Here are the results of the three scans/fixes:
# AdwCleaner v3.012 - Report created 13/11/2013 at 12:07:41
# Updated 11/11/2013 by Xplode
# Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Username : Kathy - KATHYS-PC
# Running from : C:\Users\Kathy\Desktop\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.DynamicBarButton
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.DynamicBarButton.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.FeedManager
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.FeedManager.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLMenu
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLMenu.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLPanel
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLPanel.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.MultipleButton
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.MultipleButton.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.PseudoTransparentPlugin
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.PseudoTransparentPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.Radio
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.Radio.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.RadioSettings
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.RadioSettings.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ScriptButton
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ScriptButton.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.SettingsPlugin
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.SettingsPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ThirdPartyInstaller
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ThirdPartyInstaller.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ToolbarProtector
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ToolbarProtector.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.UrlAlertButton
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.UrlAlertButton.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.XMLSessionPlugin
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.XMLSessionPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\Inbox.AppServer
Key Deleted : HKLM\SOFTWARE\Classes\Inbox.IBX404
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\inbox
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{017D68F2-19B3-41AE-9D8A-8B09DBD25479}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2BD4465D-669A-42E6-B449-636B0B10EBB8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3700B685-D795-4E17-9B78-73BCEE5D4086}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3E6260AC-BC6F-44B4-942B-1568C367543A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{504B4AA9-9952-4490-B0E1-80A5321C35F7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{72D05120-DF65-4C27-921E-899B5267FEF2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8AD40E5E-9FD9-4F5E-B4D1-DDF2C921DCE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A0CF6CB9-2276-4F30-B841-05A67067ACE0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE84501A-2CB6-41D6-B3A7-9679BDBDFA0B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AFA196F4-80E5-47AD-B7BC-C671487D36FB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B7FD68F7-D28B-431E-9EE8-E45D915B7F17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC7E25D7-4681-46A3-AF5A-9A1B865783ED}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CBBEA4B9-B183-47AC-8B1F-FD526AC99A8D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD1D181E-C654-4CA5-9D09-B3648537FD7D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0C3A839-0E5E-4EBC-9F8F-E56F8FC732CE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E1C4699E-5E74-4F30-A4A2-378E45D44F07}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F96EE2EF-FE15-4878-AECD-BC367F12C70F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FC2B119B-2352-4E7A-9197-B9E1BBADE61B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{36B445BF-1B84-466A-A623-A360A8CFF8C3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6CBF5C01-C876-481B-867E-111CB1D2A7D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D97143C2-4282-496B-BDC4-7EC852F1497C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1747AE4D-0A83-4336-84D4-48500BF1554F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2C9D27D8-C81E-4968-8026-E725E01650C1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3BB1BA04-1B88-4690-9AD3-0D38412F5FF1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3EFEC319-72E8-42AA-AC38-8CF8A0661CDD}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4D8AEB1D-4ED4-44AC-A039-4775B2575DB0}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{542EAC56-BF4B-46A7-943E-0A4C2CBA34EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6191571E-F7EE-47C3-B229-2DFAC70DB5D2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74C02D12-FAEE-4834-80D2-5B7D2480AD61}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{840AE8AE-D547-433E-985C-6BF6C74F5084}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A85ACA7E-5CD2-461B-877A-994CCCCF491C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BF6FDBB8-7CD5-402D-AB4F-E4F13D3490C8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E3CDDB72-3ADC-4920