43:49 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: setup.exe_unknown, version: 0.0.0.0, time stamp: 0x4bc06cda
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc000041d
    Fault offset: 0x773f11f1
    Faulting process id: 0x107c
    Faulting application start time: 0xsetup.exe_unknown0
    Faulting application path: setup.exe_unknown1
    Faulting module path: setup.exe_unknown2
    Report Id: setup.exe_unknown3

    Error: (07/17/2014 08:19:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program MovieMaker.exe version 16.4.3528.331 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 2a44

    Start Time: 01cfa2108a5fab87

    Termination Time: 23

    Application Path: C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe

    Report Id: 5aee9791-0e2a-11e4-a7cc-002622a660ba

    Error: (07/17/2014 08:19:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program MovieMaker.exe version 16.4.3528.331 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 28ac

    Start Time: 01cfa2108a3650fc

    Termination Time: 157

    Application Path: C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe

    Report Id: 51ffa064-0e2a-11e4-a7cc-002622a660ba

    Error: (07/17/2014 07:27:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program MovieMaker.exe version 16.4.3528.331 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 2a14

    Start Time: 01cfa2108a12e9f7

    Termination Time: 41

    Application Path: C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe

    Report Id: 0be55ef7-0e23-11e4-a7cc-002622a660ba

    Error: (07/17/2014 04:27:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program MovieMaker.exe version 16.4.3528.331 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 23bc

    Start Time: 01cfa2108a0c5a34

    Termination Time: 57

    Application Path: C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe

    Report Id: dbe0a79b-0e09-11e4-a7cc-002622a660ba

    Error: (07/17/2014 04:24:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program MovieMaker.exe version 16.4.3528.331 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 2880

    Start Time: 01cfa2108a249d7a

    Termination Time: 243

    Application Path: C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe

    Report Id: 7ff7b8ce-0e09-11e4-a7cc-002622a660ba

    Error: (07/17/2014 04:24:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program MovieMaker.exe version 16.4.3528.331 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 24f8

    Start Time: 01cfa2108a102acd

    Termination Time: 213

    Application Path: C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe

    Report Id: 7b9e40d4-0e09-11e4-a7cc-002622a660ba


    System errors:
    =============
    Error: (07/22/2014 08:56:12 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

    Error: (07/22/2014 08:56:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The SASENUM service failed to start due to the following error:
    %%1275

    Error: (07/22/2014 08:56:02 PM) (Source: Application Popup) (EventID: 1060) (User: )
    Description: \??\C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

    Error: (07/22/2014 08:55:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The SASDIFSV service failed to start due to the following error:
    %%1275

    Error: (07/22/2014 08:55:57 PM) (Source: Application Popup) (EventID: 1060) (User: )
    Description: \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

    Error: (07/22/2014 08:55:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The SASKUTIL service failed to start due to the following error:
    %%1275

    Error: (07/22/2014 08:55:57 PM) (Source: Application Popup) (EventID: 1060) (User: )
    Description: \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

    Error: (07/22/2014 08:55:13 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    SASDIFSV
    SASKUTIL

    Error: (07/22/2014 08:54:43 PM) (Source: Application Popup) (EventID: 1060) (User: )
    Description: \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

    Error: (07/22/2014 08:54:42 PM) (Source: Application Popup) (EventID: 1060) (User: )
    Description: \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.


    Microsoft Office Sessions:
    =========================
    Error: (07/22/2014 07:35:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

    Error: (07/22/2014 07:35:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

    Error: (07/21/2014 07:29:16 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Au_.exe0.0.0.44951a7092bKERNELBASE.dll6.1.7601.1822951fb1116e06d73630000c41fe1401cfa554b2d602eeC:\Users\Ethan\AppData\Local\Temp\~nsu.tmp\Au_.exeC:\Windows\syswow64\KERNELBASE.dllf94309e5-1147-11e4-9afa-002622a660ba

    Error: (07/20/2014 08:43:49 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: setup.exe_unknown0.0.0.04bc06cdaunknown0.0.0.000000000c000041d773f11f1107c01cfa431660db6a1C:\Users\Ethan\AppData\Local\Temp\7zSA498.tmp\setup.exeunknowna3eafed1-1024-11e4-9707-002622a660ba

    Error: (07/17/2014 08:19:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: MovieMaker.exe16.4.3528.3312a4401cfa2108a5fab8723C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe5aee9791-0e2a-11e4-a7cc-002622a660ba

    Error: (07/17/2014 08:19:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: MovieMaker.exe16.4.3528.33128ac01cfa2108a3650fc157C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe51ffa064-0e2a-11e4-a7cc-002622a660ba

    Error: (07/17/2014 07:27:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: MovieMaker.exe16.4.3528.3312a1401cfa2108a12e9f741C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe0be55ef7-0e23-11e4-a7cc-002622a660ba

    Error: (07/17/2014 04:27:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: MovieMaker.exe16.4.3528.33123bc01cfa2108a0c5a3457C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exedbe0a79b-0e09-11e4-a7cc-002622a660ba

    Error: (07/17/2014 04:24:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: MovieMaker.exe16.4.3528.331288001cfa2108a249d7a243C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe7ff7b8ce-0e09-11e4-a7cc-002622a660ba

    Error: (07/17/2014 04:24:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: MovieMaker.exe16.4.3528.33124f801cfa2108a102acd213C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe7b9e40d4-0e09-11e4-a7cc-002622a660ba


    CodeIntegrity Errors:
    ===================================
    Date: 2014-07-22 20:56:02.332
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-07-22 20:56:02.067
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-07-22 20:55:57.639
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-07-22 20:55:57.421
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-07-22 20:55:57.187
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-07-22 20:55:56.953
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-07-22 20:54:43.238
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-07-22 20:54:42.989
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-07-22 20:54:42.755
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-07-22 20:54:42.521
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Percentage of memory in use: 36%
    Total physical RAM: 3836.2 MB
    Available physical RAM: 2439.9 MB
    Total Pagefile: 7670.57 MB
    Available Pagefile: 5939.64 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.85 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:284.61 GB) (Free:190.43 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive d: (RECOVERY) (Fixed) (Total:13.18 GB) (Free:2.18 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive e: (Jul 22 2014) (CDROM) (Total:4.38 GB) (Free:4.2 GB) UDF

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 298 GB) (Disk ID: 5179B786)
    Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=285 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=13 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

    ==================== End Of Log ============================

  4. #4
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Download attached fixlist.txt file and save it to the Desktop.

    NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST/FRST64 and press the Fix button just once and wait.
    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

    How is the machine running now?
    Attached Files
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  5. #5
    Member
    Join Date
    Jan 2008
    Location
    Oregon
    Posts
    18
    Points
    0

    Default

    The HP is running a lot better now, I used it to make this post. So far there have not been no pop-ups and it actually goes to the website that I am trying to get to. the Log is below. Thank-you. I will wait for the all clear before using the HP as you instructed.

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-07-2014
    Ran by Ethan at 2014-07-24 22:07:40 Run:1
    Running from C:\Users\Ethan\Desktop
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    (ContentExplorer) C:\Users\Ethan\AppData\Roaming\ContentExplorer\ContentExplorer.exe
    HKU\S-1-5-21-3619020360-3904815862-2617846312-1000\...\Run: [ContentExplorer] => C:\Users\Ethan\AppData\Roaming\ContentExplorer\ContentExplorer.exe [2429680 2014-07-01] (ContentExplorer)
    ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
    ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
    ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
    ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers-x32: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
    ShellIconOverlayIdentifiers-x32: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
    ShellIconOverlayIdentifiers-x32: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
    ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers-x32: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
    ProxyEnable: Internet Explorer proxy is enabled.
    ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118
    Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
    Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
    Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
    CHR Extension: (No Name) - C:\Users\Ethan\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde [2013-09-07]
    CHR Extension: (No Name) - C:\Users\Ethan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdloijijlkoblmigdofommgnheckmaki [2012-07-02]
    CHR Extension: (No Name) - C:\Users\Ethan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2013-08-22]
    R2 sogr; C:\Windows\Microsoft\sogr\WindowsUpdater.exe [18944 2014-06-19] () [File not signed]
    2014-07-02 16:37 - 2014-07-02 16:37 - 00003460 _____ () C:\Windows\System32\Tasks\ProPCCleaner_Popup
    2014-07-02 16:37 - 2014-07-02 16:37 - 00003196 _____ () C:\Windows\System32\Tasks\ProPCCleaner_Start
    2014-07-02 16:36 - 2014-07-02 16:37 - 00000000 ____D () C:\Users\Ethan\Documents\ProPCCleaner
    2014-07-02 16:36 - 2014-07-02 16:36 - 00000000 ____D () C:\Users\Ethan\AppData\Local\Pro_PC_Cleaner
    2014-07-01 13:52 - 2014-07-01 14:02 - 00000000 ____D () C:\Program Files (x86)\Speed Optimizer Guru
    2014-07-01 14:01 - 2014-07-17 11:45 - 00000000 ____D () C:\Users\Ethan\AppData\Roaming\ContentExplorer
    2014-07-22 19:34 - 2014-07-01 13:20 - 00000000 ____D () C:\Windows\SysWOW64\mjcm
    2014-07-22 19:34 - 2014-07-01 13:20 - 00000000 ____D () C:\Windows\system32\tprb
    2014-07-17 19:32 - 2014-07-17 19:32 - 00000000 ____D () C:\Users\Ethan\AppData\Roaming\aipai
    C:\Users\Ethan\AppData\Local\Temp\aswV5Hlp.dll
    C:\Users\Ethan\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpg1l4v7.dll
    C:\Users\Ethan\AppData\Local\Temp\Extract.exe
    C:\Users\Ethan\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe
    C:\Users\Ethan\AppData\Local\Temp\HPHelpUpdater.exe
    C:\Users\Ethan\AppData\Local\Temp\HPQSi.exe
    C:\Users\Ethan\AppData\Local\Temp\ICReinstall_winzip175-mediafire.exe
    C:\Users\Ethan\AppData\Local\Temp\IMsetup.exe
    C:\Users\Ethan\AppData\Local\Temp\jre-6u17-windows-i586-iftw-rv.exe
    C:\Users\Ethan\AppData\Local\Temp\jre-6u20-windows-i586-iftw-rv.exe
    C:\Users\Ethan\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe
    C:\Users\Ethan\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe
    C:\Users\Ethan\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
    C:\Users\Ethan\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
    C:\Users\Ethan\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
    C:\Users\Ethan\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe
    C:\Users\Ethan\AppData\Local\Temp\jre-6u34-windows-i586-iftw.exe
    C:\Users\Ethan\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
    C:\Users\Ethan\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
    C:\Users\Ethan\AppData\Local\Temp\jre-6u38-windows-i586-iftw.exe
    C:\Users\Ethan\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe
    C:\Users\Ethan\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
    C:\Users\Ethan\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
    C:\Users\Ethan\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
    C:\Users\Ethan\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe
    C:\Users\Ethan\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
    C:\Users\Ethan\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
    C:\Users\Ethan\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
    C:\Users\Ethan\AppData\Local\Temp\mgsqlite3.dll
    C:\Users\Ethan\AppData\Local\Temp\MsiToExe.SpeedOptimizerGuruSetup.exe
    C:\Users\Ethan\AppData\Local\Temp\nseE358.exe
    C:\Users\Ethan\AppData\Local\Temp\nsj80A9.exe
    C:\Users\Ethan\AppData\Local\Temp\nsj858A.exe
    C:\Users\Ethan\AppData\Local\Temp\nsj8AB9.exe
    C:\Users\Ethan\AppData\Local\Temp\nsoE819.exe
    C:\Users\Ethan\AppData\Local\Temp\nszEDD5.exe
    C:\Users\Ethan\AppData\Local\Temp\oi_{C6A90F0B-EA0B-4D39-987D-4C586D19233D}.exe
    C:\Users\Ethan\AppData\Local\Temp\optprosetup.exe
    C:\Users\Ethan\AppData\Local\Temp\Quarantine.exe
    C:\Users\Ethan\AppData\Local\Temp\Resource.exe
    C:\Users\Ethan\AppData\Local\Temp\Shortcut_IMsetup.exe
    C:\Users\Ethan\AppData\Local\Temp\SkypeSetup.exe
    C:\Users\Ethan\AppData\Local\Temp\SP45229.exe
    C:\Users\Ethan\AppData\Local\Temp\sp46005.exe
    C:\Users\Ethan\AppData\Local\Temp\SP47025.exe
    C:\Users\Ethan\AppData\Local\Temp\sp47326.exe
    C:\Users\Ethan\AppData\Local\Temp\SP47997.exe
    C:\Users\Ethan\AppData\Local\Temp\sp48071.exe
    C:\Users\Ethan\AppData\Local\Temp\SP48094.exe
    C:\Users\Ethan\AppData\Local\Temp\SP48296.exe
    C:\Users\Ethan\AppData\Local\Temp\SP48392.exe
    C:\Users\Ethan\AppData\Local\Temp\SP48488.exe
    C:\Users\Ethan\AppData\Local\Temp\SP48792.exe
    C:\Users\Ethan\AppData\Local\Temp\SP49018.exe
    C:\Users\Ethan\AppData\Local\Temp\sp49174.exe
    C:\Users\Ethan\AppData\Local\Temp\sp50843.exe.exe
    C:\Users\Ethan\AppData\Local\Temp\sp52110.exe.exe
    C:\Users\Ethan\AppData\Local\Temp\SP52131.exe
    C:\Users\Ethan\AppData\Local\Temp\sp54373.exe
    C:\Users\Ethan\AppData\Local\Temp\sp54620.exe
    C:\Users\Ethan\AppData\Local\Temp\sp58915.exe
    C:\Users\Ethan\AppData\Local\Temp\sp64126.exe
    C:\Users\Ethan\AppData\Local\Temp\SPSetup.exe
    C:\Users\Ethan\AppData\Local\Temp\SSUPDATE.EXE
    C:\Users\Ethan\AppData\Local\Temp\SweetIESetup.exe
    C:\Users\Ethan\AppData\Local\Temp\SweetIMInstallValidator.exe
    C:\Users\Ethan\AppData\Local\Temp\SweetIMSetup.exe
    C:\Users\Ethan\AppData\Local\Temp\SymCCIS.dll
    C:\Users\Ethan\AppData\Local\Temp\UninstallHPSA.exe
    C:\Users\Ethan\AppData\Local\Temp\UninstallHPTCA.exe
    C:\Users\Ethan\AppData\Local\Temp\WSSetup.exe
    C:\Users\Savannah\AppData\Local\Temp\BundleSweetIMSetup.exe
    C:\Users\Savannah\AppData\Local\Temp\ICReinstall_ZipOpenerSetup.exe
    C:\Users\Savannah\AppData\Local\Temp\MybabylonTB.exe
    C:\Users\Savannah\AppData\Local\Temp\propsys.dll
    C:\Users\Savannah\AppData\Local\Temp\SkypeSetup.exe
    C:\Users\Savannah\AppData\Local\Temp\SPSetup.exe
    Task: {2BA7AE6A-A087-487C-9C14-57C209A7EB09} - \MySearchDial No Task File <==== ATTENTION
    Task: {36EE5E49-3A0E-4258-A641-135781C10E7B} - \4e8a9e43-7094-4ab2-9ed5-1dba635bbf30-5 No Task File <==== ATTENTION
    Task: {39507C23-8AD3-4C01-B559-F4032E89B950} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe
    Task: {5D7CC408-B9DD-420B-BBDE-935D0DF457C8} - \4e8a9e43-7094-4ab2-9ed5-1dba635bbf30-7 No Task File <==== ATTENTION
    Task: {5E7431F1-7D11-4C29-97FE-31809B92CD04} - \4e8a9e43-7094-4ab2-9ed5-1dba635bbf30-4 No Task File <==== ATTENTION
    Task: {72CEDC64-1F61-4E95-9B6B-14F7E23B0E42} - \4e8a9e43-7094-4ab2-9ed5-1dba635bbf30-1 No Task File <==== ATTENTION
    Task: {863245D1-9554-4D74-A1A8-E1244E016BC7} - \4e8a9e43-7094-4ab2-9ed5-1dba635bbf30-6 No Task File <==== ATTENTION
    Task: {923667DD-FE8D-401A-995E-C34555C468BD} - \4e8a9e43-7094-4ab2-9ed5-1dba635bbf30-11 No Task File <==== ATTENTION
    Task: {B1A76458-1E23-4A2F-8C0E-A5226E77346C} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
    Task: {BD82854B-3181-427B-8200-0EDFB4ABEF1B} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe
    Task: {C817B589-BA86-49C4-B509-395D18D8C49A} - \4e8a9e43-7094-4ab2-9ed5-1dba635bbf30-2 No Task File <==== ATTENTION
    Task: {E3B97480-6563-4A6A-AD5F-715A604A9CA3} - \DSite No Task File <==== ATTENTION
    Task: {E7AAABEF-A0B3-4753-A537-A822B5866AD8} - \4e8a9e43-7094-4ab2-9ed5-1dba635bbf30-3 No Task File <==== ATTENTION
    Task: {E94C915F-D04D-43E9-9B23-0EF52FD228FD} - \4e8a9e43-7094-4ab2-9ed5-1dba635bbf30-5_user No Task File <==== ATTENTION
    Task: {F4A3BD12-EDA2-42FC-9A4C-369FCB399207} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
    2014-07-01 13:52 - 2014-06-19 11:08 - 00018944 _____ () C:\Windows\Microsoft\sogr\WindowsUpdater.exe
    AlternateDataStreams: C:\ProgramData\Temp:373E1720
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"



