Security Scan results:

CharmPeddler · Mar 9, 2014

Here are the scan results from my sisters computer. There is a lot of junk on there. MANY popups, home page redirects, SUPER slow (whole computer) many times. I'm able to get rid of a lot of this stuff, but i would like the opinions and directions of the many who are MUCH better versed in this sort of thing.

CharmPeddler · Mar 9, 2014

# AdwCleaner v3.020 - Report created 07/03/2014 at 18:54:45
# Updated 27/02/2014 by Xplode
# Operating System : Windows 8 (64 bits)
# Username : Kathryn - KBUTT
# Running from : C:\Users\Kathryn\Desktop\Scans\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Kathryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
Folder Deleted : C:\Users\Kathryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml
Folder Deleted : C:\Users\Kathryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjkpcnacdgdlpfejlgflolpaigoicibh
Folder Deleted : C:\Users\Kathryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo
Folder Deleted : C:\Users\Kathryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\Kathryn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Search.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [BackgroundContainer]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Browser Infrastructure Helper]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bho
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289663
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3298578
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3302999
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3309350
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3310511
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{38495740-0035-4471-851E-F5BBB86AB085}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A94BC06-D1EB-4C2B-BAD7-58F33CA4B85C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{63FBA139-A84F-43A8-94BA-AE36682FB1B6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07CBF788-1359-421B-A4E3-5A8D041B90A3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7736C7FA-512D-11E2-B871-DEC36088709B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5A94BC06-D1EB-4C2B-BAD7-58F33CA4B85C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7736C7FA-512D-11E2-B871-DEC36088709B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5A94BC06-D1EB-4C2B-BAD7-58F33CA4B85C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{63FBA139-A84F-43A8-94BA-AE36682FB1B6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7736C7FA-512D-11E2-B871-DEC36088709B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5A94BC06-D1EB-4C2B-BAD7-58F33CA4B85C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63FBA139-A84F-43A8-94BA-AE36682FB1B6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{25778495-DC68-4422-BED2-A0787B162546}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0C4D34A4-3A98-40CA-AA2C-A699402CD5F5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{5A94BC06-D1EB-4C2B-BAD7-58F33CA4B85C}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{5A94BC06-D1EB-4C2B-BAD7-58F33CA4B85C}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{07CBF788-1359-421B-A4E3-5A8D041B90A3}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{5A94BC06-D1EB-4C2B-BAD7-58F33CA4B85C}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKCU\Software\DefaultTab
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\Iminent
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\LinkSwift
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\smartbarbackup
Key Deleted : HKCU\Software\smartbarlog
Key Deleted : HKCU\Software\wnlt
Key Deleted : HKCU\Software\Vafmusic6
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab
Key Deleted : HKCU\Software\AppDataLow\Software\lyricsparty
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\Vafmusic6
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\Software\DefaultTab
Key Deleted : HKLM\Software\Desksvc
Key Deleted : HKLM\Software\hdcode
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\LinkSwift
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\supWPM
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\Software\V9
Key Deleted : HKLM\Software\Vafmusic6
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wpm
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vafmusic6 Toolbar
Key Deleted : [x64] HKLM\SOFTWARE\DomaIQ
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LinkSwift
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16537

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Secondary Start Pages]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Secondary Start Pages]

-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\Kathryn\AppData\Roaming\Mozilla\Firefox\Profiles\nlsisu49.default\prefs.js ]

Line Deleted : user_pref("CT3289663.FF19Solved", "true");
Line Deleted : user_pref("CT3289663.UserID", "UN36915092251778612");
Line Deleted : user_pref("CT3289663.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3289663.fullUserID", "UN36915092251778612.IN.20130908213152");
Line Deleted : user_pref("CT3289663.installDate", "08/09/2013 21:32:11");
Line Deleted : user_pref("CT3289663.installSessionId", "{A53190CB-9493-47E7-8F45-343D1BA0C349}");
Line Deleted : user_pref("CT3289663.installSp", "TRUE");
Line Deleted : user_pref("CT3289663.installerVersion", "1.6.1.2");
Line Deleted : user_pref("CT3289663.keyword", "true");
Line Deleted : user_pref("CT3289663.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3309350&octid=CT3309350&SearchSource=61&CUI=UN28441466363118026&UM=2&UP=SPBE5E006A-1884-4037-AF39-4DCBF7A53007");
Line Deleted : user_pref("CT3289663.originalSearchAddressUrl", "hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=293224&p=");
Line Deleted : user_pref("CT3289663.originalSearchEngine", "Yahoo");
Line Deleted : user_pref("CT3289663.originalSearchEngineName", "Yahoo");
Line Deleted : user_pref("CT3289663.searchRevert", "false");
Line Deleted : user_pref("CT3289663.searchUserMode", "2");
Line Deleted : user_pref("CT3289663.smartbar.homepage", "true");
Line Deleted : user_pref("CT3289663.versionFromInstaller", "10.19.2.5");
Line Deleted : user_pref("CT3289663.xpeMode", "0");
Line Deleted : user_pref("CT3298578_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1379030431509,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("CT3302999_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1379030431848,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3302999&octid=CT3302999&SearchSource=61&CUI=UN42555518232818032&UM=2&UP=SP530E1F9C-E70E-46BE-94C3-94F3DD29B813");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3302999");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=US&userid=cf40b8f1-5603-a6dd-e462-44d1704b010e&searchtype=hp&installDate=10/09/2013");
Line Deleted : user_pref("extensions.helperbar.DockingPositionDown", false);
Line Deleted : user_pref("extensions.helperbar.LastHiddenTime", 22980811);
Line Deleted : user_pref("extensions.helperbar.SmartbarDisabled", true);
Line Deleted : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Line Deleted : user_pref("extensions.helperbar.Visibility", true);
Line Deleted : user_pref("extensions.helperbar.countryiso", "us");
Line Deleted : user_pref("extensions.helperbar.downloadprovider", "tightropeyb");
Line Deleted : user_pref("extensions.helperbar.installationid", "cf40b8f1-5603-a6dd-e462-44d1704b010e");
Line Deleted : user_pref("extensions.helperbar.installdate", "10/09/2013");
Line Deleted : user_pref("extensions.helperbar.publisher", "tightropeyb");
Line Deleted : user_pref("extensions.sahtb.url.prefs.data", "<ToolbarPrefs>\r\n <XMLVersion Number=\"{bdd09e8b-8dee-478c-9f4e-0db5e30597cc}\" />\r\n <AnalyticsURL URL=\"hxxp://www.google-analytics.com/__utm.gif?utmw[...]
Line Deleted : user_pref("iminent.LayoutId", "1");
Line Deleted : user_pref("iminent.ShowThankyouPixel", "0");
Line Deleted : user_pref("iminent.registerToolbarEvent102", "1379030471864");
Line Deleted : user_pref("iminent.version", "7.36.1.1");
Line Deleted : user_pref("iminent.versioning", "{\"CurrentVersion\":\"7.36.1.1\",\"InstallEventCTime\":1379030333068,\"InstallEvent\":\"True\"}");
Line Deleted : user_pref("keyword.URL", "hxxp://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=US&userid=cf40b8f1-5603-a6dd-e462-44d1704b010e&searchtype=ds&installDate=10/09/2013&q=");
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3302999");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3302999&octid=CT3302999&SearchSource=61&CUI=UN42555518232818032&UM=2&UP=SP530E1F9C-E70E-46BE-94C3-94F3DD29B813,hxxp://searc[...]
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3302999&SearchSource=2&CUI=UN42555518232818032&UM=2&q=");
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3302999");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3302999");
Line Deleted : user_pref("smartbar.machineId", "1BFKBGX0K8F7YTWZKEBB29GAI9H9OMMXC/WHM8LDOQ29KCORG6JAJHOTOGCG9INFP8BCG4JLDJOJ2UKSU4SU3W");