-B42B-68A8C29FA942}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC7E25D7-4681-46A3-AF5A-9A1B865783ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2BD4465D-669A-42E6-B449-636B0B10EBB8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8AD40E5E-9FD9-4F5E-B4D1-DDF2C921DCE3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BC7E25D7-4681-46A3-AF5A-9A1B865783ED}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CBBEA4B9-B183-47AC-8B1F-FD526AC99A8D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E1C4699E-5E74-4F30-A4A2-378E45D44F07}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FC2B119B-2352-4E7A-9197-B9E1BBADE61B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{36B445BF-1B84-466A-A623-A360A8CFF8C3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6CBF5C01-C876-481B-867E-111CB1D2A7D6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{701F5C41-BB30-46DA-A56B-68784B0B762B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A3B975A0-F679-444E-9D94-6D292FA53140}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D97143C2-4282-496B-BDC4-7EC852F1497C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0C3A839-0E5E-4EBC-9F8F-E56F8FC732CE}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\AppDataLow\Software\FromDocToPDF_65
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\FromDocToPDF_65
Key Deleted : HKLM\Software\Inbox Toolbar
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16514
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page Restore]
-\\ Mozilla Firefox v14.0.1 (en-US)
[ File : C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\ojyrvpn2.default\prefs.js ]
Line Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=114066&tt=2912_7");
Line Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "285fc8d00000000000000022fb66b6b8");
Line Deleted : user_pref("extensions.BabylonToolbar_i.id", "285fc8d00000000000000022fb66b6b8");
Line Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15539");
Line Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Line Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Line Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Line Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Line Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Line Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1710:23:16");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
*************************
AdwCleaner[R0].txt - [13554 octets] - [13/11/2013 11:58:21]
AdwCleaner[R1].txt - [12299 octets] - [13/11/2013 12:06:45]
AdwCleaner[S0].txt - [1316 octets] - [13/11/2013 12:02:30]
AdwCleaner[S1].txt - [12367 octets] - [13/11/2013 12:07:41]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [12428 octets] ##########
********************************** OTL Log *********************
OTL logfile created on: 11/13/2013 12:17:12 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kathy\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.93 Gb Total Physical Memory | 0.99 Gb Available Physical Memory | 51.08% Memory free
4.10 Gb Paging File | 3.02 Gb Available in Paging File | 73.68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.88 Gb Total Space | 139.42 Gb Free Space | 63.12% Space Free | Partition Type: NTFS
Computer Name: KATHYS-PC | User Name: Kathy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2013/11/07 18:13:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kathy\Desktop\OTL.exe
PRC - [2013/10/09 09:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/09/12 17:39:59 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2013/08/14 14:19:24 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013/08/12 09:12:38 | 000,295,376 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2013/08/12 09:12:38 | 000,022,208 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/05/24 18:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Kathy\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/01/27 09:04:34 | 000,166,880 | ---- | M] (Soluto) -- C:\Program Files\Soluto\SolutoLauncherService.exe
PRC - [2013/01/27 09:04:32 | 000,553,440 | ---- | M] (Soluto) -- C:\Program Files\Soluto\SolutoService.exe
PRC - [2013/01/27 09:04:30 | 001,229,280 | ---- | M] (Soluto) -- c:\Program Files\Soluto\Soluto.exe
PRC - [2010/03/24 20:50:00 | 002,516,296 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2010/03/02 19:52:00 | 000,140,640 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
PRC - [2009/11/08 22:18:00 | 000,065,216 | ---- | M] (WordWeb Software) -- C:\Program Files\WordWeb\wweb32.exe
PRC - [2009/07/31 10:49:54 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2009/06/18 19:00:24 | 000,723,488 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
PRC - [2009/06/18 19:00:24 | 000,703,008 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
PRC - [2009/06/18 19:00:22 | 000,453,152 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
PRC - [2009/04/29 16:09:14 | 000,237,568 | ---- | M] (AlcorMicro Co., Ltd.) -- C:\Program Files\Selective Suspend Driver\AmIcoSinglun.exe
PRC - [2009/04/11 00:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/16 17:14:00 | 000,565,248 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\AcerVCM.exe