    *****************

    [4056] C:\Users\Ethan\AppData\Roaming\ContentExplorer\ContentExplorer.exe => Process closed successfully.
    HKU\S-1-5-21-3619020360-3904815862-2617846312-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ContentExplorer => value deleted successfully.
    'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SkyDrive1'=> Key not found.
    'HKLM\Software\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}'=> Key not found.
    'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SkyDrive2'=> Key not found.
    'HKLM\Software\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}'=> Key not found.
    'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SkyDrive3'=> Key not found.
    'HKLM\Software\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}'=> Key not found.
    'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1' => Key deleted successfully.
    'HKLM\Software\Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
    'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2' => Key deleted successfully.
    'HKLM\Software\Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
    'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3' => Key deleted successfully.
    'HKLM\Software\Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
    'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4' => Key deleted successfully.
    'HKLM\Software\Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
    'HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SkyDrive1'=> Key not found.
    'HKLM\Software\Wow6432Node\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}'=> Key not found.
    'HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SkyDrive2'=> Key not found.
    'HKLM\Software\Wow6432Node\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}'=> Key not found.
    'HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SkyDrive3'=> Key not found.
    'HKLM\Software\Wow6432Node\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}'=> Key not found.
    'HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1' => Key deleted successfully.
    'HKLM\Software\Wow6432Node\Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
    'HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2' => Key deleted successfully.
    'HKLM\Software\Wow6432Node\Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
    'HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3' => Key deleted successfully.
    'HKLM\Software\Wow6432Node\Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
    'HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4' => Key deleted successfully.
    'HKLM\Software\Wow6432Node\Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
    'HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}' => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully.
    'HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}'=> Key not found.
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => value deleted successfully.
    'HKCR\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}'=> Key not found.
    'HKCR\PROTOCOLS\Handler\skype-ie-addon-data' => Key deleted successfully.
    'HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}'=> Key not found.
    Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION => Error: No automatic fix found for this entry.
    C:\Users\Ethan\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde directory not found.
    C:\Users\Ethan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdloijijlkoblmigdofommgnheckmaki directory not found.
    C:\Users\Ethan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof directory not found.
    sogr => Service stopped successfully.
    sogr => Service deleted successfully.
    C:\Windows\System32\Tasks\ProPCCleaner_Popup => Moved successfully.
    C:\Windows\System32\Tasks\ProPCCleaner_Start => Moved successfully.
    C:\Users\Ethan\Documents\ProPCCleaner => Moved successfully.
    C:\Users\Ethan\AppData\Local\Pro_PC_Cleaner => Moved successfully.

    "C:\Program Files (x86)\Speed Optimizer Guru" directory move:

    C:\Program Files (x86)\Speed Optimizer Guru\runtime\Speed Optimizer Guru runtime\BaseLibrary.dll => Moved successfully.
    C:\Program Files (x86)\Speed Optimizer Guru\runtime\Speed Optimizer Guru runtime\ConfigurationData.dll => Moved successfully.
    C:\Program Files (x86)\Speed Optimizer Guru\runtime\Speed Optimizer Guru runtime\Installer.dll => Moved successfully.
    C:\Program Files (x86)\Speed Optimizer Guru\runtime\Speed Optimizer Guru runtime\InstallerLibrary.dll => Moved successfully.
    C:\Program Files (x86)\Speed Optimizer Guru\runtime\Speed Optimizer Guru runtime\InstallFirefoxExtension.dll => Moved successfully.
    C:\Program Files (x86)\Speed Optimizer Guru\runtime\Speed Optimizer Guru runtime\InstallFirefoxExtension.InstallState => Moved successfully.
    C:\Program Files (x86)\Speed Optimizer Guru\runtime\Speed Optimizer Guru runtime\Interop.SHDocVw.dll => Moved successfully.
    C:\Program Files (x86)\Speed Optimizer Guru\runtime\Speed Optimizer Guru runtime\NDde.dll => Moved successfully.
    C:\Program Files (x86)\Speed Optimizer Guru\runtime\Speed Optimizer Guru runtime\Newtonsoft.Json.dll => Moved successfully.
    C:\Program Files (x86)\Speed Optimizer Guru\runtime\Speed Optimizer Guru runtime\NewVersionDownloader.exe => Moved successfully.
    C:\Program Files (x86)\Speed Optimizer Guru\runtime\Speed Optimizer Guru runtime\NewVersionDownloader.exe.config => Moved successfully.
    C:\Program Files (x86)\Speed Optimizer Guru\runtime\Speed Optimizer Guru runtime\PPC Logo.ico => Moved successfully.
    C:\Program Files (x86)\Speed Optimizer Guru\runtime\Speed Optimizer Guru runtime\PPC Logo.png => Moved successfully.
    C:\Program Files (x86)\Speed Optimizer Guru\runtime\Speed Optimizer Guru runtime\SQLite.Interop.dll => Moved successfully.
    C:\Program Files (x86)\Speed Optimizer Guru\runtime\Speed Optimizer Guru runtime\System.Data.SQLite.dll => Moved successfully.
    C:\Program Files (x86)\Speed Optimizer Guru\runtime\Speed Optimizer Guru runtime\win32.reg => Moved successfully.
    C:\Program Files (x86)\Speed Optimizer Guru\runtime\Speed Optimizer Guru runtime\WindowsUpdater.exe => Moved successfully.
    C:\Program Files (x86)\Speed Optimizer Guru\runtime\Speed Optimizer Guru runtime\WindowsUpdater.exe.config => Moved successfully.
    C:\Program Files (x86)\Speed Optimizer Guru\runtime\Speed Optimizer Guru runtime\wsystem.exe => Moved successfully.
    C:\Program Files (x86)\Speed Optimizer Guru\runtime\Speed Optimizer Guru runtime\backup\BaseLibrary.dll => Moved successfully.
    C:\Program Files (x86)\Speed Optimizer Guru\runtime\Speed Optimizer Guru runtime\backup\ConfigurationData.dll => Moved successfully.
    C:\Program Files (x86)\Speed Optimizer Guru\runtime\Speed Optimizer Guru runtime\backup\InstallerLibrary.dll => Moved successfully.
    C:\Program Files (x86)\Speed Optimizer Guru\runtime\Speed Optimizer Guru runtime\backup\uninstall.exe => Moved successfully.
    C:\Program Files (x86)\Speed Optimizer Guru\runtime\Privoxy\AUTHORS.txt => Moved successfully.
    C:\Program Files (x86)\Speed Optimizer Guru\runtime\Privoxy\config.txt => Moved successfully.
    C:\Program Files (x86)\Speed Optimizer Guru\runtime\Privoxy\default.action => Moved successfully.
    C:\Program Files (x86)\Speed Optimizer Guru\runtime\Privoxy\default.filter => Moved successfully.
    C:\Program Files (x86)\Speed Optimizer Guru\runtime\Privoxy\LICENSE.txt => Moved successfully.
    C:\Program Files (x86)\Speed Optimizer Guru\runtime\Privoxy\match-all.action => Moved successfully.
    C:\Program Files (x86)\Speed Optimizer Guru\runtime\Privoxy\mgwz.dll => Moved successfully.
    C:\Program Files (x86)\Speed Optimizer Guru\runtime\Privoxy\privoxy.exe => Moved successfully.
    Could not move "C:\Program Files (x86)\Speed Optimizer Guru\runtime\Privoxy\privoxy.log" => Scheduled to move on reboot.
    C:\Program Files (x86)\Speed Optimizer Guru\runtime\Privoxy\privoxy_uninstall.exe => Moved successfully.
    C:\Program Files (x86)\Speed Optimizer Guru\runtime\Privoxy\README.txt => Moved successfully.
    C:\Program Files (x86)\Speed Optimizer Guru\runtime\Privoxy\trust.txt => Moved successfully.
    C:\Program Files (x86)\Speed Optimizer Guru\runtime\Privoxy\user.action => Moved successfully.
    C:\Program Files (x86)\Speed Optimizer Guru\runtime\Privoxy\user.action_empty => Moved successfully.
    C:\Program Files (x86)\Speed Optimizer Guru\runtime\Privoxy\user.filter => Moved successfully.
    C:\Program Files (x86)\Speed Optimizer Guru\runtime\Privoxy\user.filter_old => Moved successfully.
    C:\Program Files (x86)\Speed Optimizer Guru\runtime\Privoxy\templates\cgi-style.css => Moved successfully.
    C:\Program Files (x86)\Speed Optimizer Guru\runtime\Privoxy\templates\connect-failed => Moved successfully.
    C:\Program Files (x86)\Speed Optimizer Guru\runtime\Privoxy\templates\mod-local-help => Moved successfully.
    C:\Program Files (x86)\Speed Optimizer Guru\runtime\Privoxy\templates\mod-support-and-service => Moved successfully.
    C:\Program Files (x86)\Speed Optimizer Guru\runtime\Privoxy\templates\mod-title => Moved successfully.
    C:\Program Files (x86)\Speed Optimizer Guru\runtime\Privoxy\templates\mod-unstable-warning => Moved successfully.
    C:\Program Files (x86)\Speed Optimizer Guru\runtime\Privoxy\templates\no-such-domain => Moved successfully.
    C:\Program Files (x86)\Speed Optimizer Guru\runtime\Privoxy\templates\url-info-osd.xml => Moved successfully.
    C:\Program Files (x86)\Speed Optimizer Guru\runtime\Privoxy\doc\p_doc.css => Moved successfully.
    C:\Program Files (x86)\Speed Optimizer Guru\runtime\Privoxy\doc\user-manual\actions-file.html => Moved successfully.
    C:\Program Files (x86)\Speed Optimizer Guru\runtime\Privoxy\doc\user-manual\appendix.html => Moved successfully.
    C:\Program Files (x86)\Speed Optimizer Guru\runtime\Privoxy\doc\user-manual\config.html => Moved successfully.
    C:\Program Files (x86)\Speed Optimizer Guru\runtime\Privoxy\doc\user-manual\configuration.html => Moved successfully.
    C:\Program Files (x86)\Speed Optimizer Guru\runtime\Privoxy\doc\user-manual\contact.html => Moved successfully.
    C:\Program Files (x86)\Speed Optimizer Guru\runtime\Privoxy\doc\user-manual\copyright.html => Moved successfully.
    C:\Program Files (x86)\Speed Optimizer Guru\runtime\Privoxy\doc\user-manual\files-in-use.jpg => Moved successfully.
    C:\Program Files (x86)\Speed Optimizer Guru\runtime\Privoxy\doc\user-manual\filter-file.html => Moved successfully.
    C:\Program Files (x86)\Speed Optimizer Guru\runtime\Privoxy\doc\user-manual\index.html => Moved successfully.
    C:\Program Files (x86)\Speed Optimizer Guru\runtime\Privoxy\doc\user-manual\installation.html => Moved successfully.
    C:\Program Files (x86)\Speed Optimizer Guru\runtime\Privoxy\doc\user-manual\introduction.html => Moved successfully.
    C:\Program Files (x86)\Speed Optimizer Guru\runtime\Privoxy\doc\user-manual\proxy2.jpg => Moved successfully.
    C:\Program Files (x86)\Speed Optimizer Guru\runtime\Privoxy\doc\user-manual\proxy_setup.jpg => Moved successfully.
    C:\Program Files (x86)\Speed Optimizer Guru\runtime\Privoxy\doc\user-manual\p_doc.css => Moved successfully.
    C:\Program Files (x86)\Speed Optimizer Guru\runtime\Privoxy\doc\user-manual\quickstart.html => Moved successfully.
    C:\Program Files (x86)\Speed Optimizer Guru\runtime\Privoxy\doc\user-manual\seealso.html => Moved successfully.
    C:\Program Files (x86)\Speed Optimizer Guru\runtime\Privoxy\doc\user-manual\startup.html => Moved successfully.
    C:\Program Files (x86)\Speed Optimizer Guru\runtime\Privoxy\doc\user-manual\templates.html => Moved successfully.
    C:\Program Files (x86)\Speed Optimizer Guru\runtime\Privoxy\doc\user-manual\whatsnew.html => Moved successfully.
    C:\Program Files (x86)\Speed Optimizer Guru\runtime\Privoxy\doc\images\files-in-use.jpg => Moved successfully.
    C:\Program Files (x86)\Speed Optimizer Guru\runtime\Privoxy\doc\images\proxy_setup.jpg => Moved successfully.
    C:\Program Files (x86)\Speed Optimizer Guru\runtime\Privoxy\doc\faq\configuration.html => Moved successfully.
    C:\Program Files (x86)\Speed Optimizer Guru\runtime\Privoxy\doc\faq\contact.html => Moved successfully.
    C:\Program Files (x86)\Speed Optimizer Guru\runtime\Privoxy\doc\faq\copyright.html => Moved successfully.
    C:\Program Files (x86)\Speed Optimizer Guru\runtime\Privoxy\doc\faq\general.html => Moved successfully.
    C:\Program Files (x86)\Speed Optimizer Guru\runtime\Privoxy\doc\faq\index.html => Moved successfully.
    C:\Program Files (x86)\Speed Optimizer Guru\runtime\Privoxy\doc\faq\installation.html => Moved successfully.
    C:\Program Files (x86)\Speed Optimizer Guru\runtime\Privoxy\doc\faq\misc.html => Moved successfully.
    C:\Program Files (x86)\Speed Optimizer Guru\runtime\Privoxy\doc\faq\trouble.html => Moved successfully.
    C:\Program Files (x86)\Speed Optimizer Guru\runtime\Privoxy\doc\developer-manual\coding.html => Moved successfully.
    C:\Program Files (x86)\Speed Optimizer Guru\runtime\Privoxy\doc\developer-manual\cvs.html => Moved successfully.
    C:\Program Files (x86)\Speed Optimizer Guru\runtime\Privoxy\doc\developer-manual\documentation.html => Moved successfully.
    C:\Program Files (x86)\Speed Optimizer Guru\runtime\Privoxy\doc\developer-manual\index.html => Moved successfully.
    C:\Program Files (x86)\Speed Optimizer Guru\runtime\Privoxy\doc\developer-manual\introduction.html => Moved successfully.
    C:\Program Files (x86)\Speed Optimizer Guru\runtime\Privoxy\doc\developer-manual\newrelease.html => Moved successfully.
    C:\Program Files (x86)\Speed Optimizer Guru\runtime\Privoxy\doc\developer-manual\testing.html => Moved successfully.
    C:\Program Files (x86)\Speed Optimizer Guru\runtime\Privoxy\doc\developer-manual\webserver-update.html => Moved successfully.
    Could not move "C:\Program Files (x86)\Speed Optimizer Guru" directory. => Scheduled to move on reboot.