-\\ Google Chrome v33.0.1750.146

[ File : C:\Users\Kathryn\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : icon_url
Deleted : search_url
Deleted : keyword

*************************

AdwCleaner[R0].txt - [34775 octets] - [07/03/2014 16:55:35]
AdwCleaner[R1].txt - [29158 octets] - [07/03/2014 18:52:14]
AdwCleaner[S0].txt - [6297 octets] - [07/03/2014 18:41:01]
AdwCleaner[S1].txt - [27128 octets] - [07/03/2014 18:54:45]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [27189 octets] ##########

CharmPeddler · Mar 9, 2014

OTL Extras logfile created on: 3/8/2014 4:58:39 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kathryn\Desktop\Scans
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16798)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.47 Gb Total Physical Memory | 4.29 Gb Available Physical Memory | 78.56% Memory free
8.59 Gb Paging File | 7.38 Gb Available in Paging File | 85.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 586.00 Gb Total Space | 534.60 Gb Free Space | 91.23% Space Free | Partition Type: NTFS

Computer Name: KBUTT | User Name: Kathryn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{058BF719-6DD5-48C1-AE0A-13B75D524FE4}" = rport=445 | protocol=6 | dir=out | app=system |
"{080C6D70-B471-4725-A7DA-273DCBACD5A9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{09E1F9DE-3700-409F-BEBB-186E28251545}" = lport=138 | protocol=17 | dir=in | app=system |
"{0B6779A5-029E-4E0E-856D-D38B0CAFC262}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{0BA734F0-28CA-43E9-836A-66D859EFAAA7}" = lport=139 | protocol=6 | dir=in | app=system |
"{1BF6D31D-6536-474B-8A80-197F9196EE8B}" = rport=138 | protocol=17 | dir=out | app=system |
"{2CF29B3C-733F-4C00-BC94-5C3A6D07D269}" = rport=137 | protocol=17 | dir=out | app=system |
"{46FBB22A-19FB-4F83-9A29-ABFFB80AFE2B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{550DACD1-F124-4157-93A9-FC26FFC83110}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{71C1DE21-E8D9-4193-B3A9-32F397E72822}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7975F1D7-8B28-4D33-B279-86854A6BF151}" = lport=137 | protocol=17 | dir=in | app=system |
"{7B075E29-C4C1-4517-ABAA-1AF35B852660}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7E3E62FD-D644-4F35-9DC3-54A49D735DB9}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{86B75C90-821F-4E49-8C92-BE03234CF5CD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B046ADD8-AC1A-428F-8B7C-877701CB541E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B0AC45DF-17C9-4428-BAE9-8DDF193DBF16}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B1848929-1841-4049-8BBC-9899B38A32C1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{B51A0167-D6C4-4AC9-86E6-D0D6DBC99F51}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{B631BA16-0F61-4274-AC2C-470851527C2D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{BE4ED688-5D54-4837-A0DF-B0E8830E7CA2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C21D76CB-3642-4CA2-A62D-C81BF58E76EC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D4667881-EE87-46B2-AFB3-DA03747F6FE1}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D578B8F8-0D48-4583-A89B-E09E6862F060}" = lport=445 | protocol=6 | dir=in | app=system |
"{E217495F-2C22-464A-9A36-DEBE0B79C455}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01067BB3-62B1-4297-9F2A-FDDDA7E9284F}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{0137C15F-AAE7-4F51-8813-C6958FC3F7DA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{01986150-C44C-47FB-9E2D-A11558357086}" = dir=in | name=amazon for windows |
"{0446FE8D-EBB7-420B-B01D-0F791977A71B}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{04DADF07-6E84-4856-8F63-82CF8BE67C8B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{10DE9B56-A742-429F-BB77-860804055F7A}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{118CA433-C4B8-4D91-9676-8DC3149010FA}" = dir=out | name=merriam-webster dictionary |
"{181CD299-CBF9-40F2-9B49-F0FBA8DF86A2}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{185092D2-4C6C-4099-895A-E1AC1CE650C7}" = dir=out | name=toshiba central |
"{20E79EA7-5290-4D9C-AE6F-4DF748BBF98C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{21952549-FB45-4D6A-99B9-326EAA6EDC7C}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{29A02F10-2444-49FA-B644-028B890DFFDA}" = dir=out | name=icookbook se |
"{3564AE8B-4F9C-4B51-8179-BD81E681BB20}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{35FACCB5-8D58-462B-834F-AC357806DC70}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{396ADB39-B276-4FF8-89DC-351E9CBF39A0}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{3ADE5B63-4297-42D9-8362-52604124C2F2}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{414EE1AC-8A35-4919-89E8-33C1875A0F2B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{43805E97-AE22-4F23-8AE2-FFCFCEDDC550}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{44933FFA-1226-4772-84E8-93B26DC3FF55}" = protocol=1 | dir=in | [email protected],-28543 |
"{4B4A7A2E-34F0-4120-B73D-F9C43112A4E3}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{4C192D41-05D3-4489-96CB-9FCD16BF3058}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{4D8231AD-04C7-417B-BC66-9C96F0920B8C}" = protocol=6 | dir=out | app=system |
"{512BD72A-F2EB-4CF5-AEB7-C9033D969311}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{533F782E-86E7-4E4B-ABF6-ECE087BAB41A}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{535B78B0-E6F4-4057-A26A-C59C1D594B76}" = dir=out | name=stumbleupon |
"{551AFAF1-C450-4D4A-93BE-94B1AA8043D5}" = dir=out | name=- games app - |
"{57F6DFEF-8811-4BA9-AA39-F5FF63A6B710}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{5E351D26-D3F5-4DA7-B152-C251AF293F0F}" = protocol=58 | dir=out | [email protected],-28546 |
"{5F0F77D0-B764-49DF-8FD1-C0370440ACA2}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{6659C708-5E0F-4E35-9526-B7FC24ED6EBC}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"{6838843C-0D0F-4849-A4E1-E58F809F4DC0}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{68784222-DE26-4B87-A574-85ACFF198BFB}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{716E4B6D-665F-4BA6-BB81-952249660A22}" = protocol=58 | dir=in | [email protected],-28545 |
"{7333F5F3-AE90-4D07-B2BB-9B064B256FA6}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{7CE10E6B-29F7-4031-B0B8-64147686FAF2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7D3F7110-142F-4B11-99D2-5EC0D7D37F68}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{83DC3645-BF4A-42A6-94D8-7DEC7461BC60}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{848F89EC-535F-42A7-A7BB-E4042C67B4F1}" = dir=in | name=ebay |
"{84D63DC2-BDEF-46F8-BDD1-82388643A03C}" = dir=out | name=windows_ie_ac_001 |
"{862DEF59-C6A3-4119-9184-2C58D997E694}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{989E008C-2841-4C0C-8538-01F64C7987FE}" = dir=out | name=netflix |
"{98B39466-45F7-495C-AEDD-D9BC2082FCBF}" = protocol=6 | dir=in | app=c:\programdata\esafe\egdpsvc.exe |
"{9D09ABD9-1841-4DB5-A539-380217A522E8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9E5EF6FB-65B5-4828-94C2-2F5EAA2E4656}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A06359A6-734D-4D3A-90FE-307E55A54707}" = dir=out | name=amazon for windows |
"{A4218A87-A01D-4403-B639-0722937FF828}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{A7253DB5-725A-4DD3-9BA9-716842BE0433}" = dir=out | name=book place |
"{A7C68E82-DE54-406F-92C1-C77E46E07EA1}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{B0A7669F-E1D2-4F44-B155-36B1259B12E5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B34673BF-A9CF-4BFA-8938-2301F1293F11}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{B3784768-C796-4139-A9DB-3E0C98F18E92}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B57B03A7-B39B-4A73-813B-7F275E661AF2}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{B6310DA2-E6B5-4063-9ADD-33B617BF74F5}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{B74C803E-FC3C-40FE-B1CD-FFACFF739847}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BA687AD8-2274-48D0-A7C5-57A57A20AD79}" = dir=out | name=vimeo |
