Jump to content

Having problems removing MyStart from Google Chrome


Recommended Posts

I have looked over some of the solutions to getting rid of MYStart and ran them. Worked fine on IE and FF, but Google Chrome still has the problem. GC is also the search engine that it was downloaded in. Any help would be greatly appraciated.

B

Link to post
Share on other sites

Hello FOM05 and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Link to post
Share on other sites

<p> </p>

<div>OTL logfile created on: 5/19/2012 5:26:26 PM - Run 3</div>

<div>OTL by OldTimer - Version 3.2.43.0     Folder = C:\Users\Fries\Downloads</div>

<div>Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation</div>

<div>Internet Explorer (Version = 7.0.6001.18000)</div>

<div>Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy</div>

<div> </div>

<div>2.97 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 50.44% Memory free</div>

<div>6.13 Gb Paging File | 3.97 Gb Available in Paging File | 64.83% Paging File free</div>

<div>Paging file location(s): ?:\pagefile.sys [binary data]</div>

<div> </div>

<div>%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files</div>

<div>Drive C: | 167.25 Gb Total Space | 54.79 Gb Free Space | 32.76% Space Free | Partition Type: NTFS</div>

<div>Drive D: | 55.52 Gb Total Space | 50.69 Gb Free Space | 91.29% Space Free | Partition Type: NTFS</div>

<div>Drive E: | 10.00 Gb Total Space | 2.37 Gb Free Space | 23.70% Space Free | Partition Type: NTFS</div>

<div> </div>

<div>Computer Name: FRIES-PC | User Name: Fries | Logged in as Administrator.</div>

<div>Boot Mode: Normal | Scan Mode: All users | Quick Scan</div>

<div>Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days</div>

<div> </div>

<div>========== Processes (SafeList) ==========</div>

<div> </div>

<div>PRC - [2012/05/17 15:53:47 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Fries\Downloads\OTL.exe</div>

<div>PRC - [2012/05/08 23:04:54 | 001,240,048 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe</div>

<div>PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe</div>

<div>PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe</div>

<div>PRC - [2012/03/27 19:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\6.2.0.9\ccSvcHst.exe</div>

<div>PRC - [2012/01/14 13:23:03 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe</div>

<div>PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe</div>

<div>PRC - [2011/03/03 20:52:00 | 003,410,576 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe</div>

<div>PRC - [2011/03/03 20:52:00 | 000,948,880 | R--- | M] (Carbonite, Inc.) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe</div>

<div>PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe</div>

<div>PRC - [2010/08/25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac</div>

<div>PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe</div>

<div>PRC - [2009/04/07 09:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe</div>

<div>PRC - [2009/03/20 01:24:52 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe</div>

<div>PRC - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe</div>

<div>PRC - [2009/01/26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe</div>

<div>PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe</div>

<div>PRC - [2008/12/09 09:32:06 | 000,055,120 | ---- | M] (NewSoft Technology Corporation) -- C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.exe</div>

<div>PRC - [2008/11/03 15:21:18 | 000,030,544 | ---- | M] (NewSoft Technology Corporation) -- C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe</div>

<div>PRC - [2008/08/19 02:19:40 | 006,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe</div>

<div>PRC - [2008/08/19 02:19:38 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe</div>

<div>PRC - [2008/07/20 17:45:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe</div>

<div>PRC - [2008/07/20 17:45:06 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe</div>

<div>PRC - [2008/05/24 14:34:28 | 000,026,448 | ---- | M] (NewSoft Technology Corporation) -- C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe</div>

<div>PRC - [2008/05/23 14:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe</div>

<div>PRC - [2007/02/13 18:57:06 | 002,655,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe</div>

<div>PRC - [2006/10/31 10:32:09 | 000,194,240 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe</div>

<div>PRC - [2005/03/18 19:17:02 | 000,098,304 | R--- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe</div>

<div>PRC - [2005/03/16 13:32:48 | 000,397,312 | R--- | M] () -- C:\Windows\System32\zshp1020.exe</div>

<div> </div>

<div> </div>

<div>========== Modules (No Company Name) ==========</div>

<div> </div>

<div>MOD - [2012/05/08 23:04:52 | 000,441,840 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\19.0.1084.46\ppgooglenaclpluginchrome.dll</div>

<div>MOD - [2012/05/08 23:04:51 | 003,921,904 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\19.0.1084.46\pdf.dll</div>

<div>MOD - [2012/05/08 23:03:25 | 000,134,656 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\19.0.1084.46\avutil-51.dll</div>

<div>MOD - [2012/05/08 23:03:24 | 000,250,368 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\19.0.1084.46\avformat-54.dll</div>

<div>MOD - [2012/05/08 23:03:23 | 002,375,680 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\19.0.1084.46\avcodec-54.dll</div>

<div>MOD - [2012/05/02 22:10:20 | 004,050,944 | ---- | M] () -- C:\Users\Fries\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.0.2\libGLESv2.dll</div>

<div>MOD - [2012/05/02 22:10:20 | 000,100,864 | ---- | M] () -- C:\Users\Fries\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.0.2\libEGL.dll</div>

<div>MOD - [2012/01/14 13:23:02 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll</div>

<div>MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll</div>

<div>MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll</div>

<div>MOD - [2011/07/31 14:16:25 | 006,271,648 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll</div>

<div>MOD - [2011/05/28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll</div>

<div>MOD - [2009/03/12 15:45:32 | 000,135,168 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll</div>

<div>MOD - [2008/11/21 13:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll</div>

<div> </div>

<div> </div>

<div>========== Win32 Services (SafeList) ==========</div>

<div> </div>

<div>SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)</div>

<div>SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)</div>

<div>SRV - [2012/03/27 19:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe -- (N360)</div>

<div>SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)</div>

<div>SRV - [2011/03/03 20:52:00 | 003,410,576 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe -- (CarboniteService)</div>

<div>SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)</div>

<div>SRV - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)</div>

<div>SRV - [2008/08/19 02:19:38 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)</div>

<div>SRV - [2008/07/20 17:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®</div>

<div>SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)</div>

<div>SRV - [2007/02/13 18:57:06 | 002,655,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe -- (Norton Save and Restore)</div>

<div>SRV - [2006/10/31 10:32:09 | 002,541,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)</div>

<div>SRV - [2006/10/31 10:32:09 | 000,194,240 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)</div>

<div> </div>

<div> </div>

<div>========== Driver Services (SafeList) ==========</div>

<div> </div>

<div>DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)</div>

<div>DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)</div>

<div>DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)</div>

<div>DRV - [2012/05/17 05:33:07 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)</div>

<div>DRV - [2012/05/16 15:32:26 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\IPSDefs\20120518.001\IDSvix86.sys -- (IDSVix86)</div>

<div>DRV - [2012/05/16 01:00:00 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20120518.048\NAVEX15.SYS -- (NAVEX15)</div>

<div>DRV - [2012/05/16 01:00:00 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20120518.048\NAVENG.SYS -- (NAVENG)</div>

<div>DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)</div>

<div>DRV - [2012/04/03 21:44:36 | 000,821,880 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\BASHDefs\20120507.001\BHDrvx86.sys -- (BHDrvx86)</div>

<div>DRV - [2012/03/29 02:28:37 | 000,345,208 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\N360\0602000.009\symtdiv.sys -- (SYMTDIv)</div>

<div>DRV - [2012/03/29 02:28:30 | 000,905,336 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\0602010.005\symefa.sys -- (SymEFA)</div>

<div>DRV - [2012/03/29 02:28:25 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\0602010.005\symds.sys -- (SymDS)</div>

<div>DRV - [2012/03/29 02:06:25 | 000,149,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0602010.005\ironx86.sys -- (SymIRON)</div>

<div>DRV - [2012/03/29 02:03:27 | 000,574,072 | R--- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\N360\0602000.009\srtsp.sys -- (SRTSP)</div>

<div>DRV - [2012/03/29 02:03:27 | 000,032,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0602010.005\srtspx.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)</div>

<div>DRV - [2012/02/04 01:05:04 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)</div>

<div>DRV - [2012/02/04 01:05:04 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)</div>

<div>DRV - [2011/11/29 18:44:14 | 000,132,744 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0602010.005\ccsetx86.sys -- (ccSet_N360)</div>

<div>DRV - [2008/08/26 13:55:14 | 000,112,128 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®</div>

<div>DRV - [2008/08/19 03:03:28 | 000,079,960 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID)</div>

<div>DRV - [2008/08/19 03:02:56 | 000,027,648 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\RtNdPt60.sys -- (RtNdPt60)</div>

<div>DRV - [2008/08/19 02:59:30 | 000,122,368 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)</div>

<div>DRV - [2008/01/20 22:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®</div>

<div>DRV - [2007/02/13 19:06:36 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)</div>

<div>DRV - [2007/02/13 18:33:06 | 000,131,944 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\Windows\System32\drivers\symsnap.sys -- (symsnap)</div>

<div>DRV - [2007/02/13 18:33:04 | 000,037,864 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\v2imount.sys -- (v2imount)</div>

<div>DRV - [2007/02/13 18:30:28 | 000,014,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vproeventmonitor.sys -- (VProEventMonitor)</div>

<div>DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)</div>

<div> </div>

<div> </div>

<div>========== Standard Registry (SafeList) ==========</div>

<div> </div>

<div> </div>

<div>========== Internet Explorer ==========</div>

<div> </div>

<div>IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm</div>

<div>IE - HKLM\..\SearchScopes,DefaultScope = </div>

<div>IE - HKLM\..\SearchScopes\{3C3D8634-B5B1-4479-B1C1-ACFEB0C308CD}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&Form=DLSDF7&pc=MDDS&src={referrer:source?}</div>

