FOM05
Members-
Posts
5 -
Joined
-
Last visited
Reputation
0 Neutral-
Having problems removing MyStart from Google Chrome
FOM05 replied to FOM05's topic in Resolved Malware Removal Logs
That seems to have worked. Thank you for your help. -
Having problems removing MyStart from Google Chrome
FOM05 replied to FOM05's topic in Resolved Malware Removal Logs
Here is the last log. I opened Google Chrome before I did this post and it still used MyStart as the first page. All processes killed ========== OTL ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_USERS\S-1-5-21-4068806776-3580623919-1700608804-1003\Software\Microsoft\Internet Explorer\SearchScopes\{25D8ABA0-5F45-D212-4914-794A69246E1D}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25D8ABA0-5F45-D212-4914-794A69246E1D}\ not found. Registry key HKEY_USERS\S-1-5-21-4068806776-3580623919-1700608804-1003\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found. Prefs.js: "" removed from browser.search.defaultenginename Prefs.js: "" removed from browser.search.order.1 Prefs.js: "" removed from browser.search.selectedEngine File HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme not found. File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme not found. C:\Users\Fries\AppData\Roaming\Mozilla\Firefox\Profiles\pwqvf7pq.default\searchplugins\safesearch.xml moved successfully. C:\Program Files\Mozilla Firefox\searchplugins\search.xml moved successfully. Unable to fix default_search_provider items. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13D095-45C3-4271-9475-F3B48227DD9F}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5911488E-9D1E-40ec-8CBB-06B231CC153F} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\ deleted successfully. Registry value HKEY_USERS\S-1-5-21-4068806776-3580623919-1700608804-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found. C:\Users\Fries\AppData\Roaming\Azureus folder moved successfully. C:\Users\Owner\AppData\Roaming\FrostWire\xml\data folder moved successfully. C:\Users\Owner\AppData\Roaming\FrostWire\xml folder moved successfully. C:\Users\Owner\AppData\Roaming\FrostWire\themes\frostwirePro_theme folder moved successfully. C:\Users\Owner\AppData\Roaming\FrostWire\themes folder moved successfully. C:\Users\Owner\AppData\Roaming\FrostWire\overlays folder moved successfully. C:\Users\Owner\AppData\Roaming\FrostWire\image_cache\static.frostwire.com\images\banners folder moved successfully. C:\Users\Owner\AppData\Roaming\FrostWire\image_cache\static.frostwire.com\images folder moved successfully. C:\Users\Owner\AppData\Roaming\FrostWire\image_cache\static.frostwire.com folder moved successfully. C:\Users\Owner\AppData\Roaming\FrostWire\image_cache\farm6.static.flickr.com\5128 folder moved successfully. C:\Users\Owner\AppData\Roaming\FrostWire\image_cache\farm6.static.flickr.com\5047 folder moved successfully. C:\Users\Owner\AppData\Roaming\FrostWire\image_cache\farm6.static.flickr.com folder moved successfully. C:\Users\Owner\AppData\Roaming\FrostWire\image_cache\farm5.static.flickr.com\4147 folder moved successfully. C:\Users\Owner\AppData\Roaming\FrostWire\image_cache\farm5.static.flickr.com\4089 folder moved successfully. C:\Users\Owner\AppData\Roaming\FrostWire\image_cache\farm5.static.flickr.com\4084 folder moved successfully. C:\Users\Owner\AppData\Roaming\FrostWire\image_cache\farm5.static.flickr.com\4055 folder moved successfully. C:\Users\Owner\AppData\Roaming\FrostWire\image_cache\farm5.static.flickr.com\4047 folder moved successfully. C:\Users\Owner\AppData\Roaming\FrostWire\image_cache\farm5.static.flickr.com\4028 folder moved successfully. C:\Users\Owner\AppData\Roaming\FrostWire\image_cache\farm5.static.flickr.com folder moved successfully. C:\Users\Owner\AppData\Roaming\FrostWire\image_cache\farm2.static.flickr.com\1218 folder moved successfully. C:\Users\Owner\AppData\Roaming\FrostWire\image_cache\farm2.static.flickr.com\1207 folder moved successfully. C:\Users\Owner\AppData\Roaming\FrostWire\image_cache\farm2.static.flickr.com folder moved successfully. C:\Users\Owner\AppData\Roaming\FrostWire\image_cache folder moved successfully. C:\Users\Owner\AppData\Roaming\FrostWire\azureus\torrents folder moved successfully. C:\Users\Owner\AppData\Roaming\FrostWire\azureus\tmp folder moved successfully. C:\Users\Owner\AppData\Roaming\FrostWire\azureus\plugins folder moved successfully. C:\Users\Owner\AppData\Roaming\FrostWire\azureus\net folder moved successfully. C:\Users\Owner\AppData\Roaming\FrostWire\azureus\logs\save folder moved successfully. C:\Users\Owner\AppData\Roaming\FrostWire\azureus\logs folder moved successfully. C:\Users\Owner\AppData\Roaming\FrostWire\azureus\dht folder moved successfully. C:\Users\Owner\AppData\Roaming\FrostWire\azureus\active folder moved successfully. C:\Users\Owner\AppData\Roaming\FrostWire\azureus folder moved successfully. C:\Users\Owner\AppData\Roaming\FrostWire\.NetworkShare\Incomplete folder moved successfully. C:\Users\Owner\AppData\Roaming\FrostWire\.NetworkShare folder moved successfully. C:\Users\Owner\AppData\Roaming\FrostWire\.AppSpecialShare folder moved successfully. C:\Users\Owner\AppData\Roaming\FrostWire folder moved successfully. C:\Users\Owner\AppData\Roaming\uTorrent\dlimagecache folder moved successfully. C:\Users\Owner\AppData\Roaming\uTorrent\apps folder moved successfully. C:\Users\Owner\AppData\Roaming\uTorrent folder moved successfully. ADS C:\ProgramData\TEMP:260575F1 deleted successfully. ADS C:\ProgramData\TEMP:0AC32449 deleted successfully. ========== FILES ========== File\Folder C:\Program Files\StartNow Toolbar not found. File\Folder C:\Program Files\Object not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Fries ->Temp folder emptied: 254682 bytes ->Temporary Internet Files folder emptied: 83994 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 49174953 bytes ->Google Chrome cache emptied: 369597808 bytes ->Flash cache emptied: 1001 bytes User: Owner ->Temp folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 6544 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 1945908 bytes Total Files Cleaned = 402.00 mb Restore point Set: OTL Restore Point HOSTS file reset successfully OTL by OldTimer - Version 3.2.43.0 log created on 05222012_184441 Files\Folders moved on Reboot... Registry entries deleted on Reboot... -
Having problems removing MyStart from Google Chrome
FOM05 replied to FOM05's topic in Resolved Malware Removal Logs
Sorry about that. New to this stuff. Thank You OTL logfile created on: 5/19/2012 5:26:26 PM - Run 3 OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Fries\Downloads Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.97 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 50.44% Memory free 6.13 Gb Paging File | 3.97 Gb Available in Paging File | 64.83% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 167.25 Gb Total Space | 54.79 Gb Free Space | 32.76% Space Free | Partition Type: NTFS Drive D: | 55.52 Gb Total Space | 50.69 Gb Free Space | 91.29% Space Free | Partition Type: NTFS Drive E: | 10.00 Gb Total Space | 2.37 Gb Free Space | 23.70% Space Free | Partition Type: NTFS Computer Name: FRIES-PC | User Name: Fries | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/05/17 15:53:47 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Fries\Downloads\OTL.exe PRC - [2012/05/08 23:04:54 | 001,240,048 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/03/27 19:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\6.2.0.9\ccSvcHst.exe PRC - [2012/01/14 13:23:03 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/03/03 20:52:00 | 003,410,576 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe PRC - [2011/03/03 20:52:00 | 000,948,880 | R--- | M] (Carbonite, Inc.) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe PRC - [2010/08/25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2009/04/07 09:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe PRC - [2009/03/20 01:24:52 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe PRC - [2009/01/26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe PRC - [2008/12/09 09:32:06 | 000,055,120 | ---- | M] (NewSoft Technology Corporation) -- C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.exe PRC - [2008/11/03 15:21:18 | 000,030,544 | ---- | M] (NewSoft Technology Corporation) -- C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe PRC - [2008/08/19 02:19:40 | 006,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008/08/19 02:19:38 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe PRC - [2008/07/20 17:45:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2008/07/20 17:45:06 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2008/05/24 14:34:28 | 000,026,448 | ---- | M] (NewSoft Technology Corporation) -- C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe PRC - [2008/05/23 14:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe PRC - [2007/02/13 18:57:06 | 002,655,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe PRC - [2006/10/31 10:32:09 | 000,194,240 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe PRC - [2005/03/18 19:17:02 | 000,098,304 | R--- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe PRC - [2005/03/16 13:32:48 | 000,397,312 | R--- | M] () -- C:\Windows\System32\zshp1020.exe ========== Modules (No Company Name) ========== MOD - [2012/05/08 23:04:52 | 000,441,840 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\19.0.1084.46\ppgooglenaclpluginchrome.dll MOD - [2012/05/08 23:04:51 | 003,921,904 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\19.0.1084.46\pdf.dll MOD - [2012/05/08 23:03:25 | 000,134,656 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\19.0.1084.46\avutil-51.dll MOD - [2012/05/08 23:03:24 | 000,250,368 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\19.0.1084.46\avformat-54.dll MOD - [2012/05/08 23:03:23 | 002,375,680 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\19.0.1084.46\avcodec-54.dll MOD - [2012/05/02 22:10:20 | 004,050,944 | ---- | M] () -- C:\Users\Fries\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.0.2\libGLESv2.dll MOD - [2012/05/02 22:10:20 | 000,100,864 | ---- | M] () -- C:\Users\Fries\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.0.2\libEGL.dll MOD - [2012/01/14 13:23:02 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011/07/31 14:16:25 | 006,271,648 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll MOD - [2011/05/28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll MOD - [2009/03/12 15:45:32 | 000,135,168 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll MOD - [2008/11/21 13:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService) SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/03/27 19:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe -- (N360) SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/03/03 20:52:00 | 003,410,576 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe -- (CarboniteService) SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc) SRV - [2008/08/19 02:19:38 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters) SRV - [2008/07/20 17:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel® SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007/02/13 18:57:06 | 002,655,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe -- (Norton Save and Restore) SRV - [2006/10/31 10:32:09 | 002,541,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate) SRV - [2006/10/31 10:32:09 | 000,194,240 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2012/05/17 05:33:07 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2012/05/16 15:32:26 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\IPSDefs\20120518.001\IDSvix86.sys -- (IDSVix86) DRV - [2012/05/16 01:00:00 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20120518.048\NAVEX15.SYS -- (NAVEX15) DRV - [2012/05/16 01:00:00 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20120518.048\NAVENG.SYS -- (NAVENG) DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012/04/03 21:44:36 | 000,821,880 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\BASHDefs\20120507.001\BHDrvx86.sys -- (BHDrvx86) DRV - [2012/03/29 02:28:37 | 000,345,208 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\N360\0602000.009\symtdiv.sys -- (SYMTDIv) DRV - [2012/03/29 02:28:30 | 000,905,336 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\0602010.005\symefa.sys -- (SymEFA) DRV - [2012/03/29 02:28:25 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\0602010.005\symds.sys -- (SymDS) DRV - [2012/03/29 02:06:25 | 000,149,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0602010.005\ironx86.sys -- (SymIRON) DRV - [2012/03/29 02:03:27 | 000,574,072 | R--- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\N360\0602000.009\srtsp.sys -- (SRTSP) DRV - [2012/03/29 02:03:27 | 000,032,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0602010.005\srtspx.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL) DRV - [2012/02/04 01:05:04 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2012/02/04 01:05:04 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2011/11/29 18:44:14 | 000,132,744 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0602010.005\ccsetx86.sys -- (ccSet_N360) DRV - [2008/08/26 13:55:14 | 000,112,128 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel® DRV - [2008/08/19 03:03:28 | 000,079,960 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID) DRV - [2008/08/19 03:02:56 | 000,027,648 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\RtNdPt60.sys -- (RtNdPt60) DRV - [2008/08/19 02:59:30 | 000,122,368 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2008/01/20 22:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel® DRV - [2007/02/13 19:06:36 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr) DRV - [2007/02/13 18:33:06 | 000,131,944 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\Windows\System32\drivers\symsnap.sys -- (symsnap) DRV - [2007/02/13 18:33:04 | 000,037,864 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\v2imount.sys -- (v2imount) DRV - [2007/02/13 18:30:28 | 000,014,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vproeventmonitor.sys -- (VProEventMonitor) DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{3C3D8634-B5B1-4479-B1C1-ACFEB0C308CD}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&Form=DLSDF7&pc=MDDS&src={referrer:source?} IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = A9 41 DA 12 D8 45 2A 43 AF 7B 2C 23 46 2B 50 0A [binary data] IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = A9 41 DA 12 D8 45 2A 43 AF 7B 2C 23 46 2B 50 0A [binary data] IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = A9 41 DA 12 D8 45 2A 43 AF 7B 2C 23 46 2B 50 0A [binary data] IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = A9 41 DA 12 D8 45 2A 43 AF 7B 2C 23 46 2B 50 0A [binary data] IE - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1 IE - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data over 100 bytes] IE - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.weather.com/weather/today/Holland+MI+49423 IE - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = A9 41 DA 12 D8 45 2A 43 AF 7B 2C 23 46 2B 50 0A [binary data] IE - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} IE - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\..\SearchScopes\{25D8ABA0-5F45-D212-4914-794A69246E1D}: "URL" = http://stp.startnow.com/s/?q={searchTerms}&src=defsearch&provider=bing&provider_name=bing&provider_code=Z087&partner_id=681&product_id=691&affiliate_id=&channel=137448221&toolbar_id=200&toolbar_version=2.1.0&install_country=US&install_date=20110706&user_guid=CEC1A0D947854B2D82F98CF7204D67CC&machine_id=1347b1185a639bc9b8c9a42a5c22d845&browser=IE&os=win&os_version=6.0-x86-SP1&iesrc={referrer:source} IE - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\..\SearchScopes\{3C3D8634-B5B1-4479-B1C1-ACFEB0C308CD}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&Form=DLSDF7&pc=MDDS&src={referrer:source?} IE - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\..\SearchScopes\{6E5D674B-B3A4-411F-AC58-66AD29850D6A}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} IE - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=retail&geo=US&ver=5 IE - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..keyword.URL: "http://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\IPSFFPlgn\ [2012/05/17 05:38:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\coFFPlgn\ [2012/05/17 16:30:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/17 14:13:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/16 21:37:42 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme [2011/07/03 11:46:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fries\AppData\Roaming\Mozilla\Extensions [2012/05/17 15:42:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fries\AppData\Roaming\Mozilla\Firefox\Profiles\pwqvf7pq.default\extensions [2011/07/30 19:59:14 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Fries\AppData\Roaming\Mozilla\Firefox\Profiles\pwqvf7pq.default\extensions\{052a9fe6-0e61-4fd4-b9aa-02b48fb5016f} [2011/07/06 12:26:35 | 000,002,293 | ---- | M] () -- C:\Users\Fries\AppData\Roaming\Mozilla\Firefox\Profiles\pwqvf7pq.default\searchplugins\bing-zugo.xml [2011/08/17 11:09:25 | 000,002,469 | ---- | M] () -- C:\Users\Fries\AppData\Roaming\Mozilla\Firefox\Profiles\pwqvf7pq.default\searchplugins\safesearch.xml [2012/04/27 10:29:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/04/27 10:29:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2012/05/17 05:38:07 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\IPSFFPLGN [2012/01/14 13:23:03 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/04/27 10:28:51 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011/08/17 16:37:37 | 000,151,552 | ---- | M] (PopCap Games) -- C:\Program Files\mozilla firefox\plugins\nppopcaploader.dll [2012/01/14 13:23:01 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old [2012/05/17 12:49:29 | 000,002,158 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\search.xml [2012/01/14 13:23:01 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - default_search_provider: Blekko (Enabled) CHR - default_search_provider: search_url = http://blekko.com/ws/?source=86adbc52&tbp=rbox&toolbarid=blekkotb_soc&u=20120517FA3F43DAA1B65C6BEF9A29DF&q={searchTerms} CHR - default_search_provider: suggest_url = CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.46\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.46\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.46\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\npSkypeChromePlugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: PopCap Games Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppopcaploader.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: Fish Tales = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\abbdnfclkomohljcfokofigmagkpelkg\1.0_0\ CHR - Extension: Prezi = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\acoonfmhnndodekhecidldfdjgooefpg\1.3_0\ CHR - Extension: Angry Birds = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\ CHR - Extension: YouTube = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Solitaire = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpebaehgfgkcmmjjknibibbjacnplim\1.3.9.3_0\ CHR - Extension: Roller Coaster Creator = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckhihkbbcgehhpibkdcanlmkhhokabde\1_0\ CHR - Extension: FARMERAMA = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\clkfdgnfefjmciocbhnffnbpkjpdleca\1.0.1_0\ CHR - Extension: Google Search = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Mahjongg = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\eegpopcingfghbompjfejakfeaolmbop\1.0.0.2_0\ CHR - Extension: Christmas Mahjong = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghmebaamjdfjkhaaifophgklodieiflm\1.0.0.1_0\ CHR - Extension: Picnik = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\inmnggcpelemfookhlhkdfbechcdadfp\1.0.6_0\ CHR - Extension: Cargo Bridge = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\keembkgclppcbilkekfgpobhldjjhpmn\1.5.7_0\ CHR - Extension: Gravity Duck = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\khpikpdaalmlcipfphefaajfiofglcma\1.2.0_0\ CHR - Extension: Click to call with Skype = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\ CHR - Extension: Norton Identity Protection = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.3.7_0\ CHR - Extension: Plants vs Zombies = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina\1.0.5_0\ CHR - Extension: Taulf = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohfiojbffhjhiijaedmibodkjnfbgbja\1.1.7.1_0\ CHR - Extension: Gmail = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ Hosts file not found O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\6.2.0.9\CoIEPlg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\6.2.0.9\IPS\IPSBHO.dll (Symantec Corporation) O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll File not found O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll File not found O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\6.2.0.9\CoIEPlg.dll (Symantec Corporation) O3 - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.) O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( ) O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Norton Save and Restore 2.0] C:\Program Files\Norton Save and Restore\Agent\VProTray.exe (Symantec Corporation) O4 - HKLM..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe (Hewlett-Packard) O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [WrtMon.exe] C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe (NewSoft Technology Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003..