Browser Hijack?

[con100]

Hello I use Firefox and I believe I have some sort of browser hijack. Last month I had a google redirect virus where I clicked on a result and it took me to a different site. I thought I got rid of it but maybe I didn't. Now I get some search thing on everysite that has one. Heres what it looks like.

I haven't had this in the past few days though. I clicked the question mark and was able to disable. It did say something about Autocomplete Pro which I never installed.

I also have this on a lot of sites. There is a setting that says disable but when ever you come back to the site they come back.

The only addons I have installed to Firefox is Adblock Plus and Destroy the Web which is a browser game. But I have it disabled right now.

I do have a Hijackthis report if you need it.

Attach.txt

DDS.txt

[Maniac]

Hello con100! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  
• Follow my instructions strictlya and don’t hesitate to stop and ask me if you have any questions.
  
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  

Step 1

Please uninstall: StartNow Toolbar .

Step 2

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.
    

[con100]

OTL.NET

OTL logfile created on: 3/17/2012 10:47:54 AM - Run 1

OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\Connor\Downloads

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.67 Gb Total Physical Memory | 2.03 Gb Available Physical Memory | 55.28% Memory free

7.34 Gb Paging File | 5.63 Gb Available in Paging File | 76.75% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 585.43 Gb Total Space | 381.39 Gb Free Space | 65.15% Space Free | Partition Type: NTFS

Drive D: | 3.76 Gb Total Space | 3.75 Gb Free Space | 99.84% Space Free | Partition Type: FAT32

Computer Name: CONNOR-VAIO | User Name: Connor | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/17 10:45:55 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Connor\Downloads\OTL.exe

PRC - [2012/02/21 19:27:42 | 013,320,704 | ---- | M] (Google Inc.) -- C:\Users\Connor\AppData\Local\Programs\Google\MusicManager\MusicManager.exe

PRC - [2011/05/24 09:00:00 | 000,655,088 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe

PRC - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.0.13\ccsvchst.exe

PRC - [2010/11/27 04:55:44 | 000,648,032 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

PRC - [2010/11/27 04:55:44 | 000,398,176 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe

PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

PRC - [2010/09/27 19:12:36 | 000,864,000 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe

PRC - [2010/08/25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

PRC - [2010/06/21 01:47:18 | 000,108,400 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe

PRC - [2010/06/21 01:47:16 | 000,099,696 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe

PRC - [2010/06/21 01:47:16 | 000,067,952 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe

PRC - [2010/06/18 11:07:12 | 000,423,280 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe

PRC - [2010/06/09 03:55:16 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

PRC - [2010/05/31 23:18:32 | 000,217,968 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe

PRC - [2010/05/31 23:18:32 | 000,120,176 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe

PRC - [2010/05/31 21:01:52 | 000,673,136 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe

PRC - [2010/05/28 16:02:57 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2010/05/28 16:02:38 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

PRC - [2010/03/04 00:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2010/03/04 00:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

PRC - [2007/07/24 15:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

PRC - [2007/01/04 23:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

========== Modules (No Company Name) ==========

MOD - [2012/02/21 19:17:56 | 000,344,064 | ---- | M] () -- C:\Users\Connor\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll

MOD - [2012/02/21 19:17:44 | 000,346,624 | ---- | M] () -- C:\Users\Connor\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll

MOD - [2012/02/21 19:17:04 | 000,363,520 | ---- | M] () -- C:\Users\Connor\AppData\Local\Programs\Google\MusicManager\libid3tag.dll

MOD - [2012/02/21 19:17:00 | 000,198,656 | ---- | M] () -- C:\Users\Connor\AppData\Local\Programs\Google\MusicManager\libaacdec.dll

MOD - [2012/02/16 13:22:48 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\966a138f3aed60400472ac415bd16bc8\IAStorUtil.ni.dll

MOD - [2012/02/16 11:16:12 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0a894f77b9aa64acbd3ce791916357d8\System.Runtime.Remoting.ni.dll

MOD - [2012/02/16 11:15:47 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ff30db6905f8ec024fc808ed8779c0f3\System.Windows.Forms.ni.dll

MOD - [2012/02/16 11:15:41 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\a09ee392fa90849f2e9313a1ebbe0279\System.Drawing.ni.dll

MOD - [2012/02/16 11:15:26 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\585ac5899ab444221c8b41df13b194bc\WindowsBase.ni.dll

MOD - [2012/02/16 11:15:22 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49f4cb0755ccc34cd35ff96dc2ef9e3\System.Xml.ni.dll

MOD - [2012/02/16 11:15:18 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\15742b3597258ce67cbe219005c197e5\System.Configuration.ni.dll

MOD - [2012/02/16 11:15:16 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1f14b3e1ee0847f8662f513e67f92547\System.ni.dll

MOD - [2011/10/14 12:55:10 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll

MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/05/24 09:00:00 | 000,655,088 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)

SRV:64bit: - [2010/10/25 21:26:34 | 000,101,152 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)

SRV:64bit: - [2010/09/22 22:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2010/07/19 18:08:30 | 001,429,776 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®

SRV:64bit: - [2010/07/19 17:48:36 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)

SRV:64bit: - [2010/07/19 17:46:54 | 000,838,928 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®

SRV:64bit: - [2010/06/21 22:00:52 | 000,575,856 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)

