[quasarn01]

I'm using Windows 8 and Firefox (latest version) and just recently popups and ads stared occurring. The popups pull up a new window and range from spyware ads to flash update ads... Also, suddenly several words throughout each page are being underlined and when I move past these words, ads pop up associated with that word... This is very annoying and I can't find a solution to stopping either on. Firefox is set to block popups unless I allow them... Any help would be greatly appreciated...

Thanks
Michael

[Advertisements]

Hello, quasarn01 and welcome to GeeksToGo!

You can call me Phel and today I will help you with your trouble.

Please, read these instructions carefully, because they contain some very useful information.

Please, let me know, if you don't understand something. It is really important to understand any instruction. Also, please read all instructions carefully before performing them. Feel free to ask questions, if you aren't sure.

Please, be patient. You should stay here until your computer will become really clean. Malware Removal isn't very fast procedure, it usually has multiple steps, but result should be glad.

Please note, that my answers could come with a slight delay, because they are checked by my teacher.

To start with I need to get some logs. Please, follow these steps:

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

[Phel]

Hello, quasarn01 and welcome to GeeksToGo!

You can call me Phel and today I will help you with your trouble.

Please, read these instructions carefully, because they contain some very useful information.

Please, let me know, if you don't understand something. It is really important to understand any instruction. Also, please read all instructions carefully before performing them. Feel free to ask questions, if you aren't sure.

Please, be patient. You should stay here until your computer will become really clean. Malware Removal isn't very fast procedure, it usually has multiple steps, but result should be glad.

Please note, that my answers could come with a slight delay, because they are checked by my teacher.

To start with I need to get some logs. Please, follow these steps:

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

[quasarn01]

OTL logfile created on: 5 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Michael\Desktop
Professional (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000409 | Country: United States | Language: ENU | Date Format:

2.99 Gb Total Physical Memory | 2.27 Gb Available Physical Memory | 75.95% Memory free
3.49 Gb Paging File | 2.45 Gb Available in Paging File | 70.08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.42 Gb Total Space | 376.39 Gb Free Space | 80.87% Space Free | Partition Type: NTFS
Drive D: | 750.14 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: MICHAEL | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013 (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013 (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2013 (Power Software Ltd) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2013 (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL(1).exe
PRC - [2013 (Microsoft Corporation) -- C:\Windows\System32\taskhostex.exe
PRC - [2013 (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2013 (IvoSoft) -- C:\Program Files\Classic Shell\ClassicStartMenu.exe
PRC - [2013 (IvoSoft) -- C:\Program Files\Classic Shell\ClassicShellService.exe
PRC - [2013 (BitTorrent Inc.) -- C:\Users\Michael\AppData\Roaming\uTorrent\uTorrent.exe
PRC - [2012 (Nitro PDF Software) -- C:\Program Files\Nitro\Pro 8\NitroPDFDriverService8.exe
PRC - [2012 (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012 (Microsoft Corporation) -- C:\Windows\sppsvc.exe
PRC - [2012 (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2012 (Microsoft Corporation) -- C:\Windows\System32\dasHost.exe
PRC - [2012 (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2012 (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2009 (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe


========== Modules (No Company Name) ==========

MOD - [2011 () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010 () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc -- (gupdatem)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /svc -- (gupdate)
SRV - [2013 (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013 (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013 (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013 (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\wlidsvc.dll -- (wlidsvc)
SRV - [2013 (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2013 (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\TimeBrokerServer.dll -- (TimeBroker)
SRV - [2013 (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV - [2013 (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofmsvc.dll -- (netprofm)
SRV - [2013 (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsm.dll -- (LSM)
SRV - [2013 (IvoSoft) [Auto | Running] -- C:\Program Files\Classic Shell\ClassicShellService.exe -- (ClassicShellService)
SRV - [2013 (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012 (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro\Pro 8\NitroPDFDriverService8.exe -- (NitroDriverReadSpool8)
SRV - [2012 (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\WSService.dll -- (WSService)
SRV - [2012 (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wiarpc.dll -- (WiaRpc)
SRV - [2012 (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wcmsvc.dll -- (Wcmsvc)
SRV - [2012 (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicvss)
SRV - [2012 (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmictimesync)
SRV - [2012 (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicshutdown)
SRV - [2012 (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicrdv)
SRV - [2012 (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmickvpexchange)
SRV - [2012 (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicheartbeat)
SRV - [2012 (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\vaultsvc.dll -- (VaultSvc)
SRV - [2012 (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\svsvc.dll -- (svsvc)
SRV - [2012 (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2012 (Microsoft Corporation) [Auto | Running] -- C:\Windows\sppsvc.exe -- (SLSvc)
SRV - [2012 (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2012 (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\spool\drivers\w32x86\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012 (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2012 (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV - [2012 (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\NcaSvc.dll -- (NcaSvc)
SRV - [2012 (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012 (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\keyiso.dll -- (KeyIso)
SRV - [2012 (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\fhsvc.dll -- (fhsvc)
SRV - [2012 (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\efssvc.dll -- (EFS)
SRV - [2012 (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\DeviceSetupManager.dll -- (DsmSvc)
SRV - [2012 (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\das.dll -- (DeviceAssociationService)
SRV - [2012 (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\bisrv.dll -- (BrokerInfrastructure)
SRV - [2012 (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV - [2012 (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV - [2012 (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2012 (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2009 (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)


========== Driver Services (SafeList) ==========

DRV - [2013 (Power Software Ltd) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2013 (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\System32\Drivers\WdFilter.sys -- (WdFilter)
DRV - [2013 (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\WdBoot.sys -- (WdBoot)
DRV - [2013 (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV - [2013 (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV - [2013 (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\tpm.sys -- (TPM)
DRV - [2013 (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\storahci.sys -- (storahci)
DRV - [2013 (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\spaceport.sys -- (spaceport)
DRV - [2013 (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\pdc.sys -- (pdc)
DRV - [2013 (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV - [2013 (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV - [2012 (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV - [2012 (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\Rt630x86.sys -- (RTL8168)
DRV - [2012 (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV - [2012 (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\wpcfltr.sys -- (wpcfltr)
DRV - [2012 (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\winusb.sys -- (WinUsb)
DRV - [2012 (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV - [2012 (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2012 (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\vmbus.sys -- (vmbus)
DRV - [2012 (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\VerifierExt.sys -- (VerifierExt)
DRV - [2012 (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\UCX01000.SYS -- (UCX01000)
DRV - [2012 (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\uaspstor.sys -- (UASPStor)
DRV - [2012 (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2012 (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012 (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\terminpt.sys -- (terminpt)
DRV - [2012 (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\storvsc.sys -- (storvsc)
DRV - [2012 (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\vmstorfl.sys -- (storflt)
DRV - [2012 (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SpbCx.sys -- (SpbCx)
DRV - [2012 (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SerCx.sys -- (SerCx)
DRV - [2012 (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\sdstor.sys -- (sdstor)
DRV - [2012 (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\vms3cap.sys -- (s3cap)
DRV - [2012 (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012 (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\npsvctrig.sys -- (npsvctrig)
DRV - [2012 (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\Drivers\Ndu.sys -- (Ndu)
DRV - [2012 (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV - [2012 (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\mslldp.sys -- (MsLldp)
DRV - [2012 (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\mshidumdf.sys -- (mshidumdf)
DRV - [2012 (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\kdnic.sys -- (kdnic)
DRV - [2012 (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\HyperVideo.sys -- (HyperVideo)
DRV - [2012 (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\hyperkbd.sys -- (hyperkbd)
DRV - [2012 (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\hidi2c.sys -- (hidi2c)
DRV - [2012 (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV - [2012 (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\vmgencounter.sys -- (gencounter)
DRV - [2012 (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\fxppm.sys -- (FxPPM)
DRV - [2012 (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV - [2012 (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\EhStorClass.sys -- (EhStorClass)
DRV - [2012 (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\dmvsc.sys -- (dmvsc)
DRV - [2012 (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\Drivers\dam.sys -- (dam)
DRV - [2012 (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\condrv.sys -- (condrv)
DRV - [2012 (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\cnghwassist.sys -- (cnghwassist)
DRV - [2012 (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\clfs.sys -- (CLFS)
DRV - [2012 (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BthhfHid.sys -- (bthhfhid)
DRV - [2012 (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV - [2012 (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\BasicRender.sys -- (BasicRender)
DRV - [2012 (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV - [2012 (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\acpitime.sys -- (acpitime)
DRV - [2012 (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\acpipagr.sys -- (acpipagr)
DRV - [2012 (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\acpiex.sys -- (acpiex)
DRV - [2012 (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\mvumis.sys -- (mvumis)
DRV - [2012 (LSI) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\3ware.sys -- (3ware)
DRV - [2012 (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV - [2012 (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2012 (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\netwlv32.sys -- (netwlv32)
DRV - [2009 (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007 (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\TVALZ_O.SYS -- (TVALZ)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.foxnews.com"
FF - prefs.js..extensions.enabledAddons: artur.dubovoy%40gmail.com:3.8.7
FF - prefs.js..extensions.enabledAddons: %7Bbee6eb20-01e0-ebd1-da83-080329fb9a3a%7D:1.32
FF - prefs.js..extensions.enabledAddons: %7B82AF8DCA-6DE9-405D-BD5E-43525BDAD38A%7D:6.8.0.12323
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2013
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2013
[2013
[2013
[2013
[2013 () (No name found) -- C:\Users\Michael\AppData\Roaming\mozilla\firefox\profiles\temto84b.default\extensions\[email protected]
[2013
[2013
[2013
[2013
[2013 (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013 () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013 () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - Extension: Broiwse2saVe = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocnpchcbeoggdoifljdpbebcnacelecn\1\
CHR - Extension: continnuetosavve = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\phgipiehcohnegjfffpkggfbmbggjobi\1\