<div> </div>

<div> </div>

<div>IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = A9 41 DA 12 D8 45 2A 43 AF 7B 2C 23 46 2B 50 0A  [binary data]</div>

<div>IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</div>

<div> </div>

<div>IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = A9 41 DA 12 D8 45 2A 43 AF 7B 2C 23 46 2B 50 0A  [binary data]</div>

<div>IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</div>

<div> </div>

<div>IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = A9 41 DA 12 D8 45 2A 43 AF 7B 2C 23 46 2B 50 0A  [binary data]</div>

<div> </div>

<div>IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = A9 41 DA 12 D8 45 2A 43 AF 7B 2C 23 46 2B 50 0A  [binary data]</div>

<div> </div>

<div>IE - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1</div>

<div>IE - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data over 100 bytes]</div>

<div>IE - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank</div>

<div>IE - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.weather.com/weather/today/Holland+MI+49423</div>

<div>IE - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1</div>

<div>IE - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = A9 41 DA 12 D8 45 2A 43 AF 7B 2C 23 46 2B 50 0A  [binary data]</div>

<div>IE - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}</div>

<div>IE - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\..\SearchScopes\{25D8ABA0-5F45-D212-4914-794A69246E1D}: "URL" = http://stp.startnow.com/s/?q={searchTerms}&src=defsearch&provider=bing&provider_name=bing&provider_code=Z087&partner_id=681&product_id=691&affiliate_id=&channel=137448221&toolbar_id=200&toolbar_version=2.1.0&install_country=US&install_date=20110706&user_guid=CEC1A0D947854B2D82F98CF7204D67CC&machine_id=1347b1185a639bc9b8c9a42a5c22d845&browser=IE&os=win&os_version=6.0-x86-SP1&iesrc={referrer:source}</div>

<div>IE - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\..\SearchScopes\{3C3D8634-B5B1-4479-B1C1-ACFEB0C308CD}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&Form=DLSDF7&pc=MDDS&src={referrer:source?}</div>

<div>IE - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\..\SearchScopes\{6E5D674B-B3A4-411F-AC58-66AD29850D6A}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}</div>

<div>IE - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=retail&geo=US&ver=5</div>

<div>IE - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</div>

<div>IE - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local</div>

<div> </div>

<div>========== FireFox ==========</div>

<div> </div>

<div>FF - prefs.js..browser.search.defaultenginename: ""</div>

<div>FF - prefs.js..browser.search.order.1: ""</div>

<div>FF - prefs.js..browser.search.selectedEngine: ""</div>

<div>FF - prefs.js..keyword.URL: "http://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q="</div>

<div>FF - user.js - File not found</div>

<div> </div>

<div>FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()</div>

<div>FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found</div>

<div>FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()</div>

<div>FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)</div>

<div>FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)</div>

<div>FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)</div>

<div>FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)</div>

<div>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)</div>

<div>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)</div>

<div>FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)</div>

<div> </div>

<div>FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme</div>

<div>FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\IPSFFPlgn\ [2012/05/17 05:38:07 | 000,000,000 | ---D | M]</div>

<div>FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\coFFPlgn\ [2012/05/17 16:30:26 | 000,000,000 | ---D | M]</div>

<div>FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/17 14:13:31 | 000,000,000 | ---D | M]</div>

<div>FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/16 21:37:42 | 000,000,000 | ---D | M]</div>

<div>FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme</div>

<div> </div>

<div>[2011/07/03 11:46:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fries\AppData\Roaming\Mozilla\Extensions</div>

<div>[2012/05/17 15:42:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fries\AppData\Roaming\Mozilla\Firefox\Profiles\pwqvf7pq.default\extensions</div>

<div>[2011/07/30 19:59:14 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Fries\AppData\Roaming\Mozilla\Firefox\Profiles\pwqvf7pq.default\extensions\{052a9fe6-0e61-4fd4-b9aa-02b48fb5016f}</div>

<div>[2011/07/06 12:26:35 | 000,002,293 | ---- | M] () -- C:\Users\Fries\AppData\Roaming\Mozilla\Firefox\Profiles\pwqvf7pq.default\searchplugins\bing-zugo.xml</div>

<div>[2011/08/17 11:09:25 | 000,002,469 | ---- | M] () -- C:\Users\Fries\AppData\Roaming\Mozilla\Firefox\Profiles\pwqvf7pq.default\searchplugins\safesearch.xml</div>

<div>[2012/04/27 10:29:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions</div>

<div>[2012/04/27 10:29:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}</div>

<div>[2012/05/17 05:38:07 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\IPSFFPLGN</div>

<div>[2012/01/14 13:23:03 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll</div>

<div>[2012/04/27 10:28:51 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll</div>

<div>[2011/08/17 16:37:37 | 000,151,552 | ---- | M] (PopCap Games) -- C:\Program Files\mozilla firefox\plugins\nppopcaploader.dll</div>

<div>[2012/01/14 13:23:01 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml</div>

<div>[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old</div>

<div>[2012/05/17 12:49:29 | 000,002,158 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\search.xml</div>

<div>[2012/01/14 13:23:01 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml</div>

<div> </div>

<div>========== Chrome  ==========</div>

<div> </div>

<div>CHR - default_search_provider: Blekko (Enabled)</div>

<div>CHR - default_search_provider: search_url = http://blekko.com/ws/?source=86adbc52&tbp=rbox&toolbarid=blekkotb_soc&u=20120517FA3F43DAA1B65C6BEF9A29DF&q={searchTerms}</div>

<div>CHR - default_search_provider: suggest_url = </div>

<div>CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer</div>

<div>CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.46\ppGoogleNaClPluginChrome.dll</div>

<div>CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.46\pdf.dll</div>

<div>CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.46\gcswf32.dll</div>

<div>CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll</div>

<div>CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll</div>

<div>CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\npSkypeChromePlugin.dll</div>

<div>CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll</div>

<div>CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll</div>

<div>CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll</div>

<div>CHR - plugin: PopCap Games Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppopcaploader.dll</div>

<div>CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll</div>

<div>CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll</div>

<div>CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll</div>

<div>CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll</div>

<div>CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll</div>

<div>CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll</div>

<div>CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll</div>

<div>CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll</div>

<div>CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll</div>

<div>CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll</div>

<div>CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll</div>

<div>CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll</div>

<div>CHR - Extension: Fish Tales = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\abbdnfclkomohljcfokofigmagkpelkg\1.0_0\</div>

<div>CHR - Extension: Prezi = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\acoonfmhnndodekhecidldfdjgooefpg\1.3_0\</div>

<div>CHR - Extension: Angry Birds = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\</div>

<div>CHR - Extension: YouTube = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\</div>

<div>CHR - Extension: Solitaire = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpebaehgfgkcmmjjknibibbjacnplim\1.3.9.3_0\</div>

<div>CHR - Extension: Roller Coaster Creator = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckhihkbbcgehhpibkdcanlmkhhokabde\1_0\</div>

<div>CHR - Extension: FARMERAMA = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\clkfdgnfefjmciocbhnffnbpkjpdleca\1.0.1_0\</div>

<div>CHR - Extension: Google Search = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\</div>

<div>CHR - Extension: Mahjongg = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\eegpopcingfghbompjfejakfeaolmbop\1.0.0.2_0\</div>

<div>CHR - Extension: Christmas Mahjong = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghmebaamjdfjkhaaifophgklodieiflm\1.0.0.1_0\</div>

<div>CHR - Extension: Picnik = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\inmnggcpelemfookhlhkdfbechcdadfp\1.0.6_0\</div>

<div>CHR - Extension: Cargo Bridge = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\keembkgclppcbilkekfgpobhldjjhpmn\1.5.7_0\</div>

<div>CHR - Extension: Gravity Duck = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\khpikpdaalmlcipfphefaajfiofglcma\1.2.0_0\</div>

<div>CHR - Extension: Click to call with Skype = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\</div>

<div>CHR - Extension: Norton Identity Protection = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.3.7_0\</div>

<div>CHR - Extension: Plants vs Zombies = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina\1.0.5_0\</div>

<div>CHR - Extension: Taulf = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohfiojbffhjhiijaedmibodkjnfbgbja\1.1.7.1_0\</div>

<div>CHR - Extension: Gmail = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\</div>

<div> </div>

<div>Hosts file not found</div>

<div>O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)</div>

<div>O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\6.2.0.9\CoIEPlg.dll (Symantec Corporation)</div>

<div>O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\6.2.0.9\IPS\IPSBHO.dll (Symantec Corporation)</div>

<div>O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll File not found</div>

<div>O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)</div>

<div>O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)</div>

<div>O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll File not found</div>

<div>O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\6.2.0.9\CoIEPlg.dll (Symantec Corporation)</div>

<div>O3 - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.</div>

<div>O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)</div>

<div>O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)</div>

<div>O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)</div>

<div>O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )</div>

<div>O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)</div>

<div>O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)</div>

<div>O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)</div>

<div>O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)</div>

<div>O4 - HKLM..\Run: [Norton Save and Restore 2.0] C:\Program Files\Norton Save and Restore\Agent\VProTray.exe (Symantec Corporation)</div>

<div>O4 - HKLM..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe (Hewlett-Packard)</div>

<div>O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)</div>

<div>O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)</div>

<div>O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)</div>

<div>O4 - HKLM..\Run: [WrtMon.exe] C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe (NewSoft Technology Corporation)</div>

<div>O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)</div>

<div>O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)</div>

<div>O4 - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003..\Run: [EPSON WorkForce 610 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFJA.EXE (SEIKO EPSON CORPORATION)</div>

<div>O4 - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003..\Run: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe File not found</div>