\Run: [EPSON WorkForce 610 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFJA.EXE (SEIKO EPSON CORPORATION) O4 - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003..\Run: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe File not found O4 - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003..\Run: [PMSpeed] C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.exe (NewSoft Technology Corporation) O4 - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - Startup: C:\Users\Fries\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk = File not found O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Fries\Desktop\PartyPoker.lnk () O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Fries\Desktop\PartyPoker.lnk () O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\..Trusted Domains: localhost ([]* in Local intranet) O16 - DPF: {195B4BBF-E1E4-4020-9773-0A8C6F65EA35} http://games.bigfishgames.com/en_cooking-dash/online/CookingDashWeb.1.0.0.9.cab (CPlayFirstCookingDasControl Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0EF78444-1781-43DE-8C04-07B550DE9930}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img22.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img22.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{18ea9c1f-ac7e-11e0-8790-0024e802bfde}\Shell - "" = AutoRun O33 - MountPoints2\{18ea9c1f-ac7e-11e0-8790-0024e802bfde}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL L:\TL-Bootstrap.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012/05/17 15:40:39 | 000,000,000 | ---D | C] -- C:\_OTL [2012/05/13 03:02:22 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012/04/27 10:29:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [1 C:\Users\Fries\Desktop\*.tmp files -> C:\Users\Fries\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/05/19 16:55:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/05/19 10:55:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/05/19 10:36:36 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012/05/19 10:36:36 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012/05/18 17:55:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cc5237af31225b.job [2012/05/17 16:35:29 | 000,653,876 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/05/17 16:35:29 | 000,122,330 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/05/17 16:30:14 | 000,000,276 | ---- | M] () -- C:\Windows\tasks\RtlNICDiagVistaStart.job [2012/05/17 16:30:10 | 3184,496,640 | -HS- | M] () -- C:\hiberfil.sys [2012/05/17 13:45:11 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/05/17 06:44:53 | 000,008,942 | ---- | M] () -- C:\Windows\System32\drivers\N360\0602000.009\VT20120410.034 [2012/05/17 05:36:06 | 000,002,041 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk [2012/05/17 05:35:56 | 001,868,029 | ---- | M] () -- C:\Windows\System32\drivers\N360\0602000.009\Cat.DB [2012/05/17 05:33:07 | 000,141,944 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS [2012/05/17 05:33:07 | 000,007,468 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT [2012/05/17 05:33:07 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF [2012/05/16 05:57:57 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012/05/13 03:45:26 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\N360\0602010.005\isolate.ini [2012/05/02 17:20:40 | 003,142,965 | ---- | M] () -- C:\Users\Fries\Documents\deColores1.tif [2012/05/02 16:27:45 | 000,015,872 | ---- | M] () -- C:\Users\Fries\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [1 C:\Users\Fries\Desktop\*.tmp files -> C:\Users\Fries\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/05/17 13:45:11 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/05/02 17:20:39 | 003,142,965 | ---- | C] () -- C:\Users\Fries\Documents\deColores1.tif [2011/10/11 22:17:53 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2011/08/18 21:39:02 | 000,000,021 | ---- | C] () -- C:\Windows\CS_SETUP.ini [2011/08/16 20:02:50 | 011,950,639 | ---- | C] () -- C:\Users\Fries\AppData\Roaming\SMRBackup200.dat [2011/07/31 07:37:22 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI [2011/07/30 23:13:59 | 000,015,872 | ---- | C] () -- C:\Users\Fries\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/07/23 11:21:47 | 000,010,954 | -HS- | C] () -- C:\Users\Fries\AppData\Local\rxdydebmvxi87736f41 [2011/07/23 08:14:07 | 000,000,112 | ---- | C] () -- C:\ProgramData\RoGPY6CcA.dat [2011/07/23 04:04:18 | 000,010,954 | -HS- | C] () -- C:\ProgramData\rxdydebmvxi87736f41 [2011/07/22 23:52:52 | 000,008,908 | ---- | C] () -- C:\Users\Fries\AppData\Roaming\39B0.3B9 [2011/07/06 11:11:51 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2011/07/06 11:11:51 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2011/07/06 11:11:51 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2011/07/06 11:11:51 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2011/07/06 11:11:51 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2011/07/06 11:11:51 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2011/07/06 11:11:51 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2011/07/06 11:11:51 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2011/07/06 11:11:51 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2011/07/06 11:11:51 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2011/07/06 11:11:51 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2011/07/06 11:11:51 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2011/07/06 11:11:51 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2011/07/06 11:11:51 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2011/07/06 11:11:51 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2011/07/06 11:11:51 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2011/07/06 11:10:58 | 000,000,090 | ---- | C] () -- C:\Windows\EPWF610.ini [2011/07/04 13:36:52 | 000,397,312 | R--- | C] () -- C:\Windows\System32\zshp1020.exe [2011/07/04 13:36:52 | 000,106,496 | R--- | C] () -- C:\Windows\System32\vshp1020.dll [2011/06/29 17:18:56 | 000,006,756 | ---- | C] () -- C:\Users\Fries\AppData\Local\d3d9caps.dat ========== LOP Check ========== [2012/05/17 16:30:44 | 000,000,000 | ---D | M] -- C:\Users\Fries\AppData\Roaming\.oit [2011/11/20 22:52:45 | 000,000,000 | ---D | M] -- C:\Users\Fries\AppData\Roaming\Azureus [2011/07/08 07:36:07 | 000,000,000 | ---D | M] -- C:\Users\Fries\AppData\Roaming\Epson [2012/02/24 20:17:01 | 000,000,000 | ---D | M] -- C:\Users\Fries\AppData\Roaming\gtk-2.0 [2011/07/06 11:26:42 | 000,000,000 | ---D | M] -- C:\Users\Fries\AppData\Roaming\Leadertech [2011/11/20 23:05:01 | 000,000,000 | ---D | M] -- C:\Users\Fries\AppData\Roaming\MusicNet [2012/02/02 12:10:06 | 000,000,000 | ---D | M] -- C:\Users\Fries\AppData\Roaming\Spotify [2011/06/30 22:22:25 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\.oit [2011/06/29 20:31:11 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Epson [2011/07/01 21:32:20 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\FrostWire [2011/06/29 20:31:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GetRightToGo [2011/06/29 20:31:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Leadertech [2011/06/29 20:33:45 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Netgear Live Parental Controls [2011/07/01 21:33:40 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Research In Motion [2011/07/01 21:34:20 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\uTorrent [2012/05/17 16:30:14 | 000,000,276 | ---- | M] () -- C:\Windows\Tasks\RtlNICDiagVistaStart.job [2012/05/17 16:29:10 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:260575F1 @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0AC32449 < End of report > OTL Extras logfile created on: 5/17/2012 3:10:16 PM - Run 1 OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Fries\Downloads Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.97 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 43.47% Memory free 6.13 Gb Paging File | 4.38 Gb Available in Paging File | 71.49% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 167.25 Gb Total Space | 53.45 Gb Free Space | 31.96% Space Free | Partition Type: NTFS Drive D: | 55.52 Gb Total Space | 50.69 Gb Free Space | 91.29% Space Free | Partition Type: NTFS Drive E: | 10.00 Gb Total Space | 2.37 Gb Free Space | 23.70% Space Free | Partition Type: NTFS Computer Name: FRIES-PC | User Name: Fries | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_USERS\S-1-5-21-4068806776-3580623919-1700608804-1003\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{C021E471-7F0A-46D5-A5BB-72CFB626E241}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{037943B2-3946-4002-825C-D3F7503E50DA}" = protocol=6 | dir=in | app=c:\program files\frostwire 5\frostwire.exe | "{0DC02A08-E69A-4A8A-B531-DD72182736B5}" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | "{5544960D-EA64-4388-93B0-6FF05D33E01E}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe | "{5B79B9CB-97D3-45A2-9320-6C8679975221}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{5EB33021-2B58-4076-A5B4-229CB87DBF0F}" = dir=in | app=c:\program files\itunes\itunes.exe | "{6CCE314C-CAC5-4469-B3DA-F598813FB0EC}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe | "{6FB01D80-7AC1-4E21-8AA1-1566CAB87C7E}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe | "{733407E5-0354-4BB9-AABC-FBEA1D9D42D7}" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | "{752093A9-DEFC-4C59-AAB1-FBEDA87710DB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{833819E8-6C4C-46E2-A22F-2985A85DDC37}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{9E7877AD-71E1-49F7-886F-A69A6190BA72}" = protocol=6 | dir=in | app=c:\program files\microsoft games\halo 2\halo2.exe | "{9E85C507-B509-4B9A-B051-9CE404771D18}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe | "{AEE14C75-F17D-4325-8D18-7B321F493E95}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe | "{B24F78F0-D22A-48C3-8BE7-1FDA3C53DCBE}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{B4D6F29F-3F0F-4181-8D14-0C92CE8C4F7D}" = protocol=17 | dir=in | app=c:\program files\frostwire 5\frostwire.exe | "{B6F19156-F38C-4D22-ABD6-B1B56D0D5DAA}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe | "{C78D7CAE-938F-42DA-8940-6BA64B66C794}" = protocol=17 | dir=in | app=c:\program files\microsoft games\halo 2\halo2.exe | "{DF6364E8-1EB8-44C7-923B-968516179460}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "TCP Query User{9613C429-CBEB-4E5B-8E53-5C9B21929B8C}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | "UDP Query User{D515B137-19FB-4B75-8318-1584A93B6EB1}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR "{01A1A019-E1D8-482A-BE17-5E118D17C0A0}" = ArcSoft Print Creations - Brochures & Flyers "{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools "{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant "{0CA38F52-F0FA-4B9F-8A36-EC8A9609FBBC}" = Halo 2 for Windows Vista "{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility "{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FECF5F8-8E75-432C-9FF7-1C04F1956B54}" = Realtek Ethernet Network Card Diagnostic tool for Windows Vista "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31 "{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager "{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer "{37F964E4-9C3F-4066-B933-1747D3AC6737}" = Personal Entertainment Launcher "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English) "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{73CD9967-000C-49C6-A900-C87D5B2D253F}" = Presto! PageManager 8.15.01 SE "{75685CA8-0B74-45BB-9C64-744A0FB79EDC}" = Business Tools Launcher "{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable "{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio "{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack "{8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763}" = iMesh "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESSR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_SMALLBUSINESSR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components "{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007 "{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3) "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{B0255743-165B-4BD5-8DA8-37DFB993B201}" = Norton Save and Restore "{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2 "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype "{B8ABB25D-1E30-4ED7-A3CE-0F8BED439647}" = Product Support Launcher "{BC66FD90-7BF4-4026-8119-04161D02A2F3}" = ArcSoft Print Creations "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE "{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{DF68383B-A940-4ABD-87FF-1D969F2B938B}" = Dell DataSafe "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center "{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer "{EA4741F4-5BEC-4E6C-B5A3-6E4C1F2C68E8}" = CASIO USB Driver V1.4.200.0407 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F57D8342-E2E4-46F4-915A-F50817CBCB45}" = ArcSoft Software Suite "{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "7-Zip" = 7-Zip 9.20 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "BFGC" = Big Fish Games Client "BFG-Hidden Expedition - Amazon" = Hidden Expedition: Amazon ™ "BFG-Mystery Case Files - Ravenhearst" = Mystery Case Files: Ravenhearst ® "Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2 "Carbonite Backup" = Carbonite "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "EPSON PC-FAX Driver 2" = Epson PC-FAX Driver "EPSON Scanner" = EPSON Scan "EPSON WorkForce 610 Series" = EPSON WorkForce 610 Series Printer Uninstall "facetheme" = Facetheme "ffdshow_is1" = ffdshow [rev 2527] [2008-12-19] "FrostWire 5" = FrostWire 5.3.2 "Google Chrome" = Google Chrome "Halo 2" = Halo 2 for Windows Vista "HDMI" = Intel® Graphics Media Accelerator Driver "HP-LaserJet 1020 series" = LaserJet 1020 series "iMesh" = iMesh "LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US) "MSPUB5" = Microsoft Publisher 98 "N360" = Norton 360 "NBRTWizard" = Norton Bootable Recovery Tool Wizard "OrderReminder HP LaserJet 1020" = OrderReminder HP LaserJet 1020 "PartyPoker" = PartyPoker "Plants vs. Zombies" = Plants vs. Zombies "PokerStars.net" = PokerStars.net "PopCap Browser Plugin" = PopCap Browser Plugin "SMALLBUSINESSR" = Microsoft Office Small Business 2007 "Verizon V CAST Media Manager" = Verizon V CAST Media Manager "WinGimp-2.0_is1" = GIMP 2.6.11 "WinRAR archiver" = WinRAR 4.01 (32-bit) "YTdetect" = Yahoo! Detect ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-4068806776-3580623919-1700608804-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Spotify" = Spotify ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report ></key></extension></extension> -
Having problems removing MyStart from Google Chrome
FOM05 replied to FOM05's topic in Resolved Malware Removal Logs
<p> </p> <div>OTL logfile created on: 5/19/2012 5:26:26 PM - Run 3</div> <div>OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Fries\Downloads</div> <div>Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation</div> <div>Internet Explorer (Version = 7.0.6001.18000)</div> <div>Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy</div> <div> </div> <div>2.97 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 50.44% Memory free</div> <div>6.13 Gb Paging File | 3.97 Gb Available in Paging File | 64.83% Paging File free</div> <div>Paging file location(s): ?:\pagefile.sys [binary data]</div> <div> </div> <div>%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files</div> <div>Drive C: | 167.25 Gb Total Space | 54.79 Gb Free Space | 32.76% Space Free | Partition Type: NTFS</div> <div>Drive D: | 55.52 Gb Total Space | 50.69 Gb Free Space | 91.29% Space Free | Partition Type: NTFS</div> <div>Drive E: | 10.00 Gb Total Space | 2.37 Gb Free Space | 23.70% Space Free | Partition Type: NTFS</div> <div> </div> <div>Computer Name: FRIES-PC | User Name: Fries | Logged in as Administrator.</div> <div>Boot Mode: Normal | Scan Mode: All users | Quick Scan</div> <div>Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days</div> <div> </div> <div>========== Processes (SafeList) ==========</div> <div> </div> <div>PRC - [2012/05/17 15:53:47 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Fries\Downloads\OTL.exe</div> <div>PRC - [2012/05/08 23:04:54 | 001,240,048 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe</div> <div>PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe</div> <div>PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe</div> <div>PRC - [2012/03/27 19:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\6.2.0.9\ccSvcHst.exe</div> <div>PRC - [2012/01/14 13:23:03 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe</div> <div>PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe</div> <div>PRC - [2011/03/03 20:52:00 | 003,410,576 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe</div> <div>PRC - [2011/03/03 20:52:00 | 000,948,880 | R--- | M] (Carbonite, Inc.) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe</div> <div>PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe</div> <div>PRC - [2010/08/25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac</div> <div>PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe</div> <div>PRC - [2009/04/07 09:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe</div> <div>PRC - [2009/03/20 01:24:52 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe</div> <div>PRC - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe</div> <div>PRC - [2009/01/26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe</div> <div>PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe</div> <div>PRC - [2008/12/09 09:32:06 | 000,055,120 | ---- | M] (NewSoft Technology Corporation) -- C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.exe</div> <div>PRC - [2008/11/03 15:21:18 | 000,030,544 | ---- | M] (NewSoft Technology Corporation) -- C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe</div> <div>PRC - [2008/08/19 02:19:40 | 006,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe</div> <div>PRC - [2008/08/19 02:19:38 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe</div> <div>PRC - [2008/07/20 17:45:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe</div> <div>PRC - [2008/07/20 17:45:06 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe</div> <div>PRC - [2008/05/24 14:34:28 | 000,026,448 | ---- | M] (NewSoft Technology Corporation) -- C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe</div> <div>PRC - [2008/05/23 14:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe</div> <div>PRC - [2007/02/13 18:57:06 | 002,655,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe</div> <div>PRC - [2006/10/31 10:32:09 | 000,194,240 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe</div> <div>PRC - [2005/03/18 19:17:02 | 000,098,304 | R--- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe</div> <div>PRC - [2005/03/16 13:32:48 | 000,397,312 | R--- | M] () -- C:\Windows\System32\zshp1020.exe</div> <div> </div> <div> </div> <div>========== Modules (No Company Name) ==========</div> <div> </div> <div>MOD - [2012/05/08 23:04:52 | 000,441,840 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\19.0.1084.46\ppgooglenaclpluginchrome.dll</div> <div>MOD - [2012/05/08 23:04:51 | 003,921,904 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\19.0.1084.46\pdf.dll</div> <div>MOD - [2012/05/08 23:03:25 | 000,134,656 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\19.0.1084.46\avutil-51.dll</div> <div>MOD - [2012/05/08 23:03:24 | 000,250,368 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\19.0.1084.46\avformat-54.dll</div> <div>MOD - [2012/05/08 23:03:23 | 002,375,680 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\19.0.1084.46\avcodec-54.dll</div> <div>MOD - [2012/05/02 22:10:20 | 004,050,944 | ---- | M] () -- C:\Users\Fries\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.0.2\libGLESv2.dll</div> <div>MOD - [2012/05/02 22:10:20 | 000,100,864 | ---- | M] () -- C:\Users\Fries\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.0.2\libEGL.dll</div> <div>MOD - [2012/01/14 13:23:02 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll</div> <div>MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll</div> <div>MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll</div> <div>MOD - [2011/07/31 14:16:25 | 006,271,648 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll</div> <div>MOD - [2011/05/28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll</div> <div>MOD - [2009/03/12 15:45:32 | 000,135,168 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll</div> <div>MOD - [2008/11/21 13:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll</div> <div> </div> <div> </div> <div>========== Win32 Services (SafeList) ==========</div> <div> </div> <div>SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)</div> <div>SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)</div> <div>SRV - [2012/03/27 19:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe -- (N360)</div> <div>SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)</div> <div>SRV - [2011/03/03 20:52:00 | 003,410,576 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe -- (CarboniteService)</div> <div>SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)</div> <div>SRV - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)</div> <div>SRV - [2008/08/19 02:19:38 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)</div> <div>SRV - [2008/07/20 17:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®</div> <div>SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)</div> <div>SRV - [2007/02/13 18:57:06 | 002,655,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe -- (Norton Save and Restore)</div> <div>SRV - [2006/10/31 10:32:09 | 002,541,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)</div> <div>SRV - [2006/10/31 10:32:09 | 000,194,240 