O1 HOSTS File: () - C:\Windows\System32\Drivers\etc\hosts
O2 - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (ClassicIE9BHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
O3 - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Driver Genius] File not found
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (Power Software Ltd)
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Show RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe (IvoSoft)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.0.1 8.8.8.8 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F0F8A4E-29FC-4529-A2C6-7725E929927A}: DhcpNameServer = 10.1.0.1 8.8.8.8 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\WINDOWS\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012 () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010 () - D:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{2465b593-92e8-11e2-afbb-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{2465b593-92e8-11e2-afbb-806e6f6e6963}\Shell\AutoRun\command - "" = D:\SETUP.EXE -- [2010 (Microsoft Corporation)
O33 - MountPoints2\{2465b593-92e8-11e2-afbb-806e6f6e6963}\Shell\configure\command - "" = D:\setup.exe -- [2010 (Microsoft Corporation)
O33 - MountPoints2\{2465b593-92e8-11e2-afbb-806e6f6e6963}\Shell\install\command - "" = D:\setup.exe -- [2010 (Microsoft Corporation)
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = "E:\setup.exe"
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013 (Windows XP Bundled build C-Centric Single User) -- C:\WINDOWS\System32\CSVer.dll
[2013 (Waves Audio Ltd.) -- C:\WINDOWS\System32\WavesLib.dll
[2013 (Waves Audio Ltd.) -- C:\WINDOWS\System32\MaxxAudioEQ.dll
[2013 (Waves Audio Ltd.) -- C:\WINDOWS\System32\MaxxAudioAPO20.dll
[2013 (Waves Audio Ltd.) -- C:\WINDOWS\System32\MaxxAudioAPO.dll
[2013 (SRS Labs, Inc.) -- C:\WINDOWS\System32\SRSWOW.dll
[2013 (SRS Labs, Inc.) -- C:\WINDOWS\System32\SRSTSXT.dll
[2013 (SRS Labs, Inc.) -- C:\WINDOWS\System32\SRSTSHD.dll
[2013 (SRS Labs, Inc.) -- C:\WINDOWS\System32\SRSHP360.dll
[2013 (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioVisualization2.dll
[2013 (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioTransform2.dll
[2013 (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioRecord2.dll
[2013 (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioPlayer2.dll
[2013 (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioInformation2.dll
[2013 (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioEditor2.dll
[2013 (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioDisplay2.dll
[2013 (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioDesign2.dll
[2013 (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL(1).exe
[2013 (Nitro PDF Software) -- C:\WINDOWS\System32\nitrolocalui2.dll
[2013 (Nitro PDF Software) -- C:\WINDOWS\System32\nitrolocalmon2.dll
[2013 (NCT) -- C:\WINDOWS\System32\NCTAudioCDGrabber2.dll
[2013 (NCT Company Ltd.) -- C:\WINDOWS\System32\NCTWMAFile2.dll
[2013 (NCT Company Ltd.) -- C:\WINDOWS\System32\NCTAudioFile2.dll
[2013 (Fortemedia Corporation) -- C:\WINDOWS\System32\FMAPO.dll
[2013 (Dolby Laboratories, Inc.) -- C:\WINDOWS\System32\RP3DHT32.dll
[2013 (Dolby Laboratories, Inc.) -- C:\WINDOWS\System32\RP3DAA32.dll
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Users\Michael\*.tmp files -> C:\Users\Michael\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2018 () -- C:\WINDOWS\System32\slmgr.vbs
[2013 (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL(1).exe
[2013 () -- C:\Users\Michael\Documents\words3.csv
[2013 () -- C:\Users\Michael\Documents\words2.csv
[2013 () -- C:\Users\Michael\Documents\words.csv
[2013 () -- C:\Users\Michael\Desktop\WeatherBug.lnk
[2013 () -- C:\Users\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\WeatherBug.lnk
[2013 () -- C:\Users\Public\Desktop\TurboTax 2012.lnk
[2013 () -- C:\swapfile.sys
[2013 () -- C:\Users\Public\Desktop\Skype.lnk
[2013 () -- C:\Users\Michael\Desktop\Removed Apps.html
[2013 () -- C:\Users\Public\Desktop\PowerISO.lnk
[2013 () -- C:\WINDOWS\System32\perfh009.dat
[2013 () -- C:\WINDOWS\System32\perfc009.dat
[2013 () -- C:\Users\Michael\Documents\OET-Draft-Grit-Report-2-17-13.pdf
[2013 () -- C:\Users\Public\Desktop\Nitro Pro 8.lnk
[2013 () -- C:\Users\Michael\Documents\New Image File.iso
[2013 () -- C:\WINDOWS\System32\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
[2013 () -- C:\WINDOWS\System32\drivers\Msft_User_WpdFs_01_11_00.Wdf
[2013 () -- C:\WINDOWS\System32\drivers\Msft_Kernel_SynTP_01007.Wdf
[2013 () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013 () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2013 () -- C:\Users\Michael\Desktop\Microsoft Fix it.url
[2013 () -- C:\Users\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013 () -- C:\Users\Michael\Documents\kim un.jpg
[2013 () -- C:\Users\Public\Desktop\Jasc Paint Shop Pro 9.lnk
[2013 () -- C:\Users\Michael\Documents\Invoice_1553_from_Atlas_Technology_Group_LLC.pdf
[2013 () -- C:\Users\Michael\Documents\Invoice_130417001039631753.pdf
[2013 () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2013 () -- C:\hiberfil.sys
[2013 () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013 () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013 () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013 () -- C:\Users\Michael\Documents\Enterprise.gif
[2013 () -- C:\Users\Michael\Desktop\Driver Genius.lnk
[2013 () -- C:\WINDOWS\diagwrn.xml
[2013 () -- C:\WINDOWS\diagerr.xml
[2013 () -- C:\Users\Michael\Desktop\cuteftppro.exe - Shortcut.lnk
[2013 () -- C:\Users\Public\Desktop\Canon MX320 series On-screen Manual.lnk
[2013 () -- C:\Users\Public\Desktop\Canon MP Navigator EX 2.1.lnk
[2013 () -- C:\WINDOWS\bootstat.dat
[2013 () -- C:\WINDOWS\tasks\AutoKMS.job
[2013 () -- C:\WINDOWS\AutoKMS.ini
[2013 () -- C:\WINDOWS\AutoKMS.exe
[2013 () -- C:\Users\Michael\Desktop\Audio Editor Deluxe.lnk
[2013 () -- C:\Users\Michael\Desktop\Artisteer 4.lnk
[2013 () -- C:\Users\Michael\Documents\AReceipt_36175159.pdf
[2013 () -- C:\Users\Public\Desktop\Applian FLV and Media Player.lnk
[2013 () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013 () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013 () -- C:\Users\Michael\Documents\138651077-Obama-Birth-Certificate-No-Seal-Alabama-Supreme-Court-Fogbow-Upload-4-24-2013.pdf
[2013 () -- C:\Users\Public\Desktop\µTorrent.lnk
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Users\Michael\*.tmp files -> C:\Users\Michael\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013 () -- C:\Users\Michael\Documents\words3.csv
[2013 () -- C:\Users\Michael\Documents\words2.csv
[2013 () -- C:\Users\Michael\Documents\words.csv
[2013 () -- C:\Users\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013 () -- C:\Users\Michael\Desktop\WeatherBug.lnk
[2013 () -- C:\Users\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\WeatherBug.lnk
[2013 () -- C:\Users\Public\Desktop\TurboTax 2012.lnk
[2013 () -- C:\swapfile.sys
[2013 () -- C:\Users\Public\Desktop\Skype.lnk
[2013 () -- C:\Users\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013 () -- C:\WINDOWS\System32\drivers\RTEQEX0.dat
[2013 () -- C:\Users\Public\Desktop\PowerISO.lnk
[2013 () -- C:\Users\Michael\Documents\OET-Draft-Grit-Report-2-17-13.pdf
[2013 () -- C:\WINDOWS\System32\OEMLicense.dll
[2013 () -- C:\Users\Public\Desktop\Nitro Pro 8.lnk
[2013 () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Pro 8.lnk
[2013 () -- C:\Users\Michael\Documents\New Image File.iso
[2013 () -- C:\WINDOWS\System32\NCTWMAProfiles.prx
[2013 () -- C:\WINDOWS\System32\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
[2013 () -- C:\WINDOWS\System32\drivers\Msft_User_WpdFs_01_11_00.Wdf
[2013 () -- C:\WINDOWS\System32\drivers\Msft_Kernel_SynTP_01007.Wdf
[2013 () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013 () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013 () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2013 () -- C:\Users\Michael\Desktop\Microsoft Fix it.url
[2013 () -- C:\Users\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013 () -- C:\Users\Michael\lametritonus_en.dll
[2013 () -- C:\Users\Michael\lame_enc_en.dll
[2013 () -- C:\Users\Michael\Documents\kim un.jpg
[2013 () -- C:\Users\Public\Desktop\Jasc Paint Shop Pro 9.lnk
[2013 () -- C:\Users\Michael\Documents\Invoice_1553_from_Atlas_Technology_Group_LLC.pdf
[2013 () -- C:\Users\Michael\Documents\Invoice_130417001039631753.pdf
[2013 () -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013 () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013 () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013 () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013 () -- C:\Users\Michael\Documents\Enterprise.gif
[2013 () -- C:\Users\Michael\Desktop\Driver Genius.lnk
[2013 () -- C:\WINDOWS\diagwrn.xml
[2013 () -- C:\WINDOWS\diagerr.xml
[2013 () -- C:\Users\Michael\Desktop\cuteftppro.exe - Shortcut.lnk
[2013 () -- C:\WINDOWS\System32\CNC1736D.TBL
[2013 () -- C:\Users\Public\Desktop\Canon MX320 series On-screen Manual.lnk
[2013 () -- C:\Users\Public\Desktop\Canon MP Navigator EX 2.1.lnk
[2013 () -- C:\WINDOWS\tasks\AutoKMS.job
[2013 () -- C:\WINDOWS\AutoKMS.ini
[2013 () -- C:\WINDOWS\AutoKMS.exe
[2013 () -- C:\Users\Michael\Desktop\Audio Editor Deluxe.lnk
[2013 () -- C:\Users\Michael\Desktop\Artisteer 4.lnk
[2013 () -- C:\Users\Michael\Documents\AReceipt_36175159.pdf
[2013 () -- C:\Users\Public\Desktop\Applian FLV and Media Player.lnk
[2013 () -- C:\WINDOWS\System32\ApnDatabase.xml
[2013 () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013 () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013 () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013 () -- C:\Users\Michael\Documents\138651077-Obama-Birth-Certificate-No-Seal-Alabama-Supreme-Court-Fogbow-Upload-4-24-2013.pdf
[2013 () -- C:\Users\Public\Desktop\µTorrent.lnk
[2012 () -- C:\WINDOWS\System32\WpcNBModel.bin
[2012 () -- C:\WINDOWS\System32\staticurllist.bin
[2012 () -- C:\WINDOWS\System32\srms.dat
[2012 () -- C:\WINDOWS\System32\settings.dat
[2012 () -- C:\WINDOWS\System32\perfi009.dat
[2012 () -- C:\WINDOWS\System32\perfh009.dat
[2012 () -- C:\WINDOWS\System32\perfd009.dat
[2012 () -- C:\WINDOWS\System32\perfc009.dat
[2012 () -- C:\WINDOWS\System32\NOISE.DAT
[2012 () -- C:\WINDOWS\System32\mlang.dat
[2012 () -- C:\WINDOWS\mib.bin
[2012 () -- C:\WINDOWS\System32\dssec.dat
[2012 () -- C:\WINDOWS\System32\BWContextHandler.dll
[2012 () -- C:\WINDOWS\System32\BthpanContextHandler.dll
[2012 () -- C:\WINDOWS\bootstat.dat