    C:\Users\Ethan\AppData\Roaming\ContentExplorer => Moved successfully.
    C:\Windows\SysWOW64\mjcm => Moved successfully.
    C:\Windows\system32\tprb => Moved successfully.
    C:\Users\Ethan\AppData\Roaming\aipai => Moved successfully.
    C:\Users\Ethan\AppData\Local\Temp\aswV5Hlp.dll => Moved successfully.
    C:\Users\Ethan\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpg1l4v7.dll => Moved successfully.
    C:\Users\Ethan\AppData\Local\Temp\Extract.exe => Moved successfully.
    C:\Users\Ethan\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe => Moved successfully.
    C:\Users\Ethan\AppData\Local\Temp\HPHelpUpdater.exe => Moved successfully.
    C:\Users\Ethan\AppData\Local\Temp\HPQSi.exe => Moved successfully.
    C:\Users\Ethan\AppData\Local\Temp\ICReinstall_winzip175-mediafire.exe => Moved successfully.
    C:\Users\Ethan\AppData\Local\Temp\IMsetup.exe => Moved successfully.
    C:\Users\Ethan\AppData\Local\Temp\jre-6u17-windows-i586-iftw-rv.exe => Moved successfully.
    C:\Users\Ethan\AppData\Local\Temp\jre-6u20-windows-i586-iftw-rv.exe => Moved successfully.
    C:\Users\Ethan\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe => Moved successfully.
    C:\Users\Ethan\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe => Moved successfully.
    C:\Users\Ethan\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe => Moved successfully.
    C:\Users\Ethan\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe => Moved successfully.
    C:\Users\Ethan\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe => Moved successfully.
    C:\Users\Ethan\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe => Moved successfully.
    C:\Users\Ethan\AppData\Local\Temp\jre-6u34-windows-i586-iftw.exe => Moved successfully.
    C:\Users\Ethan\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe => Moved successfully.
    C:\Users\Ethan\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe => Moved successfully.
    C:\Users\Ethan\AppData\Local\Temp\jre-6u38-windows-i586-iftw.exe => Moved successfully.
    C:\Users\Ethan\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe => Moved successfully.
    C:\Users\Ethan\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe => Moved successfully.
    C:\Users\Ethan\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe => Moved successfully.
    C:\Users\Ethan\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe => Moved successfully.
    C:\Users\Ethan\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe => Moved successfully.
    C:\Users\Ethan\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe => Moved successfully.
    C:\Users\Ethan\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe => Moved successfully.
    C:\Users\Ethan\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe => Moved successfully.
    C:\Users\Ethan\AppData\Local\Temp\mgsqlite3.dll => Moved successfully.
    C:\Users\Ethan\AppData\Local\Temp\MsiToExe.SpeedOptimizerGuruSetup.exe => Moved successfully.
    C:\Users\Ethan\AppData\Local\Temp\nseE358.exe => Moved successfully.
    C:\Users\Ethan\AppData\Local\Temp\nsj80A9.exe => Moved successfully.
    C:\Users\Ethan\AppData\Local\Temp\nsj858A.exe => Moved successfully.
    C:\Users\Ethan\AppData\Local\Temp\nsj8AB9.exe => Moved successfully.
    C:\Users\Ethan\AppData\Local\Temp\nsoE819.exe => Moved successfully.
    C:\Users\Ethan\AppData\Local\Temp\nszEDD5.exe => Moved successfully.
    C:\Users\Ethan\AppData\Local\Temp\oi_{C6A90F0B-EA0B-4D39-987D-4C586D19233D}.exe => Moved successfully.
    C:\Users\Ethan\AppData\Local\Temp\optprosetup.exe => Moved successfully.
    C:\Users\Ethan\AppData\Local\Temp\Quarantine.exe => Moved successfully.
    C:\Users\Ethan\AppData\Local\Temp\Resource.exe => Moved successfully.
    C:\Users\Ethan\AppData\Local\Temp\Shortcut_IMsetup.exe => Moved successfully.
    C:\Users\Ethan\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
    C:\Users\Ethan\AppData\Local\Temp\SP45229.exe => Moved successfully.
    C:\Users\Ethan\AppData\Local\Temp\sp46005.exe => Moved successfully.
    C:\Users\Ethan\AppData\Local\Temp\SP47025.exe => Moved successfully.
    C:\Users\Ethan\AppData\Local\Temp\sp47326.exe => Moved successfully.
    C:\Users\Ethan\AppData\Local\Temp\SP47997.exe => Moved successfully.
    C:\Users\Ethan\AppData\Local\Temp\sp48071.exe => Moved successfully.
    C:\Users\Ethan\AppData\Local\Temp\SP48094.exe => Moved successfully.
    C:\Users\Ethan\AppData\Local\Temp\SP48296.exe => Moved successfully.
    C:\Users\Ethan\AppData\Local\Temp\SP48392.exe => Moved successfully.
    C:\Users\Ethan\AppData\Local\Temp\SP48488.exe => Moved successfully.
    C:\Users\Ethan\AppData\Local\Temp\SP48792.exe => Moved successfully.
    C:\Users\Ethan\AppData\Local\Temp\SP49018.exe => Moved successfully.
    C:\Users\Ethan\AppData\Local\Temp\sp49174.exe => Moved successfully.
    C:\Users\Ethan\AppData\Local\Temp\sp50843.exe.exe => Moved successfully.
    C:\Users\Ethan\AppData\Local\Temp\sp52110.exe.exe => Moved successfully.
    C:\Users\Ethan\AppData\Local\Temp\SP52131.exe => Moved successfully.
    C:\Users\Ethan\AppData\Local\Temp\sp54373.exe => Moved successfully.
    C:\Users\Ethan\AppData\Local\Temp\sp54620.exe => Moved successfully.
    C:\Users\Ethan\AppData\Local\Temp\sp58915.exe => Moved successfully.
    C:\Users\Ethan\AppData\Local\Temp\sp64126.exe => Moved successfully.
    C:\Users\Ethan\AppData\Local\Temp\SPSetup.exe => Moved successfully.
    C:\Users\Ethan\AppData\Local\Temp\SSUPDATE.EXE => Moved successfully.
    C:\Users\Ethan\AppData\Local\Temp\SweetIESetup.exe => Moved successfully.
    C:\Users\Ethan\AppData\Local\Temp\SweetIMInstallValidator.exe => Moved successfully.
    C:\Users\Ethan\AppData\Local\Temp\SweetIMSetup.exe => Moved successfully.
    C:\Users\Ethan\AppData\Local\Temp\SymCCIS.dll => Moved successfully.
    C:\Users\Ethan\AppData\Local\Temp\UninstallHPSA.exe => Moved successfully.
    C:\Users\Ethan\AppData\Local\Temp\UninstallHPTCA.exe => Moved successfully.
    C:\Users\Ethan\AppData\Local\Temp\WSSetup.exe => Moved successfully.
    C:\Users\Savannah\AppData\Local\Temp\BundleSweetIMSetup.exe => Moved successfully.
    C:\Users\Savannah\AppData\Local\Temp\ICReinstall_ZipOpenerSetup.exe => Moved successfully.
    C:\Users\Savannah\AppData\Local\Temp\MybabylonTB.exe => Moved successfully.
    C:\Users\Savannah\AppData\Local\Temp\propsys.dll => Moved successfully.
    C:\Users\Savannah\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
    C:\Users\Savannah\AppData\Local\Temp\SPSetup.exe => Moved successfully.
    'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2BA7AE6A-A087-487C-9C14-57C209A7EB09}' => Key deleted successfully.
    'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2BA7AE6A-A087-487C-9C14-57C209A7EB09}' => Key deleted successfully.
    'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MySearchDial' => Key deleted successfully.
    'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{36EE5E49-3A0E-4258-A641-135781C10E7B}' => Key deleted successfully.
    'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{36EE5E49-3A0E-4258-A641-135781C10E7B}' => Key deleted successfully.
    'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4e8a9e43-7094-4ab2-9ed5-1dba635bbf30-5' => Key deleted successfully.
    'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{39507C23-8AD3-4C01-B559-F4032E89B950}' => Key deleted successfully.
    'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{39507C23-8AD3-4C01-B559-F4032E89B950}' => Key deleted successfully.
    C:\Windows\System32\Tasks\ProPCCleaner_Popup not found.
    'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Popup' => Key deleted successfully.
    'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5D7CC408-B9DD-420B-BBDE-935D0DF457C8}' => Key deleted successfully.
    'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D7CC408-B9DD-420B-BBDE-935D0DF457C8}' => Key deleted successfully.
    'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4e8a9e43-7094-4ab2-9ed5-1dba635bbf30-7' => Key deleted successfully.
    'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5E7431F1-7D11-4C29-97FE-31809B92CD04}' => Key deleted successfully.
    'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5E7431F1-7D11-4C29-97FE-31809B92CD04}' => Key deleted successfully.
    'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4e8a9e43-7094-4ab2-9ed5-1dba635bbf30-4' => Key deleted successfully.
    'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{72CEDC64-1F61-4E95-9B6B-14F7E23B0E42}' => Key deleted successfully.
    'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{72CEDC64-1F61-4E95-9B6B-14F7E23B0E42}' => Key deleted successfully.
    'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4e8a9e43-7094-4ab2-9ed5-1dba635bbf30-1' => Key deleted successfully.
    'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{863245D1-9554-4D74-A1A8-E1244E016BC7}' => Key deleted successfully.
    'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{863245D1-9554-4D74-A1A8-E1244E016BC7}' => Key deleted successfully.
    'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4e8a9e43-7094-4ab2-9ed5-1dba635bbf30-6' => Key deleted successfully.
    'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{923667DD-FE8D-401A-995E-C34555C468BD}' => Key deleted successfully.
    'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{923667DD-FE8D-401A-995E-C34555C468BD}' => Key deleted successfully.
    'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4e8a9e43-7094-4ab2-9ed5-1dba635bbf30-11' => Key deleted successfully.
    'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B1A76458-1E23-4A2F-8C0E-A5226E77346C}' => Key deleted successfully.
    'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B1A76458-1E23-4A2F-8C0E-A5226E77346C}' => Key deleted successfully.
    'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore' => Key deleted successfully.
    'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BD82854B-3181-427B-8200-0EDFB4ABEF1B}' => Key deleted successfully.
    'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BD82854B-3181-427B-8200-0EDFB4ABEF1B}' => Key deleted successfully.
    C:\Windows\System32\Tasks\ProPCCleaner_Start not found.
    'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Start' => Key deleted successfully.
    'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C817B589-BA86-49C4-B509-395D18D8C49A}' => Key deleted successfully.
    'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C817B589-BA86-49C4-B509-395D18D8C49A}' => Key deleted successfully.
    'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4e8a9e43-7094-4ab2-9ed5-1dba635bbf30-2' => Key deleted successfully.
    'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E3B97480-6563-4A6A-AD5F-715A604A9CA3}' => Key deleted successfully.
    'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E3B97480-6563-4A6A-AD5F-715A604A9CA3}' => Key deleted successfully.
    'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DSite' => Key deleted successfully.
    'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E7AAABEF-A0B3-4753-A537-A822B5866AD8}' => Key deleted successfully.
    'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E7AAABEF-A0B3-4753-A537-A822B5866AD8}' => Key deleted successfully.
    'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4e8a9e43-7094-4ab2-9ed5-1dba635bbf30-3' => Key deleted successfully.
    'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E94C915F-D04D-43E9-9B23-0EF52FD228FD}' => Key deleted successfully.
    'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E94C915F-D04D-43E9-9B23-0EF52FD228FD}' => Key deleted successfully.
    'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4e8a9e43-7094-4ab2-9ed5-1dba635bbf30-5_user' => Key deleted successfully.
    'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F4A3BD12-EDA2-42FC-9A4C-369FCB399207}' => Key deleted successfully.
    'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F4A3BD12-EDA2-42FC-9A4C-369FCB399207}' => Key deleted successfully.
    'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineUA' => Key deleted successfully.
    C:\Windows\Microsoft\sogr\WindowsUpdater.exe => Moved successfully.
    C:\ProgramData\Temp => ":373E1720" ADS removed successfully.
    'HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys' => Key deleted successfully.
    'HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys' => Key deleted successfully.

    => Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-07-24 22:36:37)<=

    C:\Program Files (x86)\Speed Optimizer Guru\runtime\Privoxy\privoxy.log => Is moved successfully.
    C:\Program Files (x86)\Speed Optimizer Guru => Is moved successfully.

    ==== End of Fixlog ====

  6. #6
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Let's check for any leftovers.

    1.
    Download 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit to your desktop.
    • Extract the ZIP archive and double-click "mbar.exe" to start the tool.[/*]
    • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.[/*]
    • Click in the introduction screen "next" to continue.[/*]
    • Click in the following screen "Update" to obtain the latest malware definitions.[/*]
    • Once the update is complete select "Next" and click "Scan".[/*]
    • When the scan is finished and no malware has been found select "Exit".[/*]
    • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.[/*]
    • Open the MBAR folder and paste the content of the following files in your next reply:
      • "mbar-log-{date} (xx-xx-xx).txt"[/*]
      • "system-log.txt"[/*]


    2.
    ESET Online Scanner:

    Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

    Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

    • Please go here then click on:
      Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
      All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
    • Select the option YES, I accept the Terms of Use then click on:
    • When prompted allow the Add-On/Active X to install.
    • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
    • Now click on Advanced Settings and select the following:

      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
    • Now click on:
    • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
    • When completed the Online Scan will begin automatically.
    • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
    • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
    • Now click on:
    • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    • Copy and paste that log as a reply to this topic.

    Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  7. #7
    Member
    Join Date
    Jan 2008
    Location
    Oregon
    Posts
    18
    Points
    0

    Default

    Here are the results from the scans: Seem like the HP was a mess, what kind of virus and/or spyware are we dealing with?


