Jump to content

FOM05

Members
  • Posts

    5
  • Joined

  • Last visited

Everything posted by FOM05

  1. Here is the last log. I opened Google Chrome before I did this post and it still used MyStart as the first page. All processes killed ========== OTL ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_USERS\S-1-5-21-4068806776-3580623919-1700608804-1003\Software\Microsoft\Internet Explorer\SearchScopes\{25D8ABA0-5F45-D212-4914-794A69246E1D}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25D8ABA0-5F45-D212-4914-794A69246E1D}\ not found. Registry key HKEY_USERS\S-1-5-21-4068806776-3580623919-1700608804-1003\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found. Prefs.js: "" removed from browser.search.defaultenginename Prefs.js: "" removed from browser.search.order.1 Prefs.js: "" removed from browser.search.selectedEngine File HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme not found. File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme not found. C:\Users\Fries\AppData\Roaming\Mozilla\Firefox\Profiles\pwqvf7pq.default\searchplugins\safesearch.xml moved successfully. C:\Program Files\Mozilla Firefox\searchplugins\search.xml moved successfully. Unable to fix default_search_provider items. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13D095-45C3-4271-9475-F3B48227DD9F}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5911488E-9D1E-40ec-8CBB-06B231CC153F} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\ deleted successfully. Registry value HKEY_USERS\S-1-5-21-4068806776-3580623919-1700608804-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found. C:\Users\Fries\AppData\Roaming\Azureus folder moved successfully. C:\Users\Owner\AppData\Roaming\FrostWire\xml\data folder moved successfully. C:\Users\Owner\AppData\Roaming\FrostWire\xml folder moved successfully. C:\Users\Owner\AppData\Roaming\FrostWire\themes\frostwirePro_theme folder moved successfully. C:\Users\Owner\AppData\Roaming\FrostWire\themes folder moved successfully. C:\Users\Owner\AppData\Roaming\FrostWire\overlays folder moved successfully. C:\Users\Owner\AppData\Roaming\FrostWire\image_cache\static.frostwire.com\images\banners folder moved successfully. C:\Users\Owner\AppData\Roaming\FrostWire\image_cache\static.frostwire.com\images folder moved successfully. C:\Users\Owner\AppData\Roaming\FrostWire\image_cache\static.frostwire.com folder moved successfully. C:\Users\Owner\AppData\Roaming\FrostWire\image_cache\farm6.static.flickr.com\5128 folder moved successfully. C:\Users\Owner\AppData\Roaming\FrostWire\image_cache\farm6.static.flickr.com\5047 folder moved successfully. C:\Users\Owner\AppData\Roaming\FrostWire\image_cache\farm6.static.flickr.com folder moved successfully. C:\Users\Owner\AppData\Roaming\FrostWire\image_cache\farm5.static.flickr.com\4147 folder moved successfully. C:\Users\Owner\AppData\Roaming\FrostWire\image_cache\farm5.static.flickr.com\4089 folder moved successfully. C:\Users\Owner\AppData\Roaming\FrostWire\image_cache\farm5.static.flickr.com\4084 folder moved successfully. C:\Users\Owner\AppData\Roaming\FrostWire\image_cache\farm5.static.flickr.com\4055 folder moved successfully. C:\Users\Owner\AppData\Roaming\FrostWire\image_cache\farm5.static.flickr.com\4047 folder moved successfully. C:\Users\Owner\AppData\Roaming\FrostWire\image_cache\farm5.static.flickr.com\4028 folder moved successfully. C:\Users\Owner\AppData\Roaming\FrostWire\image_cache\farm5.static.flickr.com folder moved successfully. C:\Users\Owner\AppData\Roaming\FrostWire\image_cache\farm2.static.flickr.com\1218 folder moved successfully. C:\Users\Owner\AppData\Roaming\FrostWire\image_cache\farm2.static.flickr.com\1207 folder moved successfully. C:\Users\Owner\AppData\Roaming\FrostWire\image_cache\farm2.static.flickr.com folder moved successfully. C:\Users\Owner\AppData\Roaming\FrostWire\image_cache folder moved successfully. C:\Users\Owner\AppData\Roaming\FrostWire\azureus\torrents folder moved successfully. C:\Users\Owner\AppData\Roaming\FrostWire\azureus\tmp folder moved successfully. C:\Users\Owner\AppData\Roaming\FrostWire\azureus\plugins folder moved successfully. C:\Users\Owner\AppData\Roaming\FrostWire\azureus\net folder moved successfully. C:\Users\Owner\AppData\Roaming\FrostWire\azureus\logs\save folder moved successfully. C:\Users\Owner\AppData\Roaming\FrostWire\azureus\logs folder moved successfully. C:\Users\Owner\AppData\Roaming\FrostWire\azureus\dht folder moved successfully. C:\Users\Owner\AppData\Roaming\FrostWire\azureus\active folder moved successfully. C:\Users\Owner\AppData\Roaming\FrostWire\azureus folder moved successfully. C:\Users\Owner\AppData\Roaming\FrostWire\.NetworkShare\Incomplete folder moved successfully. C:\Users\Owner\AppData\Roaming\FrostWire\.NetworkShare folder moved successfully. C:\Users\Owner\AppData\Roaming\FrostWire\.AppSpecialShare folder moved successfully. C:\Users\Owner\AppData\Roaming\FrostWire folder moved successfully. C:\Users\Owner\AppData\Roaming\uTorrent\dlimagecache folder moved successfully. C:\Users\Owner\AppData\Roaming\uTorrent\apps folder moved successfully. C:\Users\Owner\AppData\Roaming\uTorrent folder moved successfully. ADS C:\ProgramData\TEMP:260575F1 deleted successfully. ADS C:\ProgramData\TEMP:0AC32449 deleted successfully. ========== FILES ========== File\Folder C:\Program Files\StartNow Toolbar not found. File\Folder C:\Program Files\Object not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Fries ->Temp folder emptied: 254682 bytes ->Temporary Internet Files folder emptied: 83994 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 49174953 bytes ->Google Chrome cache emptied: 369597808 bytes ->Flash cache emptied: 1001 bytes User: Owner ->Temp folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 6544 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 1945908 bytes Total Files Cleaned = 402.00 mb Restore point Set: OTL Restore Point HOSTS file reset successfully OTL by OldTimer - Version 3.2.43.0 log created on 05222012_184441 Files\Folders moved on Reboot... Registry entries deleted on Reboot...