========== ZeroAccess Check ==========

[2010 () -- C:\$Recycle.bin\S-1-5-21-2856520543-2365380021-2580953766-1001\$RGY09UN.001\Prefetch\l.reg
[2010 () -- C:\$Recycle.bin\S-1-5-21-2856520543-2365380021-2580953766-1001\$RGY09UN.001\Prefetch\n.reg
[2010 () -- C:\$Recycle.bin\S-1-5-21-2856520543-2365380021-2580953766-1001\$RJ04V3B.000\Prefetch\l.reg
[2010 () -- C:\$Recycle.bin\S-1-5-21-2856520543-2365380021-2580953766-1001\$RJ04V3B.000\Prefetch\n.reg
[2010 () -- C:\$Recycle.bin\S-1-5-21-2856520543-2365380021-2580953766-1001\$RWG92AS.000\Prefetch\l.reg
[2010 () -- C:\$Recycle.bin\S-1-5-21-2856520543-2365380021-2580953766-1001\$RWG92AS.000\Prefetch\n.reg

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012 (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012 (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2012 (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013

========== Purity Check ==========


< End of report >

[quasarn01]

OTL Extras logfile created on: 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Michael\Desktop
Professional (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000409 | Country: United States | Language: ENU | Date Format:

2.99 Gb Total Physical Memory | 2.27 Gb Available Physical Memory | 75.95% Memory free
3.49 Gb Paging File | 2.45 Gb Available in Paging File | 70.08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.42 Gb Total Space | 376.39 Gb Free Space | 80.87% Space Free | Partition Type: NTFS
Drive D: | 750.14 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: MICHAEL | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\WINDOWS\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistApplianMP] -- "C:\Program Files\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithApplianMP] -- "C:\Program Files\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05469589-695F-4595-A1D4-03CA909B4F91}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{07A53AD1-F73C-4E30-99F2-EA09BB19D252}" = lport=445 | protocol=6 | dir=in | app=system |
"{10DB4127-50AC-4F35-965E-82ACCF7D2166}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{17FA4F88-BD06-46F9-9822-3572FBC157D8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1AB9848B-8773-4B8D-8A6A-642DBD6907F6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{21CA61D4-8037-4055-B67E-FCB6E3D7C0BF}" = lport=10243 | protocol=6 | dir=in | app=system |
"{3181052D-356C-4CA4-88C1-CEF72E1C57CE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{35784CD4-5E52-4095-9C04-D2F373BE099D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{3BD4174D-AE24-44B8-9AD0-91A01E5F19C7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3BF21EA2-9039-41D2-BDE1-65896AE92D1B}" = rport=137 | protocol=17 | dir=out | app=system |
"{44DD31BC-4B33-49F1-AB92-E8E4A44B55A7}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service v4\intuitupdateservice.exe |
"{48E14008-5ABE-47C9-98FB-14D50CCBFD5A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4C5AA4DB-7367-4A0D-9523-14718557297B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4F288E5E-8DAD-4C2E-B86F-61414707D0C7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4FAA930A-5065-4A9C-A43A-157823FFD942}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{56822DA7-162E-4F13-B009-AFA5522A4318}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{589E16FA-0DA8-41DC-A4C3-9AD1B260ACAA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5D16BB53-8C0B-4C96-AF2A-9E14BD50CE62}" = lport=138 | protocol=17 | dir=in | app=system |
"{6480F20F-476A-480A-B3BF-B2C8AFF6E4AE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6AFEA2BD-2870-49C7-B81A-4C45D5AD027A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7010F34F-B209-40E5-A396-46FF0C2B1772}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7610DF57-B325-45E2-93DF-AC4961915FFC}" = rport=10243 | protocol=6 | dir=out | app=system |
"{793FD19E-D13E-4F68-80A0-1E84C2DF3BD4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7EA7BA7C-88E7-4F80-8670-5DB12B8D9117}" = lport=139 | protocol=6 | dir=in | app=system |
"{7ED6E58E-D57C-4060-AD00-465589BCDB3A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{82813F69-F3B4-4DAE-9260-36F03764A4E3}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{98414C6A-DDDB-4DA1-8086-B5C9FC4B9B1E}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{9A9000A4-042C-4524-BDA4-6F0404146523}" = rport=2869 | protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9EE903EB-0134-494C-B43B-28B8C793C6AD}" = rport=2869 | protocol=6 | dir=out | app=system |
"{A0243A41-3216-4317-BD8D-661B9CD1F8C0}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{AE1AE5B3-2439-45AE-959F-FCB66DFB7E6C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{AE99C7F2-8B14-4E75-AF5B-8F276F93D9A3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B5E62A89-A480-45CE-9517-50BB50584657}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C0998250-9AC0-437F-956C-EB3830FF061A}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C1C2DB5C-F6E5-4DE9-A5A5-68A06F5B263F}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C8109DB1-EFE1-4995-9AC6-50F9E59AC49A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C979265C-28B9-49B6-AA54-3E61B44C5A8E}" = lport=137 | protocol=17 | dir=in | app=system |
"{D228D597-EF56-4829-8D95-1E99413230B5}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{D23F40C8-F008-4647-82B1-54FF9A571E67}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D8698486-A411-4E0E-8133-47B5989E0762}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service v4\intuitupdater.exe |
"{DFE103BC-0BF6-4B41-8E70-0BA2171DA0BC}" = rport=138 | protocol=17 | dir=out | app=system |
"{E9277AFE-2AEB-402D-AB97-D285B7EC54AF}" = rport=445 | protocol=6 | dir=out | app=system |
"{EB72DA2B-B6AF-48FA-9C26-051862DADF9F}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\dashost.exe |
"{F61A60F1-3D63-483E-BA8D-D793F6DA7268}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06A09F21-E825-4749-AE3F-B8AB9F9400DF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{093E1974-1CCC-438E-BB14-DEB8EA631075}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{09A45DE9-1598-4453-B91B-6D9F322B64C4}" = dir=in | name=@{microsoft.xboxcompanion_1.1.134.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.xboxcompanion/resources/33279} |
"{0AA64747-DC0A-40FF-A90D-810B2129519E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{125A1789-9F2D-4E9A-BA0C-C3A7931FA26F}" = protocol=6 | dir=in | app=c:\users\michael\appdata\roaming\utorrent\utorrent.exe |
"{16B74136-B844-4609-8F64-727AD52FA1E1}" = dir=out | name=@{microsoft.xboxlivegames_1.1.134.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{234A8D76-0C58-42E4-A5BA-3C287EA09552}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{26321407-528C-4A8E-ABC9-D4E3233602B9}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x86__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{2991063A-B6BB-4988-9244-E3C92719557E}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{2A6C110E-7F5B-4B0C-A86B-401295F4933B}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{2B69B59B-A469-4FD9-93F5-A304C2F742E6}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{2F866536-13CF-4A73-828A-BDE26439BA89}" = dir=out | name=@{microsoft.bing_1.5.1.251_x86__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{30185103-34B2-452B-826D-CA5C3D01C6D1}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x86__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{3150E8C2-224E-4AAD-9057-C62E535FB195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3365ED5D-0FED-49D1-A905-C0C218762F4E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{337760C3-A82D-4F50-9515-33C699FA6D4F}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{413E4B20-9E79-49B8-A785-A11C3507D652}" = dir=out | name=@{microsoft.bingsports_1.5.1.249_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{4CE820DF-73FB-4332-94D3-F47AF7B22BF2}" = dir=out | name=@{microsoft.reader_6.2.9200.20523_x86__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{4E975D51-9A24-45A7-AD99-68B6A8671088}" = dir=out | name=@{microsoft.bingweather_1.5.1.245_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{4EFC01B0-D387-4649-95C2-668A5DD966DD}" = dir=out | name=netflix |
