Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Please help with google redirects [Closed]


  • This topic is locked This topic is locked

#1
palabreur

palabreur

    New Member

  • Member
  • Pip
  • 2 posts
I am having problems with redirects from google searches in firefox. When I google search, some links become redirected to various web sites. I have tried removing with various anti-malware tools (malwarebytes, spybots, tdsskiller, fixtdss) but have been unsuccessful. I also tried a system restore to before the problem started, but the problem persisted. I also tried updating firefox to the current version (21?) and that didn't work either.

I believe the problem started around the end of May.

The problem does not occur for me in chrome or IE, just firefox.

If I reload the google search results page in firefox, it seems to "reset" the redirects, so I can often get to the page I had intended to go to.

I remember having the problems after installing "Free WMA to MP3 Converter". While the software worked, it installed a bing searchbar, and changed my firefox homepage to some bing-powered search engine. I think it installed the searchbar in the other browsers too. I removed them - perhaps not successfully, but they don't show up any more.

Here is the OTL.txt; extras.txt appears below. TIA for help!

OTL logfile created on: 6/12/2013 7:42:05 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Paul\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.92 Gb Total Physical Memory | 1.97 Gb Available Physical Memory | 50.42% Memory free
7.83 Gb Paging File | 5.75 Gb Available in Paging File | 73.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 258.31 Gb Free Space | 55.47% Space Free | Partition Type: NTFS
Drive E: | 2.86 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 3.63 Gb Total Space | 0.26 Gb Free Space | 7.29% Space Free | Partition Type: FAT32

Computer Name: PAULWORKLAPTOP | User Name: Paul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/12 19:41:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Paul\Downloads\OTL.exe
PRC - [2013/06/12 11:56:31 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
PRC - [2013/05/24 20:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Paul\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/05/11 18:26:08 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/03/13 14:33:30 | 000,187,912 | ---- | M] (Dell Products, LP.) -- C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
PRC - [2012/09/28 15:42:08 | 000,298,376 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2012/09/28 15:19:16 | 007,392,648 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2012/08/22 19:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2011/11/04 08:19:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/11/03 16:24:06 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/10/18 14:50:10 | 001,001,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2011/10/18 14:50:04 | 001,354,064 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2011/10/18 14:49:52 | 000,936,272 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2011/10/18 14:49:48 | 000,846,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
PRC - [2011/09/16 17:39:24 | 000,115,048 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2011/05/06 18:50:18 | 000,274,432 | ---- | M] (Splinterware Software Solutions) -- C:\Program Files (x86)\SystemScheduler\WScheduler.exe
PRC - [2010/12/20 21:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/12/20 21:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/10/01 14:49:08 | 000,151,552 | ---- | M] (Atheros) -- C:\Program Files (x86)\Dell Wireless\Ath_CoexAgent.exe
PRC - [2009/02/23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files (x86)\MagicDisc\MagicDisc.exe
PRC - [2005/07/15 17:48:33 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe


========== Modules (No Company Name) ==========

MOD - [2013/06/12 11:56:29 | 016,033,160 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
MOD - [2013/05/11 18:26:24 | 003,128,728 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/03/13 16:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012/11/13 19:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2011/11/04 08:19:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll
MOD - [2011/11/03 16:23:54 | 000,266,560 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/01/27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/11/01 16:37:56 | 001,518,352 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011/11/01 16:25:42 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/11/01 16:22:28 | 000,844,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011/10/20 21:33:22 | 000,135,440 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2011/10/19 17:25:00 | 000,661,504 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2010/05/11 16:05:40 | 000,362,296 | ---- | M] (HP) [Auto | Running] -- C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe -- (HPM1210RcvFaxSrvc)
SRV:64bit: - [2010/04/29 13:10:40 | 000,127,800 | ---- | M] (HP) [Auto | Running] -- C:\Windows\SysNative\HPSIsvc.exe -- (HPSIService)
SRV:64bit: - [2009/11/17 18:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/06/12 11:56:31 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/11 18:26:17 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/03/13 14:33:30 | 000,187,912 | ---- | M] (Dell Products, LP.) [Auto | Running] -- C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe -- (DellDigitalDelivery)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/09/28 15:19:16 | 007,392,648 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2012/08/22 19:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2011/11/04 08:19:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/11/03 16:24:06 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/10/18 14:50:10 | 001,001,808 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011/10/18 14:50:04 | 001,354,064 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2011/10/18 14:49:52 | 000,936,272 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2010/12/20 21:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/20 21:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/12/17 17:46:48 | 000,053,920 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2010/10/01 14:49:08 | 000,151,552 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/01/20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/04 08:19:00 | 000,249,152 | ---- | M] (NVIDIA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nvkflt.sys -- (nvkflt)
DRV:64bit: - [2011/11/04 08:19:00 | 000,028,992 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011/10/31 18:57:50 | 008,615,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011/10/19 17:19:08 | 000,195,072 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011/10/19 17:19:08 | 000,195,072 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011/10/11 16:08:00 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2011/10/10 19:43:16 | 000,288,768 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2011/09/13 19:14:44 | 000,212,992 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/09/13 19:14:42 | 000,095,744 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/08/29 19:32:18 | 000,053,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2011/05/19 04:17:02 | 000,051,712 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaud.sys -- (btmaudio)
DRV:64bit: - [2011/03/31 19:35:12 | 000,355,960 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011/03/26 19:19:48 | 012,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/17 17:47:08 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2010/12/17 17:47:08 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2010/12/17 17:47:08 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2010/12/17 17:47:08 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2010/12/17 17:47:08 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2010/12/17 17:47:06 | 000,298,144 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2010/12/01 19:12:06 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/11/30 17:02:54 | 000,412,264 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/10/19 19:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/04/28 11:49:50 | 000,020,480 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mvusbews.sys -- (mvusbews)
DRV:64bit: - [2010/04/28 11:49:50 | 000,016,384 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HPM1210FAX.sys -- (HP1210FAX)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://pbskids.org/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 20 EA 50 79 40 46 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {2BCDB9EA-E24D-410C-914B-2BFF70E34BD9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{2BCDB9EA-E24D-410C-914B-2BFF70E34BD9}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "gmail.com"
FF - prefs.js..extensions.enabledAddons: cwurhehsoz%40cwurhehsoz.org:3.2
FF - prefs.js..extensions.enabledAddons: testpilot%40labs.mozilla.com:1.2.2
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.9
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Paul\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Paul\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Paul\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/06/06 18:42:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/05/17 10:59:59 | 000,000,000 | ---D | M]