    C:\$Recycle.Bin\S-1-5-21-3619020360-3904815862-2617846312-1000\$R08QJBZ.exe a variant of Win32/iLivid.A potentially unwanted application
    C:\$Recycle.Bin\S-1-5-21-3619020360-3904815862-2617846312-1000\$R4CD6GZ.exe a variant of Win32/InstallIQ.A potentially unwanted application
    C:\$Recycle.Bin\S-1-5-21-3619020360-3904815862-2617846312-1000\$RBD1IWR.exe a variant of Win32/FirseriaInstaller.M potentially unwanted application
    C:\$Recycle.Bin\S-1-5-21-3619020360-3904815862-2617846312-1000\$RFQY0B7.exe a variant of Win32/FirseriaInstaller.M potentially unwanted application
    C:\$Recycle.Bin\S-1-5-21-3619020360-3904815862-2617846312-1000\$RJZAQ22.exe a variant of Win32/FirseriaInstaller.M potentially unwanted application
    C:\$Recycle.Bin\S-1-5-21-3619020360-3904815862-2617846312-1000\$RM8BK9B.exe a variant of Win32/iLivid.A potentially unwanted application
    C:\$Recycle.Bin\S-1-5-21-3619020360-3904815862-2617846312-1000\$RPGTFPO.exe Win32/OutBrowse.AA potentially unwanted application
    C:\$Recycle.Bin\S-1-5-21-3619020360-3904815862-2617846312-1000\$RPK8ASL.exe a variant of Win32/FirseriaInstaller.M potentially unwanted application
    C:\$Recycle.Bin\S-1-5-21-3619020360-3904815862-2617846312-1003\$RASNLO7.exe a variant of Win32/iLivid.A potentially unwanted application
    C:\$Recycle.Bin\S-1-5-21-3619020360-3904815862-2617846312-1003\$RDR73NZ.exe a variant of Win32/iLivid.A potentially unwanted application
    C:\$Recycle.Bin\S-1-5-21-3619020360-3904815862-2617846312-1003\$RDXFPS8.exe a variant of Win32/FirseriaInstaller.M potentially unwanted application
    C:\$Recycle.Bin\S-1-5-21-3619020360-3904815862-2617846312-1003\$RPEAMNY.exe a variant of Win32/iLivid.A potentially unwanted application
    C:\$Recycle.Bin\S-1-5-21-3619020360-3904815862-2617846312-1003\$RUWKWDH.exe a variant of Win32/iLivid.A potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaHDplus-V1.8\4e8a9e43-7094-4ab2-9ed5-1dba635bbf30-11.exe.vir a variant of Win32/Toolbar.CrossRider.AK potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaHDplus-V1.8\4e8a9e43-7094-4ab2-9ed5-1dba635bbf30-2.exe.vir a variant of Win32/Toolbar.CrossRider.AJ potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaHDplus-V1.8\4e8a9e43-7094-4ab2-9ed5-1dba635bbf30-3.exe.vir a variant of Win32/Toolbar.CrossRider.AK potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaHDplus-V1.8\4e8a9e43-7094-4ab2-9ed5-1dba635bbf30-4.exe.vir a variant of Win32/Toolbar.CrossRider.AK potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaHDplus-V1.8\4e8a9e43-7094-4ab2-9ed5-1dba635bbf30-5.exe.vir a variant of Win32/Toolbar.CrossRider.AH potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaHDplus-V1.8\CinemaHDplus-V1.8-bg.exe.vir a variant of Win32/Toolbar.CrossRider.AL potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaHDplus-V1.8\CinemaHDplus-V1.8-bho.dll.vir a variant of Win32/Toolbar.CrossRider.AF potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaHDplus-V1.8\CinemaHDplus-V1.8-bho64.dll.vir a variant of Win64/Toolbar.Crossrider.F potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaHDplus-V1.8\CinemaHDplus-V1.8-codedownloader.exe.vir a variant of Win32/Toolbar.CrossRider.AJ potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaHDplus-V1.8\CinemaHDplus-V1.8-nova.dll.vir a variant of Win32/Toolbar.CrossRider.AI potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaHDplus-V1.8\CinemaHDplus-V1.8-nova.exe.vir a variant of Win32/Toolbar.CrossRider.AE potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaHDplus-V1.8\CinemaHDplus-V1.8-novainstaller.exe.vir a variant of Win32/Toolbar.CrossRider.AJ potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.24.6\deltaApp.dll.vir a variant of Win32/Toolbar.Montiera.A potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.24.6\deltaEng.dll.vir probably a variant of Win32/Toolbar.Montiera.A potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.24.6\deltasrv.exe.vir a variant of Win32/Toolbar.Montiera.A potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.24.6\deltaTlbr.dll.vir a variant of Win32/Toolbar.Montiera.F potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.24.6\uninstall.exe.vir Win32/Toolbar.Montiera.B potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.24.6\bh\delta.dll.vir a variant of Win32/Toolbar.Escort.A potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Funmoods\1.5.23.22\escortApp.dll.vir Win32/Toolbar.Funmoods potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Funmoods\1.5.23.22\escortEng.dll.vir Win32/Toolbar.Funmoods potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Funmoods\1.5.23.22\escorTlbr.dll.vir Win32/Toolbar.Funmoods potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Funmoods\1.5.23.22\escortShld.dll.vir Win32/Toolbar.Funmoods potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Funmoods\1.5.23.22\funmoodssrv.exe.vir Win32/Toolbar.Funmoods potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll.vir Win32/Toolbar.Funmoods potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Linkey\Helper.dll.vir a variant of Win32/Toolbar.SearchSuite.P potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe.vir a variant of Win32/Conduit.SearchProtect.H potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll.vir probably a variant of Win32/Conduit.SearchProtect.H potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe.vir a variant of Win32/ClientConnect.A potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe.vir a variant of Win32/Conduit.SearchProtect.I potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe.vir a variant of Win32/ClientConnect.A potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll.vir a variant of Win32/Conduit.SearchProtect.H potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll.vir a variant of Win32/ClientConnect.A potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll.vir a variant of Win32/ClientConnect.A potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll.vir a variant of Win32/ClientConnect.A potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe.vir a variant of Win32/ClientConnect.A potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll.vir a variant of Win64/Toolbar.SearchSuite.A potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Ethan\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\PDF Writer Packages\uninstaller.exe.vir Win32/InstallCore.AZ potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Ethan\AppData\Roaming\BabSolution\Shared\BabMaint.exe.vir Win32/Toolbar.Babylon.I potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Ethan\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe.vir a variant of Win32/DealPly.H potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Ethan\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF10.dll.vir probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Ethan\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF11.dll.vir probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Ethan\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF12.dll.vir probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Ethan\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF13.dll.vir probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Ethan\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF14.dll.vir probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Ethan\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF15.dll.vir probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Ethan\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF16.dll.vir probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Ethan\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF17.dll.vir probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Ethan\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF18.dll.vir probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Ethan\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF19.dll.vir probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Ethan\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF2.dll.vir probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Ethan\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF20.dll.vir probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Ethan\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF21.dll.vir probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Ethan\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF22.dll.vir probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Ethan\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF23.dll.vir probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Ethan\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF24.dll.vir probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Ethan\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF25.dll.vir probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Ethan\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF26.dll.vir probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Ethan\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF27.dll.vir probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Ethan\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF28.dll.vir probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Ethan\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF29.dll.vir probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Ethan\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF4.dll.vir probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Ethan\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF5.dll.vir probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Ethan\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF6.dll.vir probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Ethan\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF7.dll.vir probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Ethan\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF8.dll.vir probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Ethan\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF9.dll.vir probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Savannah\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdihkdldaicijakhchgojcokhpamkibi\1.26.35_0\extensionData\plugins\91.js.vir JS/Toolbar.Crossrider.B potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Savannah\AppData\Local\iLivid\Helper.dll.vir a variant of Win32/Toolbar.SearchSuite.P potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Savannah\AppData\Local\iLivid\Uninstall.exe.vir a variant of Win32/Toolbar.SearchSuite.G potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Savannah\AppData\Local\torch\Helper.dll.vir a variant of Win32/Toolbar.SearchSuite.P potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Savannah\AppData\Local\torch\User Data\Default\Extensions\cdihkdldaicijakhchgojcokhpamkibi\1.26.35_0\extensionData\plugins\91.js.vir JS/Toolbar.Crossrider.B potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Savannah\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe.vir a variant of Win32/DealPly.H potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Savannah\AppData\Roaming\Mysearchdial\UpdateProc\UpdateTask.exe.vir a variant of Win32/DealPly.S potentially unwanted application
    C:\FRST\Quarantine\C\Program Files (x86)\Speed Optimizer Guru\runtime\Speed Optimizer Guru runtime\Installer.dll.xBAD a variant of MSIL/Adware.Proxomoto.A application
    C:\FRST\Quarantine\C\Program Files (x86)\Speed Optimizer Guru\runtime\Speed Optimizer Guru runtime\InstallerLibrary.dll.xBAD a variant of MSIL/Adware.Proxomoto.A application
    C:\FRST\Quarantine\C\Program Files (x86)\Speed Optimizer Guru\runtime\Speed Optimizer Guru runtime\NewVersionDownloader.exe.xBAD a variant of MSIL/Adware.Proxomoto.A application
    C:\FRST\Quarantine\C\Program Files (x86)\Speed Optimizer Guru\runtime\Speed Optimizer Guru runtime\WindowsUpdater.exe.xBAD a variant of MSIL/Adware.Proxomoto.G application
    C:\FRST\Quarantine\C\Program Files (x86)\Speed Optimizer Guru\runtime\Speed Optimizer Guru runtime\backup\InstallerLibrary.dll.xBAD a variant of MSIL/Adware.Proxomoto.A application
    C:\FRST\Quarantine\C\Users\Ethan\AppData\Local\Temp\ICReinstall_winzip175-mediafire.exe.xBAD a variant of Win32/InstallCore.NP potentially unwanted application
    C:\FRST\Quarantine\C\Users\Ethan\AppData\Local\Temp\IMsetup.exe.xBAD probably a variant of Win32/SweetIM.C potentially unwanted application
    C:\FRST\Quarantine\C\Users\Ethan\AppData\Local\Temp\mgsqlite3.dll.xBAD Win32/SweetIM.K potentially unwanted application
    C:\FRST\Quarantine\C\Users\Ethan\AppData\Local\Temp\optprosetup.exe.xBAD multiple threats
    C:\FRST\Quarantine\C\Users\Ethan\AppData\Local\Temp\Shortcut_IMsetup.exe.xBAD probably a variant of Win32/SweetIM.C potentially unwanted application
    C:\FRST\Quarantine\C\Users\Ethan\AppData\Local\Temp\SPSetup.exe.xBAD a variant of Win32/ClientConnect.A potentially unwanted application
    C:\FRST\Quarantine\C\Users\Ethan\AppData\Local\Temp\SweetIMInstallValidator.exe.xBAD Win32/Toolbar.Conduit.S potentially unwanted application
    C:\FRST\Quarantine\C\Users\Ethan\AppData\Local\Temp\SweetIMSetup.exe.xBAD Win32/Toolbar.Conduit.S potentially unwanted application
    C:\FRST\Quarantine\C\Users\Ethan\AppData\Local\Temp\WSSetup.exe.xBAD a variant of Win32/Toolbar.Perion.G potentially unwanted application
    C:\FRST\Quarantine\C\Users\Savannah\AppData\Local\Temp\ICReinstall_ZipOpenerSetup.exe.xBAD a variant of Win32/InstallCore.D potentially unwanted application
    C:\FRST\Quarantine\C\Users\Savannah\AppData\Local\Temp\SPSetup.exe.xBAD a variant of Win32/ClientConnect.A potentially unwanted application
    C:\FRST\Quarantine\C\Windows\Microsoft\sogr\WindowsUpdater.exe.xBAD a variant of MSIL/Adware.Proxomoto.G application
    C:\Program Files (x86)\OpenDownloaderManager\spd.exe Win32/Toolbar.Conduit.R potentially unwanted application
    C:\Users\Ethan\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\00\00000000 a variant of Win32/SoftPulse.H potentially unwanted application
    C:\Users\Ethan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1L8D0L3B\91[1].js JS/Toolbar.Crossrider.B potentially unwanted application
    C:\Users\Ethan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1L8D0L3B\91[2].js JS/Toolbar.Crossrider.B potentially unwanted application
    C:\Users\Ethan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P20CYFBO\bundlesweetimsetup[1].exe probably a variant of Win32/SweetIM.C potentially unwanted application
    C:\Users\Ethan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P20CYFBO\checktbexist[1].exe Win32/Toolbar.Conduit.AF potentially unwanted application
    C:\Users\Ethan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UZSC3XYQ\conduitinstaller[1].exe Win32/Toolbar.Conduit.S potentially unwanted application
    C:\Users\Ethan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UZSC3XYQ\optin[1].php a variant of Win32/Toolbar.Babylon.F potentially unwanted application
    C:\Users\Ethan\AppData\Local\Temp\9BC6.tmp a variant of Win32/Toolbar.Babylon.M potentially unwanted application
    C:\Users\Ethan\AppData\Local\Temp\ASK5956.tmp a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
    C:\Users\Ethan\AppData\Local\Temp\ASKEA20.tmp a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
    C:\Users\Ethan\AppData\Local\Temp\CSMF0C5.tmp Win32/Adware.Mongoose application
    C:\Users\Ethan\AppData\Local\Temp\C8909151-BAB0-7891-8213-5A589A16AC68\Latest\BabMaint.exe Win32/Toolbar.Babylon.I potentially unwanted application
    C:\Users\Ethan\AppData\Local\Temp\C8909151-BAB0-7891-8213-5A589A16AC68\Latest\BExternal.dll a variant of Win32/Toolbar.Babylon.F potentially unwanted application
    C:\Users\Ethan\AppData\Local\Temp\C8909151-BAB0-7891-8213-5A589A16AC68\Latest\CrxInstaller.dll Win32/Toolbar.Babylon.U potentially unwanted application
    C:\Users\Ethan\AppData\Local\Temp\C8909151-BAB0-7891-8213-5A589A16AC68\Latest\IEHelper.dll Win32/Toolbar.Babylon.E potentially unwanted application
    C:\Users\Ethan\AppData\Local\Temp\C8909151-BAB0-7891-8213-5A589A16AC68\Latest\MntrDLLInstall.dll Win32/Toolbar.Babylon.V potentially unwanted application
    C:\Users\Ethan\AppData\Local\Temp\C8909151-BAB0-7891-8213-5A589A16AC68\Latest\Setup.exe a variant of Win32/Toolbar.Babylon.H potentially unwanted application
    C:\Users\Ethan\AppData\Local\Temp\ct3310511\ctbe.exe Win32/Toolbar.Conduit.AF potentially unwanted application
    C:\Users\Ethan\AppData\Local\Temp\ct3310511\ffLogic.exe a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
    C:\Users\Ethan\AppData\Local\Temp\ct3310511\stub.exe Win32/Toolbar.Conduit.S potentially unwanted application
    C:\Users\Ethan\AppData\Local\Temp\is357113909\message.exe a variant of Win32/InstallCore.A potentially unwanted application
    C:\Users\Ethan\AppData\Local\Temp\is357113909\uninstaller.exe Win32/InstallCore.AZ potentially unwanted application
    C:\Users\Ethan\AppData\Local\Temp\nse5851\SpSetup.exe Win32/Conduit.SearchProtect.Q potentially unwanted application
    C:\Users\Ethan\AppData\Local\Temp\nst6D75.tmp\WMDetect.dll a variant of Win32/Packed.VMDetector.G potentially unwanted application
    C:\Users\Ethan\AppData\Local\Temp\nsz6420.tmp\Helper.dll a variant of Win32/Toolbar.SearchSuite.P potentially unwanted application
    C:\Users\Ethan\Downloads\Excel Calendar Template.exe a variant of Win32/FirseriaInstaller.C potentially unwanted application
    C:\Users\Ethan\Downloads\InstallFreeRARExtractFrog.exe Win32/OpenCandy potentially unsafe application
    C:\Users\Ethan\Downloads\PDFWriterSetup.exe a variant of Win32/InstallCore.D potentially unwanted application
    C:\Users\Ethan\Downloads\Player.exe a variant of Win32/SoftPulse.H potentially unwanted application
    C:\Users\Ethan\Downloads\vlcmediaplayer-setup.exe Win32/DownloadAdmin.G potentially unwanted application
    C:\Users\Savannah\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EGU1KWHE\Setup_20130917[1].exe a variant of Win32/AdWare.Toolbar.AmyBar.A application
    C:\Users\Savannah\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EGU1KWHE\setup__155[1].exe a variant of Win32/Amonetize.J potentially unwanted application
    C:\Users\Savannah\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KE91JM21\wajam_download[1] Win32/Wajam.B potentially unwanted application
    C:\Users\Savannah\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OKJS7K30\installer[1].exe a variant of MSIL/Adware.iBryte.D application
    C:\Users\Savannah\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYVRVWAH\OptimizerPro[1].exe a variant of Win32/SpeedingUpMyPC.B application
    C:\Users\Savannah\AppData\Local\Temp\is357113909\uninstaller.exe Win32/InstallCore.AZ potentially unwanted application
    C:\Users\Savannah\AppData\Local\Temp\is357113909\wajam_validate.exe Win32/Wajam.F potentially unwanted application
    C:\Users\Savannah\AppData\Local\Temp\n375\HQVideo-USInstaller.exe Win32/Packed.ScrambleWrapper.M potentially unwanted application
    C:\Users\Savannah\AppData\Local\Temp\n375\Iminent_1712-b2fcad5e.exe Win32/Toolbar.Iminent.C potentially unwanted application
    C:\Users\Savannah\AppData\Local\Temp\n375\OptimizerPro.exe a variant of Win32/AdWare.SpeedingUpMyPC.N application
    C:\Users\Savannah\AppData\Local\Temp\nsaD403.tmp\Helper.dll a variant of Win32/Toolbar.SearchSuite.P potentially unwanted application
    C:\Users\Savannah\AppData\Local\Temp\nsb1355.tmp\Helper.dll a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application
    C:\Users\Savannah\AppData\Local\Temp\nsc5FEB.tmp\Helper.dll a variant of Win32/Toolbar.SearchSuite.P potentially unwanted application
    C:\Users\Savannah\AppData\Local\Temp\nsgDCE9.tmp\Helper.dll a variant of Win32/Toolbar.SearchSuite.P potentially unwanted application
    C:\Users\Savannah\AppData\Local\Temp\nstE9D2.tmp\Helper.dll a variant of Win32/Toolbar.SearchSuite.P potentially unwanted application
    C:\Users\Savannah\AppData\Local\Temp\nstF9C.tmp\Helper.dll a variant of Win32/Toolbar.SearchSuite.P potentially unwanted application
    C:\Users\Savannah\AppData\Local\Temp\nsv258D.tmp\Helper.dll a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application
    C:\Users\Savannah\AppData\Local\WordOv\temp.dat a variant of Win32/AdWare.Toolbar.AmyBar.A application
    C:\Users\Savannah\Downloads\Bibliocraft1.6.4.exe a variant of Win32/FirseriaInstaller.M potentially unwanted application
    C:\Users\Savannah\Downloads\Express_Installer.exe a variant of Win32/AdWare.iBryte.K.gen application
    C:\Users\Savannah\Downloads\iLividSetup-r390-n-bc.exe a variant of Win32/iLivid.A potentially unwanted application
    C:\Users\Savannah\Downloads\iLividSetup-r394-n-bc.exe a variant of Win32/iLivid.A potentially unwanted application
    C:\Users\Savannah\Downloads\MineCraft (1).exe a variant of Win32/AdWare.iBryte.K.gen application
    C:\Users\Savannah\Downloads\MineCraft.exe a variant of Win32/AdWare.iBryte.K.gen application
    C:\Users\Savannah\Downloads\mocreatures1.6.4 (1).exe a variant of Win32/FirseriaInstaller.K potentially unwanted application
    C:\Users\Savannah\Downloads\mocreatures1.6.4.exe a variant of Win32/FirseriaInstaller.K potentially unwanted application
    C:\Users\Savannah\Downloads\setup.exe a variant of Win32/Bundlore.H potentially unwanted application
    C:\Users\Savannah\Downloads\Setup_ODM.exe a variant of Win32/Packed.VMDetector.G potentially unwanted application
    C:\Users\Savannah\Downloads\trzED2E.tmp a variant of Win32/AdWare.iBryte.AA application
    C:\Users\Savannah\Downloads\winzip175-mediafire.exe a variant of Win32/InstallCore.NP potentially unwanted application
    C:\Users\Savannah\Downloads\ZipOpenerSetup.exe a variant of Win32/InstallCore.D potentially unwanted application
    C:\Windows\Microsoft\sogr\Installer.dll a variant of MSIL/Adware.Proxomoto.A application
    C:\Windows\Microsoft\sogr\InstallerLibrary.dll a variant of MSIL/Adware.Proxomoto.A application
    C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdihkdldaicijakhchgojcokhpamkibi\1.26.35_0\extensionData\plugins\91.js JS/Toolbar.Crossrider.B potentially unwanted application
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdihkdldaicijakhchgojcokhpamkibi\1.26.35_0\extensionData\plugins\91.js JS/Toolbar.Crossrider.B potentially unwanted application
    C:\Windows\Temp\nsd75CF.exe Win32/Conduit.SearchProtect.R potentially unwanted application
    C:\Windows\Temp\nsd9FDB.exe Win32/Conduit.SearchProtect.R potentially unwanted application
    C:\Windows\Temp\nse29C9.exe Win32/Conduit.SearchProtect.R potentially unwanted application
    C:\Windows\Temp\nsn2A7E.exe Win32/Conduit.SearchProtect.R potentially unwanted application
    C:\Windows\Temp\nso2F9C.exe Win32/Conduit.SearchProtect.R potentially unwanted application
    C:\Windows\Temp\nssF367.exe Win32/Conduit.SearchProtect.R potentially unwanted application
    C:\Windows\Temp\nst6868.exe Win32/Conduit.SearchProtect.R potentially unwanted application
    C:\Windows\Temp\nsuDB8A.exe Win32/Conduit.SearchProtect.R potentially unwanted application
    C:\Windows\Temp\nsx9DE8.exe Win32/Conduit.SearchProtect.R potentially unwanted application
    C:\Windows\Temp\nsxEB3.exe Win32/Conduit.SearchProtect.R potentially unwanted application