"{520B7000-D724-4BE8-B938-5E907C2CFC03}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{55380591-4DA2-41D0-9D69-A6163F9D2DE1}" = dir=out | name=@{microsoft.bingnews_1.5.1.409_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{5F79E035-D58D-4A22-ABF1-8C26091BAF88}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{603E5466-FB6D-4D42-8DFC-75392815BA9F}" = dir=out | name=backgammon pro |
"{65F32B7A-02B0-490D-8114-686BCA8E1DAF}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{683B1590-4A04-4F10-A77D-B1007B915677}" = dir=out | name=@{microsoft.zunevideo_1.1.134.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{69104320-2C5E-4400-8D9F-DCC8400C87DD}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x86__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{6B17FA1A-0095-49F9-B501-2387A44D7DCF}" = protocol=58 | dir=in | [email protected],-148 |
"{6C2E4DF9-A934-4644-981C-A71BDB81F92D}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x86__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{77C2D87D-0E8C-482E-A214-64BC5D93F597}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{77C9AE17-289D-42EC-A24D-3D99EB2A36FD}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x86__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{7980133C-6B6A-4D1F-9E69-5F304CB51C4B}" = dir=in | name=@{microsoft.bing_1.2.0.137_x86__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{7B7A1051-003C-4D31-B15F-E8010B33F6C1}" = dir=out | name=iheartradio |
"{7E2CFA60-A6AC-4DAD-A36C-F0253A6DE16C}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{7FB88E75-3F0E-4000-A94C-A4B1C8923608}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{87EE8B01-AC33-4133-9562-AB5D4CCA1FEB}" = dir=out | name=lyrics |
"{882C82CE-CF8D-4D0A-955E-F3AB6FD7C89C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{8A0DE7CB-35D4-4560-9B75-D63286CBFEE6}" = protocol=58 | dir=in | [email protected],-28545 |
"{8C3DD0E0-9778-4B73-B820-8E7509E57040}" = dir=out | name=@{microsoft.bingtravel_1.5.1.248_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{91DE0224-F909-4F59-9132-FBF3DAE4F80A}" = dir=out | name=bank of america |
"{92AC0696-8E0E-4654-9EE9-1FE785369800}" = dir=out | name=@{microsoft.zunemusic_1.1.139.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{9665BDDC-4729-48CD-9BCE-EBDC8C91EC68}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{969A6BBC-7E15-4D73-9D55-16E2EC2C3BE6}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4396.1016_x86__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{997FB8B1-07C8-4451-8CCA-B970433A4354}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x86__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{99E4A90B-911A-477C-943D-29C78BE02E28}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{9F40A641-78EB-4887-980A-DB9980BB040E}" = dir=out | name=@{microsoft.bingfinance_1.5.1.406_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{A6A7D1BD-1B30-4C46-9860-D9B7BA6D2C31}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A7472A69-BEED-4D32-8B8D-144BB0E7BE36}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{A95E7A87-EC65-452D-9DEF-665FE639FA7A}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{ACB803F8-3D47-46F1-BC23-E4ABC4985231}" = dir=out | name=microsoft solitaire collection |
"{ADF39284-B1E1-4DCA-99AE-4E60C55056AA}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x86__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{B5B83581-F2E5-4465-BEBD-CF842AED1C96}" = dir=in | name=lyrics |
"{BD51F4DA-D7B3-49B6-81DA-8D9FF74F23E9}" = protocol=17 | dir=in | app=c:\users\michael\appdata\roaming\utorrent\utorrent.exe |
"{BDF2B37E-535A-4BC1-B917-3F45FA71514C}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{BF734599-8731-4318-A552-E50A0A19E90D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C280B60E-3912-40C4-A509-E4D529977738}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{C5B93329-9A63-4AC3-A97B-90EF54C3B710}" = dir=out | name=@{microsoft.bing_1.2.0.137_x86__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{CC504272-997A-4417-93F6-9F36FCF2DE03}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CCEFE97A-07DE-4EB4-B081-028395E006FB}" = protocol=1 | dir=in | [email protected],-28543 |
"{DA20FA01-BB1D-4AB8-9758-CAB3A9E637A5}" = dir=out | name=microsoft mahjong |
"{DB7EC70E-AB36-4D0B-93B9-41D86BFEA938}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4396.1016_x86__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{DC0CD1AD-3400-498E-A926-59256EE5AD15}" = protocol=58 | dir=out | [email protected],-28546 |
"{DF36FA2C-566D-4676-944B-2C5A01068BDC}" = dir=out | name=@{microsoft.xboxcompanion_1.1.134.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.xboxcompanion/resources/33279} |
"{E4787359-E011-4CC3-BC7B-FB2F93590351}" = dir=in | name=@{microsoft.reader_6.2.9200.20523_x86__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{E5266103-C4BB-4EBD-B6E4-84A16DB48B0C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E5C0466C-D1CD-4736-9773-35617CA031E3}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{E87C4EB6-6F4C-4E7F-8385-633B5F0CA2DD}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{EBBC0472-4350-46C7-BCE1-16A89561EFC3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EBE1624A-1012-4D3C-BB8E-85DDFE31F6FD}" = protocol=6 | dir=out | app=system |
"{EE4986D7-34DD-470C-BA50-61906B2F98C5}" = protocol=1 | dir=out | [email protected],-28544 |
"{EE530C27-7B12-490E-8468-85AB113E3AAD}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{F60F2DAB-D38F-4A72-B9EF-79F2A5A0CE97}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{FBC0F998-0E21-4C71-9340-82D65AA741F4}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x86__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"TCP Query User{2A59C2CB-E306-4E11-8C32-37F22E8C2C49}C:\windows\kmsemulator.exe" = protocol=6 | dir=in | app=c:\windows\kmsemulator.exe |
"TCP Query User{84144862-4A56-4CEB-9D28-C4F59F55E6C5}C:\program files\advanced ftp password recovery\aftppr.exe" = protocol=6 | dir=in | app=c:\program files\advanced ftp password recovery\aftppr.exe |
"UDP Query User{129143CC-7039-4B8D-B736-BF59408AFC1B}C:\program files\advanced ftp password recovery\aftppr.exe" = protocol=17 | dir=in | app=c:\program files\advanced ftp password recovery\aftppr.exe |
"UDP Query User{77F94B75-A81F-4BCF-9C1E-FCB4E98AD7AA}C:\windows\kmsemulator.exe" = protocol=17 | dir=in | app=c:\windows\kmsemulator.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX320_series" = Canon MX320 series MP Drivers
"{1D1796C4-DCA7-4DD3-A29B-C0AAC1568C72}" = Classic Shell
"{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}" = WeatherBug
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{89EC099E-958D-462E-972C-385591946978}" = TurboTax 2012 WinPerFedFormset
"{8EEAF4C4-FCA7-4558-AF65-CCD3B9AD634D}" = Nitro Pro 8
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7C5B1ECD-FE93-4FB2-A51A-06451BA49969}" =
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{A8B1F076-965D-4663-A9D4-C2FB58A42AE4}" = TurboTax 2012 WinPerTaxSupport
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{E83F5F27-43F3-4163-ABE5-F68C989286ED}" = TurboTax 2012 wrapper
"{ECD07791-9A98-4E16-B350-0D31809E5EBF}" = Advanced Office Password Recovery
"{F014B696-28C5-4554-802F-A15380418F53}" = TurboTax 2012 WinPerReleaseEngine
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F843C6A3-224D-4615-94F8-3C461BD9AEA0}" = Jasc Paint Shop Pro 9
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AI RoboForm" = RoboForm 7-8-2-5 (All Users)
"Applian FLV and Media Player" = Applian FLV and Media Player 3.1.1.12
"Artisteer 4" = Artisteer 4
"Audio Editor Deluxe_is1" = Audio Editor Deluxe v9.5.1
"Driver Genius_is1" = Driver Genius
"HDMI" = Intel® Graphics Media Accelerator Driver
"Mozilla Firefox 20.0.1 (x86 en-US)" = Mozilla Firefox 20.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 2.1" = Canon MP Navigator EX 2.1
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PowerISO" = PowerISO
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TurboTax 2012" = TurboTax 2012
"uTorrent" = µTorrent
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"Word List Expert_is1" = Word List Expert 2.0.1