SRV:64bit: - [2010/06/09 19:56:02 | 000,384,880 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)

SRV:64bit: - [2010/06/09 03:55:14 | 000,952,096 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)

SRV:64bit: - [2010/06/07 19:39:40 | 000,911,872 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe -- (WiMAXAppSrv)

SRV:64bit: - [2010/06/07 19:34:20 | 000,408,576 | ---- | M] (Red Bend Ltd.) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe -- (DMAgent)

SRV:64bit: - [2010/06/07 02:13:46 | 000,304,496 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService)

SRV:64bit: - [2010/05/31 22:25:48 | 001,250,160 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Update 5\VUAgent.exe -- (VUAgent)

SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.0.13\ccSvcHst.exe -- (NAV)

SRV - [2010/11/27 04:55:44 | 000,398,176 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)

SRV - [2010/09/27 19:12:36 | 000,864,000 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)

SRV - [2010/06/21 01:47:18 | 000,108,400 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)

SRV - [2010/06/21 01:47:16 | 000,067,952 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)

SRV - [2010/06/18 11:07:12 | 000,423,280 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)

SRV - [2010/05/31 23:18:32 | 000,217,968 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)

SRV - [2010/05/28 16:02:57 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®

SRV - [2010/05/28 16:02:38 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)

SRV - [2010/03/04 00:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®

SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2007/07/24 15:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)

SRV - [2007/01/04 23:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)

SRV - [2003/01/24 18:34:24 | 000,001,856 | ---- | M] () [unknown (-1) | Unknown] -- C:\Windows\SysWOW64\drivers\papyjoy.sys -- (papyjoy)

SRV - [2003/01/24 18:34:22 | 000,001,984 | ---- | M] () [unknown (-1) | Unknown] -- C:\Windows\SysWOW64\drivers\papycpu2.sys -- (papycpu2)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/01/19 17:22:49 | 000,189,952 | ---- | M] (Hauppauge, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcwhdpvr.sys -- (hcwhdpvr)

DRV:64bit: - [2011/11/26 20:02:04 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)

DRV:64bit: - [2011/06/07 23:47:40 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)

DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2011/04/20 21:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1207000.00D\symnets.sys -- (SymNetS)

DRV:64bit: - [2011/03/30 23:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NAVx64\1207000.00D\srtsp64.sys -- (SRTSP)

DRV:64bit: - [2011/03/30 23:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1207000.00D\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)

DRV:64bit: - [2011/03/14 22:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1207000.00D\symefa64.sys -- (SymEFA)

DRV:64bit: - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/01/27 02:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1207000.00D\symds64.sys -- (SymDS)

DRV:64bit: - [2011/01/27 01:07:06 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1207000.00D\ironx64.sys -- (SymIRON)

DRV:64bit: - [2011/01/15 12:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)

DRV:64bit: - [2010/09/23 04:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)

DRV:64bit: - [2010/07/27 02:20:15 | 006,107,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2010/07/14 04:42:58 | 007,821,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel®

DRV:64bit: - [2010/06/24 16:34:53 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®

DRV:64bit: - [2010/06/24 16:33:43 | 010,326,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2010/06/23 16:04:45 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)

DRV:64bit: - [2010/06/23 16:04:43 | 000,342,056 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)

DRV:64bit: - [2010/06/23 16:04:43 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)

DRV:64bit: - [2010/06/23 16:04:43 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)

DRV:64bit: - [2010/06/23 16:04:09 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)

DRV:64bit: - [2010/06/23 16:03:07 | 000,078,848 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsne64.sys -- (risdsnpe)

DRV:64bit: - [2010/06/23 16:02:59 | 000,094,208 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssne64.sys -- (rimspci)

DRV:64bit: - [2010/06/18 14:38:06 | 000,039,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)

DRV:64bit: - [2010/05/31 17:36:48 | 000,402,720 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)

DRV:64bit: - [2010/05/31 17:36:41 | 001,573,888 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2010/05/31 17:31:21 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2010/05/31 16:05:06 | 007,689,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel®

DRV:64bit: - [2010/05/28 16:03:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)

DRV:64bit: - [2010/05/28 16:02:36 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®

DRV:64bit: - [2010/05/16 21:28:38 | 000,175,104 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpmp.sys -- (bpmp) Intel® Centrino®

DRV:64bit: - [2010/05/16 21:28:30 | 000,081,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpusb.sys -- (bpusb)

DRV:64bit: - [2010/05/16 21:28:28 | 000,071,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpenum.sys -- (bpenum)

DRV:64bit: - [2010/04/26 16:20:29 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)

DRV:64bit: - [2010/03/03 23:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2009/10/09 22:41:20 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2009/08/21 02:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)

DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009/07/13 21:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)

DRV:64bit: - [2009/07/13 20:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)

DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2009/05/14 14:19:00 | 000,811,520 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SmiUsbGrabber3C.sys -- (SMIGrabber3C)

DRV:64bit: - [2007/08/31 14:15:34 | 000,079,872 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emAudio64.sys -- (emAudio)

DRV:64bit: - [2007/06/21 17:51:46 | 000,215,808 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emDevice64.sys -- (DCamUSBEMPIA)

DRV:64bit: - [2007/06/21 17:51:32 | 000,006,400 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emFilter64.sys -- (FiltUSBEMPIA)