PRC - [2009/02/11 18:38:40 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/02/11 18:38:38 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/02/05 09:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe
PRC - [2008/09/15 03:57:04 | 000,262,360 | ---- | M] (Data Perceptions / PowerProgrammer) -- C:\Windows\System32\WebUpdateSvc4.exe
PRC - [2004/06/09 13:27:34 | 000,471,040 | ---- | M] (PalmSource, Inc) -- C:\Program Files\palmOne\Hotsync.exe
========== Modules (No Company Name) ========== MOD - [2013/10/13 03:22:41 | 000,039,936 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGRSPProbe\4de87dcff56b1cc480bc9489122b35e0\PCGRSPProbe.ni.dll
MOD - [2013/10/13 03:22:39 | 000,055,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGUsersCenter\f5bad3277e4eb7b75277bb33f6d8e325\PCGUsersCenter.ni.dll
MOD - [2013/10/13 03:22:37 | 000,156,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGAppControlPlugin#\4e76c0ef0b27898e1287e1992c35cf6b\PCGAppControlPluginLoader.ni.dll
MOD - [2013/10/13 03:22:34 | 003,510,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGClientCommon\1a0c08e04a85290bfc9711006f51bbf1\PCGClientCommon.ni.dll
MOD - [2013/10/13 03:22:22 | 000,157,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGBootVisualizingC#\5fe86020912d2e6925231ba54be932f3\PCGBootVisualizingCommon.ni.dll
MOD - [2013/10/13 03:22:19 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGDriverProbe\730d462a7e3a215f3ed446a536604690\PCGDriverProbe.ni.dll
MOD - [2013/10/13 03:21:09 | 000,068,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGConfiguration\f3880f6048502089cfad0cb7bb86e67c\PCGConfiguration.ni.dll
MOD - [2013/10/13 03:21:06 | 002,617,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGDatabase\92e575065f18cf53803222d76c14fa4a\PCGDatabase.ni.dll
MOD - [2013/10/13 03:20:57 | 001,550,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGAzureShared\1f8ab68728e907a1baad5cda57dda0a9\PCGAzureShared.ni.dll
MOD - [2013/10/13 03:20:52 | 001,197,056 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGCommunication\3f02b42d4f0ea21dd631f3433d6b9b91\PCGCommunication.ni.dll
MOD - [2013/10/13 03:18:46 | 000,188,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGPrestoSerializer\2e1807f7639b94cb03fc048c33c7d8ba\PCGPrestoSerializer.ni.dll
MOD - [2013/10/13 03:18:42 | 002,128,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Newtonsoft.Json.Net#\c7d17aafbcdcc3aa47f35d53f325bda8\Newtonsoft.Json.Net35.ni.dll
MOD - [2013/10/13 03:18:19 | 002,731,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGFramework\d1c2b9f1041e0151787073a4b1888746\PCGFramework.ni.dll
MOD - [2013/10/13 03:17:49 | 001,620,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Soluto\ddd7b435f33a355a1d6d5977fe3ab7b3\Soluto.ni.exe
MOD - [2013/10/13 03:13:11 | 000,978,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\f453ecc6bb7fc8d52d61247676944623\System.Configuration.ni.dll
MOD - [2013/10/13 03:08:16 | 012,434,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\73d9bc894522543b561a0342dac87c06\System.Windows.Forms.ni.dll
MOD - [2013/10/13 03:07:54 | 002,518,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\3815d0ee28da0b5a6e6c1f083ef437f6\System.Data.Linq.ni.dll
MOD - [2013/10/13 03:07:47 | 002,295,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\ab40b51ac49fbee9a48b5b74ff78d5d6\System.Core.ni.dll
MOD - [2013/08/16 19:14:17 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\5974034f0f53755b11bde4c9698261cb\System.ServiceProcess.ni.dll
MOD - [2013/08/16 19:13:48 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\59eba2680c01c33b2b3f5385979e32c6\System.Web.ni.dll
MOD - [2013/08/16 16:54:30 | 002,327,552 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Community.CsharpSql#\6c07f76ab73ce7b4dc02ccfec040ddc3\Community.CsharpSqlite.ni.dll
MOD - [2013/08/16 16:40:00 | 000,656,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGPostBootResources\05f479f87e6ac55f0fd3cd6ae1c10739\PCGPostBootResources.ni.dll
MOD - [2013/08/16 16:39:59 | 000,051,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGHIDProbe\c3d6831db800db604e16702ac6a0d091\PCGHIDProbe.ni.dll
MOD - [2013/08/16 16:32:52 | 000,048,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGAzureEntityFrame#\6260744bbbdeb48359e51f5d24f8cf3d\PCGAzureEntityFramework.ni.dll
MOD - [2013/08/16 16:32:42 | 001,707,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGPreCompiled\074b1bcfde67d61ff1989f4818b0f419\PCGPreCompiled.ni.dll
MOD - [2013/08/16 15:17:43 | 000,596,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Ionic.Zip.Reduced\36bdd5973166173b1547256acbedb674\Ionic.Zip.Reduced.ni.dll
MOD - [2013/08/16 11:48:46 | 005,462,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09f5b3f7a363b742a73937e818595597\System.Xml.ni.dll
MOD - [2013/08/16 11:46:37 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\c0df7e124d8d5e2821fd7d3921d404f7\System.Drawing.ni.dll
MOD - [2013/08/16 11:39:26 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\d7153acb7b6ccb5a6a886d6f0ab732b1\System.ni.dll
MOD - [2013/07/23 18:40:08 | 000,202,240 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGWuInfo\fe73c0ce3b7f9f61db4b2f8453521a2d\PCGWuInfo.ni.dll
MOD - [2013/07/23 18:40:07 | 000,100,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.IWshRuntime#\449c932b29b1df04449197f0693226a0\Interop.IWshRuntimeLibrary.ni.dll