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 5
Description = Activation context generation failed for "C:\Users\Michael\Documents\wuauclt.exe".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 5
Description = Activation context generation failed for "C:\Users\Michael\Documents\wuauclt.exe".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 5
Description = Activation context generation failed for "C:\Users\Michael\Documents\wuauclt.exe".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 5
Description = Activation context generation failed for "C:\Users\Michael\Documents\wuauclt.exe".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 5
Description = Faulting application name: cuteftppro.exe, version: 8.0.0.0, time
stamp: 0x44da00c9 Faulting module name: cuteftppro.exe, version: 8.0.0.0, time stamp:
0x44da00c9 Exception code: 0xc0000005 Fault offset: 0x000b5ed4 Faulting process id:
0x514 Faulting application start time: 0x01ce497e7b8fb8e9 Faulting application path:
C:\Users\Michael\Downloads\Cute FTP Pro 8.0 Portable\cuteftppro.exe Faulting module
path: C:\Users\Michael\Downloads\Cute FTP Pro 8.0 Portable\cuteftppro.exe Report
Id: c3547bd9-b58c-11e2-afa4-001e3346d295 Faulting package full name: Faulting package-relative
application ID:

Error - 5
Description = Faulting application name: cuteftppro.exe, version: 8.0.0.0, time
stamp: 0x44da00c9 Faulting module name: cuteftppro.exe, version: 8.0.0.0, time stamp:
0x44da00c9 Exception code: 0xc0000005 Fault offset: 0x000b5ed4 Faulting process id:
0x908 Faulting application start time: 0x01ce4aacbeaf0133 Faulting application path:
C:\Users\Michael\Downloads\Cute FTP Pro 8.0 Portable\cuteftppro.exe Faulting module
path: C:\Users\Michael\Downloads\Cute FTP Pro 8.0 Portable\cuteftppro.exe Report
Id: 81ce9be4-b6b9-11e2-afa4-001e3346d295 Faulting package full name: Faulting package-relative
application ID:

Error - 5
Description = Faulting application name: cuteftppro.exe, version: 8.0.0.0, time
stamp: 0x44da00c9 Faulting module name: cuteftppro.exe, version: 8.0.0.0, time stamp:
0x44da00c9 Exception code: 0xc0000005 Fault offset: 0x000b5ed4 Faulting process id:
0x16f0 Faulting application start time: 0x01ce4b8623487c64 Faulting application path:
C:\Users\Michael\Downloads\Cute FTP Pro 8.0 Portable\cuteftppro.exe Faulting module
path: C:\Users\Michael\Downloads\Cute FTP Pro 8.0 Portable\cuteftppro.exe Report
Id: a43929b4-b77d-11e2-afa4-001e3346d295 Faulting package full name: Faulting package-relative
application ID:

Error - 5
Description = Faulting application name: cuteftppro.exe, version: 8.0.0.0, time
stamp: 0x44da00c9 Faulting module name: cuteftppro.exe, version: 8.0.0.0, time stamp:
0x44da00c9 Exception code: 0xc0000005 Fault offset: 0x000b5ed4 Faulting process id:
0xbd0 Faulting application start time: 0x01ce4bc349c65f03 Faulting application path:
C:\Users\Michael\Downloads\Cute FTP Pro 8.0 Portable\cuteftppro.exe Faulting module
path: C:\Users\Michael\Downloads\Cute FTP Pro 8.0 Portable\cuteftppro.exe Report
Id: 41a1d349-b7b7-11e2-afa4-001e3346d295 Faulting package full name: Faulting package-relative
application ID:

Error - 5
Description = Faulting application name: cuteftppro.exe, version: 8.0.0.0, time
stamp: 0x44da00c9 Faulting module name: cuteftppro.exe, version: 8.0.0.0, time stamp:
0x44da00c9 Exception code: 0xc0000005 Fault offset: 0x000b5ed4 Faulting process id:
0x12bc Faulting application start time: 0x01ce4cfbf6a1daf5 Faulting application path:
C:\Users\Michael\Downloads\Cute FTP Pro 8.0 Portable\cuteftppro.exe Faulting module
path: C:\Users\Michael\Downloads\Cute FTP Pro 8.0 Portable\cuteftppro.exe Report
Id: 3f339736-b90e-11e2-afa5-001e3346d295 Faulting package full name: Faulting package-relative
application ID:

Error - 5
Description = Faulting application name: cuteftppro.exe, version: 8.0.0.0, time
stamp: 0x44da00c9 Faulting module name: cuteftppro.exe, version: 8.0.0.0, time stamp:
0x44da00c9 Exception code: 0xc0000005 Fault offset: 0x000b5ed4 Faulting process id:
0x173c Faulting application start time: 0x01ce4da1bb02eb86 Faulting application path:
C:\Users\Michael\Downloads\Cute FTP Pro 8.0 Portable\cuteftppro.exe Faulting module
path: C:\Users\Michael\Downloads\Cute FTP Pro 8.0 Portable\cuteftppro.exe Report
Id: 5308fb9b-b9a7-11e2-afa5-001e3346d295 Faulting package full name: Faulting package-relative
application ID:

[ System Events ]
Error - 4
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.6.136. The computer with the IP address 192.168.6.87 did
not allow the name to be claimed by this computer.

Error - 4
Description =

Error - 4
Description =

Error - 4
Description =

Error - 4
Description =

Error - 4
Description =

Error - 4
Description =

Error - 4
Description =

Error - 5
Description = The Windows Defender Service service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 5
Description = The Skype C2C Service service terminated unexpectedly. It has done
this 1 time(s).


< End of report >

[Phel]

Hello,

Is the date on your computer showing properly?

Please, follow these steps:

Step 1. Uninstall Chrome extension.

• Launch your Google Chrome browser.
• In the address bar type the following:
  
  chrome:extensions
  
• Extension list will appear.
• Find there Broiwse2saVe and continnuetosavve extensions.
• Click on the recycle bin icon near them (uninstall them).
• Restart your browser.

Step 2. Uninstalling programs.

• Open Start menu.
• Click on Control Panel.
• Click on Programs and Features. New window should appear.
• Uninstall these programs one by one, selecting each program and clicking Uninstall button.

Programs to uninstall:

• WeatherBug

Step 3. AdwCleaner scan.

• Please, download AdwCleaner from here to your Desktop.
• Right click on adwcleaner.exe file on your Desktop->Run as Administrator.
• Adwcleaner window should appear.
• Click on the Delete button.
• Click on OK.
• Computer will be rebooted automatically, when program will finish it's job.
• After fix Notepad window with report should appear. Post the contents of the report in your next message.

Step 4. OTL scan.

• Open OTL again.
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open notepad window - OTL.Txt. This is saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of this file, one at a time and post them in your topic.