<div>O4 - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003..\Run: [PMSpeed] C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.exe (NewSoft Technology Corporation)</div>

<div>O4 - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)</div>

<div>O4 - Startup: C:\Users\Fries\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk =  File not found</div>

<div>O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)</div>

<div>O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)</div>

<div>O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Fries\Desktop\PartyPoker.lnk ()</div>

<div>O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Fries\Desktop\PartyPoker.lnk ()</div>

<div>O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)</div>

<div>O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)</div>

<div>O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)</div>

<div>O13 - gopher Prefix: missing</div>

<div>O15 - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\..Trusted Domains: localhost ([]* in Local intranet)</div>

<div>O16 - DPF: {195B4BBF-E1E4-4020-9773-0A8C6F65EA35} http://games.bigfishgames.com/en_cooking-dash/online/CookingDashWeb.1.0.0.9.cab (CPlayFirstCookingDasControl Object)</div>

<div>O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)</div>

<div>O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)</div>

<div>O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)</div>

<div>O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1</div>

<div>O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0EF78444-1781-43DE-8C04-07B550DE9930}: DhcpNameServer = 192.168.1.1</div>

<div>O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)</div>

<div>O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)</div>

<div>O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)</div>

<div>O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img22.jpg</div>

<div>O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img22.jpg</div>

<div>O32 - HKLM CDRom: AutoRun - 1</div>

<div>O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]</div>

<div>O33 - MountPoints2\{18ea9c1f-ac7e-11e0-8790-0024e802bfde}\Shell - "" = AutoRun</div>

<div>O33 - MountPoints2\{18ea9c1f-ac7e-11e0-8790-0024e802bfde}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL L:\TL-Bootstrap.exe</div>

<div>O34 - HKLM BootExecute: (autocheck autochk *)</div>

<div>O35 - HKLM\..comfile [open] -- "%1" %*</div>

<div>O35 - HKLM\..exefile [open] -- "%1" %*</div>

<div>O37 - HKLM\...com [@ = comfile] -- "%1" %*</div>

<div>O37 - HKLM\...exe [@ = exefile] -- "%1" %*</div>

<div>O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)</div>

<div>O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)</div>

<div> </div>

<div>========== Files/Folders - Created Within 30 Days ==========</div>

<div> </div>

<div>[2012/05/17 15:40:39 | 000,000,000 | ---D | C] -- C:\_OTL</div>

<div>[2012/05/13 03:02:22 | 000,000,000 | -HSD | C] -- C:\Config.Msi</div>

<div>[2012/04/27 10:29:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java</div>

<div>[1 C:\Users\Fries\Desktop\*.tmp files -> C:\Users\Fries\Desktop\*.tmp -> ]</div>

<div> </div>

<div>========== Files - Modified Within 30 Days ==========</div>

<div> </div>

<div>[2012/05/19 16:55:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat</div>

<div>[2012/05/19 10:55:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job</div>

<div>[2012/05/19 10:36:36 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0</div>

<div>[2012/05/19 10:36:36 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0</div>

<div>[2012/05/18 17:55:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cc5237af31225b.job</div>

<div>[2012/05/17 16:35:29 | 000,653,876 | ---- | M] () -- C:\Windows\System32\perfh009.dat</div>

<div>[2012/05/17 16:35:29 | 000,122,330 | ---- | M] () -- C:\Windows\System32\perfc009.dat</div>

<div>[2012/05/17 16:30:14 | 000,000,276 | ---- | M] () -- C:\Windows\tasks\RtlNICDiagVistaStart.job</div>

<div>[2012/05/17 16:30:10 | 3184,496,640 | -HS- | M] () -- C:\hiberfil.sys</div>

<div>[2012/05/17 13:45:11 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk</div>

<div>[2012/05/17 06:44:53 | 000,008,942 | ---- | M] () -- C:\Windows\System32\drivers\N360\0602000.009\VT20120410.034</div>

<div>[2012/05/17 05:36:06 | 000,002,041 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk</div>

<div>[2012/05/17 05:35:56 | 001,868,029 | ---- | M] () -- C:\Windows\System32\drivers\N360\0602000.009\Cat.DB</div>

<div>[2012/05/17 05:33:07 | 000,141,944 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS</div>

<div>[2012/05/17 05:33:07 | 000,007,468 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT</div>

<div>[2012/05/17 05:33:07 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF</div>

<div>[2012/05/16 05:57:57 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk</div>

<div>[2012/05/13 03:45:26 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\N360\0602010.005\isolate.ini</div>

<div>[2012/05/02 17:20:40 | 003,142,965 | ---- | M] () -- C:\Users\Fries\Documents\deColores1.tif</div>

<div>[2012/05/02 16:27:45 | 000,015,872 | ---- | M] () -- C:\Users\Fries\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini</div>

<div>[1 C:\Users\Fries\Desktop\*.tmp files -> C:\Users\Fries\Desktop\*.tmp -> ]</div>

<div> </div>

<div>========== Files Created - No Company Name ==========</div>

<div> </div>

<div>[2012/05/17 13:45:11 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk</div>

<div>[2012/05/02 17:20:39 | 003,142,965 | ---- | C] () -- C:\Users\Fries\Documents\deColores1.tif</div>

<div>[2011/10/11 22:17:53 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll</div>

<div>[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat</div>

<div>[2011/08/18 21:39:02 | 000,000,021 | ---- | C] () -- C:\Windows\CS_SETUP.ini</div>

<div>[2011/08/16 20:02:50 | 011,950,639 | ---- | C] () -- C:\Users\Fries\AppData\Roaming\SMRBackup200.dat</div>

<div>[2011/07/31 07:37:22 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI</div>

<div>[2011/07/30 23:13:59 | 000,015,872 | ---- | C] () -- C:\Users\Fries\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini</div>

<div>[2011/07/23 11:21:47 | 000,010,954 | -HS- | C] () -- C:\Users\Fries\AppData\Local\rxdydebmvxi87736f41</div>

<div>[2011/07/23 08:14:07 | 000,000,112 | ---- | C] () -- C:\ProgramData\RoGPY6CcA.dat</div>

<div>[2011/07/23 04:04:18 | 000,010,954 | -HS- | C] () -- C:\ProgramData\rxdydebmvxi87736f41</div>

<div>[2011/07/22 23:52:52 | 000,008,908 | ---- | C] () -- C:\Users\Fries\AppData\Roaming\39B0.3B9</div>

<div>[2011/07/06 11:11:51 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat</div>

<div>[2011/07/06 11:11:51 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat</div>

<div>[2011/07/06 11:11:51 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat</div>

<div>[2011/07/06 11:11:51 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat</div>

<div>[2011/07/06 11:11:51 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat</div>

<div>[2011/07/06 11:11:51 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat</div>

<div>[2011/07/06 11:11:51 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat</div>

<div>[2011/07/06 11:11:51 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat</div>

<div>[2011/07/06 11:11:51 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat</div>

<div>[2011/07/06 11:11:51 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat</div>

<div>[2011/07/06 11:11:51 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat</div>

<div>[2011/07/06 11:11:51 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat</div>

<div>[2011/07/06 11:11:51 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat</div>

<div>[2011/07/06 11:11:51 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat</div>

<div>[2011/07/06 11:11:51 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat</div>

<div>[2011/07/06 11:11:51 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini</div>

<div>[2011/07/06 11:10:58 | 000,000,090 | ---- | C] () -- C:\Windows\EPWF610.ini</div>

<div>[2011/07/04 13:36:52 | 000,397,312 | R--- | C] () -- C:\Windows\System32\zshp1020.exe</div>

<div>[2011/07/04 13:36:52 | 000,106,496 | R--- | C] () -- C:\Windows\System32\vshp1020.dll</div>

<div>[2011/06/29 17:18:56 | 000,006,756 | ---- | C] () -- C:\Users\Fries\AppData\Local\d3d9caps.dat</div>

<div> </div>

<div>========== LOP Check ==========</div>

<div> </div>

<div>[2012/05/17 16:30:44 | 000,000,000 | ---D | M] -- C:\Users\Fries\AppData\Roaming\.oit</div>

<div>[2011/11/20 22:52:45 | 000,000,000 | ---D | M] -- C:\Users\Fries\AppData\Roaming\Azureus</div>

<div>[2011/07/08 07:36:07 | 000,000,000 | ---D | M] -- C:\Users\Fries\AppData\Roaming\Epson</div>

<div>[2012/02/24 20:17:01 | 000,000,000 | ---D | M] -- C:\Users\Fries\AppData\Roaming\gtk-2.0</div>

<div>[2011/07/06 11:26:42 | 000,000,000 | ---D | M] -- C:\Users\Fries\AppData\Roaming\Leadertech</div>

<div>[2011/11/20 23:05:01 | 000,000,000 | ---D | M] -- C:\Users\Fries\AppData\Roaming\MusicNet</div>

<div>[2012/02/02 12:10:06 | 000,000,000 | ---D | M] -- C:\Users\Fries\AppData\Roaming\Spotify</div>

<div>[2011/06/30 22:22:25 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\.oit</div>

<div>[2011/06/29 20:31:11 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Epson</div>

<div>[2011/07/01 21:32:20 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\FrostWire</div>

<div>[2011/06/29 20:31:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GetRightToGo</div>

<div>[2011/06/29 20:31:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Leadertech</div>

<div>[2011/06/29 20:33:45 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Netgear Live Parental Controls</div>

<div>[2011/07/01 21:33:40 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Research In Motion</div>

<div>[2011/07/01 21:34:20 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\uTorrent</div>

<div>[2012/05/17 16:30:14 | 000,000,276 | ---- | M] () -- C:\Windows\Tasks\RtlNICDiagVistaStart.job</div>