  2. Sorry about that. New to this stuff. Thank You OTL logfile created on: 5/19/2012 5:26:26 PM - Run 3 OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Fries\Downloads Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.97 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 50.44% Memory free 6.13 Gb Paging File | 3.97 Gb Available in Paging File | 64.83% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 167.25 Gb Total Space | 54.79 Gb Free Space | 32.76% Space Free | Partition Type: NTFS Drive D: | 55.52 Gb Total Space | 50.69 Gb Free Space | 91.29% Space Free | Partition Type: NTFS Drive E: | 10.00 Gb Total Space | 2.37 Gb Free Space | 23.70% Space Free | Partition Type: NTFS Computer Name: FRIES-PC | User Name: Fries | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/05/17 15:53:47 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Fries\Downloads\OTL.exe PRC - [2012/05/08 23:04:54 | 001,240,048 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/03/27 19:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\6.2.0.9\ccSvcHst.exe PRC - [2012/01/14 13:23:03 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/03/03 20:52:00 | 003,410,576 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe PRC - [2011/03/03 20:52:00 | 000,948,880 | R--- | M] (Carbonite, Inc.) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe PRC - [2010/08/25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2009/04/07 09:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe PRC - [2009/03/20 01:24:52 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe PRC - [2009/01/26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe PRC - [2008/12/09 09:32:06 | 000,055,120 | ---- | M] (NewSoft Technology Corporation) -- C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.exe PRC - [2008/11/03 15:21:18 | 000,030,544 | ---- | M] (NewSoft Technology Corporation) -- C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe PRC - [2008/08/19 02:19:40 | 006,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008/08/19 02:19:38 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe PRC - [2008/07/20 17:45:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2008/07/20 17:45:06 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2008/05/24 14:34:28 | 000,026,448 | ---- | M] (NewSoft Technology Corporation) -- C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe PRC - [2008/05/23 14:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe PRC - [2007/02/13 18:57:06 | 002,655,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe PRC - [2006/10/31 10:32:09 | 000,194,240 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe PRC - [2005/03/18 19:17:02 | 000,098,304 | R--- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe PRC - [2005/03/16 13:32:48 | 000,397,312 | R--- | M] () -- C:\Windows\System32\zshp1020.exe ========== Modules (No Company Name) ========== MOD - [2012/05/08 23:04:52 | 000,441,840 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\19.0.1084.46\ppgooglenaclpluginchrome.dll MOD - [2012/05/08 23:04:51 | 003,921,904 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\19.0.1084.46\pdf.dll MOD - [2012/05/08 23:03:25 | 000,134,656 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\19.0.1084.46\avutil-51.dll MOD - [2012/05/08 23:03:24 | 000,250,368 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\19.0.1084.46\avformat-54.dll MOD - [2012/05/08 23:03:23 | 002,375,680 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\19.0.1084.46\avcodec-54.dll MOD - [2012/05/02 22:10:20 | 004,050,944 | ---- | M] () -- C:\Users\Fries\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.0.2\libGLESv2.dll MOD - [2012/05/02 22:10:20 | 000,100,864 | ---- | M] () -- C:\Users\Fries\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.0.2\libEGL.dll MOD - [2012/01/14 13:23:02 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011/07/31 14:16:25 | 006,271,648 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll MOD - [2011/05/28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll MOD - [2009/03/12 15:45:32 | 000,135,168 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll MOD - [2008/11/21 13:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService) SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/03/27 19:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe -- (N360) SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/03/03 20:52:00 | 003,410,576 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe -- (CarboniteService) SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc) SRV - [2008/08/19 02:19:38 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters) SRV - [2008/07/20 17:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel® SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007/02/13 18:57:06 | 002,655,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe -- (Norton Save and Restore) SRV - [2006/10/31 10:32:09 | 002,541,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate) SRV - [2006/10/31 10:32:09 | 000,194,240 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2012/05/17 05:33:07 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2012/05/16 15:32:26 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\IPSDefs\20120518.001\IDSvix86.sys -- (IDSVix86) DRV - [2012/05/16 01:00:00 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20120518.048\NAVEX15.SYS -- (NAVEX15) DRV - [2012/05/16 01:00:00 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20120518.048\NAVENG.SYS -- (NAVENG) DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012/04/03 21:44:36 | 000,821,880 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\BASHDefs\20120507.001\BHDrvx86.sys -- (BHDrvx86) DRV - [2012/03/29 02:28:37 | 000,345,208 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\N360\0602000.009\symtdiv.sys -- (SYMTDIv) DRV - [2012/03/29 02:28:30 | 000,905,336 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\0602010.005\symefa.sys -- (SymEFA) DRV - [2012/03/29 02:28:25 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\0602010.005\symds.sys -- (SymDS) DRV - [2012/03/29 02:06:25 | 000,149,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0602010.005\ironx86.sys -- (SymIRON) DRV - [2012/03/29 02:03:27 | 000,574,072 | R--- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\N360\0602000.009\srtsp.sys -- (SRTSP) DRV - [2012/03/29 02:03:27 | 000,032,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0602010.005\srtspx.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL) DRV - [2012/02/04 01:05:04 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2012/02/04 01:05:04 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2011/11/29 18:44:14 | 000,132,744 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0602010.005\ccsetx86.sys -- (ccSet_N360) DRV - [2008/08/26 13:55:14 | 000,112,128 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel® DRV - [2008/08/19 03:03:28 | 000,079,960 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID) DRV - [2008/08/19 03:02:56 | 000,027,648 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\RtNdPt60.sys -- (RtNdPt60) DRV - [2008/08/19 02:59:30 | 000,122,368 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2008/01/20 22:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel® DRV - [2007/02/13 19:06:36 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr) DRV - [2007/02/13 18:33:06 | 000,131,944 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\Windows\System32\drivers\symsnap.sys -- (symsnap) DRV - [2007/02/13 18:33:04 | 000,037,864 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\v2imount.sys -- (v2imount) DRV - [2007/02/13 18:30:28 | 000,014,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vproeventmonitor.sys -- (VProEventMonitor) DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{3C3D8634-B5B1-4479-B1C1-ACFEB0C308CD}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&Form=DLSDF7&pc=MDDS&src={referrer:source?} IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = A9 41 DA 12 D8 45 2A 43 AF 7B 2C 23 46 2B 50 0A [binary data] IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = A9 41 DA 12 D8 45 2A 43 AF 7B 2C 23 46 2B 50 0A [binary data] IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = A9 41 DA 12 D8 45 2A 43 AF 7B 2C 23 46 2B 50 0A [binary data] IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = A9 41 DA 12 D8 45 2A 43 AF 7B 2C 23 46 2B 50 0A [binary data] IE - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1 IE - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data over 100 bytes] IE - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.weather.com/weather/today/Holland+MI+49423 IE - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = A9 41 DA 12 D8 45 2A 43 AF 7B 2C 23 46 2B 50 0A [binary data] IE - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} IE - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\..\SearchScopes\{25D8ABA0-5F45-D212-4914-794A69246E1D}: "URL" = http://stp.startnow.com/s/?q={searchTerms}&src=defsearch&provider=bing&provider_name=bing&provider_code=Z087&partner_id=681&product_id=691&affiliate_id=&channel=137448221&toolbar_id=200&toolbar_version=2.1.0&install_country=US&install_date=20110706&user_guid=CEC1A0D947854B2D82F98CF7204D67CC&machine_id=1347b1185a639bc9b8c9a42a5c22d845&browser=IE&os=win&os_version=6.0-x86-SP1&iesrc={referrer:source} IE - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\..\SearchScopes\{3C3D8634-B5B1-4479-B1C1-ACFEB0C308CD}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&Form=DLSDF7&pc=MDDS&src={referrer:source?} IE - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\..\SearchScopes\{6E5D674B-B3A4-411F-AC58-66AD29850D6A}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} IE - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=retail&geo=US&ver=5 IE - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..keyword.URL: "http://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\IPSFFPlgn\ [2012/05/17 05:38:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\coFFPlgn\ [2012/05/17 16:30:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/17 14:13:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/16 21:37:42 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme [2011/07/03 11:46:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fries\AppData\Roaming\Mozilla\Extensions [2012/05/17 15:42:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fries\AppData\Roaming\Mozilla\Firefox\Profiles\pwqvf7pq.default\extensions [2011/07/30 19:59:14 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Fries\AppData\Roaming\Mozilla\Firefox\Profiles\pwqvf7pq.default\extensions\{052a9fe6-0e61-4fd4-b9aa-02b48fb5016f} [2011/07/06 12:26:35 | 000,002,293 | ---- | M] () -- C:\Users\Fries\AppData\Roaming\Mozilla\Firefox\Profiles\pwqvf7pq.default\searchplugins\bing-zugo.xml [2011/08/17 11:09:25 | 000,002,469 | ---- | M] () -- C:\Users\Fries\AppData\Roaming\Mozilla\Firefox\Profiles\pwqvf7pq.default\searchplugins\safesearch.xml [2012/04/27 10:29:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/04/27 10:29:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2012/05/17 05:38:07 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\IPSFFPLGN [2012/01/14 13:23:03 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/04/27 10:28:51 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011/08/17 16:37:37 | 000,151,552 | ---- | M] (PopCap Games) -- C:\Program Files\mozilla firefox\plugins\nppopcaploader.dll [2012/01/14 13:23:01 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old [2012/05/17 12:49:29 | 000,002,158 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\search.xml [2012/01/14 13:23:01 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - default_search_provider: Blekko (Enabled) CHR - default_search_provider: search_url = http://blekko.com/ws/?source=86adbc52&tbp=rbox&toolbarid=blekkotb_soc&u=20120517FA3F43DAA1B65C6BEF9A29DF&q={searchTerms} CHR - default_search_provider: suggest_url = CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.46\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.46\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.46\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\npSkypeChromePlugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: PopCap Games Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppopcaploader.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: Fish Tales = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\abbdnfclkomohljcfokofigmagkpelkg\1.0_0\ CHR - Extension: Prezi = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\acoonfmhnndodekhecidldfdjgooefpg\1.3_0\ CHR - Extension: Angry Birds = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\ CHR - Extension: YouTube = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Solitaire = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpebaehgfgkcmmjjknibibbjacnplim\1.3.9.3_0\ CHR - Extension: Roller Coaster Creator = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckhihkbbcgehhpibkdcanlmkhhokabde\1_0\ CHR - Extension: FARMERAMA = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\clkfdgnfefjmciocbhnffnbpkjpdleca\1.0.1_0\ CHR - Extension: Google Search = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Mahjongg = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\eegpopcingfghbompjfejakfeaolmbop\1.0.0.2_0\ CHR - Extension: Christmas Mahjong = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghmebaamjdfjkhaaifophgklodieiflm\1.0.0.1_0\ CHR - Extension: Picnik = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\inmnggcpelemfookhlhkdfbechcdadfp\1.0.6_0\ CHR - Extension: Cargo Bridge = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\keembkgclppcbilkekfgpobhldjjhpmn\1.5.7_0\ CHR - Extension: Gravity Duck = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\khpikpdaalmlcipfphefaajfiofglcma\1.2.0_0\ CHR - Extension: Click to call with Skype = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\ CHR - Extension: Norton Identity Protection = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.3.7_0\ CHR - Extension: Plants vs Zombies = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina\1.0.5_0\ CHR - Extension: Taulf = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohfiojbffhjhiijaedmibodkjnfbgbja\1.1.7.1_0\ CHR - Extension: Gmail = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ Hosts file not found O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\6.2.0.9\CoIEPlg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\6.2.0.9\IPS\IPSBHO.dll (Symantec Corporation) O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll File not found O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll File not found O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\6.2.0.9\CoIEPlg.dll (Symantec Corporation) O3 - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.) O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( ) O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Norton Save and Restore 2.0] C:\Program Files\Norton Save and Restore\Agent\VProTray.exe (Symantec Corporation) O4 - HKLM..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe (Hewlett-Packard) O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [WrtMon.exe] C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe (NewSoft Technology Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003..\Run: [EPSON WorkForce 610 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFJA.EXE (SEIKO EPSON CORPORATION) O4 - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003..\Run: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe File not found O4 - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003..\Run: [PMSpeed] C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.exe (NewSoft Technology Corporation) O4 - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - Startup: C:\Users\Fries\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk = File not found O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Fries\Desktop\PartyPoker.lnk () O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Fries\Desktop\PartyPoker.lnk () O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\..Trusted Domains: localhost ([]* in Local intranet) O16 - DPF: {195B4BBF-E1E4-4020-9773-0A8C6F65EA35} http://games.bigfishgames.com/en_cooking-dash/online/CookingDashWeb.1.0.0.9.cab (CPlayFirstCookingDasControl Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0EF78444-1781-43DE-8C04-07B550DE9930}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img22.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img22.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{18ea9c1f-ac7e-11e0-8790-0024e802bfde}\Shell - "" = AutoRun O33 - MountPoints2\{18ea9c1f-ac7e-11e0-8790-0024e802bfde}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL L:\TL-Bootstrap.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012/05/17 15:40:39 | 000,000,000 | ---D | C] -- C:\_OTL [2012/05/13 03:02:22 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012/04/27 10:29:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [1 C:\Users\Fries\Desktop\*.tmp files -> C:\Users\Fries\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/05/19 16:55:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/05/19 10:55:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/05/19 10:36:36 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012/05/19 10:36:36 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012/05/18 17:55:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cc5237af31225b.job [2012/05/17 16:35:29 | 000,653,876 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/05/17 16:35:29 | 000,122,330 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/05/17 16:30:14 | 000,000,276 | ---- | M] () -- C:\Windows\tasks\RtlNICDiagVistaStart.job [2012/05/17 16:30:10 | 3184,496,640 | -HS- | M] () -- C:\hiberfil.sys [2012/05/17 13:45:11 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/05/17 06:44:53 | 000,008,942 | ---- | M] () -- C:\Windows\System32\drivers\N360\0602000.009\VT20120410.034 [2012/05/17 05:36:06 | 000,002,041 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk [2012/05/17 05:35:56 | 001,868,029 | ---- | M] () -- C:\Windows\System32\drivers\N360\0602000.009\Cat.DB [2012/05/17 05:33:07 | 000,141,944 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS [2012/05/17 05:33:07 | 000,007,468 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT [2012/05/17 05:33:07 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF [2012/05/16 05:57:57 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012/05/13 03:45:26 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\N360\0602010.005\isolate.ini [2012/05/02 17:20:40 | 003,142,965 | ---- | M] () -- C:\Users\Fries\Documents\deColores1.tif [2012/05/02 16:27:45 | 000,015,872 | ---- | M] () -- C:\Users\Fries\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [1 C:\Users\Fries\Desktop\*.tmp files -> C:\Users\Fries\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/05/17 13:45:11 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/05/02 17:20:39 | 003,142,965 | ---- | C] () -- C:\Users\Fries\Documents\deColores1.tif [2011/10/11 22:17:53 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2011/08/18 21:39:02 | 000,000,021 | ---- | C] () -- C:\Windows\CS_SETUP.ini [2011/08/16 20:02:50 | 011,950,639 | ---- | C] () -- C:\Users\Fries\AppData\Roaming\SMRBackup200.dat [2011/07/31 07:37:22 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI [2011/07/30 23:13:59 | 000,015,872 | ---- | C] () -- C:\Users\Fries\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/07/23 11:21:47 | 000,010,954 | -HS- | C] () -- C:\Users\Fries\AppData\Local\rxdydebmvxi87736f41 [2011/07/23 08:14:07 | 000,000,112 | ---- | C] () -- C:\ProgramData\RoGPY6CcA.dat [2011/07/23 04:04:18 | 000,010,954 | -HS- | C] () -- C:\ProgramData\rxdydebmvxi87736f41 [2011/07/22 23:52:52 | 000,008,908 | ---- | C] () -- C:\Users\Fries\AppData\Roaming\39B0.3B9 [2011/07/06 11:11:51 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2011/07/06 11:11:51 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2011/07/06 11:11:51 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2011/07/06 11:11:51 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2011/07/06 11:11:51 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2011/07/06 11:11:51 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2011/07/06 11:11:51 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2011/07/06 11:11:51 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2011/07/06 11:11:51 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2011/07/06 11:11:51 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2011/07/06 11:11:51 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2011/07/06 11:11:51 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2011/07/06 11:11:51 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2011/07/06 11:11:51 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2011/07/06 11:11:51 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2011/07/06 11:11:51 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2011/07/06 11:10:58 | 000,000,090 | ---- | C] () -- C:\Windows\EPWF610.ini [2011/07/04 13:36:52 | 000,397,312 | R--- | C] () -- C:\Windows\System32\zshp1020.exe [2011/07/04 13:36:52 | 000,106,496 | R--- | C] () -- C:\Windows\System32\vshp1020.dll [2011/06/29 17:18:56 | 000,006,756 | ---- | C] () -- C:\Users\Fries\AppData\Local\d3d9caps.dat ========== LOP Check ========== [2012/05/17 16:30:44 | 000,000,000 | ---D | M] -- C:\Users\Fries\AppData\Roaming\.oit [2011/11/20 22:52:45 | 000,000,000 | ---D | M] -- C:\Users\Fries\AppData\Roaming\Azureus [2011/07/08 07:36:07 | 000,000,000 | ---D | M] -- C:\Users\Fries\AppData\Roaming\Epson [2012/02/24 20:17:01 | 000,000,000 | ---D | M] -- C:\Users\Fries\AppData\Roaming\gtk-2.0 [2011/07/06 11:26:42 | 000,000,000 | ---D | M] -- C:\Users\Fries\AppData\Roaming\Leadertech [2011/11/20 23:05:01 | 000,000,000 | ---D | M] -- C:\Users\Fries\AppData\Roaming\MusicNet [2012/02/02 12:10:06 | 000,000,000 | ---D | M] -- C:\Users\Fries\AppData\Roaming\Spotify [2011/06/30 22:22:25 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\.oit [2011/06/29 20:31:11 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Epson [2011/07/01 21:32:20 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\FrostWire [2011/06/29 20:31:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GetRightToGo [2011/06/29 20:31:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Leadertech [2011/06/29 20:33:45 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Netgear Live Parental Controls [2011/07/01 21:33:40 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Research In Motion [2011/07/01 21:34:20 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\uTorrent [2012/05/17 16:30:14 | 000,000,276 | ---- | M] () -- C:\Windows\Tasks\RtlNICDiagVistaStart.job [2012/05/17 16:29:10 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:260575F1 @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0AC32449 < End of report > OTL Extras logfile created on: 5/17/2012 3:10:16 PM - Run 1 OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Fries\Downloads Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.97 