So, please, don't forget to post in your next message:

• AdwCleaner's log
• OTL's log

[quasarn01]

Yes, date is showing good... However, just letting you know that I must've uninstalled Chrome at an earlier date and some remnants may have been left behind. I could find no reference to it other than the ...users/my name/app data/one of the roaming directories/google/chrome.... I deleted that directory... Then I followed the rest of your directions...
*****************************************************************************************
# AdwCleaner v2.300 - Logfile created 05/11/2013 at 11:37:16
# Updated 28/04/2013 by Xplode
# Operating system : Windows 8 Pro (32 bits)
# User : Michael - MICHAEL
# Boot Mode : Normal
# Running from : C:\Users\Michael\Downloads\adwcleaner(1).exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Michael\AppData\Roaming\NCdownloader

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Software

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\temto84b.default\prefs.js

Deleted : user_pref("extensions.516a9c4243414.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...]
Deleted : user_pref("extensions.51858348126b3.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...]

File : C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\hy027qr5.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [2168 octets] - [11/05/2013 11:37:16]

########## EOF - C:\AdwCleaner[S1].txt - [2228 octets] ##########
**************************************************************************

OTL logfile created on: 5 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Michael\Desktop
Professional (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000409 | Country: United States | Language: ENU | Date Format:

2.99 Gb Total Physical Memory | 2.04 Gb Available Physical Memory | 68.15% Memory free
3.49 Gb Paging File | 2.53 Gb Available in Paging File | 72.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.42 Gb Total Space | 376.17 Gb Free Space | 80.82% Space Free | Partition Type: NTFS
Drive D: | 750.14 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: MICHAEL | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013 (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013 (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2013 (Power Software Ltd) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2013 (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL(1).exe
PRC - [2013 (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013 (Microsoft Corporation) -- C:\Windows\System32\taskhostex.exe
PRC - [2013 (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2013 (IvoSoft) -- C:\Program Files\Classic Shell\ClassicStartMenu.exe
PRC - [2013 (IvoSoft) -- C:\Program Files\Classic Shell\ClassicShellService.exe
PRC - [2013 (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe
PRC - [2012 (Nitro PDF Software) -- C:\Program Files\Nitro\Pro 8\NitroPDFDriverService8.exe
PRC - [2012 (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012 (Microsoft Corporation) -- C:\Windows\sppsvc.exe
PRC - [2012 (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2012 (Microsoft Corporation) -- C:\Windows\System32\dasHost.exe
PRC - [2012 (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2012 (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2009 (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe


========== Modules (No Company Name) ==========

MOD - [2013 () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_169.dll
MOD - [2013 () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011 () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010 () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Services (SafeList) ==========

SRV - [2013 (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013 (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013 (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013 (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\wlidsvc.dll -- (wlidsvc)
SRV - [2013 (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2013 (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\TimeBrokerServer.dll -- (TimeBroker)
SRV - [2013 (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV - [2013 (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofmsvc.dll -- (netprofm)
SRV - [2013 (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsm.dll -- (LSM)
SRV - [2013 (IvoSoft) [Auto | Running] -- C:\Program Files\Classic Shell\ClassicShellService.exe -- (ClassicShellService)
SRV - [2013 (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012 (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro\Pro 8\NitroPDFDriverService8.exe -- (NitroDriverReadSpool8)
SRV - [2012 (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\WSService.dll -- (WSService)
SRV - [2012 (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wiarpc.dll -- (WiaRpc)
SRV - [2012 (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wcmsvc.dll -- (Wcmsvc)
SRV - [2012 (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicvss)
SRV - [2012 (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmictimesync)
SRV - [2012 (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicshutdown)
SRV - [2012 (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicrdv)
SRV - [2012 (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmickvpexchange)
SRV - [2012 (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicheartbeat)
SRV - [2012 (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\vaultsvc.dll -- (VaultSvc)
SRV - [2012 (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\svsvc.dll -- (svsvc)
SRV - [2012 (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2012 (Microsoft Corporation) [Auto | Running] -- C:\Windows\sppsvc.exe -- (SLSvc)
SRV - [2012 (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2012 (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\spool\drivers\w32x86\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012 (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2012 (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV - [2012 (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\NcaSvc.dll -- (NcaSvc)
SRV - [2012 (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012 (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\keyiso.dll -- (KeyIso)
SRV - [2012 (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\fhsvc.dll -- (fhsvc)
SRV - [2012 (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\efssvc.dll -- (EFS)
SRV - [2012 (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\DeviceSetupManager.dll -- (DsmSvc)
SRV - [2012 (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\das.dll -- (DeviceAssociationService)
SRV - [2012 (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\bisrv.dll -- (BrokerInfrastructure)
SRV - [2012 (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV - [2012 (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV - [2012 (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2012 (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2009 (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)