DRV:64bit: - [2007/06/21 17:51:30 | 000,006,144 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emScan64.sys -- (ScanUSBEMPIA)

DRV:64bit: - [2007/04/17 15:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)

DRV:64bit: - [2005/09/23 23:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)

DRV - [2012/03/06 17:04:10 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\IPSDefs\20120316.005\IDSviA64.sys -- (IDSVia64)

DRV - [2012/03/02 14:58:01 | 001,157,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\BASHDefs\20120302.001\BHDrvx64.sys -- (BHDrvx64)

DRV - [2012/02/04 00:08:00 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)

DRV - [2012/02/04 00:08:00 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2012/01/02 01:09:00 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\VirusDefs\20120316.035\EX64.SYS -- (NAVEX15)

DRV - [2012/01/02 01:09:00 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\VirusDefs\20120316.035\ENG64.SYS -- (NAVENG)

DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2003/01/24 18:34:24 | 000,001,856 | ---- | M] () [unknown (-1) | Unknown (-1) | Stopped] -- C:\Windows\SysWOW64\drivers\papyjoy.sys -- (papyjoy)

DRV - [2003/01/24 18:34:22 | 000,001,984 | ---- | M] () [unknown (-1) | Unknown (-1) | Stopped] -- C:\Windows\SysWOW64\drivers\papycpu2.sys -- (papycpu2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SNYVDF&pc=MASA&src=IE-SearchBox'>http://www.bing.com/search?q={searchTerms}&form=SNYVDF&pc=MASA&src=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SNYVDF&pc=MASA&src=IE-SearchBox'>http://www.bing.com/search?q={searchTerms}&form=SNYVDF&pc=MASA&src=IE-SearchBox

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2735889123-4217074222-2280777062-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sony.msn.com

IE - HKU\S-1-5-21-2735889123-4217074222-2280777062-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.bing.com/ [binary data]

IE - HKU\S-1-5-21-2735889123-4217074222-2280777062-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://sony.msn.com

IE - HKU\S-1-5-21-2735889123-4217074222-2280777062-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-2735889123-4217074222-2280777062-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2735889123-4217074222-2280777062-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Connor\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Connor\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Connor\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011/01/20 09:55:29 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/01/20 09:55:31 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/01/20 09:56:05 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\IPSFFPlgn\ [2012/01/31 12:52:32 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/17 10:42:03 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/03/11 14:25:13 | 000,000,000 | ---D | M]

[2011/06/07 21:57:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Connor\AppData\Roaming\Mozilla\Extensions

[2012/03/17 10:44:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Connor\AppData\Roaming\Mozilla\Firefox\Profiles\6cirnb4e.default\extensions

[2012/03/14 19:36:33 | 000,000,000 | ---D | M] (FT DeepDark) -- C:\Users\Connor\AppData\Roaming\Mozilla\Firefox\Profiles\6cirnb4e.default\extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66}

[2011/12/24 13:10:59 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Connor\AppData\Roaming\Mozilla\Firefox\Profiles\6cirnb4e.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2011/11/08 21:34:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2011/10/02 19:35:02 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

() (No name found) -- C:\USERS\CONNOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6CIRNB4E.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

[2012/03/17 10:42:02 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012/02/02 13:07:39 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/02/02 13:07:39 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Connor\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Connor\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Connor\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll

CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll

CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll

CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL

CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll

CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll

CHR - plugin: Bing Bar (Enabled) = C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll

CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Unity Player (Enabled) = C:\Users\Connor\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: James White = C:\Users\Connor\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkeidgmehkdjmpjodpjkepolokanalkm\3_0\

CHR - Extension: YouTube = C:\Users\Connor\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\

CHR - Extension: Facebook = C:\Users\Connor\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm\1_0\

CHR - Extension: Adblock Plus (Beta) = C:\Users\Connor\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.1.4_0\

CHR - Extension: Adblock Plus (Beta) = C:\Users\Connor\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\

CHR - Extension: Google Search = C:\Users\Connor\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\

CHR - Extension: Google Search = C:\Users\Connor\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\

CHR - Extension: Bookmarks = C:\Users\Connor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihaibgdemjcpnllmndlpdkfiggadlcgi\0.9_0\

CHR - Extension: Search Box = C:\Users\Connor\AppData\Local\Google\Chrome\User Data\Default\Extensions\mknehpjhljpfaghmicofickbkdagooni\1.0_0\

CHR - Extension: Xbox LIVE Dashboard = C:\Users\Connor\AppData\Local\Google\Chrome\User Data\Default\Extensions\oobdmiffgnobnpagcjjmpcajhdaoighg\0.9.9.3_0\

CHR - Extension: Xbox LIVE Dashboard = C:\Users\Connor\AppData\Local\Google\Chrome\User Data\Default\Extensions\oobdmiffgnobnpagcjjmpcajhdaoighg\0.9.9.4_0\

CHR - Extension: Ohio State = C:\Users\Connor\AppData\Local\Google\Chrome\User Data\Default\Extensions\phhogfeejdomeolbhenklpjfbiaoflge\0.5.5_0\

CHR - Extension: Gmail = C:\Users\Connor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\

CHR - Extension: Gmail = C:\Users\Connor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.0.13\ips\ipsbho.dll (Symantec Corporation)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [intelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)