MOD - [2013/07/11 12:12:33 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6a938df70a8b7996a3890b4f34c83906\mscorlib.ni.dll
MOD - [2013/03/13 14:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Kathy\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013/01/27 09:00:18 | 000,077,880 | ---- | M] () -- c:\Program Files\Soluto\PCGDllExportInspector.dll
MOD - [2012/11/13 17:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Kathy\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2009/08/19 19:59:06 | 000,022,736 | ---- | M] () -- C:\Program Files\WordWeb\WUCNT.dll
MOD - [2009/07/31 10:49:54 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
========== Services (SafeList) ========== SRV - [2013/10/09 09:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/10/08 13:07:50 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/08/14 14:19:24 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/08/12 09:12:38 | 000,295,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/08/12 09:12:38 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/01/27 09:04:34 | 000,166,880 | ---- | M] (Soluto) [Auto | Running] -- C:\Program Files\Soluto\SolutoLauncherService.exe -- (SolutoLauncherService)
SRV - [2013/01/27 09:04:32 | 000,553,440 | ---- | M] (Soluto) [Auto | Running] -- C:\Program Files\Soluto\SolutoService.exe -- (SolutoService)
SRV - [2013/01/27 09:00:18 | 001,239,552 | ---- | M] (Soluto) [On_Demand | Stopped] -- C:\Program Files\Soluto\SolutoRemoteService.exe -- (SolutoRemoteService)
SRV - [2012/07/13 18:17:12 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice_tmp.exe -- (MozillaMaintenance)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2009/06/18 19:00:24 | 000,723,488 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009/02/11 18:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2009/02/05 09:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2008/09/15 03:57:04 | 000,262,360 | ---- | M] (Data Perceptions / PowerProgrammer) [Auto | Running] -- C:\Windows\System32\WebUpdateSvc4.exe -- (WebUpdate4)
SRV - [2008/01/20 20:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\LV302V32.SYS -- (PID_PEPI)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lv302af.sys -- (pepifilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\npbgsgld.sys -- (npbgsgld)
DRV - File not found [Kernel | Auto | Stopped] -- System32\Drivers\Lxarscan.sys -- (LXARScan)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lvrs.sys -- (LVRS)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Running] -- C:\Windows\TEMP\cpuz136\cpuz136_x32.sys -- (cpuz136)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\TEMP\cpuz135\cpuz135_x32.sys -- (cpuz135)
DRV - [2013/11/13 12:12:54 | 000,040,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{368B2A33-9669-4978-8544-B3A33CE8147B}\MpKsld22ae3be.sys -- (MpKsld22ae3be)
DRV - [2013/06/18 20:50:08 | 000,107,392 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2013/01/27 08:59:58 | 000,051,144 | ---- | M] (Soluto LTD.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\Soluto.sys -- (Soluto)
DRV - [2010/03/28 18:24:37 | 000,016,694 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2009/04/27 02:16:04 | 000,050,176 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C60x86.sys -- (L1C)
DRV - [2009/04/07 21:14:40 | 000,014,848 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SSUSB.sys -- (SSUSB)
DRV - [2009/03/30 15:35:12 | 000,010,752 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SSDISK.sys -- (SSDISK)
DRV - [2009/03/03 20:49:22 | 004,232,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008/12/04 12:25:38 | 000,112,640 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2008/09/30 21:50:50 | 000,010,504 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\GridVista\DPMemGridVista.sys -- (DPMemGridVista)
DRV - [2003/10/01 08:29:50 | 000,069,632 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\OEM\factory\int15.sys -- (int15.sys)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://homepage.acer.com/rdr.aspx?b=ACA ... 5w47j1r735IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://homepage.acer.com/rdr.aspx?b=ACA ... 5w47j1r735IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1403424136-2531779536-1460617787-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.msn.com/?ocid=EIE9HP&PC=UP50IE - HKU\S-1-5-21-1403424136-2531779536-1460617787-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://www.google.comIE - HKU\S-1-5-21-1403424136-2531779536-1460617787-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
http://www.msn.com/?ocid=iehpIE - HKU\S-1-5-21-1403424136-2531779536-1460617787-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1403424136-2531779536-1460617787-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2E 76 D4 7F 21 E0 CE 01 [binary data]
IE - HKU\S-1-5-21-1403424136-2531779536-1460617787-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore =
http://www.google.comIE - HKU\S-1-5-21-1403424136-2531779536-1460617787-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1403424136-2531779536-1460617787-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1403424136-2531779536-1460617787-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