========== Driver Services (SafeList) ==========

DRV - [2013 (Power Software Ltd) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2013 (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\System32\Drivers\WdFilter.sys -- (WdFilter)
DRV - [2013 (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\WdBoot.sys -- (WdBoot)
DRV - [2013 (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV - [2013 (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV - [2013 (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\tpm.sys -- (TPM)
DRV - [2013 (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\storahci.sys -- (storahci)
DRV - [2013 (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\spaceport.sys -- (spaceport)
DRV - [2013 (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\pdc.sys -- (pdc)
DRV - [2013 (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV - [2013 (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV - [2012 (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV - [2012 (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\Rt630x86.sys -- (RTL8168)
DRV - [2012 (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV - [2012 (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\wpcfltr.sys -- (wpcfltr)
DRV - [2012 (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\winusb.sys -- (WinUsb)
DRV - [2012 (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV - [2012 (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2012 (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\vmbus.sys -- (vmbus)
DRV - [2012 (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\VerifierExt.sys -- (VerifierExt)
DRV - [2012 (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\UCX01000.SYS -- (UCX01000)
DRV - [2012 (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\uaspstor.sys -- (UASPStor)
DRV - [2012 (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2012 (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012 (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\terminpt.sys -- (terminpt)
DRV - [2012 (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\storvsc.sys -- (storvsc)
DRV - [2012 (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\vmstorfl.sys -- (storflt)
DRV - [2012 (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SpbCx.sys -- (SpbCx)
DRV - [2012 (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SerCx.sys -- (SerCx)
DRV - [2012 (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\sdstor.sys -- (sdstor)
DRV - [2012 (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\vms3cap.sys -- (s3cap)
DRV - [2012 (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012 (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\npsvctrig.sys -- (npsvctrig)
DRV - [2012 (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\Drivers\Ndu.sys -- (Ndu)
DRV - [2012 (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV - [2012 (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\mslldp.sys -- (MsLldp)
DRV - [2012 (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\mshidumdf.sys -- (mshidumdf)
DRV - [2012 (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\kdnic.sys -- (kdnic)
DRV - [2012 (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\HyperVideo.sys -- (HyperVideo)
DRV - [2012 (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\hyperkbd.sys -- (hyperkbd)
DRV - [2012 (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\hidi2c.sys -- (hidi2c)
DRV - [2012 (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV - [2012 (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\vmgencounter.sys -- (gencounter)
DRV - [2012 (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\fxppm.sys -- (FxPPM)
DRV - [2012 (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV - [2012 (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\EhStorClass.sys -- (EhStorClass)
DRV - [2012 (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\dmvsc.sys -- (dmvsc)
DRV - [2012 (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\Drivers\dam.sys -- (dam)
DRV - [2012 (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\condrv.sys -- (condrv)
DRV - [2012 (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\cnghwassist.sys -- (cnghwassist)
DRV - [2012 (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\clfs.sys -- (CLFS)
DRV - [2012 (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BthhfHid.sys -- (bthhfhid)
DRV - [2012 (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV - [2012 (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\BasicRender.sys -- (BasicRender)
DRV - [2012 (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV - [2012 (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\acpitime.sys -- (acpitime)
DRV - [2012 (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\acpipagr.sys -- (acpipagr)
DRV - [2012 (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\acpiex.sys -- (acpiex)
DRV - [2012 (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\mvumis.sys -- (mvumis)
DRV - [2012 (LSI) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\3ware.sys -- (3ware)
DRV - [2012 (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV - [2012 (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2012 (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\netwlv32.sys -- (netwlv32)
DRV - [2009 (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007 (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\TVALZ_O.SYS -- (TVALZ)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.foxnews.com"
FF - prefs.js..extensions.enabledAddons: artur.dubovoy%40gmail.com:3.8.7
FF - prefs.js..extensions.enabledAddons: %7Bbee6eb20-01e0-ebd1-da83-080329fb9a3a%7D:1.32
FF - prefs.js..extensions.enabledAddons: %7B82AF8DCA-6DE9-405D-BD5E-43525BDAD38A%7D:6.8.0.12323
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2013
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2013
[2013
[2013
[2013
[2013 () (No name found) -- C:\Users\Michael\AppData\Roaming\mozilla\firefox\profiles\temto84b.default\extensions\[email protected]
[2013
[2013
[2013
[2013
[2013 (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013 () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013 () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: () - C:\Windows\System32\Drivers\etc\hosts
O2 - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (ClassicIE9BHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
O3 - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Driver Genius] File not found
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (Power Software Ltd)
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Show RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe (IvoSoft)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.0.1 8.8.8.8 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F0F8A4E-29FC-4529-A2C6-7725E929927A}: DhcpNameServer = 10.1.0.1 8.8.8.8 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\WINDOWS\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012 () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010 () - D:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{2465b593-92e8-11e2-afbb-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{2465b593-92e8-11e2-afbb-806e6f6e6963}\Shell\AutoRun\command - "" = D:\SETUP.EXE -- [2010 (Microsoft Corporation)
O33 - MountPoints2\{2465b593-92e8-11e2-afbb-806e6f6e6963}\Shell\configure\command - "" = D:\setup.exe -- [2010 (Microsoft Corporation)
O33 - MountPoints2\{2465b593-92e8-11e2-afbb-806e6f6e6963}\Shell\install\command - "" = D:\setup.exe -- [2010 (Microsoft Corporation)
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = "E:\setup.exe"
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013 (Windows XP Bundled build C-Centric Single User) -- C:\WINDOWS\System32\CSVer.dll
[2013 (Waves Audio Ltd.) -- C:\WINDOWS\System32\WavesLib.dll
[2013 (Waves Audio Ltd.) -- C:\WINDOWS\System32\MaxxAudioEQ.dll
[2013 (Waves Audio Ltd.) -- C:\WINDOWS\System32\MaxxAudioAPO20.dll
[2013 (Waves Audio Ltd.) -- C:\WINDOWS\System32\MaxxAudioAPO.dll
[2013 (SRS Labs, Inc.) -- C:\WINDOWS\System32\SRSWOW.dll
[2013 (SRS Labs, Inc.) -- C:\WINDOWS\System32\SRSTSXT.dll
[2013 (SRS Labs, Inc.) -- C:\WINDOWS\System32\SRSTSHD.dll
[2013 (SRS Labs, Inc.) -- C:\WINDOWS\System32\SRSHP360.dll
[2013 (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioVisualization2.dll
[2013 (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioTransform2.dll
[2013 (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioRecord2.dll
[2013 (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioPlayer2.dll
[2013 (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioInformation2.dll
[2013 (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioEditor2.dll
[2013 (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioDisplay2.dll
[2013 (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioDesign2.dll
[2013 (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL(1).exe
[2013 (Nitro PDF Software) -- C:\WINDOWS\System32\nitrolocalui2.dll
[2013 (Nitro PDF Software) -- C:\WINDOWS\System32\nitrolocalmon2.dll
[2013 (NCT) -- C:\WINDOWS\System32\NCTAudioCDGrabber2.dll
[2013 (NCT Company Ltd.) -- C:\WINDOWS\System32\NCTWMAFile2.dll
[2013 (NCT Company Ltd.) -- C:\WINDOWS\System32\NCTAudioFile2.dll
[2013 (Fortemedia Corporation) -- C:\WINDOWS\System32\FMAPO.dll
[2013 (Dolby Laboratories, Inc.) -- C:\WINDOWS\System32\RP3DHT32.dll
[2013 (Dolby Laboratories, Inc.) -- C:\WINDOWS\System32\RP3DAA32.dll
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Users\Michael\*.tmp files -> C:\Users\Michael\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2018 () -- C:\WINDOWS\System32\slmgr.vbs
[2013 (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL(1).exe
[2013 () -- C:\Users\Michael\Documents\words3.csv
[2013 () -- C:\Users\Michael\Documents\words2.csv
[2013 () -- C:\Users\Michael\Documents\words.csv
[2013 () -- C:\Users\Public\Desktop\TurboTax 2012.lnk
[2013 () -- C:\swapfile.sys
[2013 () -- C:\Users\Public\Desktop\Skype.lnk
[2013 () -- C:\Users\Michael\Desktop\Removed Apps.html
[2013 () -- C:\Users\Public\Desktop\PowerISO.lnk
[2013 () -- C:\WINDOWS\System32\perfh009.dat
[2013 () -- C:\WINDOWS\System32\perfc009.dat
[2013 () -- C:\Users\Michael\Documents\OET-Draft-Grit-Report-2-17-13.pdf
[2013 () -- C:\Users\Public\Desktop\Nitro Pro 8.lnk
[2013 () -- C:\Users\Michael\Documents\New Image File.iso
[2013 () -- C:\WINDOWS\System32\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
[2013 () -- C:\WINDOWS\System32\drivers\Msft_User_WpdFs_01_11_00.Wdf
[2013 () -- C:\WINDOWS\System32\drivers\Msft_Kernel_SynTP_01007.Wdf
[2013 () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013 () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2013 () -- C:\Users\Michael\Desktop\Microsoft Fix it.url
[2013 () -- C:\Users\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013 () -- C:\Users\Michael\Documents\kim un.jpg
[2013 () -- C:\Users\Public\Desktop\Jasc Paint Shop Pro 9.lnk
[2013 () -- C:\Users\Michael\Documents\Invoice_1553_from_Atlas_Technology_Group_LLC.pdf
[2013 () -- C:\Users\Michael\Documents\Invoice_130417001039631753.pdf
[2013 () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2013 () -- C:\hiberfil.sys
[2013 () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013 () -- C:\Users\Michael\Documents\Enterprise.gif
[2013 () -- C:\Users\Michael\Desktop\Driver Genius.lnk
[2013 () -- C:\WINDOWS\diagwrn.xml
[2013 () -- C:\WINDOWS\diagerr.xml
[2013 () -- C:\Users\Michael\Desktop\cuteftppro.exe - Shortcut.lnk
[2013 () -- C:\Users\Public\Desktop\Canon MX320 series On-screen Manual.lnk
[2013 () -- C:\Users\Public\Desktop\Canon MP Navigator EX 2.1.lnk
[2013 () -- C:\WINDOWS\bootstat.dat
[2013 () -- C:\WINDOWS\tasks\AutoKMS.job
[2013 () -- C:\WINDOWS\AutoKMS.ini
[2013 () -- C:\WINDOWS\AutoKMS.exe
[2013 () -- C:\Users\Michael\Desktop\Audio Editor Deluxe.lnk
[2013 () -- C:\Users\Michael\Desktop\Artisteer 4.lnk
[2013 () -- C:\Users\Michael\Documents\AReceipt_36175159.pdf
[2013 () -- C:\Users\Public\Desktop\Applian FLV and Media Player.lnk
[2013 () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013 () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013 () -- C:\Users\Michael\Documents\138651077-Obama-Birth-Certificate-No-Seal-Alabama-Supreme-Court-Fogbow-Upload-4-24-2013.pdf
[2013 () -- C:\Users\Public\Desktop\µTorrent.lnk
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Users\Michael\*.tmp files -> C:\Users\Michael\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013 () -- C:\Users\Michael\Documents\words3.csv
[2013 () -- C:\Users\Michael\Documents\words2.csv
[2013 () -- C:\Users\Michael\Documents\words.csv
[2013 () -- C:\Users\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013 () -- C:\Users\Public\Desktop\TurboTax 2012.lnk
[2013 () -- C:\swapfile.sys
[2013 () -- C:\Users\Public\Desktop\Skype.lnk
[2013 () -- C:\Users\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013 () -- C:\WINDOWS\System32\drivers\RTEQEX0.dat
[2013 () -- C:\Users\Public\Desktop\PowerISO.lnk
[2013 () -- C:\Users\Michael\Documents\OET-Draft-Grit-Report-2-17-13.pdf
[2013 () -- C:\WINDOWS\System32\OEMLicense.dll
[2013 () -- C:\Users\Public\Desktop\Nitro Pro 8.lnk
[2013 () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Pro 8.lnk
[2013 () -- C:\Users\Michael\Documents\New Image File.iso
[2013 () -- C:\WINDOWS\System32\NCTWMAProfiles.prx
[2013 () -- C:\WINDOWS\System32\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
[2013 () -- C:\WINDOWS\System32\drivers\Msft_User_WpdFs_01_11_00.Wdf
[2013 () -- C:\WINDOWS\System32\drivers\Msft_Kernel_SynTP_01007.Wdf
[2013 () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013 () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013 () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2013 () -- C:\Users\Michael\Desktop\Microsoft Fix it.url
[2013 () -- C:\Users\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013 () -- C:\Users\Michael\lametritonus_en.dll
[2013 () -- C:\Users\Michael\lame_enc_en.dll
[2013 () -- C:\Users\Michael\Documents\kim un.jpg
[2013 () -- C:\Users\Public\Desktop\Jasc Paint Shop Pro 9.lnk
[2013 () -- C:\Users\Michael\Documents\Invoice_1553_from_Atlas_Technology_Group_LLC.pdf
[2013 () -- C:\Users\Michael\Documents\Invoice_130417001039631753.pdf
[2013 () -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013 () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013 () -- C:\Users\Michael\Documents\Enterprise.gif
[2013 () -- C:\Users\Michael\Desktop\Driver Genius.lnk
[2013 () -- C:\WINDOWS\diagwrn.xml
[2013 () -- C:\WINDOWS\diagerr.xml
[2013 () -- C:\Users\Michael\Desktop\cuteftppro.exe - Shortcut.lnk
[2013 () -- C:\WINDOWS\System32\CNC1736D.TBL
[2013 () -- C:\Users\Public\Desktop\Canon MX320 series On-screen Manual.lnk
[2013 () -- C:\Users\Public\Desktop\Canon MP Navigator EX 2.1.lnk
[2013 () -- C:\WINDOWS\tasks\AutoKMS.job
[2013 () -- C:\WINDOWS\AutoKMS.ini
[2013 () -- C:\WINDOWS\AutoKMS.exe
[2013 () -- C:\Users\Michael\Desktop\Audio Editor Deluxe.lnk
[2013 () -- C:\Users\Michael\Desktop\Artisteer 4.lnk
[2013 () -- C:\Users\Michael\Documents\AReceipt_36175159.pdf
[2013 () -- C:\Users\Public\Desktop\Applian FLV and Media Player.lnk
[2013 () -- C:\WINDOWS\System32\ApnDatabase.xml
[2013 () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013 () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013 () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013 () -- C:\Users\Michael\Documents\138651077-Obama-Birth-Certificate-No-Seal-Alabama-Supreme-Court-Fogbow-Upload-4-24-2013.pdf
[2013 () -- C:\Users\Public\Desktop\µTorrent.lnk
[2012 () -- C:\WINDOWS\System32\WpcNBModel.bin
[2012 () -- C:\WINDOWS\System32\staticurllist.bin
[2012 () -- C:\WINDOWS\System32\srms.dat
[2012 () -- C:\WINDOWS\System32\settings.dat
[2012 () -- C:\WINDOWS\System32\perfi009.dat
[2012 () -- C:\WINDOWS\System32\perfh009.dat
[2012 () -- C:\WINDOWS\System32\perfd009.dat
[2012 () -- C:\WINDOWS\System32\perfc009.dat
[2012 () -- C:\WINDOWS\System32\NOISE.DAT
[2012 () -- C:\WINDOWS\System32\mlang.dat
[2012 () -- C:\WINDOWS\mib.bin
[2012 () -- C:\WINDOWS\System32\dssec.dat
[2012 () -- C:\WINDOWS\System32\BWContextHandler.dll
[2012 () -- C:\WINDOWS\System32\BthpanContextHandler.dll
[2012 () -- C:\WINDOWS\bootstat.dat