<div>[2012/05/17 16:29:10 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT</div>

<div> </div>

<div>========== Purity Check ==========</div>

<div> </div>

<div> </div>

<div> </div>

<div>========== Alternate Data Streams ==========</div>

<div> </div>

<div>@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:260575F1</div>

<div>@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0AC32449</div>

<div> </div>

<div>< End of report ></div>

<div> </div>

<div>

<div>OTL Extras logfile created on: 5/17/2012 3:10:16 PM - Run 1</div>

<div>OTL by OldTimer - Version 3.2.43.0     Folder = C:\Users\Fries\Downloads</div>

<div>Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation</div>

<div>Internet Explorer (Version = 7.0.6001.18000)</div>

<div>Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy</div>

<div> </div>

<div>2.97 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 43.47% Memory free</div>

<div>6.13 Gb Paging File | 4.38 Gb Available in Paging File | 71.49% Paging File free</div>

<div>Paging file location(s): ?:\pagefile.sys [binary data]</div>

<div> </div>

<div>%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files</div>

<div>Drive C: | 167.25 Gb Total Space | 53.45 Gb Free Space | 31.96% Space Free | Partition Type: NTFS</div>

<div>Drive D: | 55.52 Gb Total Space | 50.69 Gb Free Space | 91.29% Space Free | Partition Type: NTFS</div>

<div>Drive E: | 10.00 Gb Total Space | 2.37 Gb Free Space | 23.70% Space Free | Partition Type: NTFS</div>

<div> </div>

<div>Computer Name: FRIES-PC | User Name: Fries | Logged in as Administrator.</div>

<div>Boot Mode: Normal | Scan Mode: All users | Quick Scan</div>

<div>Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days</div>

<div> </div>

<div>========== Extra Registry (SafeList) ==========</div>

<div> </div>

<div> </div>

<div>========== File Associations ==========</div>

<div> </div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]</div>

<div>.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)</div>

<div>.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)</div>

<div>.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)</div>

<div>.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l</div>

<div> </div>

<div>[HKEY_USERS\S-1-5-21-4068806776-3580623919-1700608804-1003\SOFTWARE\Classes\<extension>]</div>

<div>.html [@ = ChromeHTML] -- Reg Error: Key error. File not found</div>

<div> </div>

<div>========== Shell Spawning ==========</div>

<div> </div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]</div>

<div>batfile [open] -- "%1" %*</div>

<div>cmdfile [open] -- "%1" %*</div>

<div>comfile [open] -- "%1" %*</div>

<div>cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)</div>

<div>exefile [open] -- "%1" %*</div>

<div>helpfile [open] -- Reg Error: Key error.</div>

<div>hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)</div>

<div>http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)</div>

<div>https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)</div>

<div>inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)</div>

<div>InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l</div>

<div>piffile [open] -- "%1" %*</div>

<div>regfile [merge] -- Reg Error: Key error.</div>

<div>scrfile [config] -- "%1"</div>

<div>scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l</div>

<div>scrfile [open] -- "%1" /S</div>

<div>txtfile [edit] -- Reg Error: Key error.</div>

<div>Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1</div>

<div>Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)</div>

<div>Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)</div>

<div>Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)</div>

<div>Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)</div>

<div>Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)</div>

<div> </div>

<div>========== Security Center Settings ==========</div>

<div> </div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]</div>

<div>"cval" = 1</div>

<div> </div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]</div>

<div> </div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]</div>

<div>"AntiVirusOverride" = 0</div>

<div>"AntiSpywareOverride" = 0</div>

<div>"FirewallOverride" = 0</div>

<div>"VistaSp1" = Reg Error: Unknown registry data type -- File not found</div>

<div> </div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]</div>

<div> </div>

<div>========== Firewall Settings ==========</div>

<div> </div>

<div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]</div>

<div>"EnableFirewall" = 0</div>

<div>"DisableNotifications" = 0</div>

<div> </div>

<div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]</div>

<div>"EnableFirewall" = 0</div>

<div>"DisableNotifications" = 0</div>

<div> </div>

<div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]</div>

<div>"EnableFirewall" = 0</div>

<div>"DisableNotifications" = 0</div>

<div> </div>

<div>========== Authorized Applications List ==========</div>

<div> </div>

<div> </div>

<div>========== Vista Active Open Ports Exception List ==========</div>

<div> </div>

<div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]</div>

<div>"{C021E471-7F0A-46D5-A5BB-72CFB626E241}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | </div>

<div> </div>

<div>========== Vista Active Application Exception List ==========</div>

<div> </div>

<div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]</div>

<div>"{037943B2-3946-4002-825C-D3F7503E50DA}" = protocol=6 | dir=in | app=c:\program files\frostwire 5\frostwire.exe | </div>

<div>"{0DC02A08-E69A-4A8A-B531-DD72182736B5}" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | </div>

<div>"{5544960D-EA64-4388-93B0-6FF05D33E01E}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe | </div>

<div>"{5B79B9CB-97D3-45A2-9320-6C8679975221}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | </div>

<div>"{5EB33021-2B58-4076-A5B4-229CB87DBF0F}" = dir=in | app=c:\program files\itunes\itunes.exe | </div>

<div>"{6CCE314C-CAC5-4469-B3DA-F598813FB0EC}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe | </div>

<div>"{6FB01D80-7AC1-4E21-8AA1-1566CAB87C7E}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe | </div>

<div>"{733407E5-0354-4BB9-AABC-FBEA1D9D42D7}" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | </div>

<div>"{752093A9-DEFC-4C59-AAB1-FBEDA87710DB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | </div>

<div>"{833819E8-6C4C-46E2-A22F-2985A85DDC37}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | </div>

<div>"{9E7877AD-71E1-49F7-886F-A69A6190BA72}" = protocol=6 | dir=in | app=c:\program files\microsoft games\halo 2\halo2.exe | </div>

<div>"{9E85C507-B509-4B9A-B051-9CE404771D18}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe | </div>

<div>"{AEE14C75-F17D-4325-8D18-7B321F493E95}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe | </div>

<div>"{B24F78F0-D22A-48C3-8BE7-1FDA3C53DCBE}" = dir=in | app=c:\program files\skype\phone\skype.exe | </div>

<div>"{B4D6F29F-3F0F-4181-8D14-0C92CE8C4F7D}" = protocol=17 | dir=in | app=c:\program files\frostwire 5\frostwire.exe | </div>

<div>"{B6F19156-F38C-4D22-ABD6-B1B56D0D5DAA}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe | </div>

<div>"{C78D7CAE-938F-42DA-8940-6BA64B66C794}" = protocol=17 | dir=in | app=c:\program files\microsoft games\halo 2\halo2.exe | </div>

<div>"{DF6364E8-1EB8-44C7-923B-968516179460}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | </div>

<div>"TCP Query User{9613C429-CBEB-4E5B-8E53-5C9B21929B8C}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | </div>

<div>"UDP Query User{D515B137-19FB-4B75-8318-1584A93B6EB1}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | </div>

<div> </div>

<div>========== HKEY_LOCAL_MACHINE Uninstall List ==========</div>

<div> </div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]</div>

<div>"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR</div>

<div>"{01A1A019-E1D8-482A-BE17-5E118D17C0A0}" = ArcSoft Print Creations - Brochures & Flyers</div>

<div>"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools</div>

<div>"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module</div>

<div>"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant</div>

<div>"{0CA38F52-F0FA-4B9F-8A36-EC8A9609FBBC}" = Halo 2 for Windows Vista</div>

<div>"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility</div>

<div>"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data</div>

<div>"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148</div>

<div>"{1FECF5F8-8E75-432C-9FF7-1C04F1956B54}" = Realtek Ethernet Network Card Diagnostic tool for Windows Vista</div>

<div>"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool</div>

<div>"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31</div>

<div>"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes</div>

<div>"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)</div>

<div>"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager</div>

<div>"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer</div>

<div>"{37F964E4-9C3F-4066-B933-1747D3AC6737}" = Personal Entertainment Launcher</div>

<div>"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile</div>

<div>"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager</div>

<div>"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater</div>

<div>"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace</div>

<div>"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies</div>

<div>"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)</div>

<div>"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime</div>

<div>"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth</div>

<div>"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy</div>

<div>"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3</div>

<div>"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD</div>

<div>"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable</div>

<div>"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable</div>

<div>"{73CD9967-000C-49C6-A900-C87D5B2D253F}" = Presto! PageManager 8.15.01 SE</div>

<div>"{75685CA8-0B74-45BB-9C64-744A0FB79EDC}" = Business Tools Launcher</div>

<div>"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client</div>

<div>"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com</div>

<div>"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour</div>

<div>"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide</div>

<div>"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable</div>

<div>"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio</div>

<div>"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin</div>

<div>"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight</div>

<div>"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)</div>

<div>"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack</div>

<div>"{8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763}" = iMesh</div>

<div>"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007</div>

<div>"{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)</div>

<div>"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007</div>

<div>"{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)</div>

<div>"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007</div>

<div>"{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)</div>

<div>"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007</div>

<div>"{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)</div>

<div>"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007</div>

<div>"{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)</div>

<div>"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007</div>

<div>"{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)</div>

<div>"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007</div>

<div>"{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESSR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)</div>

<div>"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007</div>

<div>"{90120000-001F-0C0A-0000-0000000FF1CE}_SMALLBUSINESSR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)</div>

<div>"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007</div>

<div>"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007</div>

<div>"{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)</div>

<div>"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007</div>

<div>"{90120000-0115-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)</div>