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)</div> <div> </div> <div> </div> <div>========== Driver Services (SafeList) ==========</div> <div> </div> <div>DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)</div> <div>DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)</div> <div>DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)</div> <div>DRV - [2012/05/17 05:33:07 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)</div> <div>DRV - [2012/05/16 15:32:26 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\IPSDefs\20120518.001\IDSvix86.sys -- (IDSVix86)</div> <div>DRV - [2012/05/16 01:00:00 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20120518.048\NAVEX15.SYS -- (NAVEX15)</div> <div>DRV - [2012/05/16 01:00:00 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20120518.048\NAVENG.SYS -- (NAVENG)</div> <div>DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)</div> <div>DRV - [2012/04/03 21:44:36 | 000,821,880 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\BASHDefs\20120507.001\BHDrvx86.sys -- (BHDrvx86)</div> <div>DRV - [2012/03/29 02:28:37 | 000,345,208 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\N360\0602000.009\symtdiv.sys -- (SYMTDIv)</div> <div>DRV - [2012/03/29 02:28:30 | 000,905,336 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\0602010.005\symefa.sys -- (SymEFA)</div> <div>DRV - [2012/03/29 02:28:25 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\0602010.005\symds.sys -- (SymDS)</div> <div>DRV - [2012/03/29 02:06:25 | 000,149,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0602010.005\ironx86.sys -- (SymIRON)</div> <div>DRV - [2012/03/29 02:03:27 | 000,574,072 | R--- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\N360\0602000.009\srtsp.sys -- (SRTSP)</div> <div>DRV - [2012/03/29 02:03:27 | 000,032,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0602010.005\srtspx.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)</div> <div>DRV - [2012/02/04 01:05:04 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)</div> <div>DRV - [2012/02/04 01:05:04 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)</div> <div>DRV - [2011/11/29 18:44:14 | 000,132,744 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0602010.005\ccsetx86.sys -- (ccSet_N360)</div> <div>DRV - [2008/08/26 13:55:14 | 000,112,128 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®</div> <div>DRV - [2008/08/19 03:03:28 | 000,079,960 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID)</div> <div>DRV - [2008/08/19 03:02:56 | 000,027,648 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\RtNdPt60.sys -- (RtNdPt60)</div> <div>DRV - [2008/08/19 02:59:30 | 000,122,368 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)</div> <div>DRV - [2008/01/20 22:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®</div> <div>DRV - [2007/02/13 19:06:36 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)</div> <div>DRV - [2007/02/13 18:33:06 | 000,131,944 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\Windows\System32\drivers\symsnap.sys -- (symsnap)</div> <div>DRV - [2007/02/13 18:33:04 | 000,037,864 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\v2imount.sys -- (v2imount)</div> <div>DRV - [2007/02/13 18:30:28 | 000,014,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vproeventmonitor.sys -- (VProEventMonitor)</div> <div>DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)</div> <div> </div> <div> </div> <div>========== Standard Registry (SafeList) ==========</div> <div> </div> <div> </div> <div>========== Internet Explorer ==========</div> <div> </div> <div>IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm</div> <div>IE - HKLM\..\SearchScopes,DefaultScope = </div> <div>IE - HKLM\..\SearchScopes\{3C3D8634-B5B1-4479-B1C1-ACFEB0C308CD}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&Form=DLSDF7&pc=MDDS&src={referrer:source?}</div> <div> </div> <div> </div> <div>IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = A9 41 DA 12 D8 45 2A 43 AF 7B 2C 23 46 2B 50 0A [binary data]</div> <div>IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</div> <div> </div> <div>IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = A9 41 DA 12 D8 45 2A 43 AF 7B 2C 23 46 2B 50 0A [binary data]</div> <div>IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</div> <div> </div> <div>IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = A9 41 DA 12 D8 45 2A 43 AF 7B 2C 23 46 2B 50 0A [binary data]</div> <div> </div> <div>IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = A9 41 DA 12 D8 45 2A 43 AF 7B 2C 23 46 2B 50 0A [binary data]</div> <div> </div> <div>IE - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1</div> <div>IE - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data over 100 bytes]</div> <div>IE - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank</div> <div>IE - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.weather.com/weather/today/Holland+MI+49423</div> <div>IE - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1</div> <div>IE - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = A9 41 DA 12 D8 45 2A 43 AF 7B 2C 23 46 2B 50 0A [binary data]</div> <div>IE - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}</div> <div>IE - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\..\SearchScopes\{25D8ABA0-5F45-D212-4914-794A69246E1D}: "URL" = http://stp.startnow.com/s/?q={searchTerms}&src=defsearch&provider=bing&provider_name=bing&provider_code=Z087&partner_id=681&product_id=691&affiliate_id=&channel=137448221&toolbar_id=200&toolbar_version=2.1.0&install_country=US&install_date=20110706&user_guid=CEC1A0D947854B2D82F98CF7204D67CC&machine_id=1347b1185a639bc9b8c9a42a5c22d845&browser=IE&os=win&os_version=6.0-x86-SP1&iesrc={referrer:source}</div> <div>IE - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\..\SearchScopes\{3C3D8634-B5B1-4479-B1C1-ACFEB0C308CD}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&Form=DLSDF7&pc=MDDS&src={referrer:source?}</div> <div>IE - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\..\SearchScopes\{6E5D674B-B3A4-411F-AC58-66AD29850D6A}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}</div> <div>IE - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=retail&geo=US&ver=5</div> <div>IE - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</div> <div>IE - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local</div> <div> </div> <div>========== FireFox ==========</div> <div> </div> <div>FF - prefs.js..browser.search.defaultenginename: ""</div> <div>FF - prefs.js..browser.search.order.1: ""</div> <div>FF - prefs.js..browser.search.selectedEngine: ""</div> <div>FF - prefs.js..keyword.URL: "http://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q="</div> <div>FF - user.js - File not found</div> <div> </div> <div>FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()</div> <div>FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found</div> <div>FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()</div> <div>FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)</div> <div>FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)</div> <div>FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)</div> <div>FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)</div> <div>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)</div> <div>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)</div> <div>FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)</div> <div> </div> <div>FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme</div> <div>FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\IPSFFPlgn\ [2012/05/17 05:38:07 | 000,000,000 | ---D | M]</div> <div>FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\coFFPlgn\ [2012/05/17 16:30:26 | 000,000,000 | ---D | M]</div> <div>FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/17 14:13:31 | 000,000,000 | ---D | M]</div> <div>FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/16 21:37:42 | 000,000,000 | ---D | M]</div> <div>FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme</div> <div> </div> <div>[2011/07/03 11:46:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fries\AppData\Roaming\Mozilla\Extensions</div> <div>[2012/05/17 15:42:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fries\AppData\Roaming\Mozilla\Firefox\Profiles\pwqvf7pq.default\extensions</div> <div>[2011/07/30 19:59:14 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Fries\AppData\Roaming\Mozilla\Firefox\Profiles\pwqvf7pq.default\extensions\{052a9fe6-0e61-4fd4-b9aa-02b48fb5016f}</div> <div>[2011/07/06 12:26:35 | 000,002,293 | ---- | M] () -- C:\Users\Fries\AppData\Roaming\Mozilla\Firefox\Profiles\pwqvf7pq.default\searchplugins\bing-zugo.xml</div> <div>[2011/08/17 11:09:25 | 000,002,469 | ---- | M] () -- C:\Users\Fries\AppData\Roaming\Mozilla\Firefox\Profiles\pwqvf7pq.default\searchplugins\safesearch.xml</div> <div>[2012/04/27 10:29:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions</div> <div>[2012/04/27 10:29:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}</div> <div>[2012/05/17 05:38:07 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\IPSFFPLGN</div> <div>[2012/01/14 13:23:03 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll</div> <div>[2012/04/27 10:28:51 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll</div> <div>[2011/08/17 16:37:37 | 000,151,552 | ---- | M] (PopCap Games) -- C:\Program Files\mozilla firefox\plugins\nppopcaploader.dll</div> <div>[2012/01/14 13:23:01 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml</div> <div>[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old</div> <div>[2012/05/17 12:49:29 | 000,002,158 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\search.xml</div> <div>[2012/01/14 13:23:01 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml</div> <div> </div> <div>========== Chrome ==========</div> <div> </div> <div>CHR - default_search_provider: Blekko (Enabled)</div> <div>CHR - default_search_provider: search_url = http://blekko.com/ws/?source=86adbc52&tbp=rbox&toolbarid=blekkotb_soc&u=20120517FA3F43DAA1B65C6BEF9A29DF&q={searchTerms}</div> <div>CHR - default_search_provider: suggest_url = </div> <div>CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer</div> <div>CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.46\ppGoogleNaClPluginChrome.dll</div> <div>CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.46\pdf.dll</div> <div>CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.46\gcswf32.dll</div> <div>CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll</div> <div>CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll</div> <div>CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\npSkypeChromePlugin.dll</div> <div>CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll</div> <div>CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll</div> <div>CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll</div> <div>CHR - plugin: PopCap