========== ZeroAccess Check ==========

[2010 () -- C:\$Recycle.bin\S-1-5-21-2856520543-2365380021-2580953766-1001\$RGY09UN.001\Prefetch\l.reg
[2010 () -- C:\$Recycle.bin\S-1-5-21-2856520543-2365380021-2580953766-1001\$RGY09UN.001\Prefetch\n.reg
[2010 () -- C:\$Recycle.bin\S-1-5-21-2856520543-2365380021-2580953766-1001\$RJ04V3B.000\Prefetch\l.reg
[2010 () -- C:\$Recycle.bin\S-1-5-21-2856520543-2365380021-2580953766-1001\$RJ04V3B.000\Prefetch\n.reg
[2010 () -- C:\$Recycle.bin\S-1-5-21-2856520543-2365380021-2580953766-1001\$RWG92AS.000\Prefetch\l.reg
[2010 () -- C:\$Recycle.bin\S-1-5-21-2856520543-2365380021-2580953766-1001\$RWG92AS.000\Prefetch\n.reg

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012 (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012 (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2012 (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013
[2013

========== Purity Check ==========


< End of report >

[Phel]

How your computer is running now?

Please, follow these steps:

Step 1. System File Checker scan.

• Open Start menu.
• Type cmd in search box.
• In the result, which appear, right click on cmd and select Run As Administrator.
• Command promt window should apper. Type there the following:
  
  

  sfc /scannow

• Press Enter key. Scan can take some time.
• Now copy and paste command in the console (right-click on the Command promt window->Edit->Paste):
  
  

  findstr /c:”[SR]” %windir%\logs\cbs\cbs.log >C:\sfcdetails.txt

• When finished, post the contents of C:\sfcdetails.txt in your next message.

Step 2. AdwCleaner scan.

• Right click on adwcleaner.exe file on your Desktop->Run as Administrator.
• AdwCleaner window should appear.
• Click on the Search button.
• After scan Notepad window with report should appear. Post the contents of the report in your next message.

So, please, don't forget to post in your next message:

• AdwCleaner's log
• Contents of sfcdetails.txt

[quasarn01]

Ran the sfc scan... Ran fine... Then had to reboot according to the scan and then ran the sfcdetails.txt log command line... When it was finished, the sfcdetails.txt was blank and nothing in it... Heres the AdwCleaner's log...

# AdwCleaner v2.300 - Logfile created 05/11/2013 at 16:49:36
# Updated 28/04/2013 by Xplode
# Operating system : Windows 8 Pro (32 bits)
# User : Michael - MICHAEL
# Boot Mode : Normal
# Running from : C:\Users\Michael\Downloads\adwcleaner(1).exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\temto84b.default\prefs.js

Found : user_pref("extensions.51858348126b3.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...]

File : C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\hy027qr5.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [865 octets] - [11/05/2013 16:49:36]
AdwCleaner[S1].txt - [2297 octets] - [11/05/2013 11:37:16]

########## EOF - C:\AdwCleaner[R1].txt - [984 octets] ##########

[Phel]

Ran the sfc scan...

Has the scan showed anything? Were any files repaired?

How your computer is running now?

[quasarn01]

The message I got, which was not in the format that you could copy and paste, said that there are files to be repaired and fixed, but, rebooting was necessary first... Before reboot and after reboot I checked the sfcdetails.txt file and it was empty... It went into what could be described as "a windows update rebooting mode" where it showed percentage complete prior to rebooting... Haven't surfed enough yet to find out if it has been fixed, though...

[quasarn01]

If there is nothing left that you can do right now, can we leave this open for a day or so to see if everything is alright?

[quasarn01]

Still getting popups (http://www.allmplaye...AAAA=&PubID=220) and still having underlines with ads popping up when hovering over them...

[Phel]

Before reboot and after reboot I checked the sfcdetails.txt file and it was empty

Have you runned this command at all?

findstr /c:”[SR]” %windir%\logs\cbs\cbs.log >C:\sfcdetails.txt

If there is nothing left that you can do right now, can we leave this open for a day or so to see if everything is alright?

No-no-no, please, don't give up. We won't leave you till the malware will be completely removed from your computer.

[Phel]

Fix is here!

Please, follow these steps:

• Right click on adwcleaner.exe file on your Desktop->Run as Administrator.
• Adwcleaner window should appear.
• Click on the Delete button.
• Click on OK.
• Computer will be rebooted automatically, when program will finish it's job.

After reboot:

• Right click on adwcleaner.exe file on your Desktop->Run as Administrator.
• AdwCleaner window should appear.
• Click on the Search button.
• After scan Notepad window with report should appear. Post the contents of the report in your next message.

[quasarn01]

Yes, I did run this string : findstr /c:”[SR]” %windir%\logs\cbs\cbs.log >C:\sfcdetails.txt and the resulting text was empty... Here are the two reports...

# AdwCleaner v2.300 - Logfile created 05/12/2013 at 10:09:21
# Updated 28/04/2013 by Xplode
# Operating system : Windows 8 Pro (32 bits)
# User : Michael - MICHAEL
# Boot Mode : Normal
# Running from : C:\Users\Michael\Desktop\adwcleaner(1).exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\temto84b.default\prefs.js

[OK] File is clean.

File : C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\hy027qr5.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1052 octets] - [11/05/2013 16:49:36]
AdwCleaner[R2].txt - [829 octets] - [12/05/2013 10:09:21]
AdwCleaner[S1].txt - [2297 octets] - [11/05/2013 11:37:16]
AdwCleaner[S2].txt - [1113 octets] - [12/05/2013 10:06:34]

########## EOF - C:\AdwCleaner[R2].txt - [1008 octets] ##########




# AdwCleaner v2.300 - Logfile created 05/12/2013 at 10:06:34
# Updated 28/04/2013 by Xplode
# Operating system : Windows 8 Pro (32 bits)
# User : Michael - MICHAEL
# Boot Mode : Normal
# Running from : C:\Users\Michael\Desktop\adwcleaner(1).exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\temto84b.default\prefs.js

Deleted : user_pref("extensions.51858348126b3.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...]

File : C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\hy027qr5.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1052 octets] - [11/05/2013 16:49:36]
AdwCleaner[S1].txt - [2297 octets] - [11/05/2013 11:37:16]
AdwCleaner[S2].txt - [985 octets] - [12/05/2013 10:06:34]

########## EOF - C:\AdwCleaner[S2].txt - [1044 octets] ##########