"{BC25ABFF-B8ED-4F20-B913-5E6E42082BD2}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{C0F27E47-FA18-4A4B-9B3F-D07AC1177F99}" = dir=out | name=iheartradio |
"{C48FCFFA-490D-4F4E-B78F-82108CD373CF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D3737EE0-F7E5-474B-A087-F2C528B06A08}" = protocol=1 | dir=out | [email protected],-28544 |
"{D4A61BE0-E8C3-4F22-9700-F3465FDDB73C}" = dir=out | name=ebay |
"{D7699DC7-D8C3-43B7-8846-4601817AA02E}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{D85FA6AE-3E8E-4A08-B922-5240487B871F}" = protocol=17 | dir=in | app=c:\users\kathryn\appdata\roaming\utorrent\utorrent.exe |
"{DD4E2572-03FC-4E8D-838D-78AAA09E2E54}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{DD901EA5-E261-46CF-9F2B-A35065CB117A}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{DDB6F5FA-ED71-41F6-88B3-6D8206D98947}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{DE183881-7FD6-4547-9514-51BCC1FB68D6}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"{DEF174F1-BA9E-450D-9349-E2A5BFCE389F}" = protocol=6 | dir=in | app=c:\users\kathryn\appdata\roaming\utorrent\utorrent.exe |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{E9F2A3BF-2659-41B5-8601-7A2CFE402535}" = dir=out | name=news place |
"{EC1B33EB-EDF9-463E-AF42-E9A97F73D0B2}" = dir=in | name=toshiba media player by smedio truelink+ |
"{ED21DA8D-21B7-4BE5-8FD5-614C0A780290}" = dir=out | name=encyclopaedia britannica |
"{EDCF36EE-33B1-42A3-9617-5BA902CAA75F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F359266D-4337-40A9-B8C0-E845161A6515}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F3E77F32-26AF-43AD-A5C1-4363937BD7FC}" = dir=out | name=toshiba media player by smedio truelink+ |
"{FB890930-E1F0-4BE9-90AA-01D0DBE452C2}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{FC2E2498-4B3A-4F81-A3A4-17D0C74CDD98}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{FDE4E0F7-54B3-4C16-B2F2-6CC6E0A83871}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FF4B8923-D52C-4342-A60B-F44BD639CAC4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FFA54FF9-8E56-4392-B495-764FA2AB64D9}" = dir=out | name=norton studio |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{16562A90-71BC-41A0-B890-D91B0C267120}" = TOSHIBA Function Key
"{1CE38326-223E-F7D2-F7BF-4D624D420A9F}" = ccc-utility64
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5944B9D4-3C2A-48DE-931E-26B31714A2F7}" = TOSHIBA eco Utility
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{79AE0BD1-A930-B07C-C96D-E11FA9BB586F}" = AMD Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{94F03B8E-CB73-4653-AFE9-79112C01FED2}" = Premium Sound HD
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95CCACF0-010D-45F0-82BF-858643D8BC02}" = TOSHIBA Desktop Assist
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{B8C8422F-01F1-4791-B084-047AAFF9BFCC}" = TOSHIBA Service Station
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{BF93B4E3-CA34-DAAE-C385-2A1EBE13FD81}" = AMD Accelerated Video Transcoding
"{E9EED4AE-682B-4501-9574-D09A21717599}_is1" = AMD Quick Stream
"{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}" = iCloud
"{F73A118B-8271-47E2-8790-0C636B2539C5}" = iTunes
"{F842F8B0-6942-4930-821F-543E976B2C66}" = MSVCRT110_amd64
"{FF07604E-C860-40E9-A230-E37FA41F103A}" = TOSHIBA VIDEO PLAYER
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05A55927-DB9B-4E26-BA44-828EBFF829F0}" = TOSHIBA System Settings
"{07287222-ED9D-44F2-B9CC-8761D63E0F01}" = Snap.Do
"{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform
"{10B87AC0-7179-37F2-0DF1-2F399E91B4FA}" = CCC Help Norwegian
"{18957EE1-7C98-5365-F300-1353AC70E694}" = CCC Help Chinese Traditional
"{19E56914-9DCA-3460-58AD-9BE6DA5C3063}" = CCC Help Russian
"{1E6A96A1-2BAB-43EF-8087-30437593C66C}" = TOSHIBA System Driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23572E0F-F4A3-0EC1-2049-A2975668C755}" = CCC Help Spanish
"{24B45620-22B6-4E4A-B836-FF30A0B0404E}" = Toshiba Book Place
"{24D38277-CE6E-4E12-A2EE-F46832A4FA2F}" = Catalyst Control Center - Branding
"{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform
"{2D416A80-0BB1-4D8B-B770-7BE8F53D5937}" = Windows Live UX Platform Language Pack
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3384E1D9-3F18-4A98-8655-180FEF0DFC02}" = TOSHIBA User's Guide
"{3647D93A-EF32-09F7-DEC3-5CD545054000}" = AMD VISION Engine Control Center
"{3DDD7C37-4E0C-FED0-0A18-06D1F7610929}" = Catalyst Control Center Graphics Previews Common
"{40F55150-F43D-4C9F-9A00-1A0A6F1EB7F0}" = Movie Maker
"{46316411-80D8-4F68-8118-696E05FCE199}" = Windows Live Essentials
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4A5282ED-F9DB-E888-AC4A-F22827674589}" = CCC Help Italian
"{4AE89394-5111-B38F-9BCE-7D66FFFF1D53}" = CCC Help Portuguese
"{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE
"{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = TOSHIBARegistration
"{5CC4C963-F772-4766-BFF2-DE551E205EE9}" = Photo Common
"{60A1253C-2D51-4166-95C2-52E9CF4F8D64}" = Photo Gallery
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63AA5070-B027-C82B-A24E-B2A9C4722127}" = CCC Help Japanese
"{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common
"{6CAA7ACD-5361-13FE-530B-7B5B0FFED21C}" = CCC Help Swedish
"{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}" = TOSHIBA Resolution+ Plug-in for Windows Media Player
"{6D35FF17-A8B3-43D3-917E-5A1F2C3FB628}" = Toshiba Password Utility
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" = WildTangent Games App (Toshiba Games)
"{710ED0F7-8E69-704F-E5F7-E44EB8D3A032}" = CCC Help English
"{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7DBAF0EE-86A7-868F-63D7-976FD1414C34}" = CCC Help Greek
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89CD8E4A-F892-6F32-B2CF-993B7FD984AA}" = CCC Help Chinese Standard
"{8BBDD2B5-85C7-9421-3913-844D8A6C9D7E}" = CCC Help French
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office
"{9593EEEE-3CA0-1038-928F-51D3F01B809A}" = CCC Help Finnish
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver
"{9E688348-FD79-8C2E-1BD2-A5DBFCADFB43}" = CCC Help Turkish
"{9E8C1E18-CBCB-FA12-7A97-B4BA2B1AD946}" = CCC Help Thai
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.9)
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform
"{BB48BFDC-E6E1-4542-162E-574D4248FE52}" = CCC Help Dutch
"{BD480432-A4D9-F182-F5FA-2089544FB615}" = Catalyst Control Center Localization All
"{C5306ABD-EED5-13B6-21C9-BA96BA08D5F6}" = CCC Help Polish
"{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E687AE32-1A97-6FAB-08CE-87242E60C570}" = CCC Help Hungarian
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{E8F094CD-A262-2708-36BB-3BB84DF18B6D}" = CCC Help German
"{ECDD08D5-5326-D047-509F-1529A98FDAA2}" = CCC Help Czech
"{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}" = Toshiba App Place
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7E95AFC-CE81-48F2-E34D-55541826C7C1}" = CCC Help Danish
"{FF4ACD96-2D77-4468-0EF1-6F63320ADF9A}" = CCC Help Korean
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"DMUninstaller" = DMUninstaller
"Google Chrome" = Google Chrome
"InstallShield_{6D35FF17-A8B3-43D3-917E-5A1F2C3FB628}" = Toshiba Password Utility
"InternetHelper3.1 Toolbar" = InternetHelper3.1 Toolbar
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"MixiDJ_V42 Toolbar" = MixiDJ V42 Toolbar
"Mozilla Firefox 26.0 (x86 en-US)" = Mozilla Firefox 26.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Origin" = Origin
"SweetPacks Toolbar" = SweetPacks Toolbar
"TeamViewer 9" = TeamViewer 9
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WTA-35e78989-1478-4a3e-b655-20c97840729a" = Farmscapes
"WTA-598edcc6-f2eb-4958-a508-03628105e70a" = Plants vs. Zombies - Game of the Year
"WTA-5f3c930f-4fc1-4e56-a2a4-54b202ae4b2c" = Penguins!
"WTA-8e0f6385-bb58-4a44-a8fc-9726084d8871" = FATE
"WTA-9ad0ee6a-3254-4ec7-b16c-9ee6172c3478" = Bejeweled 3
"WTA-bff2093b-19ab-457d-907a-9b8c959e7b24" = Virtual Villagers 4 - The Tree of Life
"WTA-d7056b17-765c-4dc6-b980-3e0f09030350" = Polar Bowler