http://www.google.com/search?q={searchTerms}&rlz=1I7ACAW_en&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-1403424136-2531779536-1460617787-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.4.8.20120412011105
FF - prefs.js..extensions.enabledAddons:
amznUWL2@amazon.com:1.10
FF - prefs.js..extensions.enabledAddons: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:6.11.0.13348
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Kathy\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/09/12 17:42:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/09/12 17:42:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/17 18:17:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/09/12 17:40:57 | 000,000,000 | ---D | M]
[2010/03/24 18:34:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kathy\AppData\Roaming\Mozilla\Extensions
[2013/11/13 12:05:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\ojyrvpn2.default\extensions
[2010/06/07 17:36:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\ojyrvpn2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/10/06 21:11:02 | 000,243,287 | ---- | M] () (No name found) -- C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\ojyrvpn2.default\extensions\amznUWL2@amazon.com.xpi
[2011/02/03 20:24:38 | 000,001,919 | ---- | M] () -- C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\ojyrvpn2.default\searchplugins\bing-zugo.xml
[2012/07/17 18:17:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/10/20 14:09:47 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/04/24 11:44:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/10/20 14:09:46 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) -- C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OJYRVPN2.DEFAULT\EXTENSIONS\{635ABD67-4FE9-1B23-4F01-E679FA7484C1}
[2012/07/13 18:17:47 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/03/18 12:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/11/10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/18 12:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2013/09/12 17:40:31 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2012/07/13 18:16:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/07/13 18:16:36 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2006/09/18 15:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [AmIcoSinglun] C:\Program Files\Selective Suspend Driver\AmIcoSinglun.exe (AlcorMicro Co., Ltd.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found
O4 - Startup: C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Kathy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... -
res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A48B34A-7608-4D4D-AFC9-BC7194A9B2B1}: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B5DF368C-F419-4932-BD75-7A02B9585635}: DhcpNameServer = 192.168.10.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\program files\soluto\soluto.exe /userinit) - c:\program files\soluto\soluto.exe (Soluto)
O24 - Desktop WallPaper: C:\Users\Kathy\Pictures\Lighthouse.jpg
O24 - Desktop BackupWallPaper: C:\Users\Kathy\Pictures\Lighthouse.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ========== [2013/11/13 12:16:53 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
[2013/11/13 11:58:15 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/11/12 19:23:42 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Kathy\Desktop\aswMBR.exe
[2013/11/11 07:33:52 | 000,000,000 | ---D | C] -- C:\FRST
[2013/11/11 07:31:47 | 000,754,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webservices.dll
[2013/11/11 07:28:43 | 001,090,275 | ---- | C] (Farbar) -- C:\Users\Kathy\Desktop\FRST.exe
[2013/11/11 07:27:07 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/11/10 21:58:32 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013/11/08 18:51:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/11/08 18:51:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/11/08 18:51:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/11/08 18:48:25 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/11/08 18:48:11 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/11/08 18:47:11 | 005,145,633 | R--- | C] (Swearware) -- C:\Users\Kathy\Desktop\ComboFix.exe
[2013/11/07 18:13:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kathy\Desktop\OTL.exe
[2013/11/07 18:10:00 | 004,121,952 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Kathy\Desktop\tdsskiller.exe
[2011/06/10 11:44:36 | 003,080,864 | ---- | C] (Adobe Systems, Inc.) -- C:\Program Files\install_flash_player.exe
[1964/01/03 08:35:38 | 000,053,248 | ---- | C] (Silitek Corp.) -- C:\Program Files\ACMonitor_X73.exe
[4 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2013/11/13 12:22:01 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1403424136-2531779536-1460617787-1000UA.job
[2013/11/13 12:17:54 | 000,618,148 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/11/13 12:17:54 | 000,109,218 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/11/13 12:12:53 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/13 12:12:52 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/13 12:09:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/13 12:09:02 | 2072,993,792 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/13 12:06:24 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/13 10:58:44 | 000,075,264 | ---- | M] () -- C:\Users\Kathy\Desktop\SystemLook.exe