<div>"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager</div>

<div>"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components</div>

<div>"{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007</div>

<div>"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)</div>

<div>"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting</div>

<div>"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161</div>

<div>"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support</div>

<div>"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support</div>

<div>"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper</div>

<div>"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components</div>

<div>"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5</div>

<div>"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)</div>

<div>"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9</div>

<div>"{B0255743-165B-4BD5-8DA8-37DFB993B201}" = Norton Save and Restore</div>

<div>"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2</div>

<div>"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy</div>

<div>"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype</div>

<div>"{B8ABB25D-1E30-4ED7-A3CE-0F8BED439647}" = Product Support Launcher</div>

<div>"{BC66FD90-7BF4-4026-8119-04161D02A2F3}" = ArcSoft Print Creations</div>

<div>"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update</div>

<div>"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE</div>

<div>"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar</div>

<div>"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1</div>

<div>"{DF68383B-A940-4ABD-87FF-1D969F2B938B}" = Dell DataSafe</div>

<div>"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center</div>

<div>"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer</div>

<div>"{EA4741F4-5BEC-4E6C-B5A3-6E4C1F2C68E8}" = CASIO USB Driver V1.4.200.0407</div>

<div>"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver</div>

<div>"{F57D8342-E2E4-46F4-915A-F50817CBCB45}" = ArcSoft Software Suite</div>

<div>"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync</div>

<div>"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022</div>

<div>"7-Zip" = 7-Zip 9.20</div>

<div>"Adobe AIR" = Adobe AIR</div>

<div>"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX</div>

<div>"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin</div>

<div>"BFGC" = Big Fish Games Client</div>

<div>"BFG-Hidden Expedition - Amazon" = Hidden Expedition: Amazon ™</div>

<div>"BFG-Mystery Case Files - Ravenhearst" = Mystery Case Files: Ravenhearst &reg;</div>

<div>"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2</div>

<div>"Carbonite Backup" = Carbonite</div>

<div>"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com</div>

<div>"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver</div>

<div>"EPSON Scanner" = EPSON Scan</div>

<div>"EPSON WorkForce 610 Series" = EPSON WorkForce 610 Series Printer Uninstall</div>

<div>"facetheme" = Facetheme</div>

<div>"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]</div>

<div>"FrostWire 5" = FrostWire 5.3.2</div>

<div>"Google Chrome" = Google Chrome</div>

<div>"Halo 2" = Halo 2 for Windows Vista</div>

<div>"HDMI" = Intel® Graphics Media Accelerator Driver</div>

<div>"HP-LaserJet 1020 series" = LaserJet 1020 series</div>

<div>"iMesh" = iMesh</div>

<div>"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)</div>

<div>"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400</div>

<div>"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1</div>

<div>"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile</div>

<div>"Microsoft SQL Server 2005" = Microsoft SQL Server 2005</div>

<div>"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)</div>

<div>"MSPUB5" = Microsoft Publisher 98</div>

<div>"N360" = Norton 360</div>

<div>"NBRTWizard" = Norton Bootable Recovery Tool Wizard</div>

<div>"OrderReminder HP LaserJet 1020" = OrderReminder HP LaserJet 1020</div>

<div>"PartyPoker" = PartyPoker</div>

<div>"Plants vs. Zombies" = Plants vs. Zombies</div>

<div>"PokerStars.net" = PokerStars.net</div>

<div>"PopCap Browser Plugin" = PopCap Browser Plugin</div>

<div>"SMALLBUSINESSR" = Microsoft Office Small Business 2007</div>

<div>"Verizon V CAST Media Manager" = Verizon V CAST Media Manager</div>

<div>"WinGimp-2.0_is1" = GIMP 2.6.11</div>

<div>"WinRAR archiver" = WinRAR 4.01 (32-bit)</div>

<div>"YTdetect" = Yahoo! Detect</div>

<div> </div>

<div>========== HKEY_USERS Uninstall List ==========</div>

<div> </div>

<div>[HKEY_USERS\S-1-5-21-4068806776-3580623919-1700608804-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]</div>

<div>"Spotify" = Spotify</div>

<div> </div>

<div>========== Last 10 Event Log Errors ==========</div>

<div> </div>

<div>Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!</div>

<div> </div>

<div>< End of report ></div>

<div> </div>

</div>

<div> </div>

Link to post
Share on other sites

Sorry about that. New to this stuff. Thank You

OTL logfile created on: 5/19/2012 5:26:26 PM - Run 3

OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Fries\Downloads

Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6001.18000)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.97 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 50.44% Memory free

6.13 Gb Paging File | 3.97 Gb Available in Paging File | 64.83% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 167.25 Gb Total Space | 54.79 Gb Free Space | 32.76% Space Free | Partition Type: NTFS

Drive D: | 55.52 Gb Total Space | 50.69 Gb Free Space | 91.29% Space Free | Partition Type: NTFS

Drive E: | 10.00 Gb Total Space | 2.37 Gb Free Space | 23.70% Space Free | Partition Type: NTFS

Computer Name: FRIES-PC | User Name: Fries | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/17 15:53:47 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Fries\Downloads\OTL.exe

PRC - [2012/05/08 23:04:54 | 001,240,048 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe

PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012/03/27 19:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\6.2.0.9\ccSvcHst.exe

PRC - [2012/01/14 13:23:03 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011/03/03 20:52:00 | 003,410,576 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe

PRC - [2011/03/03 20:52:00 | 000,948,880 | R--- | M] (Carbonite, Inc.) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe

PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

PRC - [2010/08/25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

PRC - [2009/04/07 09:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe

PRC - [2009/03/20 01:24:52 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

PRC - [2009/01/26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

PRC - [2008/12/09 09:32:06 | 000,055,120 | ---- | M] (NewSoft Technology Corporation) -- C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.exe

PRC - [2008/11/03 15:21:18 | 000,030,544 | ---- | M] (NewSoft Technology Corporation) -- C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe

PRC - [2008/08/19 02:19:40 | 006,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

PRC - [2008/08/19 02:19:38 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe

PRC - [2008/07/20 17:45:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

PRC - [2008/07/20 17:45:06 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

PRC - [2008/05/24 14:34:28 | 000,026,448 | ---- | M] (NewSoft Technology Corporation) -- C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe

PRC - [2008/05/23 14:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

PRC - [2007/02/13 18:57:06 | 002,655,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe

PRC - [2006/10/31 10:32:09 | 000,194,240 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

PRC - [2005/03/18 19:17:02 | 000,098,304 | R--- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe

PRC - [2005/03/16 13:32:48 | 000,397,312 | R--- | M] () -- C:\Windows\System32\zshp1020.exe

========== Modules (No Company Name) ==========

MOD - [2012/05/08 23:04:52 | 000,441,840 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\19.0.1084.46\ppgooglenaclpluginchrome.dll

MOD - [2012/05/08 23:04:51 | 003,921,904 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\19.0.1084.46\pdf.dll

MOD - [2012/05/08 23:03:25 | 000,134,656 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\19.0.1084.46\avutil-51.dll

MOD - [2012/05/08 23:03:24 | 000,250,368 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\19.0.1084.46\avformat-54.dll

MOD - [2012/05/08 23:03:23 | 002,375,680 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\19.0.1084.46\avcodec-54.dll

MOD - [2012/05/02 22:10:20 | 004,050,944 | ---- | M] () -- C:\Users\Fries\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.0.2\libGLESv2.dll

MOD - [2012/05/02 22:10:20 | 000,100,864 | ---- | M] () -- C:\Users\Fries\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.0.2\libEGL.dll

MOD - [2012/01/14 13:23:02 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll

MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2011/07/31 14:16:25 | 006,271,648 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll

MOD - [2011/05/28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll

MOD - [2009/03/12 15:45:32 | 000,135,168 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll

MOD - [2008/11/21 13:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)

SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/03/27 19:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe -- (N360)

SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011/03/03 20:52:00 | 003,410,576 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe -- (CarboniteService)

SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)

SRV - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)

SRV - [2008/08/19 02:19:38 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)

SRV - [2008/07/20 17:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®

SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007/02/13 18:57:06 | 002,655,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe -- (Norton Save and Restore)

SRV - [2006/10/31 10:32:09 | 002,541,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)

SRV - [2006/10/31 10:32:09 | 000,194,240 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - [2012/05/17 05:33:07 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)

DRV - [2012/05/16 15:32:26 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\IPSDefs\20120518.001\IDSvix86.sys -- (IDSVix86)

DRV - [2012/05/16 01:00:00 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20120518.048\NAVEX15.SYS -- (NAVEX15)

DRV - [2012/05/16 01:00:00 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20120518.048\NAVENG.SYS -- (NAVENG)

DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2012/04/03 21:44:36 | 000,821,880 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\BASHDefs\20120507.001\BHDrvx86.sys -- (BHDrvx86)

DRV - [2012/03/29 02:28:37 | 000,345,208 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\N360\0602000.009\symtdiv.sys -- (SYMTDIv)

DRV - [2012/03/29 02:28:30 | 000,905,336 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\0602010.005\symefa.sys -- (SymEFA)

DRV - [2012/03/29 02:28:25 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\0602010.005\symds.sys -- (SymDS)

DRV - [2012/03/29 02:06:25 | 000,149,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0602010.005\ironx86.sys -- (SymIRON)

DRV - [2012/03/29 02:03:27 | 000,574,072 | R--- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\N360\0602000.009\srtsp.sys -- (SRTSP)

DRV - [2012/03/29 02:03:27 | 000,032,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0602010.005\srtspx.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)

DRV - [2012/02/04 01:05:04 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)

DRV - [2012/02/04 01:05:04 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2011/11/29 18:44:14 | 000,132,744 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0602010.005\ccsetx86.sys -- (ccSet_N360)

DRV - [2008/08/26 13:55:14 | 000,112,128 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®

DRV - [2008/08/19 03:03:28 | 000,079,960 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID)