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 43.47% Memory free 6.13 Gb Paging File | 4.38 Gb Available in Paging File | 71.49% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 167.25 Gb Total Space | 53.45 Gb Free Space | 31.96% Space Free | Partition Type: NTFS Drive D: | 55.52 Gb Total Space | 50.69 Gb Free Space | 91.29% Space Free | Partition Type: NTFS Drive E: | 10.00 Gb Total Space | 2.37 Gb Free Space | 23.70% Space Free | Partition Type: NTFS Computer Name: FRIES-PC | User Name: Fries | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_USERS\S-1-5-21-4068806776-3580623919-1700608804-1003\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{C021E471-7F0A-46D5-A5BB-72CFB626E241}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{037943B2-3946-4002-825C-D3F7503E50DA}" = protocol=6 | dir=in | app=c:\program files\frostwire 5\frostwire.exe | "{0DC02A08-E69A-4A8A-B531-DD72182736B5}" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | "{5544960D-EA64-4388-93B0-6FF05D33E01E}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe | "{5B79B9CB-97D3-45A2-9320-6C8679975221}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{5EB33021-2B58-4076-A5B4-229CB87DBF0F}" = dir=in | app=c:\program files\itunes\itunes.exe | "{6CCE314C-CAC5-4469-B3DA-F598813FB0EC}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe | "{6FB01D80-7AC1-4E21-8AA1-1566CAB87C7E}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe | "{733407E5-0354-4BB9-AABC-FBEA1D9D42D7}" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | "{752093A9-DEFC-4C59-AAB1-FBEDA87710DB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{833819E8-6C4C-46E2-A22F-2985A85DDC37}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{9E7877AD-71E1-49F7-886F-A69A6190BA72}" = protocol=6 | dir=in | app=c:\program files\microsoft games\halo 2\halo2.exe | "{9E85C507-B509-4B9A-B051-9CE404771D18}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe | "{AEE14C75-F17D-4325-8D18-7B321F493E95}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe | "{B24F78F0-D22A-48C3-8BE7-1FDA3C53DCBE}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{B4D6F29F-3F0F-4181-8D14-0C92CE8C4F7D}" = protocol=17 | dir=in | app=c:\program files\frostwire 5\frostwire.exe | "{B6F19156-F38C-4D22-ABD6-B1B56D0D5DAA}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe | "{C78D7CAE-938F-42DA-8940-6BA64B66C794}" = protocol=17 | dir=in | app=c:\program files\microsoft games\halo 2\halo2.exe | "{DF6364E8-1EB8-44C7-923B-968516179460}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "TCP Query User{9613C429-CBEB-4E5B-8E53-5C9B21929B8C}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | "UDP Query User{D515B137-19FB-4B75-8318-1584A93B6EB1}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR "{01A1A019-E1D8-482A-BE17-5E118D17C0A0}" = ArcSoft Print Creations - Brochures & Flyers "{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools "{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant "{0CA38F52-F0FA-4B9F-8A36-EC8A9609FBBC}" = Halo 2 for Windows Vista "{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility "{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FECF5F8-8E75-432C-9FF7-1C04F1956B54}" = Realtek Ethernet Network Card Diagnostic tool for Windows Vista "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31 "{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager "{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer "{37F964E4-9C3F-4066-B933-1747D3AC6737}" = Personal Entertainment Launcher "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English) "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{73CD9967-000C-49C6-A900-C87D5B2D253F}" = Presto! PageManager 8.15.01 SE "{75685CA8-0B74-45BB-9C64-744A0FB79EDC}" = Business Tools Launcher "{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable "{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio "{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack "{8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763}" = iMesh "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESSR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_SMALLBUSINESSR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components "{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007 "{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3) "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{B0255743-165B-4BD5-8DA8-37DFB993B201}" = Norton Save and Restore "{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2 "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype "{B8ABB25D-1E30-4ED7-A3CE-0F8BED439647}" = Product Support Launcher "{BC66FD90-7BF4-4026-8119-04161D02A2F3}" = ArcSoft Print Creations "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE "{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{DF68383B-A940-4ABD-87FF-1D969F2B938B}" = Dell DataSafe "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center "{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer "{EA4741F4-5BEC-4E6C-B5A3-6E4C1F2C68E8}" = CASIO USB Driver V1.4.200.0407 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F57D8342-E2E4-46F4-915A-F50817CBCB45}" = ArcSoft Software Suite "{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "7-Zip" = 7-Zip 9.20 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "BFGC" = Big Fish Games Client "BFG-Hidden Expedition - Amazon" = Hidden Expedition: Amazon ™ "BFG-Mystery Case Files - Ravenhearst" = Mystery Case Files: Ravenhearst ® "Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2 "Carbonite Backup" = Carbonite "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "EPSON PC-FAX Driver 2" = Epson PC-FAX Driver "EPSON Scanner" = EPSON Scan "EPSON WorkForce 610 Series" = EPSON WorkForce 610 Series Printer Uninstall "facetheme" = Facetheme "ffdshow_is1" = ffdshow [rev 2527] [2008-12-19] "FrostWire 5" = FrostWire 5.3.2 "Google Chrome" = Google Chrome "Halo 2" = Halo 2 for Windows Vista "HDMI" = Intel® Graphics Media Accelerator Driver "HP-LaserJet 1020 series" = LaserJet 1020 series "iMesh" = iMesh "LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US) "MSPUB5" = Microsoft Publisher 98 "N360" = Norton 360 "NBRTWizard" = Norton Bootable Recovery Tool Wizard "OrderReminder HP LaserJet 1020" = OrderReminder HP LaserJet 1020 "PartyPoker" = PartyPoker "Plants vs. Zombies" = Plants vs. Zombies "PokerStars.net" = PokerStars.net "PopCap Browser Plugin" = PopCap Browser Plugin "SMALLBUSINESSR" = Microsoft Office Small Business 2007 "Verizon V CAST Media Manager" = Verizon V CAST Media Manager "WinGimp-2.0_is1" = GIMP 2.6.11 "WinRAR archiver" = WinRAR 4.01 (32-bit) "YTdetect" = Yahoo! Detect ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-4068806776-3580623919-1700608804-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Spotify" = Spotify ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report ></key></extension></extension>
  3. <p> </p> <div>OTL logfile created on: 5/19/2012 5:26:26 PM - Run 3</div> <div>OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Fries\Downloads</div> <div>Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation</div> <div>Internet Explorer (Version = 7.0.6001.18000)</div> <div>Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy</div> <div> </div> <div>2.97 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 50.44% Memory free</div> <div>6.13 Gb Paging File | 3.97 Gb Available in Paging File | 64.83% Paging File free</div> <div>Paging file location(s): ?:\pagefile.sys [binary data]</div> <div> </div> <div>%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files</div> <div>Drive C: | 167.25 Gb Total Space | 54.79 Gb Free Space | 32.76% Space Free | Partition Type: NTFS</div> <div>Drive D: | 55.52 Gb Total Space | 50.69 Gb Free Space | 91.29% Space Free | Partition Type: NTFS</div> <div>Drive E: | 10.00 Gb Total Space | 2.37 Gb Free Space | 23.70% Space Free | Partition Type: NTFS</div> <div> </div> <div>Computer Name: FRIES-PC | User Name: Fries | Logged in as Administrator.</div> <div>Boot Mode: Normal | Scan Mode: All users | Quick Scan</div> <div>Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days</div> <div> </div> <div>========== Processes (SafeList) ==========</div> <div> </div> <div>PRC - [2012/05/17 15:53:47 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Fries\Downloads\OTL.exe</div> <div>PRC - [2012/05/08 23:04:54 | 001,240,048 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe</div> <div>PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe</div> <div>PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe</div> <div>PRC - [2012/03/27 19:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\6.2.0.9\ccSvcHst.exe</div> <div>PRC - [2012/01/14 13:23:03 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe</div> <div>PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe</div> <div>PRC - [2011/03/03 20:52:00 | 003,410,576 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe</div> <div>PRC - [2011/03/03 20:52:00 | 000,948,880 | R--- | M] (Carbonite, Inc.) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe</div> <div>PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe</div> <div>PRC - [2010/08/25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac</div> <div>PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe</div> <div>PRC - [2009/04/07 09:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe</div> <div>PRC - [2009/03/20 01:24:52 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe</div> <div>PRC - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe</div> <div>PRC - [2009/01/26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe</div> <div>PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe</div> <div>PRC - [2008/12/09 09:32:06 | 000,055,120 | ---- | M] (NewSoft Technology Corporation) -- C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.exe</div> <div>PRC - [2008/11/03 15:21:18 | 000,030,544 | ---- | M] (NewSoft Technology Corporation) -- C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe</div> <div>PRC - [2008/08/19 02:19:40 | 006,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe</div> <div>PRC - [2008/08/19 02:19:38 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe</div> <div>PRC - [2008/07/20 17:45:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe</div> <div>PRC - [2008/07/20 17:45:06 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe</div> <div>PRC - [2008/05/24 14:34:28 | 000,026,448 | ---- | M] (NewSoft Technology Corporation) -- C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe</div> <div>PRC - [2008/05/23 14:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe</div> <div>PRC - [2007/02/13 18:57:06 | 002,655,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe</div> <div>PRC - [2006/10/31 10:32:09 | 000,194,240 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe</div> <div>PRC - [2005/03/18 19:17:02 | 000,098,304 | R--- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe</div> <div>PRC - [2005/03/16 13:32:48 | 000,397,312 | R--- | M] () -- C:\Windows\System32\zshp1020.exe</div> <div> </div> <div> </div> <div>========== Modules (No Company Name) ==========</div> <div> </div> <div>MOD - [2012/05/08 23:04:52 | 000,441,840 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\19.0.1084.46\ppgooglenaclpluginchrome.dll</div> <div>MOD - [2012/05/08 23:04:51 | 003,921,904 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\19.0.1084.46\pdf.dll</div> <div>MOD - [2012/05/08 23:03:25 | 000,134,656 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\19.0.1084.46\avutil-51.dll</div> <div>MOD - [2012/05/08 