Games Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppopcaploader.dll</div> <div>CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll</div> <div>CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll</div> <div>CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll</div> <div>CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll</div> <div>CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll</div> <div>CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll</div> <div>CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll</div> <div>CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll</div> <div>CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll</div> <div>CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll</div> <div>CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll</div> <div>CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll</div> <div>CHR - Extension: Fish Tales = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\abbdnfclkomohljcfokofigmagkpelkg\1.0_0\</div> <div>CHR - Extension: Prezi = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\acoonfmhnndodekhecidldfdjgooefpg\1.3_0\</div> <div>CHR - Extension: Angry Birds = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\</div> <div>CHR - Extension: YouTube = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\</div> <div>CHR - Extension: Solitaire = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpebaehgfgkcmmjjknibibbjacnplim\1.3.9.3_0\</div> <div>CHR - Extension: Roller Coaster Creator = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckhihkbbcgehhpibkdcanlmkhhokabde\1_0\</div> <div>CHR - Extension: FARMERAMA = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\clkfdgnfefjmciocbhnffnbpkjpdleca\1.0.1_0\</div> <div>CHR - Extension: Google Search = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\</div> <div>CHR - Extension: Mahjongg = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\eegpopcingfghbompjfejakfeaolmbop\1.0.0.2_0\</div> <div>CHR - Extension: Christmas Mahjong = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghmebaamjdfjkhaaifophgklodieiflm\1.0.0.1_0\</div> <div>CHR - Extension: Picnik = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\inmnggcpelemfookhlhkdfbechcdadfp\1.0.6_0\</div> <div>CHR - Extension: Cargo Bridge = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\keembkgclppcbilkekfgpobhldjjhpmn\1.5.7_0\</div> <div>CHR - Extension: Gravity Duck = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\khpikpdaalmlcipfphefaajfiofglcma\1.2.0_0\</div> <div>CHR - Extension: Click to call with Skype = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\</div> <div>CHR - Extension: Norton Identity Protection = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.3.7_0\</div> <div>CHR - Extension: Plants vs Zombies = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina\1.0.5_0\</div> <div>CHR - Extension: Taulf = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohfiojbffhjhiijaedmibodkjnfbgbja\1.1.7.1_0\</div> <div>CHR - Extension: Gmail = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\</div> <div> </div> <div>Hosts file not found</div> <div>O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)</div> <div>O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\6.2.0.9\CoIEPlg.dll (Symantec Corporation)</div> <div>O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\6.2.0.9\IPS\IPSBHO.dll (Symantec Corporation)</div> <div>O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll File not found</div> <div>O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)</div> <div>O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)</div> <div>O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll File not found</div> <div>O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\6.2.0.9\CoIEPlg.dll (Symantec Corporation)</div> <div>O3 - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.</div> <div>O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)</div> <div>O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)</div> <div>O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)</div> <div>O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )</div> <div>O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)</div> <div>O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)</div> <div>O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)</div> <div>O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)</div> <div>O4 - HKLM..\Run: [Norton Save and Restore 2.0] C:\Program Files\Norton Save and Restore\Agent\VProTray.exe (Symantec Corporation)</div> <div>O4 - HKLM..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe (Hewlett-Packard)</div> <div>O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)</div> <div>O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)</div> <div>O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)</div> <div>O4 - HKLM..\Run: [WrtMon.exe] C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe (NewSoft Technology Corporation)</div> <div>O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)</div> <div>O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)</div> <div>O4 - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003..\Run: [EPSON WorkForce 610 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFJA.EXE (SEIKO EPSON CORPORATION)</div> <div>O4 - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003..\Run: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe File not found</div> <div>O4 - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003..\Run: [PMSpeed] C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.exe (NewSoft Technology Corporation)</div> <div>O4 - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)</div> <div>O4 - Startup: C:\Users\Fries\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk = File not found</div> <div>O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)</div> <div>O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)</div> <div>O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Fries\Desktop\PartyPoker.lnk ()</div> <div>O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Fries\Desktop\PartyPoker.lnk ()</div> <div>O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)</div> <div>O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)</div> <div>O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)</div> <div>O13 - gopher Prefix: missing</div> <div>O15 - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\..Trusted Domains: localhost ([]* in Local intranet)</div> <div>O16 - DPF: {195B4BBF-E1E4-4020-9773-0A8C6F65EA35} http://games.bigfishgames.com/en_cooking-dash/online/CookingDashWeb.1.0.0.9.cab (CPlayFirstCookingDasControl Object)</div> <div>O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)</div> <div>O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)</div> <div>O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)</div> <div>O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1</div> <div>O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0EF78444-1781-43DE-8C04-07B550DE9930}: DhcpNameServer = 192.168.1.1</div> <div>O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)</div> <div>O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)</div> <div>O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)</div> <div>O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img22.jpg</div> <div>O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img22.jpg</div> <div>O32 - HKLM CDRom: AutoRun - 1</div> <div>O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]</div> <div>O33 - MountPoints2\{18ea9c1f-ac7e-11e0-8790-0024e802bfde}\Shell - "" = AutoRun</div> <div>O33 - MountPoints2\{18ea9c1f-ac7e-11e0-8790-0024e802bfde}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL L:\TL-Bootstrap.exe</div> <div>O34 - HKLM BootExecute: (autocheck autochk *)</div> <div>O35 - HKLM\..comfile [open] -- "%1" %*</div> <div>O35 - HKLM\..exefile [open] -- "%1" %*</div> <div>O37 - HKLM\...com [@ = comfile] -- "%1" %*</div> <div>O37 - HKLM\...exe [@ = exefile] -- "%1" %*</div> <div>O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)</div> <div>O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)</div> <div> </div> <div>========== Files/Folders - Created Within 30 Days ==========</div> <div> </div> <div>[2012/05/17 15:40:39 | 000,000,000 | ---D | C] -- C:\_OTL</div> <div>[2012/05/13 03:02:22 | 000,000,000 | -HSD | C] -- C:\Config.Msi</div> <div>[2012/04/27 10:29:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java</div> <div>[1 C:\Users\Fries\Desktop\*.tmp files -> C:\Users\Fries\Desktop\*.tmp -> ]</div> <div> </div> <div>========== Files - Modified Within 30 Days ==========</div> <div> </div> <div>[2012/05/19 16:55:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat</div> <div>[2012/05/19 10:55:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job</div> <div>[2012/05/19 10:36:36 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0</div> <div>[2012/05/19 10:36:36 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0</div> <div>[2012/05/18 17:55:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cc5237af31225b.job</div> <div>[2012/05/17 16:35:29 | 000,653,876 | ---- | M] () -- C:\Windows\System32\perfh009.dat</div> <div>[2012/05/17 16:35:29 | 000,122,330 | ---- | M] () -- C:\Windows\System32\perfc009.dat</div> <div>[2012/05/17 16:30:14 | 000,000,276 | ---- | M] () -- C:\Windows\tasks\RtlNICDiagVistaStart.job</div> <div>[2012/05/17 16:30:10 | 3184,496,640 | -HS- | M] () -- C:\hiberfil.sys</div> <div>[2012/05/17 13:45:11 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk</div> <div>[2012/05/17 06:44:53 | 000,008,942 | ---- | M] () -- C:\Windows\System32\drivers\N360\0602000.009\VT20120410.034</div> <div>[2012/05/17 05:36:06 | 000,002,041 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk</div> <div>[2012/05/17 05:35:56 | 001,868,029 | ---- | M] () -- C:\Windows\System32\drivers\N360\0602000.009\Cat.DB</div> <div>[2012/05/17 05:33:07 | 000,141,944 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS</div> <div>[2012/05/17 05:33:07 | 000,007,468 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT</div> <div>[2012/05/17 05:33:07 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF</div> <div>[2012/05/16 05:57:57 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk</div> <div>[2012/05/13 03:45:26 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\N360\0602010.005\isolate.ini</div> <div>[2012/05/02 17:20:40 | 003,142,965 | ---- | M] () -- C:\Users\Fries\Documents\deColores1.tif</div> <div>[2012/05/02 16:27:45 | 000,015,872 | ---- | M] () -- C:\Users\Fries\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini</div> <div>[1 C:\Users\Fries\Desktop\*.tmp files -> C:\Users\Fries\Desktop\*.tmp -> ]</div> <div> </div> <div>========== Files Created - No Company Name ==========</div> <div> </div> <div>[2012/05/17 13:45:11 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk</div> <div>[2012/05/02 