    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1012

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 10.0.9200.16798

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
    CPU speed: 2.194000 GHz
    Memory total: 4022542336, free: 2288746496

    =======================================
    Initializing...
    ------------ Kernel report ------------
    07/27/2014 02:24:13
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_AuthenticAMD.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\system32\drivers\isapnp.sys
    \SystemRoot\system32\drivers\mpio.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\DRIVERS\compbatt.sys
    \SystemRoot\system32\DRIVERS\BATTC.SYS
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\system32\drivers\intelide.sys
    \SystemRoot\system32\drivers\PCIIDEX.SYS
    \SystemRoot\system32\drivers\aliide.sys
    \SystemRoot\system32\drivers\amdide.sys
    \SystemRoot\system32\drivers\cmdide.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\drivers\msdsm.sys
    \SystemRoot\system32\drivers\nvraid.sys
    \SystemRoot\system32\drivers\CLASSPNP.SYS
    \SystemRoot\system32\drivers\pciide.sys
    \SystemRoot\system32\drivers\viaide.sys
    \SystemRoot\system32\drivers\iaStorV.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\DRIVERS\lsi_sas.sys
    \SystemRoot\system32\DRIVERS\storport.sys
    \SystemRoot\system32\drivers\msahci.sys
    \SystemRoot\system32\drivers\HpSAMD.sys
    \SystemRoot\system32\DRIVERS\adp94xx.sys
    \SystemRoot\system32\DRIVERS\adpahci.sys
    \SystemRoot\system32\DRIVERS\adpu320.sys
    \SystemRoot\system32\drivers\amdsata.sys
    \SystemRoot\system32\DRIVERS\amdsbs.sys
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\DRIVERS\arc.sys
    \SystemRoot\system32\DRIVERS\arcsas.sys
    \SystemRoot\system32\DRIVERS\elxstor.sys
    \SystemRoot\system32\DRIVERS\iirsp.sys
    \SystemRoot\system32\DRIVERS\lsi_fc.sys
    \SystemRoot\system32\DRIVERS\lsi_sas2.sys
    \SystemRoot\system32\DRIVERS\lsi_scsi.sys
    \SystemRoot\system32\DRIVERS\megasas.sys
    \SystemRoot\system32\DRIVERS\MegaSR.sys
    \SystemRoot\system32\DRIVERS\nfrd960.sys
    \SystemRoot\system32\drivers\nvstor.sys
    \SystemRoot\system32\DRIVERS\ql2300.sys
    \SystemRoot\system32\DRIVERS\ql40xx.sys
    \SystemRoot\system32\DRIVERS\SiSRaid2.sys
    \SystemRoot\system32\DRIVERS\sisraid4.sys
    \SystemRoot\system32\DRIVERS\stexstor.sys
    \SystemRoot\system32\DRIVERS\vsmraid.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\DRIVERS\wd.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\system32\drivers\sbp2port.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\system32\DRIVERS\hpdskflt.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\DRIVERS\disk.sys
    \SystemRoot\system32\DRIVERS\AtiPcie.sys
    \SystemRoot\System32\Drivers\aswVmm.sys
    \SystemRoot\System32\Drivers\aswRvrt.sys
    \SystemRoot\system32\drivers\cdrom.sys
    \SystemRoot\system32\drivers\aswSnx.sys
    \SystemRoot\system32\drivers\aswSP.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \??\C:\Windows\system32\drivers\avgtpx64.sys
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\System32\Drivers\aswTdi.SYS
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\system32\drivers\aswRdr2.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\drivers\termdd.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\drivers\mssmbios.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\amdppm.sys
    \SystemRoot\system32\DRIVERS\atikmdag.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\drivers\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\athrx.sys
    \SystemRoot\system32\DRIVERS\vwifibus.sys
    \SystemRoot\system32\DRIVERS\Rt64win7.sys
    \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    \SystemRoot\system32\DRIVERS\usbohci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbfilter.sys
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\drivers\i8042prt.sys
    \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
    \SystemRoot\system32\drivers\kbdclass.sys
    \SystemRoot\system32\DRIVERS\Apfiltr.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\CmBatt.sys
    \SystemRoot\system32\DRIVERS\enecir.sys
    \SystemRoot\system32\DRIVERS\Accelerometer.sys
    \SystemRoot\system32\drivers\wmiacpi.sys
    \SystemRoot\system32\drivers\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\drivers\swenum.sys
    \SystemRoot\system32\drivers\ks.sys
    \SystemRoot\system32\DRIVERS\circlass.sys
    \SystemRoot\system32\drivers\umbus.sys
    \SystemRoot\System32\Drivers\fastfat.SYS
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\AtiHdmi.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\system32\DRIVERS\stwrt64.sys
    \SystemRoot\system32\DRIVERS\agrsm64.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\drivers\modem.sys
    \SystemRoot\system32\DRIVERS\hidir.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\drivers\kbdhid.sys
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\drivers\hidusb.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\Drivers\usbvideo.sys
    \SystemRoot\System32\cdd.dll
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\system32\DRIVERS\udfs.sys
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\system32\drivers\aswMonFlt.sys
    \SystemRoot\system32\drivers\WudfPf.sys
    \SystemRoot\system32\drivers\aswStm.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\DRIVERS\vwifimp.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\system32\drivers\aswHwid.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_dumpata.sys
    \SystemRoot\System32\Drivers\dump_msahci.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\system32\DRIVERS\WSDPrint.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    \Windows\System32\autochk.exe
    \Windows\System32\msvcrt.dll
    \Windows\System32\nsi.dll
    \Windows\System32\clbcatq.dll
    \Windows\System32\kernel32.dll
    \Windows\System32\sechost.dll
    \Windows\System32\usp10.dll
    \Windows\System32\shlwapi.dll
    \Windows\System32\setupapi.dll
    \Windows\System32\imm32.dll
    \Windows\System32\lpk.dll
    \Windows\System32\oleaut32.dll
    \Windows\System32\msctf.dll
    \Windows\System32\imagehlp.dll
    \Windows\System32\advapi32.dll
    \Windows\System32\urlmon.dll
    \Windows\System32\user32.dll
    \Windows\System32\gdi32.dll
    \Windows\System32\psapi.dll
    \Windows\System32\Wldap32.dll
    \Windows\System32\comdlg32.dll
    \Windows\System32\ole32.dll
    \Windows\System32\ws2_32.dll
    \Windows\System32\rpcrt4.dll
    \Windows\System32\wininet.dll
    \Windows\System32\shell32.dll
    \Windows\System32\iertutil.dll
    \Windows\System32\difxapi.dll
    \Windows\System32\normaliz.dll
    \Windows\System32\comctl32.dll
    \Windows\System32\wintrust.dll
    \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
    \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
    \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
    \Windows\System32\KernelBase.dll
    \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    \Windows\System32\crypt32.dll
    \Windows\System32\cfgmgr32.dll
    \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
    \Windows\System32\devobj.dll
    \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
    \Windows\System32\msasn1.dll
    \Windows\SysWOW64\normaliz.dll
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa800437c790
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
    Lower Device Object: 0xfffffa80042f9060
    Lower Device Driver Name: \Driver\atapi\
    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa800437c790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa800437d040, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa800437c790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa800437b850, DeviceName: Unknown, DriverName: \Driver\hpdskflt\
    DevicePointer: 0xfffffa80042d34b0, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xfffffa80042f9060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    Done!
    Drive 0
    This is a System drive
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 5179B786

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 407552
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 409600 Numsec = 596879360

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 597288960 Numsec = 27639808

    Partition 3 type is Other (0xc)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 624928768 Numsec = 211632

    Disk Size: 320072933376 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...
    Done!
    Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{11111111-1111-1111-1111-110011221158} --> [Adware.GamePlayLab]
    Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{11111111-1111-1111-1111-110011221158} --> [Adware.GamePlayLab]
    Infected file C:\Users\Savannah\AppData\Local\Temp\is357113909\wajam_validate.exe could not be remediated because backup file is not available
    Scan finished
    Creating System Restore point...
    Cleaning up...
    Removal scheduling successful. System shutdown needed.
    System shutdown occurred
    =======================================

  8. #8
    Member
    Join Date
    Jan 2008
    Location
    Oregon
    Posts
    18
    Points
    0

    Default

    Is the Pavilion safe to use now?

  9. #9
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    ESET Online Scanner

    Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

    • Please go >>HERE<< then click on:

      Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the icon to install.

      All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
    • Select the option YES, I accept the Terms of Use then click on:
    • When prompted allow the Add-On/Active X to install.
    • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
    • Now click on Advanced Settings and select the following:
      1. Scan for potentially unwanted applications
      2. Scan for potentially unsafe applications
      3. Enable Anti-Stealth Technology
    • Now click on:
    • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
    • When completed the Online Scan will begin automatically.
    • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
    • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
    • Copy and paste that log as a reply to this topic.
    • Now click on:
      (Selecting Uninstall application on close if you so wish)
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  10. #10
    Member
    Join Date
    Jan 2008
    Location
    Oregon
    Posts
    18
    Points
    0

    Default

    Here is the log. I hope that I have been following your instructions. Please let me know if I need to do something different.