23:03:24 | 000,250,368 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\19.0.1084.46\avformat-54.dll</div> <div>MOD - [2012/05/08 23:03:23 | 002,375,680 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\19.0.1084.46\avcodec-54.dll</div> <div>MOD - [2012/05/02 22:10:20 | 004,050,944 | ---- | M] () -- C:\Users\Fries\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.0.2\libGLESv2.dll</div> <div>MOD - [2012/05/02 22:10:20 | 000,100,864 | ---- | M] () -- C:\Users\Fries\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.0.2\libEGL.dll</div> <div>MOD - [2012/01/14 13:23:02 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll</div> <div>MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll</div> <div>MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll</div> <div>MOD - [2011/07/31 14:16:25 | 006,271,648 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll</div> <div>MOD - [2011/05/28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll</div> <div>MOD - [2009/03/12 15:45:32 | 000,135,168 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll</div> <div>MOD - [2008/11/21 13:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll</div> <div> </div> <div> </div> <div>========== Win32 Services (SafeList) ==========</div> <div> </div> <div>SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)</div> <div>SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)</div> <div>SRV - [2012/03/27 19:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe -- (N360)</div> <div>SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)</div> <div>SRV - [2011/03/03 20:52:00 | 003,410,576 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe -- (CarboniteService)</div> <div>SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)</div> <div>SRV - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)</div> <div>SRV - [2008/08/19 02:19:38 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)</div> <div>SRV - [2008/07/20 17:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®</div> <div>SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)</div> <div>SRV - [2007/02/13 18:57:06 | 002,655,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe -- (Norton Save and Restore)</div> <div>SRV - [2006/10/31 10:32:09 | 002,541,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)</div> <div>SRV - [2006/10/31 10:32:09 | 000,194,240 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)</div> <div> </div> <div> </div> <div>========== Driver Services (SafeList) ==========</div> <div> </div> <div>DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)</div> <div>DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)</div> <div>DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)</div> <div>DRV - [2012/05/17 05:33:07 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)</div> <div>DRV - [2012/05/16 15:32:26 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\IPSDefs\20120518.001\IDSvix86.sys -- (IDSVix86)</div> <div>DRV - [2012/05/16 01:00:00 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20120518.048\NAVEX15.SYS -- (NAVEX15)</div> <div>DRV - [2012/05/16 01:00:00 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20120518.048\NAVENG.SYS -- (NAVENG)</div> <div>DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)</div> <div>DRV - [2012/04/03 21:44:36 | 000,821,880 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\BASHDefs\20120507.001\BHDrvx86.sys -- (BHDrvx86)</div> <div>DRV - [2012/03/29 02:28:37 | 000,345,208 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\N360\0602000.009\symtdiv.sys -- (SYMTDIv)</div> <div>DRV - [2012/03/29 02:28:30 | 000,905,336 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\0602010.005\symefa.sys -- (SymEFA)</div> <div>DRV - [2012/03/29 02:28:25 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\0602010.005\symds.sys -- (SymDS)</div> <div>DRV - [2012/03/29 02:06:25 | 000,149,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0602010.005\ironx86.sys -- (SymIRON)</div> <div>DRV - [2012/03/29 02:03:27 | 000,574,072 | R--- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\N360\0602000.009\srtsp.sys -- (SRTSP)</div> <div>DRV - [2012/03/29 02:03:27 | 000,032,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0602010.005\srtspx.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)</div> <div>DRV - [2012/02/04 01:05:04 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)</div> <div>DRV - [2012/02/04 01:05:04 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)</div> <div>DRV - [2011/11/29 18:44:14 | 000,132,744 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0602010.005\ccsetx86.sys -- (ccSet_N360)</div> <div>DRV - [2008/08/26 13:55:14 | 000,112,128 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®</div> <div>DRV - [2008/08/19 03:03:28 | 000,079,960 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID)</div> <div>DRV - [2008/08/19 03:02:56 | 000,027,648 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\RtNdPt60.sys -- (RtNdPt60)</div> <div>DRV - [2008/08/19 02:59:30 | 000,122,368 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)</div> <div>DRV - [2008/01/20 22:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®</div> <div>DRV - [2007/02/13 19:06:36 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)</div> <div>DRV - [2007/02/13 18:33:06 | 000,131,944 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\Windows\System32\drivers\symsnap.sys -- (symsnap)</div> <div>DRV - [2007/02/13 18:33:04 | 000,037,864 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\v2imount.sys -- (v2imount)</div> <div>DRV - [2007/02/13 18:30:28 | 000,014,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vproeventmonitor.sys -- (VProEventMonitor)</div> <div>DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)</div> <div> </div> <div> </div> <div>========== Standard Registry (SafeList) ==========</div> <div> </div> <div> </div> <div>========== Internet Explorer ==========</div> <div> </div> <div>IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm</div> <div>IE - HKLM\..\SearchScopes,DefaultScope = </div> <div>IE - HKLM\..\SearchScopes\{3C3D8634-B5B1-4479-B1C1-ACFEB0C308CD}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&Form=DLSDF7&pc=MDDS&src={referrer:source?}</div> <div> </div> <div> </div> <div>IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = A9 41 DA 12 D8 45 2A 43 AF 7B 2C 23 46 2B 50 0A [binary data]</div> <div>IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</div> <div> </div> <div>IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = A9 41 DA 12 D8 45 2A 43 AF 7B 2C 23 46 2B 50 0A [binary data]</div> <div>IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</div> <div> </div> <div>IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = A9 41 DA 12 D8 45 2A 43 AF 7B 2C 23 46 2B 50 0A [binary data]</div> <div> </div> <div>IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = A9 41 DA 12 D8 45 2A 43 AF 7B 2C 23 46 2B 50 0A [binary data]</div> <div> </div> <div>IE - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1</div> <div>IE - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data over 100 bytes]</div> <div>IE - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank</div> <div>IE - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.weather.com/weather/today/Holland+MI+49423</div> <div>IE - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1</div> <div>IE - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = A9 41 DA 12 D8 45 2A 43 AF 7B 2C 23 46 2B 50 0A [binary data]</div> <div>IE - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}</div> <div>IE - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\..\SearchScopes\{25D8ABA0-5F45-D212-4914-794A69246E1D}: "URL" = http://stp.startnow.com/s/?q={searchTerms}&src=defsearch&provider=bing&provider_name=bing&provider_code=Z087&partner_id=681&product_id=691&affiliate_id=&channel=137448221&toolbar_id=200&toolbar_version=2.1.0&install_country=US&install_date=20110706&user_guid=CEC1A0D947854B2D82F98CF7204D67CC&machine_id=1347b1185a639bc9b8c9a42a5c22d845&browser=IE&os=win&os_version=6.0-x86-SP1&iesrc={referrer:source}</div> <div>IE - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\..\SearchScopes\{3C3D8634-B5B1-4479-B1C1-ACFEB0C308CD}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&Form=DLSDF7&pc=MDDS&src={referrer:source?}</div> <div>IE - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\..\SearchScopes\{6E5D674B-B3A4-411F-AC58-66AD29850D6A}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}</div> <div>IE - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=retail&geo=US&ver=5</div> <div>IE - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</div> <div>IE - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local</div> <div> </div> <div>========== FireFox ==========</div> <div> </div> <div>FF - prefs.js..browser.search.defaultenginename: ""</div> <div>FF - prefs.js..browser.search.order.1: ""</div> <div>FF - prefs.js..browser.search.selectedEngine: ""</div> <div>FF - prefs.js..keyword.URL: "http://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q="</div> <div>FF - user.js - File not found</div> <div> </div> <div>FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()</div> <div>FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found</div> <div>FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()</div> <div>FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)</div> <div>FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)</div> <div>FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)</div> <div>FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)</div> <div>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)</div> <div>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)</div> <div>FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)</div> <div> </div> <div>FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme</div> <div>FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\IPSFFPlgn\ [2012/05/17 05:38:07 | 000,000,000 | ---D | M]</div> <div>FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\coFFPlgn\ [2012/05/17 16:30:26 | 000,000,000 | ---D | M]</div> <div>FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/17 14:13:31 | 000,000,000 | ---D | M]</div> <div>FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/16 21:37:42 | 000,000,000 | ---D | M]</div> <div>FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme</div> <div> </div> <div>[2011/07/03 11:46:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fries\AppData\Roaming\Mozilla\Extensions</div> <div>[2012/05/17 15:42:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fries\AppData\Roaming\Mozilla\Firefox\Profiles\pwqvf7pq.default\extensions</div> <div>[2011/07/30 19:59:14 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Fries\AppData\Roaming\Mozilla\Firefox\Profiles\pwqvf7pq.default\extensions\{052a9fe6-0e61-4fd4-b9aa-02b48fb5016f}</div> <div>[2011/07/06 12:26:35 | 000,002,293 | ---- | M] () -- C:\Users\Fries\AppData\Roaming\Mozilla\Firefox\Profiles\pwqvf7pq.default\searchplugins\bing-zugo.xml</div> <div>[2011/08/17 11:09:25 | 000,002,469 | ---- | M] () -- C:\Users\Fries\AppData\Roaming\Mozilla\Firefox\Profiles\pwqvf7pq.default\searchplugins\safesearch.xml</div> <div>[2012/04/27 10:29:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions</div> <div>[2012/04/27 10:29:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}</div> <div>[2012/05/17 05:38:07 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\IPSFFPLGN</div> <div>[2012/01/14 13:23:03 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll</div> <div>[2012/04/27 