O4:64bit: - HKLM..\Run: [intelWirelessWiMAX] C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe (Intel® Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)

O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [iSBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)

O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)

O4 - HKLM..\Run: [sHTtray.exe] C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe (Sony Corporation)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-2735889123-4217074222-2280777062-1000..\Run: [itibiti.exe] C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe File not found

O4 - HKU\S-1-5-21-2735889123-4217074222-2280777062-1000..\Run: [MusicManager] C:\Users\Connor\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)

O4 - HKU\S-1-5-21-2735889123-4217074222-2280777062-1000..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe ()

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)

O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)

O4 - Startup: C:\Users\Mcx1-CONNOR-VAIO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA9717D1-5BE7-41FC-8DC5-CC06A24ABABE}: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (Stardock)

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{5edbe35e-1862-11e1-a5b2-ec55f9e8683c}\Shell - "" = AutoRun

O33 - MountPoints2\{5edbe35e-1862-11e1-a5b2-ec55f9e8683c}\Shell\AutoRun\command - "" = D:\autorun.exe

O33 - MountPoints2\{5edbe35e-1862-11e1-a5b2-ec55f9e8683c}\Shell\directx\command - "" = directx\dxsetup.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/13 19:30:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro

[2012/03/13 19:30:17 | 000,000,000 | ---D | C] -- C:\Users\Connor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis

[2012/03/12 20:56:29 | 000,000,000 | ---D | C] -- C:\Users\Connor\Documents\Vegas Movie Studio HD 11.0 Projects

[2012/03/11 13:15:29 | 000,000,000 | ---D | C] -- C:\Users\Connor\AppData\Roaming\Malwarebytes

[2012/03/11 13:15:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/03/11 13:15:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/03/11 13:15:18 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/03/11 13:15:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/03/09 19:22:43 | 000,000,000 | ---D | C] -- C:\Users\Connor\Desktop\sc4

[2012/03/09 18:28:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Maxis

[2012/02/28 16:21:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicam

[2012/02/28 16:21:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bandicam

[2012/02/28 16:02:29 | 000,000,000 | ---D | C] -- C:\Users\Connor\Desktop\crack - read nfo

[2012/02/28 15:35:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit

[2012/02/22 21:40:19 | 000,000,000 | ---D | C] -- C:\Users\Connor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rigs of Rods 0.38.67

[2012/02/22 21:40:03 | 000,000,000 | ---D | C] -- C:\Users\Connor\Documents\Rigs of Rods 0.38

[2012/02/22 21:39:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rigs of Rods 0.38

[2012/02/20 23:25:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedFan

[2012/02/19 16:07:52 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

[2012/02/19 14:09:00 | 000,000,000 | ---D | C] -- C:\Users\Connor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome

[2012/02/17 02:29:03 | 000,000,000 | ---D | C] -- C:\Users\Connor\Desktop\The Reckoning day

[2012/02/17 02:18:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\OFX

[2012/02/17 02:18:40 | 000,000,000 | ---D | C] -- C:\ProgramData\eSellerate

[2012/02/17 02:18:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\eSellerate

[2012/02/17 02:18:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewBlue

[2012/02/17 02:18:10 | 000,000,000 | ---D | C] -- C:\Program Files\NewBlue

[2012/02/17 02:18:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NewBlue

[2012/02/17 01:50:07 | 000,000,000 | ---D | C] -- C:\Users\Connor\Desktop\InkBleed Template By RavenDesign Give Credit Please

[2012/02/17 01:37:07 | 000,000,000 | ---D | C] -- C:\Users\Connor\Desktop\simple glass hit template

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/17 10:42:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/03/17 10:34:14 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/03/17 10:34:14 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/03/17 10:32:42 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/03/17 10:32:42 | 000,624,412 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/03/17 10:32:42 | 000,106,756 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/03/17 10:28:49 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/03/17 10:26:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/03/17 10:25:54 | 2955,485,184 | -HS- | M] () -- C:\hiberfil.sys

[2012/03/17 01:01:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2735889123-4217074222-2280777062-1000UA.job

[2012/03/16 23:17:57 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol

[2012/03/16 17:01:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2735889123-4217074222-2280777062-1000Core.job

[2012/03/14 18:39:32 | 000,539,632 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/03/13 19:30:17 | 000,002,981 | ---- | M] () -- C:\Users\Connor\Desktop\HiJackThis.lnk

[2012/03/12 17:01:44 | 000,002,409 | ---- | M] () -- C:\Users\Connor\Desktop\Google Chrome.lnk

[2012/03/11 13:15:20 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/03/09 18:28:37 | 000,000,631 | ---- | M] () -- C:\Windows\eReg.dat

[2012/02/28 16:21:29 | 000,000,976 | ---- | M] () -- C:\Users\Connor\Application Data\Microsoft\Internet Explorer\Quick Launch\Bandicam.lnk

[2012/02/28 16:21:29 | 000,000,952 | ---- | M] () -- C:\Users\Connor\Desktop\Bandicam.lnk

[2012/02/20 23:25:48 | 000,000,971 | ---- | M] () -- C:\Users\Connor\Desktop\SpeedFan.lnk

[2012/02/20 23:25:47 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo

[2012/02/20 10:19:02 | 000,005,632 | ---- | M] () -- C:\Users\Connor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/02/20 10:18:41 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI

[2012/02/19 16:07:25 | 601,937,906 | ---- | M] () -- C:\Windows\MEMORY.DMP

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/13 19:30:17 | 000,002,981 | ---- | C] () -- C:\Users\Connor\Desktop\HiJackThis.lnk

[2012/03/11 13:15:19 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/03/08 20:36:47 | 000,000,631 | ---- | C] () -- C:\Windows\eReg.dat

[2012/03/04 18:57:37 | 002,530,578 | ---- | C] () -- C:\Users\Connor\Desktop\tpl_opal_j15.zip

[2012/02/28 16:21:29 | 000,000,976 | ---- | C] () -- C:\Users\Connor\Application Data\Microsoft\Internet Explorer\Quick Launch\Bandicam.lnk

[2012/02/28 16:21:29 | 000,000,952 | ---- | C] () -- C:\Users\Connor\Desktop\Bandicam.lnk

[2012/02/20 23:25:48 | 000,000,971 | ---- | C] () -- C:\Users\Connor\Desktop\SpeedFan.lnk

[2012/02/19 16:07:25 | 601,937,906 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2012/02/19 14:09:02 | 000,002,409 | ---- | C] () -- C:\Users\Connor\Desktop\Google Chrome.lnk

[2012/02/19 13:55:02 | 000,005,632 | ---- | C] () -- C:\Users\Connor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/01/07 22:51:42 | 000,000,265 | ---- | C] () -- C:\Windows\HCWBlast.ini

[2012/01/07 22:43:08 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\dmcrypto.dll

[2012/01/07 22:42:27 | 000,002,384 | ---- | C] () -- C:\Windows\HCWPNP.INI

[2011/11/30 20:23:09 | 000,119,296 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll

[2011/11/30 20:23:09 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ADsSecurity.dll

[2011/11/30 20:23:09 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\dxinputdll.dll

[2011/11/26 15:08:46 | 000,001,984 | ---- | C] () -- C:\Windows\SysWow64\drivers\papycpu2.sys

[2011/11/26 15:08:46 | 000,001,856 | ---- | C] () -- C:\Windows\SysWow64\drivers\papyjoy.sys

[2011/11/26 15:08:25 | 000,000,205 | ---- | C] () -- C:\Windows\Sierra.ini

[2011/09/19 03:07:46 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll

[2011/09/19 03:07:32 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll

[2011/08/18 19:09:58 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2011/08/18 19:09:58 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2011/07/05 23:58:09 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2011/06/30 10:18:11 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys

[2011/06/08 12:54:15 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2011/06/07 21:57:33 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2011/01/10 18:14:17 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2011/01/10 14:50:27 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin

[2011/01/10 14:50:27 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll

[2011/01/10 14:50:27 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll

[2011/01/10 14:50:26 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin

[2011/01/10 14:50:25 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin

[2011/01/10 14:50:19 | 000,028,732 | ---- | C] () -- C:\Windows\SysWow64\ativvsny.dat

[2011/01/10 14:50:19 | 000,026,936 | ---- | C] () -- C:\Windows\SysWow64\ativvsnl.dat

========== LOP Check ==========

[2011/08/01 12:10:25 | 000,000,000 | ---D | M] -- C:\Users\Connor\AppData\Roaming\acccore

[2011/12/22 02:27:45 | 000,000,000 | ---D | M] -- C:\Users\Connor\AppData\Roaming\Amazon

[2011/07/07 13:46:13 | 000,000,000 | ---D | M] -- C:\Users\Connor\AppData\Roaming\Auslogics

[2011/11/29 19:26:03 | 000,000,000 | ---D | M] -- C:\Users\Connor\AppData\Roaming\BANDISOFT

[2011/11/01 19:36:31 | 000,000,000 | ---D | M] -- C:\Users\Connor\AppData\Roaming\Canon

[2011/11/19 19:35:27 | 000,000,000 | ---D | M] -- C:\Users\Connor\AppData\Roaming\GameFly

[2011/08/04 10:35:55 | 000,000,000 | ---D | M] -- C:\Users\Connor\AppData\Roaming\Garmin

[2011/12/08 21:27:56 | 000,000,000 | ---D | M] -- C:\Users\Connor\AppData\Roaming\inkscape

[2011/11/30 20:26:02 | 000,000,000 | ---D | M] -- C:\Users\Connor\AppData\Roaming\PowerUp Software

[2012/01/14 16:15:24 | 000,000,000 | ---D | M] -- C:\Users\Connor\AppData\Roaming\Publish Providers

[2012/03/12 20:56:29 | 000,000,000 | ---D | M] -- C:\Users\Connor\AppData\Roaming\Sony

[2012/01/14 16:22:47 | 000,000,000 | ---D | M] -- C:\Users\Connor\AppData\Roaming\Sony Creative Software Inc

[2011/10/23 14:59:10 | 000,000,000 | ---D | M] -- C:\Users\Connor\AppData\Roaming\SplitMediaLabs

[2012/02/14 13:22:22 | 000,000,000 | ---D | M] -- C:\Users\Connor\AppData\Roaming\Stardock

[2012/03/03 21:29:38 | 000,000,000 | ---D | M] -- C:\Users\Connor\AppData\Roaming\SystemRequirementsLab