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Define Ext" = Define Ext
"Search Protection" = Search Protection
"SySaver" = SySaver

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/8/2014 7:55:16 PM | Computer Name = KButt | Source = Toshiba App Place | ID = 0
Description =

[ System Events ]
Error - 3/8/2014 7:50:53 PM | Computer Name = KButt | Source = Service Control Manager | ID = 7000
Description = The Util LinkSwift service failed to start due to the following error:
%%2

< End of report >

CharmPeddler · Mar 9, 2014

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 8 x64
Ran by Kathryn on Sat 03/08/2014 at 16:13:54.82
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

Successfully stopped: [Service] update linkswift
Successfully deleted: [Service] update linkswift

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\searchprotection
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B?

Value Name Type Value Data
========================================================================================
APISupport REG_SZ "C:\windows\SysWOW64\Rundll32.exe" "C:\Users\Kathryn\AppData\Local\Conduit\APISupport\APISupport.dll",DLLRunAPISupport

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{406CEEA6-8FB9-4B93-A4AD-1A7666B3C37A}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{776306E7-97E5-4D75-8805-F89D01774841}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E8A1050-CF67-4575-92DF-DCC60E7D952D}

~~~ Files

Successfully deleted: [File] "C:\Users\Kathryn\appdata\locallow\SkwConfig.bin"

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\Kathryn\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\Kathryn\appdata\locallow\sweetpacks"

~~~ FireFox

Successfully deleted the following from C:\Users\Kathryn\AppData\Roaming\mozilla\firefox\profiles\nlsisu49.default\prefs.js

user_pref("extensions.sahtb.url.merchants.data", "<?xml version=\"1.0\"?><MerchantSettings><v n=\"403\" /><GlobalSuppresses><s u=\".cab\" g=\"13\" i=\"1342\" /><s u=\".eot\" g
Emptied folder: C:\Users\Kathryn\AppData\Roaming\mozilla\firefox\profiles\nlsisu49.default\minidumps [6 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 03/08/2014 at 16:20:42.35
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

CharmPeddler · Mar 9, 2014

OTL logfile created on: 3/8/2014 4:58:39 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kathryn\Desktop\Scans
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16798)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.47 Gb Total Physical Memory | 4.29 Gb Available Physical Memory | 78.56% Memory free
8.59 Gb Paging File | 7.38 Gb Available in Paging File | 85.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 586.00 Gb Total Space | 534.60 Gb Free Space | 91.23% Space Free | Partition Type: NTFS

Computer Name: KBUTT | User Name: Kathryn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Kathryn\Desktop\Scans\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Desktop.exe (TeamViewer GmbH)
PRC - c:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
PRC - C:\Program Files (x86)\Toshiba\System Setting\TSleepSrv.exe (TOSHIBA Corporation)

========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()

========== Services (SafeList) ==========

SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation)
SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation)
SRV:64bit: - (TOSHIBA eco Utility Service) -- C:\Program Files\Toshiba\Teco\TecoService.exe (TOSHIBA Corporation)
SRV:64bit: - (TPCHSrv) -- C:\Program Files\Toshiba\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TMachInfo) -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation)
SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation)
SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation)
SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation)
SRV:64bit: - (AllUserInstallAgent) -- C:\Windows\SysNative\AUInstallAgent.dll (Microsoft Corporation)
SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (TeamViewer9) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (PrintNotify) -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation)
SRV - (GFNEXSrv) -- C:\Program Files (x86)\Toshiba\Password Utility\GFNEXSrv.exe ()
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)