17:20:39 | 003,142,965 | ---- | C] () -- C:\Users\Fries\Documents\deColores1.tif</div> <div>[2011/10/11 22:17:53 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll</div> <div>[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat</div> <div>[2011/08/18 21:39:02 | 000,000,021 | ---- | C] () -- C:\Windows\CS_SETUP.ini</div> <div>[2011/08/16 20:02:50 | 011,950,639 | ---- | C] () -- C:\Users\Fries\AppData\Roaming\SMRBackup200.dat</div> <div>[2011/07/31 07:37:22 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI</div> <div>[2011/07/30 23:13:59 | 000,015,872 | ---- | C] () -- C:\Users\Fries\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini</div> <div>[2011/07/23 11:21:47 | 000,010,954 | -HS- | C] () -- C:\Users\Fries\AppData\Local\rxdydebmvxi87736f41</div> <div>[2011/07/23 08:14:07 | 000,000,112 | ---- | C] () -- C:\ProgramData\RoGPY6CcA.dat</div> <div>[2011/07/23 04:04:18 | 000,010,954 | -HS- | C] () -- C:\ProgramData\rxdydebmvxi87736f41</div> <div>[2011/07/22 23:52:52 | 000,008,908 | ---- | C] () -- C:\Users\Fries\AppData\Roaming\39B0.3B9</div> <div>[2011/07/06 11:11:51 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat</div> <div>[2011/07/06 11:11:51 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat</div> <div>[2011/07/06 11:11:51 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat</div> <div>[2011/07/06 11:11:51 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat</div> <div>[2011/07/06 11:11:51 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat</div> <div>[2011/07/06 11:11:51 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat</div> <div>[2011/07/06 11:11:51 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat</div> <div>[2011/07/06 11:11:51 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat</div> <div>[2011/07/06 11:11:51 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat</div> <div>[2011/07/06 11:11:51 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat</div> <div>[2011/07/06 11:11:51 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat</div> <div>[2011/07/06 11:11:51 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat</div> <div>[2011/07/06 11:11:51 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat</div> <div>[2011/07/06 11:11:51 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat</div> <div>[2011/07/06 11:11:51 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat</div> <div>[2011/07/06 11:11:51 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini</div> <div>[2011/07/06 11:10:58 | 000,000,090 | ---- | C] () -- C:\Windows\EPWF610.ini</div> <div>[2011/07/04 13:36:52 | 000,397,312 | R--- | C] () -- C:\Windows\System32\zshp1020.exe</div> <div>[2011/07/04 13:36:52 | 000,106,496 | R--- | C] () -- C:\Windows\System32\vshp1020.dll</div> <div>[2011/06/29 17:18:56 | 000,006,756 | ---- | C] () -- C:\Users\Fries\AppData\Local\d3d9caps.dat</div> <div> </div> <div>========== LOP Check ==========</div> <div> </div> <div>[2012/05/17 16:30:44 | 000,000,000 | ---D | M] -- C:\Users\Fries\AppData\Roaming\.oit</div> <div>[2011/11/20 22:52:45 | 000,000,000 | ---D | M] -- C:\Users\Fries\AppData\Roaming\Azureus</div> <div>[2011/07/08 07:36:07 | 000,000,000 | ---D | M] -- C:\Users\Fries\AppData\Roaming\Epson</div> <div>[2012/02/24 20:17:01 | 000,000,000 | ---D | M] -- C:\Users\Fries\AppData\Roaming\gtk-2.0</div> <div>[2011/07/06 11:26:42 | 000,000,000 | ---D | M] -- C:\Users\Fries\AppData\Roaming\Leadertech</div> <div>[2011/11/20 23:05:01 | 000,000,000 | ---D | M] -- C:\Users\Fries\AppData\Roaming\MusicNet</div> <div>[2012/02/02 12:10:06 | 000,000,000 | ---D | M] -- C:\Users\Fries\AppData\Roaming\Spotify</div> <div>[2011/06/30 22:22:25 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\.oit</div> <div>[2011/06/29 20:31:11 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Epson</div> <div>[2011/07/01 21:32:20 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\FrostWire</div> <div>[2011/06/29 20:31:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GetRightToGo</div> <div>[2011/06/29 20:31:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Leadertech</div> <div>[2011/06/29 20:33:45 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Netgear Live Parental Controls</div> <div>[2011/07/01 21:33:40 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Research In Motion</div> <div>[2011/07/01 21:34:20 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\uTorrent</div> <div>[2012/05/17 16:30:14 | 000,000,276 | ---- | M] () -- C:\Windows\Tasks\RtlNICDiagVistaStart.job</div> <div>[2012/05/17 16:29:10 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT</div> <div> </div> <div>========== Purity Check ==========</div> <div> </div> <div> </div> <div> </div> <div>========== Alternate Data Streams ==========</div> <div> </div> <div>@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:260575F1</div> <div>@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0AC32449</div> <div> </div> <div>< End of report ></div> <div> </div> <div> <div>OTL Extras logfile created on: 5/17/2012 3:10:16 PM - Run 1</div> <div>OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Fries\Downloads</div> <div>Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation</div> <div>Internet Explorer (Version = 7.0.6001.18000)</div> <div>Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy</div> <div> </div> <div>2.97 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 43.47% Memory free</div> <div>6.13 Gb Paging File | 4.38 Gb Available in Paging File | 71.49% Paging File free</div> <div>Paging file location(s): ?:\pagefile.sys [binary data]</div> <div> </div> <div>%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files</div> <div>Drive C: | 167.25 Gb Total Space | 53.45 Gb Free Space | 31.96% Space Free | Partition Type: NTFS</div> <div>Drive D: | 55.52 Gb Total Space | 50.69 Gb Free Space | 91.29% Space Free | Partition Type: NTFS</div> <div>Drive E: | 10.00 Gb Total Space | 2.37 Gb Free Space | 23.70% Space Free | Partition Type: NTFS</div> <div> </div> <div>Computer Name: FRIES-PC | User Name: Fries | Logged in as Administrator.</div> <div>Boot Mode: Normal | Scan Mode: All users | Quick Scan</div> <div>Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days</div> <div> </div> <div>========== Extra Registry (SafeList) ==========</div> <div> </div> <div> </div> <div>========== File Associations ==========</div> <div> </div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]</div> <div>.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)</div> <div>.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)</div> <div>.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)</div> <div>.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l</div> <div> </div> <div>[HKEY_USERS\S-1-5-21-4068806776-3580623919-1700608804-1003\SOFTWARE\Classes\<extension>]</div> <div>.html [@ = ChromeHTML] -- Reg Error: Key error. File not found</div> <div> </div> <div>========== Shell Spawning ==========</div> <div> </div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]</div> <div>batfile [open] -- "%1" %*</div> <div>cmdfile [open] -- "%1" %*</div> <div>comfile [open] -- "%1" %*</div> <div>cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)</div> <div>exefile [open] -- "%1" %*</div> <div>helpfile [open] -- Reg Error: Key error.</div> <div>hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)</div> <div>http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)</div> <div>https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)</div> <div>inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)</div> <div>InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l</div> <div>piffile [open] -- "%1" %*</div> <div>regfile [merge] -- Reg Error: Key error.</div> <div>scrfile [config] -- "%1"</div> <div>scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l</div> <div>scrfile [open] -- "%1" /S</div> <div>txtfile [edit] -- Reg Error: Key error.</div> <div>Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1</div> <div>Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)</div> <div>Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)</div> <div>Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)</div> <div>Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)</div> <div>Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)</div> <div> </div> <div>========== Security Center Settings ==========</div> <div> </div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]</div> <div>"cval" = 1</div> <div> </div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]</div> <div> </div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]</div> <div>"AntiVirusOverride" = 0</div> <div>"AntiSpywareOverride" = 0</div> <div>"FirewallOverride" = 0</div> <div>"VistaSp1" = Reg Error: Unknown registry data type -- File not found</div> <div> </div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]</div> <div> </div> <div>========== Firewall Settings ==========</div> <div> </div> <div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]</div> <div>"EnableFirewall" = 0</div> <div>"DisableNotifications" = 0</div> <div> </div> <div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]</div> <div>"EnableFirewall" = 0</div> <div>"DisableNotifications" = 0</div> <div> </div> <div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]</div> <div>"EnableFirewall" = 0</div> <div>"DisableNotifications" = 0</div> <div> </div> <div>========== Authorized Applications List ==========</div> <div> </div> <div> </div> <div>========== Vista Active Open Ports Exception List ==========</div> <div> </div> <div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]</div> <div>"{C021E471-7F0A-46D5-A5BB-72CFB626E241}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | </div> <div> </div> <div>========== Vista Active Application Exception List ==========</div> <div> </div> <div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]</div> <div>"{037943B2-3946-4002-825C-D3F7503E50DA}" = protocol=6 | dir=in | app=c:\program files\frostwire 5\frostwire.exe | </div> <div>"{0DC02A08-E69A-4A8A-B531-DD72182736B5}" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | </div> <div>"{5544960D-EA64-4388-93B0-6FF05D33E01E}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe | </div> <div>"{5B79B9CB-97D3-45A2-9320-6C8679975221}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | </div> <div>"{5EB33021-2B58-4076-A5B4-229CB87DBF0F}" = dir=in | app=c:\program files\itunes\itunes.exe | </div> <div>"{6CCE314C-CAC5-4469-B3DA-F598813FB0EC}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe | </div> <div>"{6FB01D80-7AC1-4E21-8AA1-1566CAB87C7E}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe | </div> <div>"{733407E5-0354-4BB9-AABC-FBEA1D9D42D7}" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | </div> <div>"{752093A9-DEFC-4C59-AAB1-FBEDA87710DB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | </div> <div>"{833819E8-6C4C-46E2-A22F-2985A85DDC37}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | </div> <div>"{9E7877AD-71E1-49F7-886F-A69A6190BA72}" = protocol=6 | dir=in | app=c:\program files\microsoft games\halo 2\halo2.exe | </div> <div>"{9E85C507-B509-4B9A-B051-9CE404771D18}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe | </div> <div>"{AEE14C75-F17D-4325-8D18-7B321F493E95}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe | </div> <div>"{B24F78F0-D22A-48C3-8BE7-1FDA3C53DCBE}" = dir=in | app=c:\program files\skype\phone\skype.exe | </div> <div>"{B4D6F29F-3F0F-4181-8D14-0C92CE8C4F7D}" = protocol=17 | dir=in | app=c:\program files\frostwire 5\frostwire.exe | </div> <div>"{B6F19156-F38C-4D22-ABD6-B1B56D0D5DAA}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe | </div> <div>"{C78D7CAE-938F-42DA-8940-6BA64B66C794}" = protocol=17 | dir=in | app=c:\program files\microsoft games\halo 2\halo2.exe | </div> <div>"{DF6364E8-1EB8-44C7-923B-968516179460}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | </div> <div>"TCP Query User{9613C429-CBEB-4E5B-8E53-5C9B21929B8C}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | </div> <div>"UDP Query User{D515B137-19FB-4B75-8318-1584A93B6EB1}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | </div> <div> </div> <div>========== HKEY_LOCAL_MACHINE Uninstall List ==========</div> <div> </div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]</div> <div>"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR</div> <div>"{01A1A019-E1D8-482A-BE17-5E118D17C0A0}" = ArcSoft Print Creations - Brochures & Flyers</div> <div>"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools</div> <div>"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module</div> <div>"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant</div> <div>"{0CA38F52-F0FA-4B9F-8A36-EC8A9609FBBC}" = Halo 2 for Windows Vista</div> <div>"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility</div> <div>"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data</div> <div>"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148</div> <div>"{1FECF5F8-8E75-432C-9FF7-1C04F1956B54}" = Realtek Ethernet Network Card Diagnostic tool for Windows Vista</div> <div>"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool</div> <div>"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31</div> <div>"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes</div> <div>"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)</div> <div>"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager</div> <div>"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer</div> <div>"{37F964E4-9C3F-4066-B933-1747D3AC6737}" = Personal Entertainment Launcher</div> <div>"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile</div> <div>"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager</div> <div>"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater</div> <div>"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace</div> <div>"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies</div> <div>"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)</div> <div>"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime</div> <div>"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth</div> <div>"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy</div> <div>"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3</div> <div>"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD</div> <div>"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable</div> <div>"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable</div> <div>"{73CD9967-000C-49C6-A900-C87D5B2D253F}" = Presto! PageManager 8.15.01 SE</div> <div>"{75685CA8-0B74-45BB-9C64-744A0FB79EDC}" = Business Tools Launcher</div> <div>"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client</div> <div>"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com</div> <div>"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour</div> <div>"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide</div> <div>"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable</div> <div>"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio</div> <div>"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin</div> <div>"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight</div> <div>"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)</div> <div>"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack</div> <div>"{8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763}" = iMesh</div> <div>"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007</div> <div>"{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)</div> <div>"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007</div> <div>"{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)</div> <div>"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007</div> <div>"{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)</div> <div>"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007</div> <div>"{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)</div> <div>"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007</div> <div>"{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)</div> <div>"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007</div> <div>"{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)</div> <div>"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007</div> <div>"{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESSR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)</div> <div>"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007</div> <div>"{90120000-001F-0C0A-0000-0000000FF1CE}_SMALLBUSINESSR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)</div> <div>"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007</div> <div>"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007</div> <div>"{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)</div> <div>"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007</div> <div>"{90120000-0115-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)</div> <div>"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager</div> <div>"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components</div> <div>"{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007</div> <div>"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)</div> <div>"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting</div> <div>"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161</div> <div>"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support</div> <div>"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support</div> <div>"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper</div> <div>"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components</div> <div>"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5</div> <div>"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)</div> <div>"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9</div> <div>"{B0255743-165B-4BD5-8DA8-37DFB993B201}" = Norton Save and Restore</div> <div>"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2</div> <div>"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy</div> <div>"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype</div> <div>"{B8ABB25D-1E30-4ED7-A3CE-0F8BED439647}" = Product Support Launcher</div> <div>"{BC66FD90-7BF4-4026-8119-04161D02A2F3}" = ArcSoft Print Creations</div> <div>"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update</div> <div>"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE</div> <div>"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar</div> <div>"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1</div> <div>"{DF68383B-A940-4ABD-87FF-1D969F2B938B}" = Dell DataSafe</div> <div>"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center</div> <div>"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer</div> <div>"{EA4741F4-5BEC-4E6C-B5A3-6E4C1F2C68E8}" = CASIO USB Driver V1.4.200.0407</div> <div>"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver</div> <div>"{F57D8342-E2E4-46F4-915A-F50817CBCB45}" = ArcSoft Software Suite</div> <div>"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync</div> <div>"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022</div> <div>"7-Zip" = 7-Zip 9.20</div> <div>"Adobe AIR" = Adobe AIR</div> <div>"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX</div> <div>"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin</div> <div>"BFGC" = Big Fish Games Client</div> <div>"BFG-Hidden Expedition - Amazon" = Hidden Expedition: Amazon ™</div> <div>"BFG-Mystery Case Files - Ravenhearst" = Mystery Case Files: Ravenhearst ®</div> <div>"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2</div> <div>"Carbonite Backup" = Carbonite</div> <div>"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com</div> <div>"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver</div> <div>"EPSON Scanner" = EPSON Scan</div> <div>"EPSON WorkForce 610 Series" = EPSON WorkForce 610 Series Printer Uninstall</div> <div>"facetheme" = Facetheme</div> <div>"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]</div> <div>"FrostWire 5" = FrostWire 5.3.2</div> <div>"Google Chrome" = Google Chrome</div> <div>"Halo 2" = Halo 2 for Windows Vista</div> <div>"HDMI" = Intel® Graphics Media Accelerator Driver</div> <div>"HP-LaserJet 1020 series" = LaserJet 1020 series</div> <div>"iMesh" = iMesh</div> <div>"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)</div> <div>"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400</div> <div>"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1</div> <div>"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile</div> <div>"Microsoft SQL Server 2005" = Microsoft SQL Server 2005</div> <div>"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)</div> <div>"MSPUB5" = Microsoft Publisher 98</div> <div>"N360" = Norton 360</div> <div>"NBRTWizard" = Norton Bootable Recovery Tool Wizard</div> <div>"OrderReminder HP LaserJet 1020" = OrderReminder HP LaserJet 1020</div> <div>"PartyPoker" = PartyPoker</div> <div>"Plants vs. Zombies" = Plants vs. Zombies</div> <div>"PokerStars.net" = PokerStars.net</div> <div>"PopCap Browser Plugin" = PopCap Browser Plugin</div> <div>"SMALLBUSINESSR" = Microsoft Office Small Business 2007</div> <div>"Verizon V CAST Media Manager" = Verizon V CAST Media Manager</div> <div>"WinGimp-2.0_is1" = GIMP 2.6.11</div> <div>"WinRAR archiver" = WinRAR 4.01 (32-bit)</div> <div>"YTdetect" = Yahoo! Detect</div> <div> </div> <div>========== HKEY_USERS Uninstall List ==========</div> <div> </div> <div>[HKEY_USERS\S-1-5-21-4068806776-3580623919-1700608804-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]</div> <div>"Spotify" = Spotify</div> <div> </div> <div>========== Last 10 Event Log Errors ==========</div> <div> </div> <div>Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!</div> <div> </div> <div>< End of report ></div> <div> </div> </div> <div> </div>