[2012/06/19 08:24:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul\AppData\Roaming\Mozilla\Extensions
[2013/06/07 20:43:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ybhog2rs.default\extensions
[1639/05/07 07:46:37 | 000,005,095 | ---- | M] () (No name found) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ybhog2rs.default\extensions\cwurhehsoz@cwurhehsoz.org.xpi
[2012/09/12 17:35:37 | 000,621,521 | ---- | M] () (No name found) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ybhog2rs.default\extensions\testpilot@labs.mozilla.com.xpi
[2013/06/07 20:43:31 | 000,269,448 | ---- | M] () (No name found) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ybhog2rs.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013/06/06 18:40:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/06/06 18:40:20 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/06/20 12:56:43 | 000,091,584 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2012/06/20 12:56:44 | 000,091,584 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://start.sweetpa...C-BC77374F456F}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Paul\AppData\Local\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Paul\AppData\Local\Google\Chrome\Application\27.0.1453.110\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Paul\AppData\Local\Google\Chrome\Application\27.0.1453.110\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Paul\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/05/31 13:52:47 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [WScheduler] C:\Program Files (x86)\SystemScheduler\WScheduler.exe (Splinterware Software Solutions)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Paul\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - Startup: C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Paul\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.11.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B5197CF5-560F-44A6-97CE-6505C1E6C3A5}: DhcpNameServer = 10.0.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BD5BDD16-09A8-4D26-A8A9-5B37BAEC85C2}: DhcpNameServer = 192.168.11.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/29 13:34:26 | 000,231,823 | R--- | M] () - E:\autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2011/10/28 02:20:41 | 000,000,080 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/12 19:12:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/06/12 19:12:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2013/06/12 19:03:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/06/12 19:03:42 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/06/11 10:37:58 | 000,000,000 | ---D | C] -- C:\Users\Paul\Documents\Tribute Games
[2013/06/11 10:33:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wizorb
[2013/06/11 10:33:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wizorb
[2013/06/11 10:32:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft XNA
[2013/06/06 18:40:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013/06/01 19:00:28 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\Sidhe
[2013/06/01 18:59:53 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shatter
[2013/06/01 18:59:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sidhe Interactive
[2013/05/31 21:29:38 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\Citizenship Application
[2013/05/31 14:04:38 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/05/31 13:55:19 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/05/31 13:31:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/05/31 13:31:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/05/31 13:31:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/05/31 13:28:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/05/31 13:27:39 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/05/30 18:16:25 | 000,000,000 | ---D | C] -- C:\Users\Paul\Documents\Telltale Games
[2013/05/30 18:14:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Telltale Games
[2013/05/30 18:13:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Telltale Games
[2013/05/29 14:53:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jodix
[2013/05/29 14:53:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free WMA to MP3 Converter
[2013/05/29 11:07:07 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\Zoo 2013
[2013/05/26 15:05:21 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\BigHammer
[2013/05/26 12:16:47 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\From Paul's Phone
[2013/05/26 12:08:01 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\More photos for Teresa
[2013/05/24 07:42:33 | 000,000,000 | R--D | C] -- C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2013/05/20 19:58:28 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\CPCR Article
[2013/05/18 17:50:15 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\Deployment
[2013/05/18 17:50:15 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\Apps
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/06/12 19:44:04 | 000,015,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/12 19:44:04 | 000,015,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/12 19:41:30 | 000,778,922 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/06/12 19:41:30 | 000,660,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/06/12 19:41:30 | 000,121,256 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/06/12 19:36:29 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2013/06/12 19:35:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/12 19:35:13 | 3153,727,488 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/12 19:15:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1872970250-3384576851-1651530711-1000UA.job
[2013/06/12 19:12:13 | 000,001,262 | ---- | M] () -- C:\Users\Paul\Desktop\Spybot - Search & Destroy.lnk
[2013/06/12 19:03:50 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/12 18:56:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/12 17:03:01 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1872970250-3384576851-1651530711-1000UA.job
[2013/06/12 08:03:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1872970250-3384576851-1651530711-1000Core.job