========== Driver Services (SafeList) ==========

DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\Drivers\wfplwfs.sys (Microsoft Corporation)
DRV:64bit: - (spaceport) -- C:\Windows\SysNative\Drivers\spaceport.sys (Microsoft Corporation)
DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\Drivers\USBHUB3.SYS (Microsoft Corporation)
DRV:64bit: - (dam) -- C:\Windows\SysNative\Drivers\dam.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\Drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\Drivers\msgpioclx.sys (Microsoft Corporation)
DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\Drivers\USBXHCI.SYS (Microsoft Corporation)
DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\Drivers\UCX01000.SYS (Microsoft Corporation)
DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\Drivers\WdBoot.sys (Microsoft Corporation)
DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\Drivers\WdFilter.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\Drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys (Microsoft Corporation)
DRV:64bit: - (storahci) -- C:\Windows\SysNative\Drivers\storahci.sys (Microsoft Corporation)
DRV:64bit: - (pdc) -- C:\Windows\SysNative\Drivers\pdc.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\Drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\Drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\Drivers\msgpiowin32.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\Drivers\BthhfHid.sys (Microsoft Corporation)
DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\Drivers\hidi2c.sys (Microsoft Corporation)
DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\Drivers\fxppm.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (sdstor) -- C:\Windows\SysNative\Drivers\sdstor.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\Drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\Drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\Drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (RTWlanE) -- C:\Windows\SysNative\Drivers\rtwlane.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (RTL8192Ce) -- C:\Windows\SysNative\Drivers\rtwlane.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (Thotkey) -- C:\Windows\SysNative\Drivers\Thotkey.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (RTL8168) -- C:\Windows\SysNative\Drivers\Rt630x64.sys (Realtek )
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (condrv) -- C:\Windows\SysNative\Drivers\condrv.sys (Microsoft Corporation)
DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS (VIA Corporation)
DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\Drivers\VerifierExt.sys (Microsoft Corporation)
DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\Drivers\uaspstor.sys (Microsoft Corporation)
DRV:64bit: - (acpiex) -- C:\Windows\SysNative\Drivers\acpiex.sys (Microsoft Corporation)
DRV:64bit: - (mvumis) -- C:\Windows\SysNative\Drivers\mvumis.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\Drivers\stexstor.sys (Promise Technology, Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\Drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\Drivers\lsi_sss.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\Drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys (Microsoft Corporation)
DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\Drivers\EhStorClass.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\Drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (3ware) -- C:\Windows\SysNative\Drivers\3ware.sys (LSI)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\Drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\Drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (CLFS) -- C:\Windows\SysNative\Drivers\clfs.sys (Microsoft Corporation)
DRV:64bit: - (vpci) -- C:\Windows\SysNative\Drivers\vpci.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\Drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\Drivers\mshidumdf.sys (Microsoft Corporation)
DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation)
DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\Drivers\HyperVideo.sys (Microsoft Corporation)
DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation)
DRV:64bit: - (gencounter) -- C:\Windows\SysNative\Drivers\vmgencounter.sys (Microsoft Corporation)
DRV:64bit: - (kdnic) -- C:\Windows\SysNative\Drivers\kdnic.sys (Microsoft Corporation)
DRV:64bit: - (acpitime) -- C:\Windows\SysNative\Drivers\acpitime.sys (Microsoft Corporation)
DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\Drivers\npsvctrig.sys (Microsoft Corporation)
DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys (Microsoft Corporation)
DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\Drivers\acpipagr.sys (Microsoft Corporation)
DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\Drivers\hyperkbd.sys (Microsoft Corporation)
DRV:64bit: - (SerCx) -- C:\Windows\SysNative\Drivers\SerCx.sys (Microsoft Corporation)
DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\Drivers\SpbCx.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\Drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\Drivers\bthhfenum.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\Drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\Drivers\wpcfltr.sys (Microsoft Corporation)
DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys (Microsoft Corporation)
DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\Drivers\mslldp.sys (Microsoft Corporation)
DRV:64bit: - (Ndu) -- C:\Windows\SysNative\Drivers\Ndu.sys (Microsoft Corporation)
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\Drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\Drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\Drivers\TVALZFL.sys (TOSHIBA Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\Drivers\AtihdW86.sys (Advanced Micro Devices)
DRV:64bit: - (APXACC) -- C:\Windows\SysNative\Drivers\appexDrv.sys (AppEx Networks Corporation)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\Drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (tos_sps64) -- C:\Windows\SysNative\Drivers\tos_sps64.sys (TOSHIBA Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\Drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\Drivers\athrx.sys (Qualcomm Atheros Communications, Inc.)
DRV - (iscFlash) -- c:\UBIOS\WIN8\iscflashx64.sys (Insyde Software)
DRV - (PEGAGFN) -- C:\Program Files (x86)\Toshiba\Password Utility\PEGAGFN.sys (PEGATRON)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {234A5F83-A808-49B1-A3D4-5123AEDE4C10}
IE:64bit: - HKLM\..\SearchScopes\{234A5F83-A808-49B1-A3D4-5123AEDE4C10}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
IE - HKLM\..\URLSearchHook: {650598e1-b35a-45d3-b607-896d7acb64c3} - No CLSID value found
IE - HKLM\..\URLSearchHook: {7e8a1050-cf67-4575-92df-dcc60e7d952d} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: toolbar%40shopathome.com:7.1.1.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/09/09 23:50:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kathryn\AppData\Roaming\mozilla\Extensions
[2014/03/07 18:41:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kathryn\AppData\Roaming\mozilla\Firefox\Profiles\nlsisu49.default\extensions
[2013/11/23 16:00:44 | 000,000,000 | ---D | M] (ShopAtHome.com Toolbar) -- C:\Users\Kathryn\AppData\Roaming\mozilla\Firefox\Profiles\nlsisu49.default\extensions\[email protected]
[2013/09/09 23:51:07 | 000,000,915 | ---- | M] () -- C:\Users\Kathryn\AppData\Roaming\mozilla\firefox\profiles\nlsisu49.default\searchplugins\yahoo.xml
[2014/01/09 19:04:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/01/09 19:04:51 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Web (Enabled)
CHR - default_search_provider: search_url = http://www.google.com
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\google\chrome\application\22.0.1229.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: McAfee Security Scanner + (Enabled) = C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
CHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll
CHR - Extension: YouTube = C:\Users\Kathryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: Google Search = C:\Users\Kathryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: Norton Identity Protection = C:\Users\Kathryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.0.10_0\
CHR - Extension: Google Wallet = C:\Users\Kathryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Kathryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\

O1 HOSTS File: ([2012/07/25 22:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2 - BHO: (no name) - {650598e1-b35a-45d3-b607-896d7acb64c3} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SRS Premium Sound HD] C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe (SRS Labs, Inc.)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TecoResident] C:\Program Files\Toshiba\Teco\TecoResident.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TODDMain] C:\Program Files (x86)\Toshiba\System Setting\TODDMain.exe ()
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\Toshiba\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TSleepSrv] C:\Program Files (x86)\Toshiba\System Setting\TSleepSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
O4 - HKLM..\Run: [TPUReg] C:\Program Files (x86)\TOSHIBA\Password Utility\Reg.exe (TODO: <公司名稱>)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 69.145.248.92 69.146.17.2 69.144.49.28
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{34E35BDF-6608-4D93-939D-5EB2C37DF005}: DhcpNameServer = 69.145.248.92 69.146.17.2 69.144.49.28
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D1FE5B26-1492-406E-9B8D-4A25C9A7CF26}: DhcpNameServer = 127.0.0.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/03/08 16:25:07 | 000,000,000 | ---D | C] -- C:\Users\Kathryn\AppData\Roaming\Malwarebytes
[2014/03/08 16:24:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/03/08 16:24:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/03/08 16:24:42 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2014/03/08 16:24:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014/03/08 16:13:52 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2014/03/07 16:55:32 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/03/07 16:53:27 | 000,000,000 | ---D | C] -- C:\Users\Kathryn\Desktop\Scans
[2014/03/07 13:01:36 | 000,000,000 | ---D | C] -- C:\Users\Kathryn\AppData\Roaming\TeamViewer
[2014/03/07 13:01:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer

========== Files - Modified Within 30 Days ==========

[2014/03/08 18:21:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014/03/08 18:04:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/08 16:58:03 | 000,848,230 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/03/08 16:58:03 | 000,719,418 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/03/08 16:58:03 | 000,132,748 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/03/08 16:54:26 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/08 16:52:37 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/03/08 16:50:36 | 000,422,912 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2014/03/08 16:50:20 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/03/08 16:50:18 | 399,908,863 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/08 16:24:46 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/03/07 13:13:06 | 000,002,194 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/03/07 13:03:08 | 000,001,177 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 9.lnk