    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner64.ocx - registred OK
    OnlineScanner.ocx - registred OK
    # product=EOS
    # version=8
    # IEXPLORE.EXE=10.00.9200.16521 (win8_gdr_soc_ie.130216-2100)
    # OnlineScanner.ocx=1.0.0.7623
    # api_version=3.0.2
    # EOSSerial=1462b5428c34a7439fd5dbc463daa2dd
    # engine=19518
    # end=finished
    # remove_checked=false
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2014-08-06 04:23:10
    # local_time=2014-08-05 09:23:10 (-0800, Pacific Daylight Time)
    # country="United States"
    # lang=1033
    # osver=6.1.7601 NT Service Pack 1
    # compatibility_mode_1='avast! Antivirus'
    # compatibility_mode=783 16777213 100 97 287095 171633080 0 0
    # compatibility_mode_1=''
    # compatibility_mode=5893 16776573 100 94 0 158842440 0 0
    # scanned=275469
    # found=191
    # cleaned=0
    # scan_time=10909
    sh=8AE6AF24A0E6B3005AF09A136674FE195191DCF9 ft=1 fh=4990242b8e3b0363 vn="a variant of Win32/iLivid.A potentially unwanted application" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3619020360-3904815862-2617846312-1000\$R08QJBZ.exe"
    sh=D8BB80FE9CDEEC5248AC0BE45CB229EDE595DCD3 ft=1 fh=3711d6c614b2710a vn="a variant of Win32/InstallIQ.A potentially unwanted application" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3619020360-3904815862-2617846312-1000\$R4CD6GZ.exe"
    sh=FAD7B2D69CADD0B34D287429D8E8E2D2543C7171 ft=1 fh=7ef9baa5734655a3 vn="a variant of Win32/FirseriaInstaller.M potentially unwanted application" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3619020360-3904815862-2617846312-1000\$RBD1IWR.exe"
    sh=4529F10211AE02342B4E0B590F2894C3EFA6468D ft=1 fh=36a5ec808d48795d vn="a variant of Win32/FirseriaInstaller.M potentially unwanted application" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3619020360-3904815862-2617846312-1000\$RFQY0B7.exe"
    sh=60F006BF240F7D050A7F83A3F9D0550D7DAE561C ft=1 fh=969c63f5131eca74 vn="a variant of Win32/FirseriaInstaller.M potentially unwanted application" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3619020360-3904815862-2617846312-1000\$RJZAQ22.exe"
    sh=8AE6AF24A0E6B3005AF09A136674FE195191DCF9 ft=1 fh=4990242b8e3b0363 vn="a variant of Win32/iLivid.A potentially unwanted application" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3619020360-3904815862-2617846312-1000\$RM8BK9B.exe"
    sh=96BED0C689D982F9A6BAF9BBBABC93A39F7F06D7 ft=1 fh=dbe0ea6aa96923cb vn="Win32/OutBrowse.AA potentially unwanted application" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3619020360-3904815862-2617846312-1000\$RPGTFPO.exe"
    sh=4F23236C7876BD3FAD32B814338CA002820D110C ft=1 fh=9009878eac3842db vn="a variant of Win32/FirseriaInstaller.M potentially unwanted application" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3619020360-3904815862-2617846312-1000\$RPK8ASL.exe"
    sh=8AE6AF24A0E6B3005AF09A136674FE195191DCF9 ft=1 fh=4990242b8e3b0363 vn="a variant of Win32/iLivid.A potentially unwanted application" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3619020360-3904815862-2617846312-1003\$RASNLO7.exe"
    sh=8AE6AF24A0E6B3005AF09A136674FE195191DCF9 ft=1 fh=4990242b8e3b0363 vn="a variant of Win32/iLivid.A potentially unwanted application" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3619020360-3904815862-2617846312-1003\$RDR73NZ.exe"
    sh=7C58518E545DE0C61EBA54D815854063A18E77E6 ft=1 fh=dfeee45a4d890531 vn="a variant of Win32/FirseriaInstaller.M potentially unwanted application" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3619020360-3904815862-2617846312-1003\$RDXFPS8.exe"
    sh=8AE6AF24A0E6B3005AF09A136674FE195191DCF9 ft=1 fh=4990242b8e3b0363 vn="a variant of Win32/iLivid.A potentially unwanted application" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3619020360-3904815862-2617846312-1003\$RPEAMNY.exe"
    sh=8AE6AF24A0E6B3005AF09A136674FE195191DCF9 ft=1 fh=4990242b8e3b0363 vn="a variant of Win32/iLivid.A potentially unwanted application" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3619020360-3904815862-2617846312-1003\$RUWKWDH.exe"
    sh=C2A82FC2E01C3E497B53DF1049393658E84F45E9 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaHDplus-V1.8\360-59568.crx.vir"
    sh=A47327B4C0D29BF5E9FEE68E1EF302E654D39B41 ft=1 fh=119a55c2a266d644 vn="a variant of Win32/Toolbar.CrossRider.AK potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaHDplus-V1.8\4e8a9e43-7094-4ab2-9ed5-1dba635bbf30-11.exe.vir"
    sh=4D998D5D099E24C4666CCB99C363798B716CBC52 ft=1 fh=b8999956302963de vn="a variant of Win32/Toolbar.CrossRider.AJ potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaHDplus-V1.8\4e8a9e43-7094-4ab2-9ed5-1dba635bbf30-2.exe.vir"
    sh=A47327B4C0D29BF5E9FEE68E1EF302E654D39B41 ft=1 fh=119a55c2a266d644 vn="a variant of Win32/Toolbar.CrossRider.AK potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaHDplus-V1.8\4e8a9e43-7094-4ab2-9ed5-1dba635bbf30-3.exe.vir"
    sh=378536F2946F3F0C08EAFD3D39167D5E111D4AD4 ft=1 fh=197dd769e7a2dae2 vn="a variant of Win32/Toolbar.CrossRider.AK potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaHDplus-V1.8\4e8a9e43-7094-4ab2-9ed5-1dba635bbf30-4.exe.vir"
    sh=304BEAB4CC550BFB9829D13EB618D416AB6519DE ft=1 fh=22d1877a03019eee vn="a variant of Win32/Toolbar.CrossRider.AH potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaHDplus-V1.8\4e8a9e43-7094-4ab2-9ed5-1dba635bbf30-5.exe.vir"
    sh=37D0629E11966B08292EEDFDCB0CF0617E042D87 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaHDplus-V1.8\4e8a9e43-7094-4ab2-9ed5-1dba635bbf30.crx.vir"
    sh=37D0629E11966B08292EEDFDCB0CF0617E042D87 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaHDplus-V1.8\59568.crx.vir"
    sh=07BD4D5025A6109243D2AF3D80C9F617FEDB3CC8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaHDplus-V1.8\59568.xpi.vir"
    sh=D1A08FA730D60B8EF16229D93FADD3A904FFE274 ft=1 fh=c3412a7643fcc80c vn="a variant of Win32/Toolbar.CrossRider.AL potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaHDplus-V1.8\CinemaHDplus-V1.8-bg.exe.vir"
    sh=AE58A339DA121BAF8C2057A5A083BBD4EBF9BBDA ft=1 fh=3962b09442fc5d5d vn="a variant of Win32/Toolbar.CrossRider.AF potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaHDplus-V1.8\CinemaHDplus-V1.8-bho.dll.vir"
    sh=9E3D6D08A161B67D6913A8D8764ACB0CACB4BC13 ft=1 fh=f33745b925112fb5 vn="a variant of Win64/Toolbar.Crossrider.F potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaHDplus-V1.8\CinemaHDplus-V1.8-bho64.dll.vir"
    sh=0D3B9E7DE5A44A2E8BFD1AFD95BBDE241E8BCA89 ft=1 fh=3457c089cae4adc5 vn="a variant of Win32/Toolbar.CrossRider.AJ potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaHDplus-V1.8\CinemaHDplus-V1.8-codedownloader.exe.vir"
    sh=36B29D45AEBA67DF5CF49E34F609B229656CE7A1 ft=1 fh=cac7c2c124ae6087 vn="a variant of Win32/Toolbar.CrossRider.AI potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaHDplus-V1.8\CinemaHDplus-V1.8-nova.dll.vir"
    sh=4CB743B91ECDD2437591BC4DBD4344F383B04752 ft=1 fh=7d156d695ae8462c vn="a variant of Win32/Toolbar.CrossRider.AE potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaHDplus-V1.8\CinemaHDplus-V1.8-nova.exe.vir"
    sh=0D3B9E7DE5A44A2E8BFD1AFD95BBDE241E8BCA89 ft=1 fh=3457c089cae4adc5 vn="a variant of Win32/Toolbar.CrossRider.AJ potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaHDplus-V1.8\CinemaHDplus-V1.8-novainstaller.exe.vir"
    sh=34622C0C9B0F72AB2F67AE3BD7CF94EF76B2B54D ft=1 fh=422f90d5b5335443 vn="a variant of Win32/Toolbar.Montiera.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.24.6\deltaApp.dll.vir"
    sh=80C8F13A1918FAEEAB9673C1CCF96E52325EE695 ft=1 fh=0aefb751d92be997 vn="probably a variant of Win32/Toolbar.Montiera.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.24.6\deltaEng.dll.vir"
    sh=4400797578E17E511E6164469770A80E828DDA3A ft=1 fh=56dbbea16253a143 vn="a variant of Win32/Toolbar.Montiera.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.24.6\deltasrv.exe.vir"
    sh=610CDC3A03DA21A83EB90193BACF1347AAA39A0F ft=1 fh=6544723ffe1f3f66 vn="a variant of Win32/Toolbar.Montiera.F potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.24.6\deltaTlbr.dll.vir"
    sh=AFD5B25F86CFD3045CCFF940A249A1DA89DEDE5D ft=1 fh=c55a3c08e5709f9a vn="Win32/Toolbar.Montiera.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.24.6\uninstall.exe.vir"
    sh=66AE7973E507FF0471DECFFF3BF7FFD40EA4D00D ft=1 fh=1b697967a44eb4e0 vn="a variant of Win32/Toolbar.Escort.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.24.6\bh\delta.dll.vir"
    sh=242828F8DD0288145BB9EB8C38F2A9A2EF0EA135 ft=1 fh=428c243f2bfdfea1 vn="Win32/Toolbar.Funmoods potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Funmoods\1.5.23.22\escortApp.dll.vir"
    sh=F9E5E0ED68C9F4B781EAA1DE18F6469470EC0BE3 ft=1 fh=1b934398abe9b42d vn="Win32/Toolbar.Funmoods potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Funmoods\1.5.23.22\escortEng.dll.vir"
    sh=879FCB98518EECB5A1C01402AA00E52EC5FD9C6F ft=1 fh=9387c14f65c4c2e0 vn="Win32/Toolbar.Funmoods potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Funmoods\1.5.23.22\escorTlbr.dll.vir"
    sh=AE36C5C7B13DF8A299DD0063EF8242DC6F1C6F9A ft=1 fh=924efcaa70c8c35a vn="Win32/Toolbar.Funmoods potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Funmoods\1.5.23.22\escortShld.dll.vir"
    sh=2E611D2B6A650E670C1FF69A0CF996324F22FC5B ft=1 fh=8a02fbcb5506f7e8 vn="Win32/Toolbar.Funmoods potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Funmoods\1.5.23.22\funmoodssrv.exe.vir"
    sh=ABB6B390C517049F8E1C78AB3F0A43C4FD0C60DF ft=1 fh=cb4e244b88b08eb9 vn="Win32/Toolbar.Funmoods potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll.vir"
    sh=159997A60531255C24B6AEA1B5DD7B639237C935 ft=1 fh=054b513260432fdf vn="a variant of Win32/Toolbar.SearchSuite.P potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Linkey\Helper.dll.vir"
    sh=4A69CB64B60214C1A66F1FEF587F332CED27C073 ft=1 fh=43574454a5128a07 vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe.vir"
    sh=3EF959633214D445DDFD9BCE07104B08FCBB038D ft=1 fh=f42c4de2df8fecc4 vn="probably a variant of Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll.vir"
    sh=F61ADDD0326A03685A35637BC704EB1959DC84C4 ft=1 fh=975f0524bf1774c5 vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe.vir"
    sh=180E91D83FA14ECDE328A46A3E2E0B6F8C94DBCD ft=1 fh=be1d8e30183e65f6 vn="a variant of Win32/Conduit.SearchProtect.I potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe.vir"
    sh=CC5E6DC4FE28BEB4E873A7FD596D1B1803B95341 ft=1 fh=1d9063c886d18f9d vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe.vir"
    sh=E698C2A7E66483968C0F7C702209FDD810CD443E ft=1 fh=796c794d5bd44ef7 vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll.vir"
    sh=84925E950C389412D59F4C1D5BD7F5CB50E51817 ft=1 fh=3ff66a26e145edf8 vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll.vir"
    sh=7154D6CFBAF16209E881221D5B24249BEB80D161 ft=1 fh=a61306e7514ec311 vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll.vir"
    sh=1A1D98D0AA0E694A0C305F38F83639173808A37A ft=1 fh=5eb84bae69df84bb vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll.vir"
    sh=13449299AF97F67172CFE658BEF83F88C8D50F44 ft=1 fh=e15c2b9bd295d3e3 vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe.vir"
    sh=2748C7656EA2B1B4A4BE22210C297609F34D7AE4 ft=1 fh=7c62ca100420d90a vn="a variant of Win64/Toolbar.SearchSuite.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll.vir"
    sh=9F82BB5DC8D4EC6B8B2BB47CB6C329B8AF1C14CE ft=1 fh=c92ed1f3ca58c043 vn="Win32/InstallCore.AZ potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ethan\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\PDF Writer Packages\uninstaller.exe.vir"
    sh=1549CF4F9282F1B42A58B5E050E12EF0AD669798 ft=1 fh=ffe6693d8bc7d6c5 vn="Win32/Toolbar.Babylon.I potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ethan\AppData\Roaming\BabSolution\Shared\BabMaint.exe.vir"
    sh=84D231BD285FB6E1BC20F82BC6261C1507675C17 ft=1 fh=a053084764085b12 vn="a variant of Win32/DealPly.H potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ethan\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe.vir"
    sh=875BF27A9D7EC8A57E1D22728A94605E77A66F99 ft=1 fh=1066940167675931 vn="probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ethan\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF10.dll.vir"
    sh=D899A4B906A21BD09967DEC18E585BBC0857613F ft=1 fh=57376ab25fbf95e6 vn="probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ethan\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF11.dll.vir"
    sh=1C892B22508224197B9E18D1E8EA140364FCBE16 ft=1 fh=7cdaad0dae2c1b59 vn="probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ethan\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF12.dll.vir"
    sh=24688F1377B4440A9B1878032F0E0637A0B7413D ft=1 fh=f3606e917bb05064 vn="probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ethan\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF13.dll.vir"
    sh=8DED72F0F1AC00002F7B37896444F81344797137 ft=1 fh=8d756a4d0ef40548 vn="probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ethan\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF14.dll.vir"
    sh=A7676DE801151EC36449A35D802BE6D517585250 ft=1 fh=77d903f3d76df8e3 vn="probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ethan\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF15.dll.vir"