[2011/07/09 10:12:46 | 000,000,000 | ---D | M] -- C:\Users\Connor\AppData\Roaming\Thunderbird

[2011/08/22 16:04:28 | 000,000,000 | ---D | M] -- C:\Users\Connor\AppData\Roaming\Tific

[2011/07/02 13:59:58 | 000,000,000 | ---D | M] -- C:\Users\Connor\AppData\Roaming\Ulead Systems

[2012/02/05 17:15:04 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:42DC4246

@Alternate Data Stream - 128 bytes -> C:\Windows\SysWow64\zlib.dll:SummaryInformation

@Alternate Data Stream - 128 bytes -> C:\Windows\SysWow64\zlib.dll:DocumentSummaryInformation

< End of report >

Extras.txt

OTL Extras logfile created on: 3/17/2012 10:47:54 AM - Run 1

OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\Connor\Downloads

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.67 Gb Total Physical Memory | 2.03 Gb Available Physical Memory | 55.28% Memory free

7.34 Gb Paging File | 5.63 Gb Available in Paging File | 76.75% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 585.43 Gb Total Space | 381.39 Gb Free Space | 65.15% Space Free | Partition Type: NTFS

Drive D: | 3.76 Gb Total Space | 3.75 Gb Free Space | 99.84% Space Free | Partition Type: FAT32

Computer Name: CONNOR-VAIO | User Name: Connor | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2735889123-4217074222-2280777062-1000\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

jsfile [edit] -- "D:\Connor\Programs\Dreamweaver 8\dreamweaver.exe" "%1"

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

jsfile [edit] -- "D:\Connor\Programs\Dreamweaver 8\dreamweaver.exe" "%1"

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{10CD364B-FFCC-48BE-B469-B9622A033075}" = Fences

"{115B60D5-BBDB-490E-AF2E-064D37A3CE01}" = Media Gallery

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series" = Canon MP495 series MP Drivers

"{133D3F07-D558-46CE-80E8-F4D75DBBAD63}" = PMB VAIO Edition Plug-in

"{13AC9B67-96DE-4DF6-9FB8-974DD24A7AD6}" = HP Photosmart Plus B210 series Basic Device Software

"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety

"{202B76AB-1B21-434E-A289-788D767D3A7C}" = Media Gallery

"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)

"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java 6 Update 20 (64-bit)

"{29AFE1B0-26A4-11E1-BFD4-F04DA23A5C58}" = MSVCRT Redists

"{33C19CDE-E935-11E0-A0DA-F04DA23A5C58}" = MSVCRT Redists

"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022

"{4327107B-E95E-415C-9194-458FCED6BF12}" = Intel® PROSet/Wireless WiFi Software

"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{4F26C164-9373-4974-8F43-E0F2176AF937}" = Intel WiMAX Tutorial

"{5AFD1F5C-8FDA-413C-AF38-F1E7BD10D72F}" = VAIO Media plus

"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{6548B189-BEA4-4041-80E0-AEB60548E046}" = Intel® PROSet/Wireless WiMAX Software

"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Driver

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010

"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010

"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB3}" = Paint.NET v3.5.8

"{A3D964A6-411A-4817-9D58-5CB8808F494E}" = VAIO Media plus

"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64

"{C298FF86-AB23-4B58-AC53-A23383C07B3A}" = Intel® Wireless Display

"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety

"{D1829BE5-F305-4576-9593-C66FC7E0B008}" = iCloud

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app

"{FE51C8DE-03A7-11E1-88F8-F04DA23A5C58}" = MSVCRT Redists

"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"ProInst" = Intel PROSet Wireless

"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{07441A52-E208-478A-92B7-5C337CA8C131}" = Remote Play with PlayStation®3

"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar

"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8

"{08718B21-269F-11E1-9550-F04DA23A5C58}" = Vegas Pro 11.0

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0B973521-269F-11E1-8ED3-F04DA23A5C58}" = MSVCRT Redists

"{0F952661-0BFE-4D92-A50C-A8DD13DCEDFA}" = Media Gallery

"{177AF091-7854-4615-8327-AC7518F62782}" = VAIO Media plus

"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1B500D37-E7CF-480B-8054-8A563594EC4E}" = OOBE

"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 26

"{270380EB-8812-42E1-8289-53700DB840D2}" = PMB VAIO Edition Plug-in

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger

"{2F9D63BE-A891-4E39-AFB3-7402D486800C}" = VAIO Hardware Diagnostics

"{32E05824-A0AC-4DFE-B965-5F52C28FBE9F}_is1" = EPS Viewer

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support

"{34B37A74-125E-4406-87BA-E4BD3D097AE5}" = VAIO Survey

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology

"{3E3E346F-42F8-48B7-9B66-ED772E285F4B}" = NRatings

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4B9DA746-5AE1-4BA0-9087-BDB162242890}" = VAIO Media plus

"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion

"{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers

"{52F9CDDA-26F6-4499-90E0-6DDDE6D2259C}" = VAIO Media plus

"{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}" = VAIO Sample Contents

"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool

"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth

"{5A92468F-3ED8-4F96-A9E1-4F176C80EC29}" = VAIO Quick Web Access

"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update

"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD

"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO Transfer Support

"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{65B138AE-F636-4D4C-BA5D-A06E21E47C53}" = Remote Keyboard with PlayStation 3