========== Files Created - No Company Name ==========

[2014/03/08 16:50:23 | 000,422,912 | ---- | C] () -- C:\windows\SysNative\FNTCACHE.DAT
[2014/03/08 16:24:46 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/03/07 15:21:29 | 000,385,614 | ---- | C] () -- C:\windows\SysNative\ApnDatabase.xml
[2014/03/07 13:01:31 | 000,001,189 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
[2014/03/07 13:01:31 | 000,001,177 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 9.lnk
[2013/09/11 21:05:03 | 000,083,968 | ---- | C] () -- C:\windows\SysWow64\OEMLicense.dll
[2013/09/07 18:01:58 | 000,000,258 | RHS- | C] () -- C:\Users\Kathryn\ntuser.pol
[2012/10/11 11:28:20 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe
[2012/10/11 11:23:01 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2012/08/08 10:10:24 | 000,204,952 | ---- | C] () -- C:\windows\SysWow64\ativvsvl.dat
[2012/08/08 10:10:24 | 000,157,144 | ---- | C] () -- C:\windows\SysWow64\ativvsva.dat
[2012/07/26 01:13:10 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2012/07/26 01:13:09 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2012/07/26 00:21:26 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2012/07/25 18:17:42 | 000,043,520 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2012/07/25 13:37:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2012/07/25 13:28:31 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2012/06/02 07:31:19 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
[2012/05/10 16:35:16 | 000,029,184 | ---- | C] () -- C:\windows\SysWow64\kdbsdk32.dll

========== ZeroAccess Check ==========

[2013/09/08 20:35:52 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/08/01 23:28:20 | 019,758,080 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/08/01 22:08:10 | 017,561,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 20:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 20:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 20:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/11/14 21:35:43 | 000,000,000 | ---D | M] -- C:\Users\Kathryn\AppData\Roaming\player
[2014/03/07 13:01:36 | 000,000,000 | ---D | M] -- C:\Users\Kathryn\AppData\Roaming\TeamViewer
[2013/11/14 21:31:25 | 000,000,000 | ---D | M] -- C:\Users\Kathryn\AppData\Roaming\uTorrent
[2013/01/17 15:35:31 | 000,000,000 | ---D | M] -- C:\Users\Kathryn\AppData\Roaming\WinBatch

========== Purity Check ==========

< End of report >

CharmPeddler · Mar 9, 2014

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.08.09

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16798
Kathryn :: KBUTT [administrator]

3/8/2014 4:27:54 PM
mbam-log-2014-03-08 (16-27-54).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 216952
Time elapsed: 9 minute(s), 20 second(s)

Memory Processes Detected: 2
C:\Users\Kathryn\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsApp.exe (PUP.Optional.SevereWeatherAlerts.A) -> 4324 -> Delete on reboot.
C:\Users\Kathryn\AppData\Local\SevereWeatherAlerts\SevereWeatherAlerts.exe (PUP.Optional.SevereWeatherAlerts.A) -> 4432 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 9
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CF190686-9E72-403C-B99D-682ABDB63C5B} (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2D33ED6-EBBD-467C-BF6F-F175D9B51363} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAD84EE2-624D-4e7c-A8BB-41EFD720FD77} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Severe Weather Alerts (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
HKCU\Software\AppDataLow\Software\Search Protection (PUP.Optional.MyEmoticons.A) -> Quarantined and deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\App Paths\SevereWeatherAlerts.exe (PUP.Optional.SevereWeatherAlerts.A) -> Quarantined and deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\TidyNetwork.com (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8f4181f4-137b-4cef-b050-6c8a58fabfbf} (PUP.Optional.MixiDJ.A) -> Quarantined and deleted successfully.

Registry Values Detected: 2
HKCU\Software\Microsoft\Windows\CurrentVersion\Run|APISupport (PUP.Optional.Conduit.A) -> Data: "C:\windows\SysWOW64\Rundll32.exe" "C:\Users\Kathryn\AppData\Local\Conduit\APISupport\APISupport.dll",DLLRunAPISupport -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{8f4181f4-137b-4cef-b050-6c8a58fabfbf} (PUP.Optional.MixiDJ.A) -> Data: -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 53
C:\Users\Kathryn\AppData\Local\SevereWeatherAlerts (PUP.Optional.SevereWeatherAlerts) -> Delete on reboot.
C:\Users\Kathryn\AppData\Local\SevereWeatherAlerts\0203130751 (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\SevereWeatherAlerts\0203140425 (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\SevereWeatherAlerts\0918002419 (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\SevereWeatherAlerts\1001225543 (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\SevereWeatherAlerts\1016002629 (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\SevereWeatherAlerts\1201153115 (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\SevereWeatherAlerts\1207194002 (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\SevereWeatherAlerts\1208152908 (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Severe Weather Alerts (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\installdt.tmp (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\installdt.tmp\XPI (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\installdt.tmp\XPI\defaulttab (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\installdt.tmp\XPI\defaulttab\components (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\installdt.tmp\XPI\defaulttab\locale (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\installdt.tmp\XPI\defaulttab\locale\en-US (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Weather_Notifications,_LL (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Weather_Notifications,_LL\SevereWeatherAlerts.exe_Url_z1irwlo4vvtnquh45lbputdmoxbpt5aw (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Weather_Notifications,_LL\SevereWeatherAlerts.exe_Url_z1irwlo4vvtnquh45lbputdmoxbpt5aw\1.21.0.0 (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3289663 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3289663\plugins (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3289663\xpi (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3289663\xpi\defaults (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3289663\xpi\defaults\preferences (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3298578 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3298578\plugins (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3298578\xpi (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3298578\xpi\defaults (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3298578\xpi\defaults\preferences (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3302999 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3302999\plugins (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3302999\xpi (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3302999\xpi\defaults (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3302999\xpi\defaults\preferences (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3309350 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3309350\xpi (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3309350\xpi\defaults (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3309350\xpi\defaults\preferences (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3310511 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3310511\plugins (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3310511\xpi (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3310511\xpi\defaults (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3310511\xpi\defaults\preferences (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0 (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\css (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\css\jquery_ui (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\css\jquery_ui\images (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\images (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\images\engines_icons (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\images\injection (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\js (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\plugins (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.