[2013/06/12 07:15:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1872970250-3384576851-1651530711-1000Core.job
[2013/06/11 23:18:53 | 000,007,354 | ---- | M] () -- C:\Users\Paul\Desktop\met_tags_frame.jpg
[2013/06/09 22:37:09 | 009,237,111 | ---- | M] () -- C:\Users\Paul\Desktop\JUNE-SUMMER-HONDA-DEALS-99694.pdf
[2013/06/08 03:05:42 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/06/08 03:05:41 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/06/06 18:40:35 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/06/06 18:31:28 | 000,007,598 | ---- | M] () -- C:\Users\Paul\AppData\Local\Resmon.ResmonCfg
[2013/06/05 13:17:52 | 000,002,369 | ---- | M] () -- C:\Users\Paul\Desktop\Google Chrome.lnk
[2013/06/05 09:18:13 | 000,001,054 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/06/01 18:59:53 | 000,003,081 | ---- | M] () -- C:\Users\Paul\Desktop\Shatter.lnk
[2013/06/01 08:27:48 | 000,001,367 | ---- | M] () -- C:\Users\Public\Desktop\Puzzle Agent 2.lnk
[2013/05/31 13:52:47 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/05/30 21:45:37 | 002,161,436 | ---- | M] () -- C:\Users\Paul\Desktop\P1050195.JPG
[2013/05/30 18:16:25 | 000,001,381 | ---- | M] () -- C:\Users\Public\Desktop\Puzzle Agent.lnk
[2013/05/30 08:11:47 | 000,412,753 | ---- | M] () -- C:\Users\Paul\Desktop\P1090243.JPG
[2013/05/26 11:02:37 | 000,002,121 | ---- | M] () -- C:\Users\Paul\Desktop\images.jpg
[2013/05/24 21:23:05 | 000,007,902 | ---- | M] () -- C:\Users\Paul\Desktop\puppy money facing right.jpg
[2013/05/24 21:22:53 | 000,007,641 | ---- | M] () -- C:\Users\Paul\Desktop\puppy money facing left.jpg
[2013/05/20 00:44:34 | 000,085,562 | ---- | M] () -- C:\Users\Paul\Desktop\2013RRCUS1stQuarterAgilityStandings (2).pdf
[2013/05/16 03:31:59 | 000,443,528 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/06/12 19:12:13 | 000,001,262 | ---- | C] () -- C:\Users\Paul\Desktop\Spybot - Search & Destroy.lnk
[2013/06/12 19:03:50 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/11 23:18:52 | 000,007,354 | ---- | C] () -- C:\Users\Paul\Desktop\met_tags_frame.jpg
[2013/06/09 22:36:46 | 009,237,111 | ---- | C] () -- C:\Users\Paul\Desktop\JUNE-SUMMER-HONDA-DEALS-99694.pdf
[2013/06/08 03:05:42 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/06/08 03:05:41 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/06/05 09:18:13 | 000,001,054 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/06/01 18:59:53 | 000,003,081 | ---- | C] () -- C:\Users\Paul\Desktop\Shatter.lnk
[2013/06/01 08:27:48 | 000,001,367 | ---- | C] () -- C:\Users\Public\Desktop\Puzzle Agent 2.lnk
[2013/05/31 21:35:32 | 000,001,447 | ---- | C] () -- C:\Users\Paul\Desktop\Internet Explorer.lnk
[2013/05/31 14:56:21 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/05/31 14:56:21 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/05/31 13:31:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/05/31 13:31:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/05/31 13:31:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/05/31 13:31:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/05/31 13:31:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/05/30 18:16:25 | 000,001,381 | ---- | C] () -- C:\Users\Public\Desktop\Puzzle Agent.lnk
[2013/05/30 08:08:12 | 000,412,753 | ---- | C] () -- C:\Users\Paul\Desktop\P1090243.JPG
[2013/05/29 17:57:27 | 002,161,436 | ---- | C] () -- C:\Users\Paul\Desktop\P1050195.JPG
[2013/05/26 11:02:30 | 000,002,121 | ---- | C] () -- C:\Users\Paul\Desktop\images.jpg
[2013/05/24 21:23:05 | 000,007,902 | ---- | C] () -- C:\Users\Paul\Desktop\puppy money facing right.jpg
[2013/05/24 21:22:50 | 000,007,641 | ---- | C] () -- C:\Users\Paul\Desktop\puppy money facing left.jpg
[2013/05/20 00:44:34 | 000,085,562 | ---- | C] () -- C:\Users\Paul\Desktop\2013RRCUS1stQuarterAgilityStandings (2).pdf
[2012/12/28 14:22:48 | 000,000,469 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012/07/11 07:22:05 | 000,007,598 | ---- | C] () -- C:\Users\Paul\AppData\Local\Resmon.ResmonCfg
[2012/06/28 19:11:54 | 000,000,000 | ---- | C] () -- C:\Windows\setup32.INI
[2012/06/23 00:27:25 | 026,939,622 | ---- | C] () -- C:\Users\Paul\.RData
[2012/06/07 05:29:45 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/06/07 05:29:43 | 000,214,760 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/06/07 05:29:41 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/06/07 05:29:40 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012/06/07 05:29:38 | 013,355,008 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012/06/07 02:31:17 | 000,772,770 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/11/03 16:24:18 | 000,322,880 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/05/29 16:20:26 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\BitTorrent
[2013/06/12 19:41:59 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Dropbox
[2012/07/08 11:25:49 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\IDX Imagecast iPACS Viewer
[2012/06/14 17:25:56 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\ImgBurn
[2013/03/23 18:34:50 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\King's Bounty - Platinum Edition_unistall
[2012/12/18 18:38:50 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Lynu
[2012/09/18 19:58:24 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\MinMaxGames
[2013/01/23 14:41:18 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\OBS
[2012/06/10 17:40:25 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\OpenOffice.org
[2012/11/24 11:55:02 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\PDF Writer
[2012/10/06 16:11:58 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\runic games
[2012/12/06 03:10:23 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Syqat
[2013/02/02 12:33:25 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Tinn-R
[2012/06/14 17:39:11 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Ubisoft
[2012/12/05 23:55:41 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Vaelan
[2013/04/25 15:04:28 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\xm1
[2012/12/19 15:22:33 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Yfny
[2012/12/19 08:32:45 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Ykig