    sh=5C6557C60BE87DDA95642C27D5A2CC62BA5994AB ft=1 fh=3ae6f06bbaacc194 vn="probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ethan\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF16.dll.vir"
    sh=40285FF9FD17402ECE35DF8C168E8EFA2CE62A6A ft=1 fh=917a4813993a40f9 vn="probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ethan\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF17.dll.vir"
    sh=F692CE5E532F547C8501BD229FBC123303B3D9B3 ft=1 fh=80a995bee4d32411 vn="probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ethan\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF18.dll.vir"
    sh=6BC05D76DE5700A7842F6D698D9DEBF694CB07F9 ft=1 fh=4592982ca8f1a507 vn="probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ethan\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF19.dll.vir"
    sh=57160E03B62706FF8E8BAC83FF586555EC22810C ft=1 fh=56a5826f3426f20b vn="probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ethan\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF2.dll.vir"
    sh=90E641FBFF0C1DFCBE3C77E5C50F4E894F26217A ft=1 fh=de6ef194b23fec2d vn="probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ethan\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF20.dll.vir"
    sh=38A74467E791AAB4581FC74C7DADE79E5EEB4795 ft=1 fh=479f62e59405fe7b vn="probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ethan\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF21.dll.vir"
    sh=94D63798953E0B82E555D9DC3403DF379FD3077F ft=1 fh=14354187413f58cf vn="probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ethan\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF22.dll.vir"
    sh=F2AAB78ECD52FFECC521C596FF157F8D57831EF4 ft=1 fh=2cbaad4b382bf3f3 vn="probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ethan\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF23.dll.vir"
    sh=95E1985C7154E988280E010473E1B9C987D79FA7 ft=1 fh=3fb80b633a60e120 vn="probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ethan\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF24.dll.vir"
    sh=D1C1E4164EEA763CB0B4FF99EAE6CAD3C42A86D6 ft=1 fh=c48a79bf03282173 vn="probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ethan\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF25.dll.vir"
    sh=E945BB9901884E902C2C90DD0D24022300C4AE59 ft=1 fh=4681a5397b7995e6 vn="probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ethan\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF26.dll.vir"
    sh=0B1ACE568F3C7E497827F1ADD2B9A20FD6D55874 ft=1 fh=0de96f957859625b vn="probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ethan\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF27.dll.vir"
    sh=582321BBF62331B40FBFE2DFF71EFAA5927220B2 ft=1 fh=66e056ec771f27d3 vn="probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ethan\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF28.dll.vir"
    sh=3939FBF3A2DCCD352A0F5432C2AC53073B1971BA ft=1 fh=1dd920926f4c2d90 vn="probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ethan\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF29.dll.vir"
    sh=5BAAF067D3424BB7621037963FCA6909ED396867 ft=1 fh=15e5e8b58b83a4fd vn="probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ethan\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF4.dll.vir"
    sh=6A96CADA440100988B6BACC46972EA74453CDD5D ft=1 fh=f19b674463ab7da5 vn="probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ethan\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF5.dll.vir"
    sh=2E9A62F87FB34FD7CBEFDE10CD4458647AC06C7D ft=1 fh=dbdd0972697e1a93 vn="probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ethan\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF6.dll.vir"
    sh=47E9559928996B929FA07B321F8B81C2340B8B26 ft=1 fh=bc9fb25d769824bf vn="probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ethan\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF7.dll.vir"
    sh=A998F7BA733510C93AB904DEB1CAA33865E6A7C9 ft=1 fh=b48111079e839687 vn="probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ethan\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF8.dll.vir"
    sh=E7FCE09B991B197FC0D8E714EC9586DCFAC6458A ft=1 fh=609f336dcb625945 vn="probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ethan\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF9.dll.vir"
    sh=7A2589020E1532105EA0B3845BAEDA0271AA2F42 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Savannah\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdihkdldaicijakhchgojcokhpamkibi\1.26.35_0\extensionData\plugins\91.js.vir"
    sh=A3AA9516F41EE0B19998A1200EDE15D44ED49454 ft=1 fh=409e8ca697817935 vn="a variant of Win32/Toolbar.SearchSuite.P potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Savannah\AppData\Local\iLivid\Helper.dll.vir"
    sh=10F73307146AB5BC0BE917EEACECEF2E31AA45A6 ft=1 fh=dae39868c428a6bc vn="a variant of Win32/Toolbar.SearchSuite.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Savannah\AppData\Local\iLivid\Uninstall.exe.vir"
    sh=C0ACE5CCAA7E890BA95C6A2CE9B7849B31FE5687 ft=1 fh=469d5509e7a70815 vn="a variant of Win32/Toolbar.SearchSuite.P potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Savannah\AppData\Local\torch\Helper.dll.vir"
    sh=7A2589020E1532105EA0B3845BAEDA0271AA2F42 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Savannah\AppData\Local\torch\User Data\Default\Extensions\cdihkdldaicijakhchgojcokhpamkibi\1.26.35_0\extensionData\plugins\91.js.vir"
    sh=84D231BD285FB6E1BC20F82BC6261C1507675C17 ft=1 fh=a053084764085b12 vn="a variant of Win32/DealPly.H potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Savannah\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe.vir"
    sh=1305DE2BFA54D0A13AFA7E1DC139B3B9AE262A56 ft=1 fh=87358e7751ff4371 vn="a variant of Win32/DealPly.S potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Savannah\AppData\Roaming\Mysearchdial\UpdateProc\UpdateTask.exe.vir"
    sh=23B71244CFC714BA197B204E327B42F775F656F9 ft=1 fh=bef73288930d8b6a vn="Win32/SweetIM.J potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\WNLT\Installation\SKSetup.exe.vir"
    sh=A0248F6915E9259CABF055842A3869F93DE46BC0 ft=1 fh=22b4e234e962bbb7 vn="a variant of MSIL/Adware.Proxomoto.A application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Speed Optimizer Guru\runtime\Speed Optimizer Guru runtime\Installer.dll.xBAD"
    sh=7FD6B49DACFC5D687D6B4327CF174032739F9575 ft=1 fh=08911c386908ffba vn="a variant of MSIL/Adware.Proxomoto.A application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Speed Optimizer Guru\runtime\Speed Optimizer Guru runtime\InstallerLibrary.dll.xBAD"
    sh=4A3911E02C2476256E76B94CA1BE31FFBAC8E3BD ft=1 fh=5b36c00fb7d129a1 vn="a variant of MSIL/Adware.Proxomoto.A application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Speed Optimizer Guru\runtime\Speed Optimizer Guru runtime\NewVersionDownloader.exe.xBAD"
    sh=26223743BBCB298EF5C15F6BC29A0903F9B55133 ft=1 fh=41a78411d3123ee9 vn="a variant of MSIL/Adware.Proxomoto.G application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Speed Optimizer Guru\runtime\Speed Optimizer Guru runtime\WindowsUpdater.exe.xBAD"
    sh=DBBF1B918EF6D65A17622B12D48A0BEDEF14F89D ft=1 fh=fb8fa3d049e12674 vn="a variant of MSIL/Adware.Proxomoto.A application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Speed Optimizer Guru\runtime\Speed Optimizer Guru runtime\backup\InstallerLibrary.dll.xBAD"
    sh=37D9F0570089CBF23D78864E6EF1594BB1AE7051 ft=1 fh=c71c00115da95253 vn="a variant of Win32/InstallCore.NP potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Ethan\AppData\Local\Temp\ICReinstall_winzip175-mediafire.exe.xBAD"
    sh=56C13A31C91F73B85C0830B6CA39F2C997D7C55F ft=1 fh=c02cf5c55ebdf686 vn="probably a variant of Win32/SweetIM.C potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Ethan\AppData\Local\Temp\IMsetup.exe.xBAD"
    sh=C8F1E3F28152C6C010B7AE8FA4D167E3C388FF0C ft=1 fh=84ff0b58ed098a1d vn="Win32/SweetIM.K potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Ethan\AppData\Local\Temp\mgsqlite3.dll.xBAD"
    sh=5CC86C41839F11F7F96E5DA5617CEBC5C4684697 ft=1 fh=90a4598133586087 vn="multiple threats" ac=I fn="C:\FRST\Quarantine\C\Users\Ethan\AppData\Local\Temp\optprosetup.exe.xBAD"
    sh=56C13A31C91F73B85C0830B6CA39F2C997D7C55F ft=1 fh=c02cf5c55ebdf686 vn="probably a variant of Win32/SweetIM.C potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Ethan\AppData\Local\Temp\Shortcut_IMsetup.exe.xBAD"
    sh=A84B46CCDC3F57029C711BE6275A760DD13AC913 ft=1 fh=15908f4a60c02694 vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Ethan\AppData\Local\Temp\SPSetup.exe.xBAD"
    sh=69256247835C97E33E5E3C4D78BCDC0E51C95B59 ft=1 fh=684683d2b788e2e1 vn="Win32/Toolbar.Conduit.S potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Ethan\AppData\Local\Temp\SweetIMInstallValidator.exe.xBAD"
    sh=1426B95F2619E462F812F6807C88694DF9FBECE7 ft=1 fh=a10496de67a69999 vn="Win32/Toolbar.Conduit.S potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Ethan\AppData\Local\Temp\SweetIMSetup.exe.xBAD"
    sh=6015A6175678B86931161588327F1A8953F0F115 ft=1 fh=8dbb909b5df9c8a0 vn="a variant of Win32/Toolbar.Perion.G potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Ethan\AppData\Local\Temp\WSSetup.exe.xBAD"
    sh=6555A7B2B0D8E3C303651C05D7B244F9FAC3BDDD ft=1 fh=a72316ebf5f4c928 vn="a variant of Win32/InstallCore.D potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Savannah\AppData\Local\Temp\ICReinstall_ZipOpenerSetup.exe.xBAD"
    sh=8398427DEE8FECAF5BC25B22C826FC2DC6DF9747 ft=1 fh=81c159dc949cee29 vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Savannah\AppData\Local\Temp\SPSetup.exe.xBAD"
    sh=26223743BBCB298EF5C15F6BC29A0903F9B55133 ft=1 fh=41a78411d3123ee9 vn="a variant of MSIL/Adware.Proxomoto.G application" ac=I fn="C:\FRST\Quarantine\C\Windows\Microsoft\sogr\WindowsUpdater.exe.xBAD"
    sh=C4420C6E94B8CAACCB3811384280D8A93CB0A37D ft=1 fh=25f111c507a31a21 vn="Win32/Toolbar.Conduit.R potentially unwanted application" ac=I fn="C:\Program Files (x86)\OpenDownloaderManager\spd.exe"
    sh=30FC94DC03905C5EC4BDB3DEA133C821FF4CCC8D ft=1 fh=15c76a337b334b7f vn="a variant of Win32/SoftPulse.H potentially unwanted application" ac=I fn="C:\Users\Ethan\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\00\00000000"
    sh=93D7AD0FC7A7EC62E220FBD9A5501C61B0743EC9 ft=0 fh=0000000000000000 vn="Win32/bProtector.J potentially unwanted application" ac=I fn="C:\Users\Ethan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\14QL20FV\pack[1].7z"
    sh=856F53214FA4C51889D089C1836666C9E395A145 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\Users\Ethan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1L8D0L3B\91[1].js"
    sh=856F53214FA4C51889D089C1836666C9E395A145 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\Users\Ethan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1L8D0L3B\91[2].js"
    sh=ED0FFF33D2DA9A36F99C67DB4BDF3C142E2F79DF ft=0 fh=0000000000000000 vn="Win32/SweetIM.K potentially unwanted application" ac=I fn="C:\Users\Ethan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FL236NMH\mgsqlite3[1].7z"
    sh=FF6032FDE2C4BA19D8F0BD058BE01864E5C2B717 ft=0 fh=0000000000000000 vn="a variant of Win32/bProtector.A potentially unwanted application" ac=I fn="C:\Users\Ethan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FL236NMH\pack[1].7z"
    sh=56C13A31C91F73B85C0830B6CA39F2C997D7C55F ft=1 fh=c02cf5c55ebdf686 vn="probably a variant of Win32/SweetIM.C potentially unwanted application" ac=I fn="C:\Users\Ethan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P20CYFBO\bundlesweetimsetup[1].exe"
    sh=91F440A8F2A0FFC91EDA87FE5410B93141B1C6B0 ft=1 fh=1ce5d7cf83504dfe vn="Win32/Toolbar.Conduit.AF potentially unwanted application" ac=I fn="C:\Users\Ethan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P20CYFBO\checktbexist[1].exe"
    sh=3893C701FC34D1821AD7219306ECFBD1EDE3AF8F ft=0 fh=0000000000000000 vn="a variant of Win32/bProtector.A potentially unwanted application" ac=I fn="C:\Users\Ethan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P20CYFBO\pack[1].7z"
    sh=2A6234AC2FF85E104F854C0BCDEE42E70CA0A6EE ft=1 fh=04909f28e8d9c2a4 vn="Win32/Toolbar.Conduit.S potentially unwanted application" ac=I fn="C:\Users\Ethan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UZSC3XYQ\conduitinstaller[1].exe"
    sh=37CCAD86409E08816A4C00F1DBEA4604BA36D3A1 ft=1 fh=919a9505016e0e1e vn="a variant of Win32/Toolbar.Babylon.F potentially unwanted application" ac=I fn="C:\Users\Ethan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UZSC3XYQ\optin[1].php"
    sh=71E050F917C61D99E59A6D898FA0EC116BEAB810 ft=1 fh=0c7dc83d72e4c26e vn="a variant of Win32/Toolbar.Babylon.M potentially unwanted application" ac=I fn="C:\Users\Ethan\AppData\Local\Temp\9BC6.tmp"
    sh=4E8A8E380D1A77BA431D61FF87CB4F3ABD9C02B4 ft=1 fh=d813df953ad1d4f7 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Users\Ethan\AppData\Local\Temp\ASK5956.tmp"
    sh=0C3B662680A08E408A377DF5DF75AF78855D9BB6 ft=1 fh=b7bf4bc877f8f793 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Users\Ethan\AppData\Local\Temp\ASKEA20.tmp"
    sh=B492E083AFD5954BD93E99E9E7A93C08F73F170D ft=1 fh=626de6f7ffde9f00 vn="Win32/Adware.Mongoose application" ac=I fn="C:\Users\Ethan\AppData\Local\Temp\CSMF0C5.tmp"
    sh=ED0FFF33D2DA9A36F99C67DB4BDF3C142E2F79DF ft=0 fh=0000000000000000 vn="Win32/SweetIM.K potentially unwanted application" ac=I fn="C:\Users\Ethan\AppData\Local\Temp\mgsqlite3.7z"