Files Detected: 268
C:\Users\Kathryn\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsApp.exe (PUP.Optional.SevereWeatherAlerts.A) -> Delete on reboot.
C:\Users\Kathryn\AppData\Local\SevereWeatherAlerts\SevereWeatherAlerts.exe (PUP.Optional.SevereWeatherAlerts.A) -> Delete on reboot.
C:\$RECYCLE.BIN\S-1-5-21-2604414056-2599875713-2302562003-1001\$R57C42M.exe (PUP.OptionalBundleInstaller.A) -> Quarantined and deleted successfully.
C:\$RECYCLE.BIN\S-1-5-21-2604414056-2599875713-2302562003-1001\$R6L7P0P.exe (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
C:\$RECYCLE.BIN\S-1-5-21-2604414056-2599875713-2302562003-1001\$REUAI6Y.exe (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
C:\$RECYCLE.BIN\S-1-5-21-2604414056-2599875713-2302562003-1001\$RF0PXA4.exe (PUP.OptionalBundleInstaller.A) -> Quarantined and deleted successfully.
C:\$RECYCLE.BIN\S-1-5-21-2604414056-2599875713-2302562003-1001\$RF6JTCA.exe (PUP.OptionalBundleInstaller.A) -> Quarantined and deleted successfully.
C:\$RECYCLE.BIN\S-1-5-21-2604414056-2599875713-2302562003-1001\$RHN4P28.exe (PUP.DownloadAdmin) -> Quarantined and deleted successfully.
C:\$RECYCLE.BIN\S-1-5-21-2604414056-2599875713-2302562003-1001\$RMTBA7K.exe (PUP.Optional.AirInstaller) -> Quarantined and deleted successfully.
C:\$RECYCLE.BIN\S-1-5-21-2604414056-2599875713-2302562003-1001\$RVFH2DS.exe (PUP.OptionalBundleInstaller.A) -> Quarantined and deleted successfully.
C:\$RECYCLE.BIN\S-1-5-21-2604414056-2599875713-2302562003-1001\$RZ08MWQ.exe (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\airEC23.exe (PUP.Optional.LyricsAd) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\airF7C7.exe (PUP.Optional.AirInstaller) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\checktbexist.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\Gyu7OpfR.exe.part (PUP.OptionalBundleInstaller.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\lptmp.exe (PUP.Optional.AdLyrics) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\mconduitinstaller.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\mgsqlite3.7z (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\mgsqlite3.dll (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\nsaA096.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\nsd174A.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\nsd3355.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\nsdB447.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\nseB460.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\nseD23F.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\nsg79A3.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\nsi8BDD.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\nsi9BA5.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\nsiD12F.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\nsj16EE.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\nsj2EB5.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\nsj3919.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\nsj98BD.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\nsl4606.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\nso7765.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\nso9238.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\nsoE12A.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\nsq2C32.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\nstA30E.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\nsv1AF0.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\nsw8C9A.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\nsy28C1.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\nsyBACC.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\nsz6A3A.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\nsz7EE4.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\nsz9B4B.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\nszEDDD.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\SecondStepInstaller.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\setup.exe (PUP.Optional.AirInstaller) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\SetupToparcadehits.exe (Adware.GameVance) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\Shortcut_sweetpacks_conduit_942013.exe (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\SPSetup.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\SPStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\SweetIMInstallValidator.exe (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ToolbarHelper.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\WSSetup.exe (PUP.Optional.Perion.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\AU\SPSetup.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3289663\chLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3289663\ctbe.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3289663\ffLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3289663\ieLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3289663\spch.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3289663\spff.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3289663\statisticsStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3289663\stub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3298578\chLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3298578\ctbe.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3298578\ffLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3298578\ieLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3298578\spch.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3298578\spff.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3298578\statisticsStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3298578\stub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3302999\chLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3302999\ctbe.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3302999\ffLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3302999\ieLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3302999\spch.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3302999\spff.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3302999\statisticsStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3302999\stub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3309350\ctbe.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3309350\ffLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3309350\ieLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3309350\spff.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3309350\statisticsStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3310511\chLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3310511\ctbe.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3310511\ffLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3310511\ieLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3310511\sl.exe (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3310511\spch.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3310511\spff.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3310511\statisticsStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3310511\stub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\Setup(1).exe\668309f2a9ae45f7979830c5a454cce2\installer.exe (PUP.OptionalBundleInstaller.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\Setup(1).exe\668309f2a9ae45f7979830c5a454cce2\Setup(1).exe (PUP.OptionalBundleInstaller.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\Setup(1).exe\668309f2a9ae45f7979830c5a454cce2\setup__120.exe (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\Setup(1).exe\668309f2a9ae45f7979830c5a454cce2\software\Dealply.exe (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\Setup(1).exe\668309f2a9ae45f7979830c5a454cce2\software\Setup.exe (PUP.Optional.Tugluu.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\Setup(1).exe\668309f2a9ae45f7979830c5a454cce2\software\speedupmypc.exe (PUP.Optional.SpeedUpMyPC.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\nsb821D.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\nsb8A08.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\nsbE880.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\nsd15A7.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\nsd23FC.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\nsd7AD0.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\nsi85AA.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\nsnAD18.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\nsr853A.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\nss859A.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\nst22D1.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\nst7F24.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\CC68.tmp\bin\SPHook32.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\CC68.tmp\bin\SPHook64.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\CC68.tmp\bin\SPRunner.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\CC68.tmp\bin\SPTool64.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\CC68.tmp\bin\uninstall.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\Downloads\Setup.exe (PUP.OptionalBundleInstaller.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\SevereWeatherAlerts\uninstall.exe (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Windows\Installer\1ee37dd3.msi (PUP.Optional.SmartBar.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\SetupToparcadehits.exe (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\SevereWeatherAlerts\SevereWeatherAlerts.exe.config (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\SevereWeatherAlerts\ICSharpCode.SharpZipLib.dll (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\SevereWeatherAlerts\mod.SevereWeatherAlertsApp0.dat (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsApp0.dat (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsAppAPI.dll (PUP.Optional.SevereWeatherAlerts) -> Delete on reboot.
C:\Users\Kathryn\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsBrowser.exe (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsK.dat (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsU.dat (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\SevereWeatherAlerts\SWAUpdater.exe (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\SevereWeatherAlerts\0203130751\3652.3652.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\SevereWeatherAlerts\0203130751\mergetree (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\SevereWeatherAlerts\0203140425\3652.3652.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\SevereWeatherAlerts\0203140425\mergetree (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\SevereWeatherAlerts\0918002419\3513.3513.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\SevereWeatherAlerts\0918002419\mergetree (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\SevereWeatherAlerts\1001225543\3530.3530.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\SevereWeatherAlerts\1001225543\3531.3531.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\SevereWeatherAlerts\1001225543\mergetree (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\SevereWeatherAlerts\1016002629\3545.3545.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\SevereWeatherAlerts\1016002629\mergetree (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\SevereWeatherAlerts\1201153115\3591.3591.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\SevereWeatherAlerts\1201153115\mergetree (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\SevereWeatherAlerts\1207194002\3597.3597.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\SevereWeatherAlerts\1207194002\3598.3598.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\SevereWeatherAlerts\1207194002\3599.3599.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\SevereWeatherAlerts\1207194002\mergetree (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\SevereWeatherAlerts\1208152908\3599.3599.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\SevereWeatherAlerts\1208152908\mergetree (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Severe Weather Alerts\Severe Weather Alerts.lnk (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts App.lnk (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts.lnk (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\installdt.tmp\DefaultTab.xpi (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\installdt.tmp\XPI\defaulttab\locale\en-US\defaulttab.properties (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Weather_Notifications,_LL\SevereWeatherAlerts.exe_Url_z1irwlo4vvtnquh45lbputdmoxbpt5aw\1.21.0.0\user.config (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3289663\chromeid.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3289663\conduit.xml (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3289663\CT3289663.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3289663\CT3289663.xpi (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3289663\initData.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3289663\manifest.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3289663\setup.ini.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3289663\version.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3289663\plugins\TBVerifier.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3289663\xpi\install.rdf (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3289663\xpi\defaults\preferences\defaults.js (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3298578\chromeid.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3298578\conduit.xml (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3298578\CT3298578.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3298578\CT3298578.xpi (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3298578\initData.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3298578\manifest.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3298578\setup.ini.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3298578\version.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3298578\plugins\TBVerifier.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3298578\xpi\install.rdf (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3298578\xpi\defaults\preferences\defaults.js (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3302999\chromeid.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3302999\conduit.xml (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3302999\CT3302999.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3302999\CT3302999.xpi (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3302999\initData.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3302999\manifest.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3302999\setup.ini.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3302999\version.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3302999\plugins\TBVerifier.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3302999\xpi\install.rdf (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3302999\xpi\defaults\preferences\defaults.js (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3309350\chromeid.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3309350\conduit.xml (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3309350\CT3309350.xpi (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3309350\setup.ini.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3309350\stub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3309350\version.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3309350\xpi\install.rdf (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3309350\xpi\defaults\preferences\defaults.js (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3310511\chromeid.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3310511\conduit.xml (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3310511\CT3310511.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3310511\CT3310511.xpi (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3310511\initData.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3310511\manifest.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3310511\setup.ini.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3310511\version.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3310511\plugins\TBVerifier.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3310511\xpi\install.rdf (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathryn\AppData\Local\Temp\ct3310511\xpi\defaults\preferences\defaults.js (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\18x18.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\background.html (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\blank.html (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\manifest.json (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\manifest_no_button.json (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\new_tab.html (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\search_box.html (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\css\injection.css (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\css\jquery_ui\jquery-ui-1.8.16.custom.css (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\css\jquery_ui\images\ui-bg_flat_0_aaaaaa_40x100.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\css\jquery_ui\images\ui-bg_flat_75_ffffff_40x100.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\css\jquery_ui\images\ui-bg_glass_55_fbf9ee_1x400.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\css\jquery_ui\images\ui-bg_glass_65_ffffff_1x400.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\css\jquery_ui\images\ui-bg_glass_75_dadada_1x400.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\css\jquery_ui\images\ui-bg_glass_75_e6e6e6_1x400.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\css\jquery_ui\images\ui-bg_glass_95_fef1ec_1x400.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\css\jquery_ui\images\ui-bg_highlight-soft_75_cccccc_1x100.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\css\jquery_ui\images\ui-icons_222222_256x240.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\css\jquery_ui\images\ui-icons_2e83ff_256x240.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\css\jquery_ui\images\ui-icons_454545_256x240.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\css\jquery_ui\images\ui-icons_888888_256x240.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\css\jquery_ui\images\ui-icons_cd0a0a_256x240.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\images\help.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\images\engines_icons\Bing.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\images\engines_icons\Google.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\images\engines_icons\Search here.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\images\engines_icons\Yahoo.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\images\injection\bullet_arrow_down.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\images\injection\bullet_arrow_down_old.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\images\injection\icon.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\images\injection\search-inner-wrapper.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\images\injection\search-left.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\images\injection\search_arrow_top_button.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\images\injection\search_arrow_top_button_hovered.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\images\injection\search_bottom_bg.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\images\injection\search_bottom_border_bg.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\images\injection\search_bottom_left_before_corner.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\images\injection\search_bottom_left_corner.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\images\injection\search_bottom_right_before_corner.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\images\injection\search_bottom_right_corner.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\images\injection\search_left_border_bg.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\images\injection\search_left_bottom_border_bg.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\images\injection\search_middle_bg.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\images\injection\search_right_border_bg.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\images\injection\search_right_bottom_border_bg.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\images\injection\search_top_bg.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\images\injection\search_top_left_before_corner.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\images\injection\search_top_left_corner.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\images\injection\search_top_right_before_corner.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\images\injection\search_top_right_corner.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\js\bg.js (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\js\ConfigManager.js (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\js\content.js (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\js\InjectionManager.js (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\js\jquery-1.7.1.min.js (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\js\jquery-ui-1.8.16.custom.min.js (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\js\jquery.guid.js (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\js\newTab.js (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\js\SearchBox.js (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\plugins\npDefaultTabSearch.dll (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.