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 331 bytes -> C:\Users\Paul\Desktop\2013-03-01 18.59.18.mov:com.dropbox.attributes
@Alternate Data Stream - 328 bytes -> C:\Users\Paul\Desktop\2013-03-01 18.59.40.mov:com.dropbox.attributes

< End of report >






Here is extras.txt, also created by OTL:

OTL Extras logfile created on: 6/12/2013 7:42:05 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Paul\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.92 Gb Total Physical Memory | 1.97 Gb Available Physical Memory | 50.42% Memory free
7.83 Gb Paging File | 5.75 Gb Available in Paging File | 73.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 258.31 Gb Free Space | 55.47% Space Free | Partition Type: NTFS
Drive E: | 2.86 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 3.63 Gb Total Space | 0.26 Gb Free Space | 7.29% Space Free | Partition Type: FAT32

Computer Name: PAULWORKLAPTOP | User Name: Paul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0167AE66-42F6-441B-B137-D10B0E4A9A07}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0206DB4B-6073-4BF6-ADAD-1E1F4F8065E7}" = rport=139 | protocol=6 | dir=out | app=system |
"{02D2E010-B5EA-4B24-A636-6D9888BE000B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{058D408C-16C2-4CFD-8C8B-EAC2E778DD5F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{190881A1-69ED-4CA3-918A-533F00C9C89A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{27F4F6A9-FCCE-48E5-9E39-52510BD86ECC}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{2AAFB6AD-D507-4528-87A4-0C123E68B0AA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3759D711-C92C-495E-B647-9AA3D208BA33}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4949959B-4D63-4405-9D14-5147058737AC}" = rport=138 | protocol=17 | dir=out | app=system |
"{5F76130E-1B16-4066-AFAF-ABF338003A10}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{60133E3A-8C0E-48F8-B8FB-4297000CE62A}" = rport=10243 | protocol=6 | dir=out | app=system |
"{66B2FE6D-5529-4699-8FB4-254C1A8E7524}" = lport=139 | protocol=6 | dir=in | app=system |
"{6D0CFA11-CA5F-4ACB-989B-017369D8B2AA}" = lport=10243 | protocol=6 | dir=in | app=system |
"{7C71E070-7030-418E-9D72-83E16BD71737}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C82B85C-356D-476C-B891-5708663ABCD5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8E69EF61-E8FF-4BBA-AA16-0270D3E696C2}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdateservice.exe |
"{950C60B3-95F7-42AF-9042-DD94D6EA10E2}" = lport=137 | protocol=17 | dir=in | app=system |
"{A6A0673C-5D8D-405D-B5AC-76B95D67C436}" = rport=445 | protocol=6 | dir=out | app=system |
"{B9550CEF-3A31-412E-80AA-F9902C753F42}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdater.exe |
"{BCABA70A-8062-4859-AD66-833B14246267}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C56C6C21-C448-459C-9C0E-DA06865FA7CA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D88AB66F-C685-4C21-8866-0D2D6DEC6F44}" = lport=138 | protocol=17 | dir=in | app=system |
"{E4106FF3-F3B3-4844-9880-7F44B670A9E3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E6B59C78-245C-45B8-92B6-891B7D2407A0}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{FC52199C-68AC-4409-B1BC-88FBB6A2B336}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FD1707C5-8A78-4FC2-8259-B7F826345D2F}" = rport=137 | protocol=17 | dir=out | app=system |
"{FDE2E3EC-31DE-42E8-B173-FFAF9BAB4E07}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FF5C8823-5044-4DB4-86BC-37171D45E331}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0093E45D-0CE9-4E61-ACB1-833862D87875}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{034815EC-5725-48DA-A9A3-E59645DAE4A6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{049CE10C-F4D7-4A6D-88AF-270882EDEF3E}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{09AA06E6-2491-430F-ADA1-2FCEB9B1501B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{201600BB-9061-4C9F-B2BE-9757D64182F5}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{26D28EC3-9686-474F-965E-68D6EB171412}" = protocol=6 | dir=in | app=c:\users\paul\appdata\roaming\dropbox\bin\dropbox.exe |
"{2998628F-B7B5-4D28-A733-47E009C41EC2}" = protocol=6 | dir=out | app=system |