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{682ECBA1-5411-11E1-A3FB-F04DA23A5C58}" = Vegas Movie Studio HD 11.0

"{6BF03C88-C06A-48DC-B9A1-FE72B24E5FA9}" = VAIO Media plus Opening Movie

"{6C3BEF70-5411-11E1-AED6-F04DA23A5C58}" = MSVCRT Redists

"{70991E0A-1108-437E-BA7D-085702C670C0}" =

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{730E03E4-350E-48E5-9D3E-4329903D454D}" = Itibiti RTC

"{734B6C6C-4740-476F-BB0C-F7AF469EDBB2}" = Remote Play with PlayStation 3

"{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner

"{76F52BDB-C3A6-46B6-ADD1-9638E40F9AB9}" = VAIO Wireless Wizard

"{77C4850C-3592-4A2F-B652-ACB77A1EF77C}" = Bing Bar Platform

"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update

"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{7F5FDEA1-D0AC-4D80-9D95-59775FCCFA40}" = HP Photosmart Plus B210 series Help

"{803E4FA5-A940-4420-B89D-A8BC2E160247}" =

"{8211C280-5B02-4E7E-B55F-845A207249BA}" = VAIO Data Restore Tool

"{82F09B1C-F602-4552-9C40-5BD5F8EAF750}" =

"{8356CB97-A48F-44CB-837A-A12838DC4669}" = PMB VAIO Edition Plug-in

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{855DDD3C-131E-42A8-BCBD-F9581F80CACB}" =

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010

"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

"{97E0EB8D-8A24-47F9-9BFA-C45D65195957}" = Media Gallery

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9C684A01-7F9C-40E7-AF94-BFE24BC89C97}" = XSplit

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate

"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" =

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AADD1C8F-D59F-4D55-A726-768C71A205A8}" = Pinnacle Studio 14

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2

"{ACC2E059-40E9-4464-B18D-C9BDD9A02CED}" = NASCAR® Racing 2003 Season

"{AD3E7141-A22E-40F1-A7A4-55E898AE35E3}" = VAIO Help and Support

"{B03B98E3-2795-48F6-BA33-793BBF5DF685}" = SMI Grabber Device

"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype

"{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default

"{B8548B93-DE2D-4A98-874C-BDC9BFE7E4FF}" = Media Gallery

"{B941F34C-F36A-4A6F-A97C-50B5948E451F}" = VAIO Media plus

"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}" = VAIO Manual

"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" =

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel® Turbo Boost Technology Driver

"{DD88F979-FA58-41AC-980C-A6E1A82B61D9}" = VAIO - Media Gallery

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}" = ArcSoft WebCam Companion 3

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E394CC6D-9F54-41CC-9415-6FFF07885881}" = Garmin WebUpdater

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{E7A1B94F-A981-49B2-868F-DFEA471AB17D}" = ArcSoft TotalMedia Extreme

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F5C372A1-40F3-49DA-A049-F75CDE9177DC}" = Pinnacle Studio Ultimate Collection Plugins

"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center

"{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" =

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR

"{FF1FC66F-536F-46BD-98E3-D8DA127A810E}" = PMB VAIO Edition Guide

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"AIM_7" = AIM 7

"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.15

"Application Manager for VAIO" = Application Manager for VAIO

"Bandicam" = Bandicam

"BandiMPEG1" = Bandisoft MPEG-1 Decoder

"CanonMyPrinter" = Canon My Printer

"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX

"Fences" = Fences

"FYZip" = FYZip 1.00

"HP Photo Creations" = HP Photo Creations

"InstallShield_{270380EB-8812-42E1-8289-53700DB840D2}" = VAIO - PMB VAIO Edition Plug-in

"InstallShield_{FF1FC66F-536F-46BD-98E3-D8DA127A810E}" = VAIO - PMB VAIO Edition Guide

"Knoll Light Factory EZ Studio" = Knoll Light Factory EZ Studio

"Magic Bullet Looks Studio" = Magic Bullet Looks Studio

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000

"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)

"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0

"NAV" = Norton AntiVirus

"NewBlue Art Effects for Windows" = NewBlue Art Effects for Windows

"Office14.SingleImage" = Microsoft Office Home and Student 2010

"Rigs of Rods 0.38.67" = Rigs of Rods 0.38.67

"Score4_is1" = Score4 2.4.0.1

"SoftwareUpdUtility" = Download Updater (AOL LLC)

"SpeedFan" = SpeedFan (remove only)

"splashtop" = VAIO Quick Web Access

"Trapcode 3DStroke Studio" = Trapcode 3DStroke Studio

"Trapcode Particular Studio" = Trapcode Particular Studio

"Trapcode Shine Studio" = Trapcode Shine Studio

"WinLiveSuite" = Windows Live Essentials

"Xvid Video Codec 1.3.2" = Xvid Video Codec

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2735889123-4217074222-2280777062-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

"MusicManager" = Music Manager

"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

[Maniac]

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :OTL
  CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
  CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
  O4 - HKLM..\Run: [] File not found
  @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:42DC4246
  @Alternate Data Stream - 128 bytes -> C:\Windows\SysWow64\zlib.dll:SummaryInformation
  @Alternate Data Stream - 128 bytes -> C:\Windows\SysWow64\zlib.dll:DocumentSummaryInformation
  
  :Commands
  [emptytemp]

  
  

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
  
• Please post the OTL fix log in your next reply.
  