DRV - [2008/08/19 03:02:56 | 000,027,648 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\RtNdPt60.sys -- (RtNdPt60)

DRV - [2008/08/19 02:59:30 | 000,122,368 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)

DRV - [2008/01/20 22:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®

DRV - [2007/02/13 19:06:36 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)

DRV - [2007/02/13 18:33:06 | 000,131,944 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\Windows\System32\drivers\symsnap.sys -- (symsnap)

DRV - [2007/02/13 18:33:04 | 000,037,864 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\v2imount.sys -- (v2imount)

DRV - [2007/02/13 18:30:28 | 000,014,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vproeventmonitor.sys -- (VProEventMonitor)

DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{3C3D8634-B5B1-4479-B1C1-ACFEB0C308CD}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&Form=DLSDF7&pc=MDDS&src={referrer:source?}

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = A9 41 DA 12 D8 45 2A 43 AF 7B 2C 23 46 2B 50 0A [binary data]

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = A9 41 DA 12 D8 45 2A 43 AF 7B 2C 23 46 2B 50 0A [binary data]

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = A9 41 DA 12 D8 45 2A 43 AF 7B 2C 23 46 2B 50 0A [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = A9 41 DA 12 D8 45 2A 43 AF 7B 2C 23 46 2B 50 0A [binary data]

IE - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1

IE - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data over 100 bytes]

IE - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.weather.com/weather/today/Holland+MI+49423

IE - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = A9 41 DA 12 D8 45 2A 43 AF 7B 2C 23 46 2B 50 0A [binary data]

IE - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}

IE - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\..\SearchScopes\{25D8ABA0-5F45-D212-4914-794A69246E1D}: "URL" = http://stp.startnow.com/s/?q={searchTerms}&src=defsearch&provider=bing&provider_name=bing&provider_code=Z087&partner_id=681&product_id=691&affiliate_id=&channel=137448221&toolbar_id=200&toolbar_version=2.1.0&install_country=US&install_date=20110706&user_guid=CEC1A0D947854B2D82F98CF7204D67CC&machine_id=1347b1185a639bc9b8c9a42a5c22d845&browser=IE&os=win&os_version=6.0-x86-SP1&iesrc={referrer:source}

IE - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\..\SearchScopes\{3C3D8634-B5B1-4479-B1C1-ACFEB0C308CD}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&Form=DLSDF7&pc=MDDS&src={referrer:source?}

IE - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\..\SearchScopes\{6E5D674B-B3A4-411F-AC58-66AD29850D6A}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}

IE - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=retail&geo=US&ver=5

IE - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""

FF - prefs.js..browser.search.order.1: ""

FF - prefs.js..browser.search.selectedEngine: ""

FF - prefs.js..keyword.URL: "http://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q="

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\IPSFFPlgn\ [2012/05/17 05:38:07 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\coFFPlgn\ [2012/05/17 16:30:26 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/17 14:13:31 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/16 21:37:42 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme

[2011/07/03 11:46:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fries\AppData\Roaming\Mozilla\Extensions

[2012/05/17 15:42:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fries\AppData\Roaming\Mozilla\Firefox\Profiles\pwqvf7pq.default\extensions

[2011/07/30 19:59:14 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Fries\AppData\Roaming\Mozilla\Firefox\Profiles\pwqvf7pq.default\extensions\{052a9fe6-0e61-4fd4-b9aa-02b48fb5016f}

[2011/07/06 12:26:35 | 000,002,293 | ---- | M] () -- C:\Users\Fries\AppData\Roaming\Mozilla\Firefox\Profiles\pwqvf7pq.default\searchplugins\bing-zugo.xml

[2011/08/17 11:09:25 | 000,002,469 | ---- | M] () -- C:\Users\Fries\AppData\Roaming\Mozilla\Firefox\Profiles\pwqvf7pq.default\searchplugins\safesearch.xml

[2012/04/27 10:29:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2012/04/27 10:29:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}

[2012/05/17 05:38:07 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\IPSFFPLGN

[2012/01/14 13:23:03 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012/04/27 10:28:51 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2011/08/17 16:37:37 | 000,151,552 | ---- | M] (PopCap Games) -- C:\Program Files\mozilla firefox\plugins\nppopcaploader.dll

[2012/01/14 13:23:01 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old

[2012/05/17 12:49:29 | 000,002,158 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\search.xml

[2012/01/14 13:23:01 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Blekko (Enabled)

CHR - default_search_provider: search_url = http://blekko.com/ws/?source=86adbc52&tbp=rbox&toolbarid=blekkotb_soc&u=20120517FA3F43DAA1B65C6BEF9A29DF&q={searchTerms}

CHR - default_search_provider: suggest_url =

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.46\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.46\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.46\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\npSkypeChromePlugin.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll

CHR - plugin: PopCap Games Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppopcaploader.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - Extension: Fish Tales = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\abbdnfclkomohljcfokofigmagkpelkg\1.0_0\

CHR - Extension: Prezi = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\acoonfmhnndodekhecidldfdjgooefpg\1.3_0\

CHR - Extension: Angry Birds = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\

CHR - Extension: YouTube = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Solitaire = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpebaehgfgkcmmjjknibibbjacnplim\1.3.9.3_0\

CHR - Extension: Roller Coaster Creator = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckhihkbbcgehhpibkdcanlmkhhokabde\1_0\

CHR - Extension: FARMERAMA = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\clkfdgnfefjmciocbhnffnbpkjpdleca\1.0.1_0\

CHR - Extension: Google Search = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: Mahjongg = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\eegpopcingfghbompjfejakfeaolmbop\1.0.0.2_0\

CHR - Extension: Christmas Mahjong = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghmebaamjdfjkhaaifophgklodieiflm\1.0.0.1_0\

CHR - Extension: Picnik = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\inmnggcpelemfookhlhkdfbechcdadfp\1.0.6_0\

CHR - Extension: Cargo Bridge = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\keembkgclppcbilkekfgpobhldjjhpmn\1.5.7_0\

CHR - Extension: Gravity Duck = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\khpikpdaalmlcipfphefaajfiofglcma\1.2.0_0\

CHR - Extension: Click to call with Skype = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\

CHR - Extension: Norton Identity Protection = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.3.7_0\

CHR - Extension: Plants vs Zombies = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina\1.0.5_0\

CHR - Extension: Taulf = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohfiojbffhjhiijaedmibodkjnfbgbja\1.1.7.1_0\

CHR - Extension: Gmail = C:\Users\Fries\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

Hosts file not found

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\6.2.0.9\CoIEPlg.dll (Symantec Corporation)

O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\6.2.0.9\IPS\IPSBHO.dll (Symantec Corporation)

O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll File not found

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll File not found

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\6.2.0.9\CoIEPlg.dll (Symantec Corporation)

O3 - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)

O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)

O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )

O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [Norton Save and Restore 2.0] C:\Program Files\Norton Save and Restore\Agent\VProTray.exe (Symantec Corporation)

O4 - HKLM..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe (Hewlett-Packard)

O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [WrtMon.exe] C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe (NewSoft Technology Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003..\Run: [EPSON WorkForce 610 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFJA.EXE (SEIKO EPSON CORPORATION)

O4 - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003..\Run: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe File not found

O4 - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003..\Run: [PMSpeed] C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.exe (NewSoft Technology Corporation)

O4 - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

O4 - Startup: C:\Users\Fries\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk = File not found

O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Fries\Desktop\PartyPoker.lnk ()

O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Fries\Desktop\PartyPoker.lnk ()

O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\..Trusted Domains: localhost ([]* in Local intranet)

O16 - DPF: {195B4BBF-E1E4-4020-9773-0A8C6F65EA35} http://games.bigfishgames.com/en_cooking-dash/online/CookingDashWeb.1.0.0.9.cab (CPlayFirstCookingDasControl Object)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0EF78444-1781-43DE-8C04-07B550DE9930}: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img22.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img22.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{18ea9c1f-ac7e-11e0-8790-0024e802bfde}\Shell - "" = AutoRun

O33 - MountPoints2\{18ea9c1f-ac7e-11e0-8790-0024e802bfde}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL L:\TL-Bootstrap.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/17 15:40:39 | 000,000,000 | ---D | C] -- C:\_OTL

[2012/05/13 03:02:22 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2012/04/27 10:29:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[1 C:\Users\Fries\Desktop\*.tmp files -> C:\Users\Fries\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/19 16:55:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/05/19 10:55:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/05/19 10:36:36 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012/05/19 10:36:36 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012/05/18 17:55:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cc5237af31225b.job

[2012/05/17 16:35:29 | 000,653,876 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012/05/17 16:35:29 | 000,122,330 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012/05/17 16:30:14 | 000,000,276 | ---- | M] () -- C:\Windows\tasks\RtlNICDiagVistaStart.job

[2012/05/17 16:30:10 | 3184,496,640 | -HS- | M] () -- C:\hiberfil.sys

[2012/05/17 13:45:11 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/05/17 06:44:53 | 000,008,942 | ---- | M] () -- C:\Windows\System32\drivers\N360\0602000.009\VT20120410.034

[2012/05/17 05:36:06 | 000,002,041 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk

[2012/05/17 05:35:56 | 001,868,029 | ---- | M] () -- C:\Windows\System32\drivers\N360\0602000.009\Cat.DB

[2012/05/17 05:33:07 | 000,141,944 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS

[2012/05/17 05:33:07 | 000,007,468 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT

[2012/05/17 05:33:07 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF

[2012/05/16 05:57:57 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2012/05/13 03:45:26 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\N360\0602010.005\isolate.ini

[2012/05/02 17:20:40 | 003,142,965 | ---- | M] () -- C:\Users\Fries\Documents\deColores1.tif