(end)

CharmPeddler · Mar 9, 2014

I'm going ahead and doing the "ESET online scanner" now, seeing as how long it took me the first time i did it.

CharmPeddler · Mar 9, 2014

C:\Users\Kathryn\AppData\Local\Temp\air9ED2.exe a variant of Win32/SpeedingUpMyPC.F application

Here you go.

johnb35 · Mar 10, 2014

Open OTL and copy and paste the following into the custom scan/fixes box at the bottom.

Code:

:OTL
IE - HKLM\..\URLSearchHook: {650598e1-b35a-45d3-b607-896d7acb64c3} - No CLSID value found
IE - HKLM\..\URLSearchHook: {7e8a1050-cf67-4575-92df-dcc60e7d952d} - No CLSID value found
O2 - BHO: (no name) - {650598e1-b35a-45d3-b607-896d7acb64c3} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [] File not found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC6 4Loader.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found

Then click on the run fix button up top.

Then manually delete this file.

C:\Users\Kathryn\AppData\Local\Temp\air9ED2.exe

CharmPeddler · Mar 10, 2014

Ok, i ran that and then restarted the computer. Now the old password for windows does not work...?

CharmPeddler · Mar 10, 2014

so... ya, password still not working. I tried resetting the @live.com account online, but it is not taking that new passwork too. Tried restarting the computer twice. still nothing. Any ideas?

johnb35 · Mar 10, 2014

You will need to access safe mode options and then see if you can log in. Or possibly do a system restore before running the OTL fix.

http://www.howtogeek.com/107511/how-to-boot-into-safe-mode-on-windows-8-the-easy-way/

let me know when you get back in.

CharmPeddler · Mar 12, 2014

OK, first, i'm doing this remotely (sister lives like 1500 miles away, so i use Teamviewer which worked great until we needed this safemode stuff. we are able to get into the windows 8 Advanced Startup Options. but in order to do a system restore it is asking her for the account password again. i'm going to try the bios settings and look for a password there.

she uses a windows live email for her windows account, and when i told the computer that I "forgot password", it said to go to live.com and reset the password there. I assumed it would push that change to the computer? is that actually a thing?

Any other ideas?

johnb35 · Mar 12, 2014

It will not automatically push the new password to the computer, you will need to change the password and then reenter it for the count. If she uses her account to log in when she turns the computer on, how can she forget her password?

CharmPeddler · Mar 12, 2014

we didn't forget it. I just thought i'd go through the motions of "forgot the password" and hope that process would let us reset the password. I had used that password to remotely log into the computer 3-4 times that day and then after running the custom OTL scan from earlier and then restarting the computer we have not been able to get logged back in (neither her at the computer, or me remotely) for the last 3 days. I'm pulling ideas out of the air here, but the only thing that i remember doing to the computer during that boot was the OTL custom scan/fix and a reboot. So the only thing that i know that could of caused it was this:

:OTL
IE - HKLM\..\URLSearchHook: {650598e1-b35a-45d3-b607-896d7acb64c3} - No CLSID value found
IE - HKLM\..\URLSearchHook: {7e8a1050-cf67-4575-92df-dcc60e7d952d} - No CLSID value found
O2 - BHO: (no name) - {650598e1-b35a-45d3-b607-896d7acb64c3} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [] File not found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC6 4Loader.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found

johnb35 · Mar 12, 2014

At this stage I would say reinstall windows using the recovery partition for the machine. Whats the make and model of pc?

CharmPeddler · Mar 12, 2014

Toshiba Satellite. I've only had to reinstall this way 1 or 2 times. There is an option to reinstall without loosing any of her files, correct?

johnb35 · Mar 12, 2014

I need the specific model number please, unless you know how to boot to the recovery partition. Sometimes there is an option to do a recovery that will save personal files.

CharmPeddler · Mar 13, 2014

Satellite L8758C-S7332

johnb35 · Mar 13, 2014

Are you sure thats the correct model number? Not getting that to come up at toshiba's website.

Security Scan results:

New Member

New Member

New Member

New Member

New Member

New Member

New Member

New Member

Administrator

New Member

New Member

Administrator

New Member

Administrator

New Member

Administrator

New Member

Administrator

New Member

Administrator