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

[con100]

All processes killed

========== OTL ==========

File C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll not found.

File C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

ADS C:\ProgramData\TEMP:42DC4246 deleted successfully.

ADS C:\Windows\SysWow64\zlib.dll:SummaryInformation deleted successfully.

ADS C:\Windows\SysWow64\zlib.dll:DocumentSummaryInformation deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Connor

->Temp folder emptied: 3381490058 bytes

->Temporary Internet Files folder emptied: 4047217 bytes

->Java cache emptied: 3072745 bytes

->FireFox cache emptied: 119543743 bytes

->Google Chrome cache emptied: 279698693 bytes

->Flash cache emptied: 120284 bytes

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 56475 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Mcx1-CONNOR-VAIO

->Temp folder emptied: 516 bytes

->Temporary Internet Files folder emptied: 600069 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 261346988 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 158428 bytes

RecycleBin emptied: 1817575612 bytes

Total Files Cleaned = 5,596.00 mb

OTL by OldTimer - Version 3.2.39.1 log created on 03172012_152535

Files\Folders moved on Reboot...

C:\Users\Connor\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

[Maniac]

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

• 
  
• Double-click SystemLook.exe to run it.
  
• Copy the content of the following codebox into the main textfield:
  

  :filefind
  *coupon*
  
  :folderfind
  *coupon*
  
  :regfind
  coupon

  
  

• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  

Note: The log can also be found on your Desktop entitled SystemLook.txt

[con100]

SystemLook 30.07.11 by jpshortstuff

Log created at 16:09 on 17/03/2012 by Connor

Administrator - Elevation successful

WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== filefind ==========

Searching for "*coupon*"

C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\COUPON.POC --a---- 50834 bytes [15:53 23/09/2004] [15:53 23/09/2004] 064537069BB8218DCFF613BF53C8D324

C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\DGCOUPON.DPV --a---- 24706 bytes [22:18 14/11/2005] [22:18 14/11/2005] C0CCE6FD80ECC7586237CEBF4AE60FE8

C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\DGCOUPON.XML --a---- 642 bytes [21:04 15/09/2008] [21:04 15/09/2008] 8C36730BF9AE1F78609E512BD5B82A5E

C:\Users\Connor\AppData\Roaming\Microsoft\Windows\Recent\coupons.lnk --a---- 2427 bytes [03:30 17/03/2012] [03:31 17/03/2012] 73C461A89E84513018866475F771D940

C:\Users\Connor\AppData\Roaming\Microsoft\Windows\Recent\coupons1.lnk --a---- 2442 bytes [03:30 17/03/2012] [03:31 17/03/2012] D75E71AF5C399C679E1048C5920DC0FF

C:\Users\Connor\Downloads\couponprinter.exe --a---- 1284232 bytes [02:50 27/11/2011] [02:50 27/11/2011] 302DF6ADE573D3B71E75A953A9F0FCC6

C:\Users\Connor\Pictures\coupons.png --a---- 59873 bytes [03:30 17/03/2012] [03:30 17/03/2012] 555DAC9011110DD4297DA27C6896A93A

C:\Users\Connor\Pictures\coupons1.png --a---- 7525 bytes [03:30 17/03/2012] [03:30 17/03/2012] F4A7B82B5E7605B1E7F52C9E0E4BD408

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0KO0Z2W9\coupon-deals[1].htm --a---- 27270 bytes [15:49 12/02/2012] [15:49 12/02/2012] 519831B209FEC886BF05DD32171D4F2A

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0KO0Z2W9\coupon-deals[1].htm --a---- 27270 bytes [15:49 12/02/2012] [15:49 12/02/2012] 519831B209FEC886BF05DD32171D4F2A

========== folderfind ==========

Searching for "*coupon*"

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons d------ [02:50 27/11/2011]

C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Coupons d------ [02:50 27/11/2011]

========== regfind ==========

Searching for "coupon"

[HKEY_CURRENT_USER\Software\Paint.NET]

"MRU6"="C:\Users\Connor\Pictures\coupons.png"

[HKEY_CURRENT_USER\Software\Paint.NET]

"MRU7"="C:\Users\Connor\Pictures\coupons1.png"

[HKEY_USERS\S-1-5-21-2735889123-4217074222-2280777062-1000\Software\Paint.NET]

"MRU6"="C:\Users\Connor\Pictures\coupons.png"

[HKEY_USERS\S-1-5-21-2735889123-4217074222-2280777062-1000\Software\Paint.NET]

"MRU7"="C:\Users\Connor\Pictures\coupons1.png"

-= EOF =-

[Maniac]

How are things there now?

[con100]

Looks like it's gone. The coupon thing doesn't show up on Amazon anymore. I also haven't had that search thing yet. Thanks a lot for your help. If I didn't find this place I probably wouldn't of done anything and just have to deal with the annoying coupon and search thing.

[Maniac]

Glad I could help!

Please run OTL and click on CleanUp/b] button.

Some malware prevention tips here:

http://forums.malwarebytes.org/index.php?showtopic=104379&pid=515983&st=0entry515983

Safe surfing!

[Maurice Naggar]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!