[2012/05/02 16:27:45 | 000,015,872 | ---- | M] () -- C:\Users\Fries\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[1 C:\Users\Fries\Desktop\*.tmp files -> C:\Users\Fries\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/17 13:45:11 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/05/02 17:20:39 | 003,142,965 | ---- | C] () -- C:\Users\Fries\Documents\deColores1.tif

[2011/10/11 22:17:53 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll

[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat

[2011/08/18 21:39:02 | 000,000,021 | ---- | C] () -- C:\Windows\CS_SETUP.ini

[2011/08/16 20:02:50 | 011,950,639 | ---- | C] () -- C:\Users\Fries\AppData\Roaming\SMRBackup200.dat

[2011/07/31 07:37:22 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI

[2011/07/30 23:13:59 | 000,015,872 | ---- | C] () -- C:\Users\Fries\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/07/23 11:21:47 | 000,010,954 | -HS- | C] () -- C:\Users\Fries\AppData\Local\rxdydebmvxi87736f41

[2011/07/23 08:14:07 | 000,000,112 | ---- | C] () -- C:\ProgramData\RoGPY6CcA.dat

[2011/07/23 04:04:18 | 000,010,954 | -HS- | C] () -- C:\ProgramData\rxdydebmvxi87736f41

[2011/07/22 23:52:52 | 000,008,908 | ---- | C] () -- C:\Users\Fries\AppData\Roaming\39B0.3B9

[2011/07/06 11:11:51 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat

[2011/07/06 11:11:51 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat

[2011/07/06 11:11:51 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat

[2011/07/06 11:11:51 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat

[2011/07/06 11:11:51 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat

[2011/07/06 11:11:51 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat

[2011/07/06 11:11:51 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat

[2011/07/06 11:11:51 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat

[2011/07/06 11:11:51 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat

[2011/07/06 11:11:51 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat

[2011/07/06 11:11:51 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat

[2011/07/06 11:11:51 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat

[2011/07/06 11:11:51 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat

[2011/07/06 11:11:51 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat

[2011/07/06 11:11:51 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat

[2011/07/06 11:11:51 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini

[2011/07/06 11:10:58 | 000,000,090 | ---- | C] () -- C:\Windows\EPWF610.ini

[2011/07/04 13:36:52 | 000,397,312 | R--- | C] () -- C:\Windows\System32\zshp1020.exe

[2011/07/04 13:36:52 | 000,106,496 | R--- | C] () -- C:\Windows\System32\vshp1020.dll

[2011/06/29 17:18:56 | 000,006,756 | ---- | C] () -- C:\Users\Fries\AppData\Local\d3d9caps.dat

========== LOP Check ==========

[2012/05/17 16:30:44 | 000,000,000 | ---D | M] -- C:\Users\Fries\AppData\Roaming\.oit

[2011/11/20 22:52:45 | 000,000,000 | ---D | M] -- C:\Users\Fries\AppData\Roaming\Azureus

[2011/07/08 07:36:07 | 000,000,000 | ---D | M] -- C:\Users\Fries\AppData\Roaming\Epson

[2012/02/24 20:17:01 | 000,000,000 | ---D | M] -- C:\Users\Fries\AppData\Roaming\gtk-2.0

[2011/07/06 11:26:42 | 000,000,000 | ---D | M] -- C:\Users\Fries\AppData\Roaming\Leadertech

[2011/11/20 23:05:01 | 000,000,000 | ---D | M] -- C:\Users\Fries\AppData\Roaming\MusicNet

[2012/02/02 12:10:06 | 000,000,000 | ---D | M] -- C:\Users\Fries\AppData\Roaming\Spotify

[2011/06/30 22:22:25 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\.oit

[2011/06/29 20:31:11 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Epson

[2011/07/01 21:32:20 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\FrostWire

[2011/06/29 20:31:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GetRightToGo

[2011/06/29 20:31:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Leadertech

[2011/06/29 20:33:45 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Netgear Live Parental Controls

[2011/07/01 21:33:40 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Research In Motion

[2011/07/01 21:34:20 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\uTorrent

[2012/05/17 16:30:14 | 000,000,276 | ---- | M] () -- C:\Windows\Tasks\RtlNICDiagVistaStart.job

[2012/05/17 16:29:10 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:260575F1

@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0AC32449

< End of report >

OTL Extras logfile created on: 5/17/2012 3:10:16 PM - Run 1

OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Fries\Downloads

Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6001.18000)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.97 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 43.47% Memory free

6.13 Gb Paging File | 4.38 Gb Available in Paging File | 71.49% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 167.25 Gb Total Space | 53.45 Gb Free Space | 31.96% Space Free | Partition Type: NTFS

Drive D: | 55.52 Gb Total Space | 50.69 Gb Free Space | 91.29% Space Free | Partition Type: NTFS

Drive E: | 10.00 Gb Total Space | 2.37 Gb Free Space | 23.70% Space Free | Partition Type: NTFS

Computer Name: FRIES-PC | User Name: Fries | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-4068806776-3580623919-1700608804-1003\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{C021E471-7F0A-46D5-A5BB-72CFB626E241}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{037943B2-3946-4002-825C-D3F7503E50DA}" = protocol=6 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |

"{0DC02A08-E69A-4A8A-B531-DD72182736B5}" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |

"{5544960D-EA64-4388-93B0-6FF05D33E01E}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |

"{5B79B9CB-97D3-45A2-9320-6C8679975221}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |

"{5EB33021-2B58-4076-A5B4-229CB87DBF0F}" = dir=in | app=c:\program files\itunes\itunes.exe |

"{6CCE314C-CAC5-4469-B3DA-F598813FB0EC}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |

"{6FB01D80-7AC1-4E21-8AA1-1566CAB87C7E}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |

"{733407E5-0354-4BB9-AABC-FBEA1D9D42D7}" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |

"{752093A9-DEFC-4C59-AAB1-FBEDA87710DB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{833819E8-6C4C-46E2-A22F-2985A85DDC37}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{9E7877AD-71E1-49F7-886F-A69A6190BA72}" = protocol=6 | dir=in | app=c:\program files\microsoft games\halo 2\halo2.exe |

"{9E85C507-B509-4B9A-B051-9CE404771D18}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |

"{AEE14C75-F17D-4325-8D18-7B321F493E95}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |

"{B24F78F0-D22A-48C3-8BE7-1FDA3C53DCBE}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{B4D6F29F-3F0F-4181-8D14-0C92CE8C4F7D}" = protocol=17 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |

"{B6F19156-F38C-4D22-ABD6-B1B56D0D5DAA}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |

"{C78D7CAE-938F-42DA-8940-6BA64B66C794}" = protocol=17 | dir=in | app=c:\program files\microsoft games\halo 2\halo2.exe |

"{DF6364E8-1EB8-44C7-923B-968516179460}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |

"TCP Query User{9613C429-CBEB-4E5B-8E53-5C9B21929B8C}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |

"UDP Query User{D515B137-19FB-4B75-8318-1584A93B6EB1}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR

"{01A1A019-E1D8-482A-BE17-5E118D17C0A0}" = ArcSoft Print Creations - Brochures & Flyers

"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools

"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module

"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant

"{0CA38F52-F0FA-4B9F-8A36-EC8A9609FBBC}" = Halo 2 for Windows Vista

"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility

"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1FECF5F8-8E75-432C-9FF7-1C04F1956B54}" = Realtek Ethernet Network Card Diagnostic tool for Windows Vista

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31

"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes

"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager

"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer

"{37F964E4-9C3F-4066-B933-1747D3AC6737}" = Personal Entertainment Launcher

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace

"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies

"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth

"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{73CD9967-000C-49C6-A900-C87D5B2D253F}" = Presto! PageManager 8.15.01 SE

"{75685CA8-0B74-45BB-9C64-744A0FB79EDC}" = Business Tools Launcher

"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client

"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour

"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide

"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable

"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio

"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack

"{8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763}" = iMesh

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESSR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_SMALLBUSINESSR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components

"{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007

"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support

"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components

"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)

"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9

"{B0255743-165B-4BD5-8DA8-37DFB993B201}" = Norton Save and Restore

"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype

"{B8ABB25D-1E30-4ED7-A3CE-0F8BED439647}" = Product Support Launcher

"{BC66FD90-7BF4-4026-8119-04161D02A2F3}" = ArcSoft Print Creations

"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update

"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE

"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{DF68383B-A940-4ABD-87FF-1D969F2B938B}" = Dell DataSafe

"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center

"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer

"{EA4741F4-5BEC-4E6C-B5A3-6E4C1F2C68E8}" = CASIO USB Driver V1.4.200.0407

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F57D8342-E2E4-46F4-915A-F50817CBCB45}" = ArcSoft Software Suite

"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"7-Zip" = 7-Zip 9.20

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"BFGC" = Big Fish Games Client

"BFG-Hidden Expedition - Amazon" = Hidden Expedition: Amazon ™

"BFG-Mystery Case Files - Ravenhearst" = Mystery Case Files: Ravenhearst ®

"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2

"Carbonite Backup" = Carbonite

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver

"EPSON Scanner" = EPSON Scan

"EPSON WorkForce 610 Series" = EPSON WorkForce 610 Series Printer Uninstall

"facetheme" = Facetheme

"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]

"FrostWire 5" = FrostWire 5.3.2

"Google Chrome" = Google Chrome

"Halo 2" = Halo 2 for Windows Vista

"HDMI" = Intel® Graphics Media Accelerator Driver

"HP-LaserJet 1020 series" = LaserJet 1020 series

"iMesh" = iMesh

"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft SQL Server 2005" = Microsoft SQL Server 2005

"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)

"MSPUB5" = Microsoft Publisher 98

"N360" = Norton 360

"NBRTWizard" = Norton Bootable Recovery Tool Wizard

"OrderReminder HP LaserJet 1020" = OrderReminder HP LaserJet 1020

"PartyPoker" = PartyPoker

"Plants vs. Zombies" = Plants vs. Zombies

"PokerStars.net" = PokerStars.net

"PopCap Browser Plugin" = PopCap Browser Plugin

"SMALLBUSINESSR" = Microsoft Office Small Business 2007

"Verizon V CAST Media Manager" = Verizon V CAST Media Manager

"WinGimp-2.0_is1" = GIMP 2.6.11

"WinRAR archiver" = WinRAR 4.01 (32-bit)

"YTdetect" = Yahoo! Detect

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4068806776-3580623919-1700608804-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Spotify" = Spotify

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report ></key></extension></extension>

Link to post
Share on other sites

That is much better! Thank you! :)

Step 1

I see you are running Teatimer.