[2013/11/13 10:58:14 | 001,085,542 | ---- | M] () -- C:\Users\Kathy\Desktop\AdwCleaner.exe
[2013/11/12 21:35:03 | 000,000,512 | ---- | M] () -- C:\Users\Kathy\Documents\MBR.dat
[2013/11/12 21:21:01 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1403424136-2531779536-1460617787-1000Core.job
[2013/11/12 19:21:24 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Kathy\Desktop\aswMBR.exe
[2013/11/12 12:51:07 | 000,000,955 | ---- | M] () -- C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/11/11 07:21:42 | 001,090,275 | ---- | M] (Farbar) -- C:\Users\Kathy\Desktop\FRST.exe
[2013/11/08 17:31:18 | 005,145,633 | R--- | M] (Swearware) -- C:\Users\Kathy\Desktop\ComboFix.exe
[2013/11/07 18:13:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kathy\Desktop\OTL.exe
[2013/11/07 18:10:04 | 004,121,952 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Kathy\Desktop\tdsskiller.exe
[2013/11/04 21:28:52 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/04 18:39:22 | 264,443,960 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/10/25 13:15:45 | 001,822,775 | ---- | M] () -- C:\Users\Kathy\Desktop\ColoringPages.pdf
[2013/10/25 11:53:07 | 000,002,637 | ---- | M] () -- C:\Users\Kathy\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word 2010.lnk
[2013/10/16 02:03:05 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[4 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ========== [2013/11/13 11:55:38 | 001,085,542 | ---- | C] () -- C:\Users\Kathy\Desktop\AdwCleaner.exe
[2013/11/13 11:53:52 | 000,075,264 | ---- | C] () -- C:\Users\Kathy\Desktop\SystemLook.exe
[2013/11/12 21:35:02 | 000,000,512 | ---- | C] () -- C:\Users\Kathy\Documents\MBR.dat
[2013/11/12 12:51:07 | 000,000,955 | ---- | C] () -- C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/11/11 07:25:05 | 2072,993,792 | -HS- | C] () -- C:\hiberfil.sys
[2013/11/08 18:51:01 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/11/08 18:51:01 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/11/08 18:51:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/11/08 18:51:01 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/11/08 18:51:01 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/11/04 21:28:52 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/25 13:15:45 | 001,822,775 | ---- | C] () -- C:\Users\Kathy\Desktop\ColoringPages.pdf
[2012/09/19 13:54:47 | 000,047,633 | ---- | C] () -- C:\Windows\System32\wuwuninst.exe
[2012/07/17 18:27:14 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012/07/14 22:03:55 | 000,027,520 | ---- | C] () -- C:\Users\Kathy\AppData\Local\dt.dat
[2011/04/06 14:54:18 | 000,000,680 | ---- | C] () -- C:\Users\Kathy\AppData\Local\d3d9caps.dat
[2010/06/14 17:14:02 | 000,000,000 | ---- | C] () -- C:\Users\Kathy\AppData\Local\prvlcl.dat
[2010/03/24 18:44:53 | 000,020,480 | ---- | C] () -- C:\Users\Kathy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/23 20:25:09 | 000,000,210 | ---- | C] () -- C:\Users\Kathy\AppData\Roaming\wklnhst.dat
[2001/07/20 09:48:06 | 000,008,116 | ---- | C] () -- C:\Program Files\OSLO3071b2.USB
[2000/12/05 14:56:34 | 000,114,688 | ---- | C] () -- C:\Program Files\lxarscan.dll
[2000/01/11 11:50:48 | 000,000,047 | ---- | C] () -- C:\Program Files\ACMonitor_X73.ini
[1964/01/18 07:07:18 | 000,000,768 | ---- | C] () -- C:\Program Files\x73_lut.dat
[1964/01/03 08:25:18 | 000,001,437 | ---- | C] () -- C:\Program Files\gtx73.ini
========== ZeroAccess Check ========== [2006/11/02 06:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 11:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 00:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 00:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== Alternate Data Streams ========== @Alternate Data Stream - 177 bytes -> C:\ProgramData\TEMP:DCAF903C
@Alternate Data Stream - 173 bytes -> C:\ProgramData\TEMP:F94CB4DD
@Alternate Data Stream - 169 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 163 bytes -> C:\ProgramData\TEMP:F7862839
@Alternate Data Stream - 160 bytes -> C:\ProgramData\TEMP:8750DCE4
@Alternate Data Stream - 157 bytes -> C:\ProgramData\TEMP:798A3728
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:51574724
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:94188BC6
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:BB24555F
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:B203B914
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:3064D21D
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:9E22BBE8
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:131C0EE9
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:ABE89FFE
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:CE0A077E
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:35759C73
< End of report >
*************************************
SystemLook 04.09.10 by jpshortstuff
Log created at 12:32 on 13/11/2013 by Kathy
Administrator - Elevation successful
========== filefind ==========
Searching for "*Fun4IM*"
No files found.