    sh=7127B69FA823F5306552D181CDCC6F43FF56CE6C ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Ethan\AppData\Local\Temp\MsiToExe.SetupExtension.msi"
    sh=1549CF4F9282F1B42A58B5E050E12EF0AD669798 ft=1 fh=ffe6693d8bc7d6c5 vn="Win32/Toolbar.Babylon.I potentially unwanted application" ac=I fn="C:\Users\Ethan\AppData\Local\Temp\C8909151-BAB0-7891-8213-5A589A16AC68\Latest\BabMaint.exe"
    sh=DED201AE02FB9EA3646489AFEDA49270C4620D9C ft=1 fh=c71c001196f8c3ac vn="a variant of Win32/Toolbar.Babylon.F potentially unwanted application" ac=I fn="C:\Users\Ethan\AppData\Local\Temp\C8909151-BAB0-7891-8213-5A589A16AC68\Latest\BExternal.dll"
    sh=1466BC1893B6D4B277A177CD2C7D1BEF65F6AAEB ft=1 fh=407239d3cdeb51cc vn="Win32/Toolbar.Babylon.U potentially unwanted application" ac=I fn="C:\Users\Ethan\AppData\Local\Temp\C8909151-BAB0-7891-8213-5A589A16AC68\Latest\CrxInstaller.dll"
    sh=7759A3318DE2ABC3755EBB7F50322C6D586B5286 ft=1 fh=e3d39714b3bfb2a0 vn="Win32/Toolbar.Babylon.E potentially unwanted application" ac=I fn="C:\Users\Ethan\AppData\Local\Temp\C8909151-BAB0-7891-8213-5A589A16AC68\Latest\IEHelper.dll"
    sh=25EA5C7F4A48D166A2006CA37B936ECA340F58ED ft=1 fh=c71c0011e4611a52 vn="Win32/Toolbar.Babylon.V potentially unwanted application" ac=I fn="C:\Users\Ethan\AppData\Local\Temp\C8909151-BAB0-7891-8213-5A589A16AC68\Latest\MntrDLLInstall.dll"
    sh=63B9ACAA33978D6BA181B45C51DABE9FF76B50AA ft=1 fh=75ac944de1f3f413 vn="a variant of Win32/Toolbar.Babylon.H potentially unwanted application" ac=I fn="C:\Users\Ethan\AppData\Local\Temp\C8909151-BAB0-7891-8213-5A589A16AC68\Latest\Setup.exe"
    sh=91F440A8F2A0FFC91EDA87FE5410B93141B1C6B0 ft=1 fh=1ce5d7cf83504dfe vn="Win32/Toolbar.Conduit.AF potentially unwanted application" ac=I fn="C:\Users\Ethan\AppData\Local\Temp\ct3310511\ctbe.exe"
    sh=464EFB48250E46F073EC0FD607C19A0706299EC8 ft=1 fh=145d5400c12cc04c vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="C:\Users\Ethan\AppData\Local\Temp\ct3310511\ffLogic.exe"
    sh=2A6234AC2FF85E104F854C0BCDEE42E70CA0A6EE ft=1 fh=04909f28e8d9c2a4 vn="Win32/Toolbar.Conduit.S potentially unwanted application" ac=I fn="C:\Users\Ethan\AppData\Local\Temp\ct3310511\stub.exe"
    sh=D957B0EC634B5C52AA2B8934223A6248D5152807 ft=1 fh=4c2491a4bea30714 vn="a variant of Win32/InstallCore.A potentially unwanted application" ac=I fn="C:\Users\Ethan\AppData\Local\Temp\is357113909\message.exe"
    sh=9F82BB5DC8D4EC6B8B2BB47CB6C329B8AF1C14CE ft=1 fh=c92ed1f3ca58c043 vn="Win32/InstallCore.AZ potentially unwanted application" ac=I fn="C:\Users\Ethan\AppData\Local\Temp\is357113909\uninstaller.exe"
    sh=FEC19241949864DE766A2D193BC81E3366E379E4 ft=1 fh=ac6e9bcd558de938 vn="Win32/Conduit.SearchProtect.Q potentially unwanted application" ac=I fn="C:\Users\Ethan\AppData\Local\Temp\nse5851\SpSetup.exe"
    sh=800B6A5BC9E3B1906B2761AC2B67DA83C03F0DB5 ft=1 fh=feb6e31f047ab1d8 vn="a variant of Win32/Packed.VMDetector.G potentially unwanted application" ac=I fn="C:\Users\Ethan\AppData\Local\Temp\nst6D75.tmp\WMDetect.dll"
    sh=159997A60531255C24B6AEA1B5DD7B639237C935 ft=1 fh=054b513260432fdf vn="a variant of Win32/Toolbar.SearchSuite.P potentially unwanted application" ac=I fn="C:\Users\Ethan\AppData\Local\Temp\nsz6420.tmp\Helper.dll"
    sh=3826E6FD3D84EAB8A11CA56E97DE1DED99E8722D ft=1 fh=9320fb1ce811b87e vn="a variant of Win32/FirseriaInstaller.C potentially unwanted application" ac=I fn="C:\Users\Ethan\Downloads\Excel Calendar Template.exe"
    sh=75D3CAE78C1A7523CA065B5A799E2D084A53C113 ft=1 fh=ed749c65395af020 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\Users\Ethan\Downloads\InstallFreeRARExtractFrog.exe"
    sh=D8B985D27C6B7E2565B1658ED6C07A4B0416A355 ft=1 fh=48296b6e9b9d4846 vn="a variant of Win32/InstallCore.D potentially unwanted application" ac=I fn="C:\Users\Ethan\Downloads\PDFWriterSetup.exe"
    sh=30FC94DC03905C5EC4BDB3DEA133C821FF4CCC8D ft=1 fh=15c76a337b334b7f vn="a variant of Win32/SoftPulse.H potentially unwanted application" ac=I fn="C:\Users\Ethan\Downloads\Player.exe"
    sh=234CB79222F2C54F68F8B1274C7DB04FDA757103 ft=1 fh=179fe2b8918563dc vn="Win32/DownloadAdmin.G potentially unwanted application" ac=I fn="C:\Users\Ethan\Downloads\vlcmediaplayer-setup.exe"
    sh=BA3B1F5AA27AC78E20050689BF3ED8FE762C68EF ft=1 fh=8d6935bf08c75357 vn="a variant of Win32/AdWare.Toolbar.AmyBar.A application" ac=I fn="C:\Users\Savannah\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EGU1KWHE\Setup_20130917[1].exe"
    sh=FD35DD41ECD9EBBBB188FBF60F3666A31C9FF6F8 ft=1 fh=81934844e5ca19be vn="a variant of Win32/Amonetize.J potentially unwanted application" ac=I fn="C:\Users\Savannah\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EGU1KWHE\setup__155[1].exe"
    sh=D1937AEB8ADBC5C7EB69C1AEFEEA4DEC6A1A90B5 ft=1 fh=e6c02fe7d3021daa vn="Win32/Wajam.B potentially unwanted application" ac=I fn="C:\Users\Savannah\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KE91JM21\wajam_download[1]"
    sh=8567BAA20C5651B9D49CEB905F6A9F8A1B5516FF ft=1 fh=e5e92cb2b7b517be vn="a variant of MSIL/Adware.iBryte.D application" ac=I fn="C:\Users\Savannah\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OKJS7K30\installer[1].exe"
    sh=F73463221B258F1CBFD4F98A80D7BB6BBFF0D4BE ft=1 fh=8dcad213b138744b vn="a variant of Win32/SpeedingUpMyPC.B application" ac=I fn="C:\Users\Savannah\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYVRVWAH\OptimizerPro[1].exe"
    sh=9F82BB5DC8D4EC6B8B2BB47CB6C329B8AF1C14CE ft=1 fh=c92ed1f3ca58c043 vn="Win32/InstallCore.AZ potentially unwanted application" ac=I fn="C:\Users\Savannah\AppData\Local\Temp\is357113909\uninstaller.exe"
    sh=A836A8346F791EC8A83B51BC78E84B2F6659E6DA ft=1 fh=0a2e45c370149901 vn="Win32/Wajam.F potentially unwanted application" ac=I fn="C:\Users\Savannah\AppData\Local\Temp\is357113909\wajam_validate.exe"
    sh=F5D8917269BB245F08ECD4CB1A48F07572CE87C3 ft=1 fh=7946b44508dc8274 vn="Win32/Packed.ScrambleWrapper.M potentially unwanted application" ac=I fn="C:\Users\Savannah\AppData\Local\Temp\n375\HQVideo-USInstaller.exe"
    sh=91C45E16A830548CC423AA01C18E456844DBB6B6 ft=1 fh=0d441bdf7e3fb258 vn="Win32/Toolbar.Iminent.C potentially unwanted application" ac=I fn="C:\Users\Savannah\AppData\Local\Temp\n375\Iminent_1712-b2fcad5e.exe"
    sh=DD09B957F4E1227A294AF9D06B6009281D845508 ft=1 fh=95849d92c154fda3 vn="a variant of Win32/AdWare.SpeedingUpMyPC.N application" ac=I fn="C:\Users\Savannah\AppData\Local\Temp\n375\OptimizerPro.exe"
    sh=95E47C837F8513A9D7ACB81DB9DE4B361A8A2F94 ft=1 fh=d8feed8d3537b827 vn="a variant of Win32/Toolbar.SearchSuite.P potentially unwanted application" ac=I fn="C:\Users\Savannah\AppData\Local\Temp\nsaD403.tmp\Helper.dll"
    sh=15D4B830B56E8D3C7111E48E325FD540DD7308CB ft=1 fh=f40a4f4451e5cf44 vn="a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application" ac=I fn="C:\Users\Savannah\AppData\Local\Temp\nsb1355.tmp\Helper.dll"
    sh=A3AA9516F41EE0B19998A1200EDE15D44ED49454 ft=1 fh=409e8ca697817935 vn="a variant of Win32/Toolbar.SearchSuite.P potentially unwanted application" ac=I fn="C:\Users\Savannah\AppData\Local\Temp\nsc5FEB.tmp\Helper.dll"
    sh=95E47C837F8513A9D7ACB81DB9DE4B361A8A2F94 ft=1 fh=d8feed8d3537b827 vn="a variant of Win32/Toolbar.SearchSuite.P potentially unwanted application" ac=I fn="C:\Users\Savannah\AppData\Local\Temp\nsgDCE9.tmp\Helper.dll"
    sh=C0ACE5CCAA7E890BA95C6A2CE9B7849B31FE5687 ft=1 fh=469d5509e7a70815 vn="a variant of Win32/Toolbar.SearchSuite.P potentially unwanted application" ac=I fn="C:\Users\Savannah\AppData\Local\Temp\nstE9D2.tmp\Helper.dll"
    sh=95E47C837F8513A9D7ACB81DB9DE4B361A8A2F94 ft=1 fh=d8feed8d3537b827 vn="a variant of Win32/Toolbar.SearchSuite.P potentially unwanted application" ac=I fn="C:\Users\Savannah\AppData\Local\Temp\nstF9C.tmp\Helper.dll"
    sh=15D4B830B56E8D3C7111E48E325FD540DD7308CB ft=1 fh=f40a4f4451e5cf44 vn="a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application" ac=I fn="C:\Users\Savannah\AppData\Local\Temp\nsv258D.tmp\Helper.dll"
    sh=531B82C8ECE2AF3E96F0720E66806293A5EB5470 ft=1 fh=def75e25ed835e26 vn="a variant of Win32/AdWare.Toolbar.AmyBar.A application" ac=I fn="C:\Users\Savannah\AppData\Local\WordOv\temp.dat"
    sh=7C58518E545DE0C61EBA54D815854063A18E77E6 ft=1 fh=dfeee45a4d890531 vn="a variant of Win32/FirseriaInstaller.M potentially unwanted application" ac=I fn="C:\Users\Savannah\Downloads\Bibliocraft1.6.4.exe"
    sh=917D63DFC0B9CBFB17F66CBA4C666E9B2C323896 ft=1 fh=aae802d684104d80 vn="a variant of Win32/AdWare.iBryte.K.gen application" ac=I fn="C:\Users\Savannah\Downloads\Express_Installer.exe"
    sh=B21D8548E27B23C5CA4CC7F045287A5FBBF15618 ft=1 fh=4621e847e69fd955 vn="a variant of Win32/iLivid.A potentially unwanted application" ac=I fn="C:\Users\Savannah\Downloads\iLividSetup-r390-n-bc.exe"
    sh=8AE6AF24A0E6B3005AF09A136674FE195191DCF9 ft=1 fh=4990242b8e3b0363 vn="a variant of Win32/iLivid.A potentially unwanted application" ac=I fn="C:\Users\Savannah\Downloads\iLividSetup-r394-n-bc.exe"
    sh=3792083E87A626BC745BF938B7EB8A7E4352F0EC ft=1 fh=a874ccc9f4af7dbd vn="a variant of Win32/AdWare.iBryte.K.gen application" ac=I fn="C:\Users\Savannah\Downloads\MineCraft (1).exe"
    sh=5371A0F6E3C332B7D664DF27BBAA4B5CCECD50A5 ft=1 fh=9737a49caa4890f6 vn="a variant of Win32/AdWare.iBryte.K.gen application" ac=I fn="C:\Users\Savannah\Downloads\MineCraft.exe"
    sh=6A385E52699B1982F72C9336EEF246E820418C3B ft=1 fh=3eebe05d35079d7b vn="a variant of Win32/FirseriaInstaller.K potentially unwanted application" ac=I fn="C:\Users\Savannah\Downloads\mocreatures1.6.4 (1).exe"
    sh=6A385E52699B1982F72C9336EEF246E820418C3B ft=1 fh=3eebe05d35079d7b vn="a variant of Win32/FirseriaInstaller.K potentially unwanted application" ac=I fn="C:\Users\Savannah\Downloads\mocreatures1.6.4.exe"
    sh=49B3668648C636D54DDEB9909FB742EF2BA65787 ft=1 fh=12f9d9175f0c2643 vn="a variant of Win32/Bundlore.H potentially unwanted application" ac=I fn="C:\Users\Savannah\Downloads\setup.exe"
    sh=718012F839A13A74D4E017D65C800893D4DB0960 ft=1 fh=86afa44a667ff348 vn="a variant of Win32/Packed.VMDetector.G potentially unwanted application" ac=I fn="C:\Users\Savannah\Downloads\Setup_ODM.exe"
    sh=AF020FB6C4115A1C86D6F71D8E49F7CCC1065ECA ft=1 fh=ba31f8740234ac49 vn="a variant of Win32/AdWare.iBryte.AA application" ac=I fn="C:\Users\Savannah\Downloads\trzED2E.tmp"
    sh=37D9F0570089CBF23D78864E6EF1594BB1AE7051 ft=1 fh=c71c00115da95253 vn="a variant of Win32/InstallCore.NP potentially unwanted application" ac=I fn="C:\Users\Savannah\Downloads\winzip175-mediafire.exe"
    sh=6555A7B2B0D8E3C303651C05D7B244F9FAC3BDDD ft=1 fh=a72316ebf5f4c928 vn="a variant of Win32/InstallCore.D potentially unwanted application" ac=I fn="C:\Users\Savannah\Downloads\ZipOpenerSetup.exe"
    sh=4364932F91C17C5CF162EE67A178D8DC67E13584 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Windows\Installer\201930.msi"
    sh=A0248F6915E9259CABF055842A3869F93DE46BC0 ft=1 fh=22b4e234e962bbb7 vn="a variant of MSIL/Adware.Proxomoto.A application" ac=I fn="C:\Windows\Microsoft\sogr\Installer.dll"
    sh=7FD6B49DACFC5D687D6B4327CF174032739F9575 ft=1 fh=08911c386908ffba vn="a variant of MSIL/Adware.Proxomoto.A application" ac=I fn="C:\Windows\Microsoft\sogr\InstallerLibrary.dll"
    sh=7A2589020E1532105EA0B3845BAEDA0271AA2F42 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdihkdldaicijakhchgojcokhpamkibi\1.26.35_0\extensionData\plugins\91.js"
    sh=7A2589020E1532105EA0B3845BAEDA0271AA2F42 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdihkdldaicijakhchgojcokhpamkibi\1.26.35_0\extensionData\plugins\91.js"
    sh=FA61F495558B294EB796B8D6C44F75631FA57E7D ft=1 fh=b733a64984fbe467 vn="Win32/Conduit.SearchProtect.R potentially unwanted application" ac=I fn="C:\Windows\Temp\nsd75CF.exe"
    sh=FA61F495558B294EB796B8D6C44F75631FA57E7D ft=1 fh=b733a64984fbe467 vn="Win32/Conduit.SearchProtect.R potentially unwanted application" ac=I fn="C:\Windows\Temp\nsd9FDB.exe"
    sh=FA61F495558B294EB796B8D6C44F75631FA57E7D ft=1 fh=b733a64984fbe467 vn="Win32/Conduit.SearchProtect.R potentially unwanted application" ac=I fn="C:\Windows\Temp\nse29C9.exe"
    sh=FA61F495558B294EB796B8D6C44F75631FA57E7D ft=1 fh=b733a64984fbe467 vn="Win32/Conduit.SearchProtect.R potentially unwanted application" ac=I fn="C:\Windows\Temp\nsn2A7E.exe"
    sh=FA61F495558B294EB796B8D6C44F75631FA57E7D ft=1 fh=b733a64984fbe467 vn="Win32/Conduit.SearchProtect.R potentially unwanted application" ac=I fn="C:\Windows\Temp\nso2F9C.exe"
    sh=FA61F495558B294EB796B8D6C44F75631FA57E7D ft=1 fh=b733a64984fbe467 vn="Win32/Conduit.SearchProtect.R potentially unwanted application" ac=I fn="C:\Windows\Temp\nssF367.exe"
    sh=FA61F495558B294EB796B8D6C44F75631FA57E7D ft=1 fh=b733a64984fbe467 vn="Win32/Conduit.SearchProtect.R potentially unwanted application" ac=I fn="C:\Windows\Temp\nst6868.exe"
    sh=FA61F495558B294EB796B8D6C44F75631FA57E7D ft=1 fh=b733a64984fbe467 vn="Win32/Conduit.SearchProtect.R potentially unwanted application" ac=I fn="C:\Windows\Temp\nsuDB8A.exe"
    sh=FA61F495558B294EB796B8D6C44F75631FA57E7D ft=1 fh=b733a64984fbe467 vn="Win32/Conduit.SearchProtect.R potentially unwanted application" ac=I fn="C:\Windows\Temp\nsx9DE8.exe"
    sh=FA61F495558B294EB796B8D6C44F75631FA57E7D ft=1 fh=b733a64984fbe467 vn="Win32/Conduit.SearchProtect.R potentially unwanted application" ac=I fn="C:\Windows\Temp\nsxEB3.exe"

Page 1 of 3 123 LastLast