I suggest you to disable it because it can interfere with the changes you'll make on your system.

When everything is done and your log is clean again, you can enable it again.

If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

How to disable TeaTimer <== click me for instructions.

After you disabled Teatimer, download ResetTeaTimer.exe to your desktop.

Then run ResetTeaTimer.exe.

This will only take a few seconds.

Step 2

Please uninstall the following applications:

FrostWire 5.3.2 - Because is against our policy. Take a look: here

Facetheme - It is a rogue "Facebook browser plugin" hailing from adurr.com - detected by Microsoft as Adware:Win32/Adkubru .

Step 3

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\..\SearchScopes\{25D8ABA0-5F45-D212-4914-794A69246E1D}: "URL" = http://stp.startnow.com/s/?q={searchTerms}&src=defsearch&provider=bing&provider_name=bing&provider_code=Z087&partner_id=681&product_id=691&affiliate_id=&channel=137448221&toolbar_id=200&toolbar_version=2.1.0&install_country=US&install_date=20110706&user_guid=CEC1A0D947854B2D82F98CF7204D67CC&machine_id=1347b1185a639bc9b8c9a42a5c22d845&browser=IE&os=win&os_version=6.0-x86-SP1&iesrc={referrer:source}
    IE - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=retail&geo=US&ver=5
    FF - prefs.js..browser.search.defaultenginename: ""
    FF - prefs.js..browser.search.order.1: ""
    FF - prefs.js..browser.search.selectedEngine: ""
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme
    [2011/08/17 11:09:25 | 000,002,469 | ---- | M] () -- C:\Users\Fries\AppData\Roaming\Mozilla\Firefox\Profiles\pwqvf7pq.default\searchplugins\safesearch.xml
    [2012/05/17 12:49:29 | 000,002,158 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\search.xml
    CHR - default_search_provider: suggest_url =
    O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll File not found
    O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll File not found
    O3 - HKU\S-1-5-21-4068806776-3580623919-1700608804-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    [2011/11/20 22:52:45 | 000,000,000 | ---D | M] -- C:\Users\Fries\AppData\Roaming\Azureus
    [2011/07/01 21:32:20 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\FrostWire
    [2011/07/01 21:34:20 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\uTorrent
    @Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:260575F1
    @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0AC32449

    :files
    C:\Program Files\StartNow Toolbar
    C:\Program Files\Object

    :Commands
    [emptytemp]
    [clearallrestorepoints]
    [resethosts]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

Link to post
Share on other sites

Here is the last log. I opened Google Chrome before I did this post and it still used MyStart as the first page.

All processes killed

========== OTL ==========

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_USERS\S-1-5-21-4068806776-3580623919-1700608804-1003\Software\Microsoft\Internet Explorer\SearchScopes\{25D8ABA0-5F45-D212-4914-794A69246E1D}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25D8ABA0-5F45-D212-4914-794A69246E1D}\ not found.

Registry key HKEY_USERS\S-1-5-21-4068806776-3580623919-1700608804-1003\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.

Prefs.js: "" removed from browser.search.defaultenginename

Prefs.js: "" removed from browser.search.order.1

Prefs.js: "" removed from browser.search.selectedEngine

File HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme not found.

File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme not found.

C:\Users\Fries\AppData\Roaming\Mozilla\Firefox\Profiles\pwqvf7pq.default\searchplugins\safesearch.xml moved successfully.

C:\Program Files\Mozilla Firefox\searchplugins\search.xml moved successfully.

Unable to fix default_search_provider items.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13D095-45C3-4271-9475-F3B48227DD9F}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5911488E-9D1E-40ec-8CBB-06B231CC153F} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\ deleted successfully.

Registry value HKEY_USERS\S-1-5-21-4068806776-3580623919-1700608804-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.

C:\Users\Fries\AppData\Roaming\Azureus folder moved successfully.

C:\Users\Owner\AppData\Roaming\FrostWire\xml\data folder moved successfully.

C:\Users\Owner\AppData\Roaming\FrostWire\xml folder moved successfully.

C:\Users\Owner\AppData\Roaming\FrostWire\themes\frostwirePro_theme folder moved successfully.

C:\Users\Owner\AppData\Roaming\FrostWire\themes folder moved successfully.

C:\Users\Owner\AppData\Roaming\FrostWire\overlays folder moved successfully.

C:\Users\Owner\AppData\Roaming\FrostWire\image_cache\static.frostwire.com\images\banners folder moved successfully.

C:\Users\Owner\AppData\Roaming\FrostWire\image_cache\static.frostwire.com\images folder moved successfully.

C:\Users\Owner\AppData\Roaming\FrostWire\image_cache\static.frostwire.com folder moved successfully.

C:\Users\Owner\AppData\Roaming\FrostWire\image_cache\farm6.static.flickr.com\5128 folder moved successfully.

C:\Users\Owner\AppData\Roaming\FrostWire\image_cache\farm6.static.flickr.com\5047 folder moved successfully.

C:\Users\Owner\AppData\Roaming\FrostWire\image_cache\farm6.static.flickr.com folder moved successfully.

C:\Users\Owner\AppData\Roaming\FrostWire\image_cache\farm5.static.flickr.com\4147 folder moved successfully.

C:\Users\Owner\AppData\Roaming\FrostWire\image_cache\farm5.static.flickr.com\4089 folder moved successfully.

C:\Users\Owner\AppData\Roaming\FrostWire\image_cache\farm5.static.flickr.com\4084 folder moved successfully.

C:\Users\Owner\AppData\Roaming\FrostWire\image_cache\farm5.static.flickr.com\4055 folder moved successfully.

C:\Users\Owner\AppData\Roaming\FrostWire\image_cache\farm5.static.flickr.com\4047 folder moved successfully.

C:\Users\Owner\AppData\Roaming\FrostWire\image_cache\farm5.static.flickr.com\4028 folder moved successfully.

C:\Users\Owner\AppData\Roaming\FrostWire\image_cache\farm5.static.flickr.com folder moved successfully.

C:\Users\Owner\AppData\Roaming\FrostWire\image_cache\farm2.static.flickr.com\1218 folder moved successfully.

C:\Users\Owner\AppData\Roaming\FrostWire\image_cache\farm2.static.flickr.com\1207 folder moved successfully.

C:\Users\Owner\AppData\Roaming\FrostWire\image_cache\farm2.static.flickr.com folder moved successfully.

C:\Users\Owner\AppData\Roaming\FrostWire\image_cache folder moved successfully.

C:\Users\Owner\AppData\Roaming\FrostWire\azureus\torrents folder moved successfully.

C:\Users\Owner\AppData\Roaming\FrostWire\azureus\tmp folder moved successfully.

C:\Users\Owner\AppData\Roaming\FrostWire\azureus\plugins folder moved successfully.

C:\Users\Owner\AppData\Roaming\FrostWire\azureus\net folder moved successfully.

C:\Users\Owner\AppData\Roaming\FrostWire\azureus\logs\save folder moved successfully.

C:\Users\Owner\AppData\Roaming\FrostWire\azureus\logs folder moved successfully.

C:\Users\Owner\AppData\Roaming\FrostWire\azureus\dht folder moved successfully.

C:\Users\Owner\AppData\Roaming\FrostWire\azureus\active folder moved successfully.

C:\Users\Owner\AppData\Roaming\FrostWire\azureus folder moved successfully.

C:\Users\Owner\AppData\Roaming\FrostWire\.NetworkShare\Incomplete folder moved successfully.

C:\Users\Owner\AppData\Roaming\FrostWire\.NetworkShare folder moved successfully.

C:\Users\Owner\AppData\Roaming\FrostWire\.AppSpecialShare folder moved successfully.

C:\Users\Owner\AppData\Roaming\FrostWire folder moved successfully.

C:\Users\Owner\AppData\Roaming\uTorrent\dlimagecache folder moved successfully.

C:\Users\Owner\AppData\Roaming\uTorrent\apps folder moved successfully.

C:\Users\Owner\AppData\Roaming\uTorrent folder moved successfully.

ADS C:\ProgramData\TEMP:260575F1 deleted successfully.

ADS C:\ProgramData\TEMP:0AC32449 deleted successfully.

========== FILES ==========

File\Folder C:\Program Files\StartNow Toolbar not found.

File\Folder C:\Program Files\Object not found.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Fries

->Temp folder emptied: 254682 bytes

->Temporary Internet Files folder emptied: 83994 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 49174953 bytes

->Google Chrome cache emptied: 369597808 bytes

->Flash cache emptied: 1001 bytes

User: Owner

->Temp folder emptied: 0 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 6544 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 1945908 bytes

Total Files Cleaned = 402.00 mb

Restore point Set: OTL Restore Point

HOSTS file reset successfully

OTL by OldTimer - Version 3.2.43.0 log created on 05222012_184441

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.