10:28:51 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll</div> <div>[2011/08/17 16:37:37 | 000,151,552 | ---- | M] (PopCap Games) -- C:\Program Files\mozilla firefox\plugins\nppopcaploader.dll</div> <div>[2012/01/14 13:23:01 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml</div> <div>[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old</div> <div>[2012/05/17 12:49:29 | 000,002,158 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\search.xml</div> <div>[2012/01/14 13:23:01 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml</div> <div> </div> <div>========== Chrome ==========</div> <div> </div> <div>CHR - default_search_provider: Blekko (Enabled)</div> <div>CHR - default_search_provider: search_url = http://blekko.com/ws/?source=86adbc52&tbp=rbox&toolbarid=blekkotb_soc&u=20120517FA3F43DAA1B65C6BEF9A29DF&q={searchTerms}</div> <div>CHR - default_search_provider: suggest_url = </div> <div>CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer</div> <div>CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.46\ppGoogleNaClPluginChrome.dll</div> <div>CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.46\pdf.dll</div> <div>CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.46\gcswf32.dll</div> <div>CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll</div> <div>CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll</div> <div>CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\npSkypeChromePlugin.dll</div> <div>CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll</div> <div>CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll</div> <div>CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll</div> <div>CHR - plugin: PopCap Games Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppopcaploader.dll</div> <div>CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll</div> <div>CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll</div> <div>CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll</div> <div>CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll</div> <div>CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll</div> <div>CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll</div> <div>CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll</div> <div>CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll</div> <div>CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll</div> <div>CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll</div> <div>CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll</div> <div>CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll</div> <div>CHR - Extension: Fish Tales = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\abbdnfclkomohljcfokofigmagkpelkg\1.0_0\</div> <div>CHR - Extension: Prezi = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\acoonfmhnndodekhecidldfdjgooefpg\1.3_0\</div> <div>CHR - Extension: Angry Birds = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\</div> <div>CHR - Extension: YouTube = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\</div> <div>CHR - Extension: Solitaire = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpebaehgfgkcmmjjknibibbjacnplim\1.3.9.3_0\</div> <div>CHR - Extension: Roller Coaster Creator = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckhihkbbcgehhpibkdcanlmkhhokabde\1_0\</div> <div>CHR - Extension: FARMERAMA = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\clkfdgnfefjmciocbhnffnbpkjpdleca\1.0.1_0\</div> <div>CHR - Extension: Google Search = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\</div> <div>CHR - Extension: Mahjongg = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\eegpopcingfghbompjfejakfeaolmbop\1.0.0.2_0\</div> <div>CHR - Extension: Christmas Mahjong = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghmebaamjdfjkhaaifophgklodieiflm\1.0.0.1_0\</div> <div>CHR - Extension: Picnik = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\inmnggcpelemfookhlhkdfbechcdadfp\1.0.6_0\</div> <div>CHR - Extension: Cargo Bridge = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\keembkgclppcbilkekfgpobhldjjhpmn\1.5.7_0\</div> <div>CHR - Extension: Gravity Duck = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\khpikpdaalmlcipfphefaajfiofglcma\1.2.0_0\</div> <div>CHR - Extension: Click to call with Skype = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\</div> <div>CHR - Extension: Norton Identity Protection = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.3.7_0\</div> <div>CHR - Extension: Plants vs Zombies = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina\1.0.5_0\</div> <div>CHR - Extension: Taulf = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohfiojbffhjhiijaedmibodkjnfbgbja\1.1.7.1_0\</div> <div>CHR - Extension: Gmail = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\</div> <div> </div> <div>Hosts file not found</div> <div>O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)</div> <div>O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\6.2.0.9\CoIEPlg.dll (Symantec Corporation)</div> <div>O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\6.2.0.9\IPS\IPSBHO.dll (Symantec Corporation)</div> <div>O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll File not found</div> <div>O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)</div> <div>O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)</div> <div>O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll File not found</div> <div>O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\6.2.0.9\CoIEPlg.dll (Symantec Corporation)</div> <div>O3 - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.</div> <div>O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)</div> <div>O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)</div> <div>O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)</div> <div>O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )</div> <div>O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)</div> <div>O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)</div> <div>O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)</div> <div>O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)</div> <div>O4 - HKLM..\Run: [Norton Save and Restore 2.0] C:\Program Files\Norton Save and Restore\Agent\VProTray.exe (Symantec Corporation)</div> <div>O4 - HKLM..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe (Hewlett-Packard)</div> <div>O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)</div> <div>O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)</div> <div>O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)</div> <div>O4 - HKLM..\Run: [WrtMon.exe] C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe (NewSoft Technology Corporation)</div> <div>O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)</div> <div>O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)</div> <div>O4 - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003..\Run: [EPSON WorkForce 610 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFJA.EXE (SEIKO EPSON CORPORATION)</div> <div>O4 - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003..\Run: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe File not found</div> <div>O4 - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003..\Run: [PMSpeed] C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.exe (NewSoft Technology Corporation)</div> <div>O4 - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)</div> <div>O4 - Startup: C:\Users\Fries\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk = File not found</div> <div>O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)</div> <div>O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)</div> <div>O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Fries\Desktop\PartyPoker.lnk ()</div> <div>O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Fries\Desktop\PartyPoker.lnk ()</div> <div>O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)</div> <div>O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)</div> <div>O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)</div> <div>O13 - gopher Prefix: missing</div> <div>O15 - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\..Trusted Domains: localhost ([]* in Local intranet)</div> <div>O16 - DPF: {195B4BBF-E1E4-4020-9773-0A8C6F65EA35} http://games.bigfishgames.com/en_cooking-dash/online/CookingDashWeb.1.0.0.9.cab (CPlayFirstCookingDasControl Object)</div> <div>O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)</div> <div>O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)</div> <div>O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)</div> <div>O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1</div> <div>O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0EF78444-1781-43DE-8C04-07B550DE9930}: DhcpNameServer = 192.168.1.1</div> <div>O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)</div> <div>O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)</div> <div>O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)</div> <div>O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img22.jpg</div> <div>O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img22.jpg</div> <div>O32 - HKLM CDRom: AutoRun - 1</div> <div>O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]</div> <div>O33 - MountPoints2\{18ea9c1f-ac7e-11e0-8790-0024e802bfde}\Shell - "" = AutoRun</div> <div>O33 - MountPoints2\{18ea9c1f-ac7e-11e0-8790-0024e802bfde}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL L:\TL-Bootstrap.exe</div> <div>O34 - HKLM BootExecute: (autocheck autochk *)</div> <div>O35 - HKLM\..comfile [open] -- "%1" %*</div> <div>O35 - HKLM\..exefile [open] -- "%1" %*</div> <div>O37 - HKLM\...com [@ = comfile] -- "%1" %*</div> <div>O37 - HKLM\...exe [@ = exefile] -- "%1" %*</div> <div>O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)</div> <div>O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)</div> <div> </div> <div>========== Files/Folders - Created Within 30 Days ==========</div> <div> </div> <div>[2012/05/17 15:40:39 | 000,000,000 | ---D | C] -- C:\_OTL</div> <div>[2012/05/13 03:02:22 | 000,000,000 | -HSD | C] -- C:\Config.Msi</div> <div>[2012/04/27 10:29:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java</div> <div>[1 C:\Users\Fries\Desktop\*.tmp files -> C:\Users\Fries\Desktop\*.tmp -> ]</div> <div> </div> <div>========== Files - Modified Within 30 Days ==========</div> <div> </div> <div>[2012/05/19 16:55:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat</div> <div>[2012/05/19 10:55:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job</div> <div>[2012/05/19 10:36:36 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0</div> <div>[2012/05/19 10:36:36 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0</div> <div>[2012/05/18 17:55:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cc5237af31225b.job</div> <div>[2012/05/17 16:35:29 | 000,653,876 | ---- | M] () -- C:\Windows\System32\perfh009.dat</div> <div>[2012/05/17 16:35:29 | 000,122,330 | ---- | M] () -- C:\Windows\System32\perfc009.dat</div> <div>[2012/05/17 16:30:14 | 000,000,276 | ---- | M] () -- C:\Windows\tasks\RtlNICDiagVistaStart.job</div> <div>[2012/05/17 16:30:10 | 3184,496,640 | -HS- | M] () -- C:\hiberfil.sys</div> <div>[2012/05/17 13:45:11 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk</div> <div>[2012/05/17 06:44:53 | 000,008,942 | ---- | M] () -- C:\Windows\System32\drivers\N360\0602000.009\VT20120410.034</div> <div>[2012/05/17 05:36:06 | 000,002,041 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk</div> <div>[2012/05/17 05:35:56 | 001,868,029 | ---- | M] () -- C:\Windows\System32\drivers\N360\0602000.009\Cat.DB</div> <div>[2012/05/17 05:33:07 | 000,141,944 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS</div> <div>[2012/05/17 05:33:07 | 000,007,468 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT</div> <div>[2012/05/17 05:33:07 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF</div> <div>[2012/05/16 05:57:57 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk</div> <div>[2012/05/13 03:45:26 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\N360\0602010.005\isolate.ini</div> <div>[2012/05/02 17:20:40 | 003,142,965 | ---- | M] () -- C:\Users\Fries\Documents\deColores1.tif</div> <div>[2012/05/02 16:27:45 | 000,015,872 | ---- | M] () -- C:\Users\Fries\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini</div> <div>[1 C:\Users\Fries\Desktop\*.tmp files -> C:\Users\Fries\Desktop\*.tmp -> ]</div> <div> </div> <div>========== Files Created - No Company Name ==========</div> <div> </div> <div>[2012/05/17 13:45:11 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk</div> <div>[2012/05/02 17:20:39 | 003,142,965 | ---- | C] () -- C:\Users\Fries\Documents\deColores1.tif</div> <div>[2011/10/11 22:17:53 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll</div> <div>[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat</div> <div>[2011/08/18 21:39:02 | 000,000,021 | ---- | C] () -- C:\Windows\CS_SETUP.ini</div> <div>[2011/08/16 20:02:50 | 011,950,639 | ---- | C] () -- C:\Users\Fries\AppData\Roaming\SMRBackup200.dat</div> <div>[2011/07/31 07:37:22 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI</div> <div>[2011/07/30 23:13:59 | 000,015,872 | ---- | C] () -- C:\Users\Fries\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini</div> <div>[2011/07/23 11:21:47 | 000,010,954 | -HS- | C] () -- C:\Users\Fries\AppData\Local\rxdydebmvxi87736f41</div> <div>[2011/07/23 08:14:07 | 000,000,112 | ---- | C] () -- C:\ProgramData\RoGPY6CcA.dat</div> <div>[2011/07/23 04:04:18 | 000,010,954 | -HS- | C] () -- C:\ProgramData\rxdydebmvxi87736f41</div> <div>[2011/07/22 23:52:52 | 000,008,908 | ---- | C] () -- C:\Users\Fries\AppData\Roaming\39B0.3B9</div> <div>[2011/07/06 11:11:51 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat</div> <div>[2011/07/06 11:11:51 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat</div> <div>[2011/07/06 11:11:51 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat</div> <div>[2011/07/06 11:11:51 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat</div> <div>[2011/07/06 11:11:51 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat</div> <div>[2011/07/06 11:11:51 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat</div> <div>[2011/07/06 11:11:51 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat</div> <div>[2011/07/06 11:11:51 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat</div> <div>[2011/07/06 11:11:51 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat</div> <div>[2011/07/06 11:11:51 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat</div> <div>[2011/07/06 11:11:51 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat</div> <div>[2011/07/06 11:11:51 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat</div> <div>[2011/07/06 11:11:51 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat</div> <div>[2011/07/06 11:11:51 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat</div> <div>[2011/07/06 11:11:51 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat</div> <div>[2011/07/06 11:11:51 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini</div> <div>[2011/07/06 11:10:58 | 000,000,090 | ---- | C] () -- C:\Windows\EPWF610.ini</div> <div>[2011/07/04 13:36:52 | 000,397,312 | R--- | C] () -- C:\Windows\System32\zshp1020.exe</div> <div>[2011/07/04 13:36:52 | 000,106,496 | R--- | C] () -- C:\Windows\System32\vshp1020.dll</div> <div>[2011/06/29 17:18:56 | 000,006,756 | ---- | C] () -- C:\Users\Fries\AppData\Local\d3d9caps.dat</div> <div> </div> <div>========== LOP Check ==========</div> <div> </div> <div>[2012/05/17 16:30:44 | 000,000,000 | ---D | M] -- C:\Users\Fries\AppData\Roaming\.oit</div> <div>[2011/11/20 22:52:45 | 000,000,000 | ---D | M] -- C:\Users\Fries\AppData\Roaming\Azureus</div> <div>[2011/07/08 07:36:07 | 000,000,000 | ---D | M] -- C:\Users\Fries\AppData\Roaming\Epson</div> <div>[2012/02/24 20:17:01 | 000,000,000 | ---D | M] -- C:\Users\Fries\AppData\Roaming\gtk-2.0</div> <div>[2011/07/06 11:26:42 | 000,000,000 | ---D | M] -- C:\Users\Fries\AppData\Roaming\Leadertech</div> <div>[2011/11/20 23:05:01 | 000,000,000 | ---D | M] -- C:\Users\Fries\AppData\Roaming\MusicNet</div> <div>[2012/02/02 12:10:06 | 000,000,000 | ---D | M] -- C:\Users\Fries\AppData\Roaming\Spotify</div> <div>[2011/06/30 22:22:25 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\.oit</div> <div>[2011/06/29 20:31:11 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Epson</div> <div>[2011/07/01 21:32:20 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\FrostWire</div> <div>[2011/06/29 20:31:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GetRightToGo</div> <div>[2011/06/29 20:31:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Leadertech</div> <div>[2011/06/29 20:33:45 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Netgear Live Parental Controls</div> <div>[2011/07/01 21:33:40 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Research In Motion</div> <div>[2011/07/01 21:34:20 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\uTorrent</div> <div>[2012/05/17 16:30:14 | 000,000,276 | ---- | M] () -- C:\Windows\Tasks\RtlNICDiagVistaStart.job</div> <div>[2012/05/17 16:29:10 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT</div> <div> </div> <div>========== Purity Check ==========</div> <div> </div> <div> </div> <div> </div> <div>========== Alternate Data Streams ==========</div> <div> </div> <div>@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:260575F1</div> <div>@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0AC32449</div> <div> </div> <div>< End of report ></div> <div> </div> <div> <div>OTL Extras logfile created on: 5/17/2012 3:10:16 PM - Run 1</div> <div>OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Fries\Downloads</div> <div>Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation</div> <div>Internet Explorer (Version = 7.0.6001.18000)</div> <div>Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy</div> <div> </div> <div>2.97 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 43.47% Memory free</div> <div>6.13 Gb Paging File | 4.38 Gb Available in Paging File | 71.49% Paging File free</div> <div>Paging file location(s): ?:\pagefile.sys [binary data]</div> <div> </div> <div>%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files</div> <div>Drive C: | 167.25 Gb Total Space | 53.45 Gb Free Space | 31.96% Space Free | Partition Type: NTFS</div> <div>Drive D: | 55.52 Gb Total Space | 50.69 Gb Free Space | 91.29% Space Free | Partition Type: NTFS</div> <div>Drive E: | 10.00 Gb Total Space | 2.37 Gb Free Space | 23.70% Space Free | Partition Type: NTFS</div> <div> </div> <div>Computer Name: FRIES-PC | User Name: Fries | Logged in as Administrator.</div> <div>Boot Mode: Normal | Scan Mode: All users | Quick Scan</div> <div>Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days</div> <div> </div> <div>========== Extra Registry (SafeList) ==========</div> <div> </div> <div> </div> <div>========== File Associations ==========</div> <div> </div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]</div> <div>.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)</div> <div>.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)</div> <div>.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)</div> <div>.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l</div> <div> </div> <div>[HKEY_USERS\S-1-5-21-4068806776-3580623919-1700608804-1003\SOFTWARE\Classes\<extension>]</div> <div>.html [@ = ChromeHTML] -- Reg Error: Key error. File not found</div> <div> </div> <div>========== Shell Spawning ==========</div> <div> </div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]</div> <div>batfile [open] -- "%1" %*</div> <div>cmdfile [open] -- "%1" %*</div> <div>comfile [open] -- "%1" %*</div> <div>cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)</div> <div>exefile [open] -- "%1" %*</div> <div>helpfile [open] -- Reg Error: Key error.</div> <div>hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)</div> <div>http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)</div> <div>https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)</div> <div>inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)</div> <div>InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l</div> <div>piffile [open] -- "%1" %*</div> <div>regfile [merge] -- Reg Error: Key error.</div> <div>scrfile [config] -- "%1"</div> <div>scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l</div> <div>scrfile [open] -- "%1" /S</div> <div>txtfile [edit] -- Reg Error: Key error.</div> <div>Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1</div> <div>Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)</div> <div>Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)</div> <div>Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)</div> <div>Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)</div> <div>Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)</div> <div> </div> <div>========== Security Center Settings ==========</div> <div> </div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]</div> <div>"cval" = 1</div> <div> </div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]</div> <div> </div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]</div> <div>"AntiVirusOverride" = 0</div> <div>"AntiSpywareOverride" = 0</div> <div>"FirewallOverride" = 0</div> <div>"VistaSp1" = Reg Error: Unknown registry data type -- File not found</div> <div> </div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]</div> <div> </div> <div>========== Firewall Settings ==========</div> <div> </div> <div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]</div> <div>"EnableFirewall" = 0</div> <div>"DisableNotifications" = 0</div> <div> </div> <div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]</div> <div>"EnableFirewall" = 0</div> <div>"DisableNotifications" = 0</div> <div> </div> <div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]</div> <div>"EnableFirewall" = 0</div> <div>"DisableNotifications" = 0</div> <div> </div> <div>========== Authorized Applications List ==========</div> <div> </div> <div> </div> <div>========== Vista Active Open Ports Exception List ==========</div> <div> </div> <div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]</div> <div>"{C021E471-7F0A-46D5-A5BB-72CFB626E241}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | </div> <div> </div> <div>========== Vista Active Application Exception List ==========</div> <div> </div> <div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]</div> <div>"{037943B2-3946-4002-825C-D3F7503E50DA}" = protocol=6 | dir=in | app=c:\program files\frostwire 5\frostwire.exe | </div> <div>"{0DC02A08-E69A-4A8A-B531-DD72182736B5}" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | </div> <div>"{5544960D-EA64-4388-93B0-6FF05D33E01E}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe | </div> <div>"{5B79B9CB-97D3-45A2-9320-6C8679975221}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | </div> <div>"{5EB33021-2B58-4076-A5B4-229CB87DBF0F}" = dir=in | app=c:\program files\itunes\itunes.exe | </div> <div>"{6CCE314C-CAC5-4469-B3DA-F598813FB0EC}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe | </div> <div>"{6FB01D80-7AC1-4E21-8AA1-1566CAB87C7E}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe | </div> <div>"{733407E5-0354-4BB9-AABC-FBEA1D9D42D7}" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | </div> <div>"{752093A9-DEFC-4C59-AAB1-FBEDA87710DB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | </div> <div>"{833819E8-6C4C-46E2-A22F-2985A85DDC37}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | </div> <div>"{9E7877AD-71E1-49F7-886F-A69A6190BA72}" = protocol=6 | dir=in | app=c:\program files\microsoft games\halo 2\halo2.exe | </div> <div>"{9E85C507-B509-4B9A-B051-9CE404771D18}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe | </div> <div>"{AEE14C75-F17D-4325-8D18-7B321F493E95}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe | </div> <div>"{B24F78F0-D22A-48C3-8BE7-1FDA3C53DCBE}" = dir=in | app=c:\program files\skype\phone\skype.exe | </div> <div>"{B4D6F29F-3F0F-4181-8D14-0C92CE8C4F7D}" = protocol=17 | dir=in | app=c:\program files\frostwire 5\frostwire.exe | </div> <div>"{B6F19156-F38C-4D22-ABD6-B1B56D0D5DAA}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe | </div> <div>"{C78D7CAE-938F-42DA-8940-6BA64B66C794}" = protocol=17 | dir=in | app=c:\program files\microsoft games\halo 2\halo2.exe | </div> <div>"{DF6364E8-1EB8-44C7-923B-968516179460}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | </div> <div>"TCP Query User{9613C429-CBEB-4E5B-8E53-5C9B21929B8C}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | </div> <div>"UDP Query User{D515B137-19FB-4B75-8318-1584A93B6EB1}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | </div> <div> </div> <div>========== HKEY_LOCAL_MACHINE Uninstall List ==========</div> <div> </div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]</div> <div>"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR</div> <div>"{01A1A019-E1D8-482A-BE17-5E118D17C0A0}" = ArcSoft Print Creations - Brochures & Flyers</div> <div>"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools</div> <div>"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module</div> <div>"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant</div> <div>"{0CA38F52-F0FA-4B9F-8A36-EC8A9609FBBC}" = Halo 2 for Windows Vista</div> <div>"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility</div> <div>"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data</div> <div>"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148</div> <div>"{1FECF5F8-8E75-432C-9FF7-1C04F1956B54}" = Realtek Ethernet Network Card Diagnostic tool for Windows Vista</div> <div>"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool</div> <div>"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31</div> <div>"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes</div> <div>"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)</div> <div>"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager</div> <div>"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer</div> <div>"{37F964E4-9C3F-4066-B933-1747D3AC6737}" = Personal Entertainment Launcher</div> <div>"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile</div> <div>"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager</div> <div>"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater</div> <div>"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace</div> <div>"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies</div> <div>"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)</div> <div>"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime</div> <div>"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth</div> <div>"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy</div> <div>"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3</div> <div>"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD</div> <div>"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable</div> <div>"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable</div> <div>"{73CD9967-000C-49C6-A900-C87D5B2D253F}" = Presto! PageManager 8.15.01 SE</div> <div>"{75685CA8-0B74-45BB-9C64-744A0FB79EDC}" = Business Tools Launcher</div> <div>"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client</div> <div>"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com</div> <div>"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour</div> <div>"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide</div> <div>"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable</div> <div>"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio</div> <div>"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin</div> <div>"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight</div> <div>"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)</div> <div>"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack</div> <div>"{8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763}" = iMesh</div> <div>"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007</div> <div>"{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)</div> <div>"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007</div> <div>"{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)</div> <div>"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007</div> <div>"{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)</div> <div>"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007</div> <div>"{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)</div> <div>"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007</div> <div>"{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)</div> <div>"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007</div> <div>"{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)</div> <div>"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007</div> <div>"{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESSR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)</div> <div>"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007</div> <div>"{90120000-001F-0C0A-0000-0000000FF1CE}_SMALLBUSINESSR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)</div> <div>"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007</div> <div>"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007</div> <div>"{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)</div> <div>"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007</div> <div>"{90120000-0115-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)</div> <div>"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager</div> <div>"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components</div> <div>"{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007</div> <div>"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)</div> <div>"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting</div> <div>"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161</div> <div>"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support</div> <div>"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support</div> <div>"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper</div> <div>"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components</div> <div>"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5</div> <div>"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)</div> <div>"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9</div> <div>"{B0255743-165B-4BD5-8DA8-37DFB993B201}" = Norton Save and Restore</div> <div>"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2</div> <div>"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy</div> <div>"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype</div> <div>"{B8ABB25D-1E30-4ED7-A3CE-0F8BED439647}" = Product Support Launcher</div> <div>"{BC66FD90-7BF4-4026-8119-04161D02A2F3}" = ArcSoft Print Creations</div> <div>"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update</div> <div>"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE</div> <div>"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar</div> <div>"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1</div> <div>"{DF68383B-A940-4ABD-87FF-1D969F2B938B}" = Dell DataSafe</div> <div>"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center</div> <div>"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer</div> <div>"{EA4741F4-5BEC-4E6C-B5A3-6E4C1F2C68E8}" = CASIO USB Driver V1.4.200.0407</div> <div>"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver</div> <div>"{F57D8342-E2E4-46F4-915A-F50817CBCB45}" = ArcSoft Software Suite</div> <div>"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync</div> <div>"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022</div> <div>"7-Zip" = 7-Zip 9.20</div> <div>"Adobe AIR" = Adobe AIR</div> <div>"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX</div> <div>"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin</div> <div>"BFGC" = Big Fish Games Client</div> <div>"BFG-Hidden Expedition - Amazon" = Hidden Expedition: Amazon ™</div> <div>"BFG-Mystery Case Files - Ravenhearst" = Mystery Case Files: Ravenhearst &reg;</div> <div>"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2</div> <div>"Carbonite Backup" = Carbonite</div> <div>"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com</div> <div>"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver</div> <div>"EPSON Scanner" = EPSON Scan</div> <div>"EPSON WorkForce 610 Series" = EPSON WorkForce 610 Series Printer Uninstall</div> <div>"facetheme" = Facetheme</div> <div>"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]</div> <div>"FrostWire 5" = FrostWire 5.3.2</div> <div>"Google Chrome" = Google Chrome</div> <div>"Halo 2" = Halo 2 for Windows Vista</div> <div>"HDMI" = Intel® Graphics Media Accelerator Driver</div> <div>"HP-LaserJet 1020 series" = LaserJet 1020 series</div> <div>"iMesh" = iMesh</div> <div>"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)</div> <div>"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400</div> <div>"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1</div> <div>"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile</div> <div>"Microsoft SQL Server 2005" = Microsoft SQL Server 2005</div> <div>"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)</div> <div>"MSPUB5" = Microsoft Publisher 98</div> <div>"N360" = Norton 360</div> <div>"NBRTWizard" = Norton Bootable Recovery Tool Wizard</div> <div>"OrderReminder HP LaserJet 1020" = OrderReminder HP LaserJet 1020</div> <div>"PartyPoker" = PartyPoker</div> <div>"Plants vs. Zombies" = Plants vs. Zombies</div> <div>"PokerStars.net" = PokerStars.net</div> <div>"PopCap Browser Plugin" = PopCap Browser Plugin</div> <div>"SMALLBUSINESSR" = Microsoft Office Small Business 2007</div> <div>"Verizon V CAST Media Manager" = Verizon V CAST Media Manager</div> <div>"WinGimp-2.0_is1" = GIMP 2.6.11</div> <div>"WinRAR archiver" = WinRAR 4.01 (32-bit)</div> <div>"YTdetect" = Yahoo! Detect</div> <div> </div> <div>========== HKEY_USERS Uninstall List ==========</div> <div> </div> <div>[HKEY_USERS\S-1-5-21-4068806776-3580623919-1700608804-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]</div> <div>"Spotify" = Spotify</div> <div> </div> <div>========== Last 10 Event Log Errors ==========</div> <div> </div> <div>Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!</div> <div> </div> <div>< End of report ></div> <div> </div> </div> <div> </div>
  4. I have looked over some of the solutions to getting rid of MYStart and ran them. Worked fine on IE and FF, but Google Chrome still has the problem. GC is also the search engine that it was downloaded in. Any help would be greatly appraciated. B
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.