Searching for "*Bandoo*"
No files found.
Searching for "*Searchqu*"
No files found.
Searching for "*iLivid*"
No files found.
Searching for "*whitesmoke*"
No files found.
Searching for "*datamngr*"
No files found.
Searching for "*trolltech*"
No files found.
Searching for "*doctopdf*"
No files found.
========== folderfind ==========
Searching for "*Fun4IM*"
No folders found.
Searching for "*Bandoo*"
No folders found.
Searching for "*Searchqu*"
No folders found.
Searching for "*iLivid*"
No folders found.
Searching for "*whitesmoke*"
No folders found.
Searching for "*datamngr*"
No folders found.
Searching for "*trolltech*"
No folders found.
Searching for "*doctopdf*"
C:\AdwCleaner\Quarantine\C\Program Files\FromDocToPDF_65 d------ [18:02 13/11/2013]
C:\AdwCleaner\Quarantine\C\Users\Kathy\AppData\LocalLow\FromDocToPDF_65 d------ [18:05 13/11/2013]
C:\FRST\Quarantine\65ffxtbr@FromDocToPDF_65.com d------ [02:13 25/06/2013]
========== Regfind ==========
Searching for "Fun4IM"
No data found.
Searching for "Bandoo"
No data found.
Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
Searching for "iLivid"
No data found.
Searching for "whitesmoke"
No data found.
Searching for "datamngr"
No data found.
Searching for "kelkoopartners"
No data found.
Searching for "trolltech"
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-1403424136-2531779536-1460617787-1000\Software\Trolltech]
[HKEY_USERS\S-1-5-21-1403424136-2531779536-1460617787-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
Searching for "doctopdf"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\ea93e43_0]
@="{0.0.0.00000000}.{010fa6d2-b5fe-4e09-a1e6-bc4510bd192b}|\Device\HarddiskVolume2\Program Files\FromDocToPDF_65\bar\1.bin\65skplay.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Kathy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\83AI4GJC\FromDocToPDFSetup2.5.12.0.^Y6^man000^YY^.exe"="FromDocToPDF"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ffa72ec-9fd9-4b2b-92a5-68b60885fd8a}\InprocServer32]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin\65httpct.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FromDocToPDF_65bar Uninstall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FromDocToPDF_65bar Uninstall]
"DisplayName"="FromDocToPDF Toolbar"
[HKEY_USERS\S-1-5-21-1403424136-2531779536-1460617787-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\ea93e43_0]
@="{0.0.0.00000000}.{010fa6d2-b5fe-4e09-a1e6-bc4510bd192b}|\Device\HarddiskVolume2\Program Files\FromDocToPDF_65\bar\1.bin\65skplay.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-1403424136-2531779536-1460617787-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Kathy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\83AI4GJC\FromDocToPDFSetup2.5.12.0.^Y6^man000^YY^.exe"="FromDocToPDF"
[HKEY_USERS\S-1-5-21-1403424136-2531779536-1460617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Kathy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\83AI4GJC\FromDocToPDFSetup2.5.12.0.^Y6^man000^YY^.exe"="FromDocToPDF"
-= EOF =-