"{2CFB5D4B-0B4A-4EA8-BBC5-4C97A2A78602}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{2D29E7DE-82A4-4935-A61C-F3BFD4F06027}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"{3A463CC7-5BE5-41C1-8054-A8F06828194C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{458E320C-87B6-46C0-93E5-4BD2A8B194F8}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{45B37192-F702-479D-9817-5ED254E9491D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{5B4E03F7-1479-4FE0-8A4F-EDBAB1D65FD4}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"{70D51682-8384-46CD-A3A0-BD4B1111CAEC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{732F0F8F-4AC5-488C-A9A4-C02B7D281333}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{76E5EE0B-8FF1-4978-8102-1D88754FF571}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7715982D-6B42-40C1-B59A-2A8EE0AEA71D}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\the settlers - rise of an empire\base\bin\settlers6.exe |
"{7FDAF812-20A1-4A17-8BAF-3842A0995E8E}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{82C20583-02D6-4E20-9791-7186C0CB0650}" = dir=in | app=c:\users\paul\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{8B6CBF20-F376-479A-91FC-03BB7C0FED44}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9B54A56D-163B-43EA-B3E6-90C9E0630C5B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9D464721-DD12-4140-95C9-E2ED8985F8A1}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{A3F0E89F-C74E-485D-B88F-196E44CFDA2C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A406F04C-3360-40C9-A419-2B4570DE9F5E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A4A61A1D-F0CF-4A00-8275-D840CA3B4043}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\the settlers - rise of an empire\base\bin\settlers6.exe |
"{A69824E7-E5C2-4306-8E97-6E727C91FB7B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{ACC8F1F3-98B9-42A3-B31A-8A5AFA871095}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{ACFA0B12-A77F-460F-8F57-6FD8A61AE6E1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B1BAA0EB-32F4-4E5C-AE3E-6126611F4EA4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B4BBA373-E194-4A51-8444-111EEDB522EA}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{B857A670-40EA-43FC-AA42-5DB5D65A0B66}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B881D05C-9076-480F-9D03-CD1DF44F26C6}" = dir=in | app=c:\program files (x86)\leapfrog\leapfrog connect\leapfrogconnect.exe |
"{B8BA5D99-618C-4174-9D79-6CADB6DA6E71}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{CAC8D977-AEA2-4CFA-9110-AEE791F9FF8B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D417205E-0CDA-4892-BB22-8D7EE73146C3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D54F9D32-27E0-4FD6-9D6E-CAA45CEA850C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DBF1C843-2D1E-4E5E-829A-8D708B78F02A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E3EEC096-C353-43CB-9AC8-85C6E9838E0E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{E567A287-997A-4D70-9366-5BC56D52F3E0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EA128939-CF83-4BA2-BCEA-E92FDBD25326}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F0E0971E-3DAF-4C88-8047-4DBD666B3006}" = protocol=17 | dir=in | app=c:\users\paul\appdata\roaming\dropbox\bin\dropbox.exe |
"{F10F39EF-9FF5-461E-88C9-0291447BB602}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"TCP Query User{0E52D2E6-7296-440F-9AB1-90319FB41AA3}C:\program files (x86)\gog.com\the witcher 2 enhanced edition\bin\witcher2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gog.com\the witcher 2 enhanced edition\bin\witcher2.exe |
"TCP Query User{293DF978-91FC-46E1-9D5D-8EC451B887B3}C:\users\paul\downloads\bittorrent.exe" = protocol=6 | dir=in | app=c:\users\paul\downloads\bittorrent.exe |
"TCP Query User{66C49856-6644-4122-BB8F-75C03D626C9C}C:\program files (x86)\ingenious\ingenious.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ingenious\ingenious.exe |
"TCP Query User{AF88395E-149F-4E0F-9933-85F35CF9BA7E}C:\users\paul\appdata\roaming\syqat\ecus.exe" = protocol=6 | dir=in | app=c:\users\paul\appdata\roaming\syqat\ecus.exe |
"TCP Query User{C96E7C8B-9000-455A-8CBC-641EDAA2CF46}C:\users\paul\appdata\roaming\ykig\biob.exe" = protocol=6 | dir=in | app=c:\users\paul\appdata\roaming\ykig\biob.exe |
"TCP Query User{EC05FDFC-AC97-4F11-9022-D90DAFE7BFAA}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"TCP Query User{FFDDEC2A-A825-4936-A390-79852FCC532A}C:\users\paul\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\paul\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{0EAB63CD-F0A1-4ABB-959A-E3E9AAD0D2A9}C:\users\paul\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\paul\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{2A60C265-D0EE-473A-A0C0-A64814B80EC1}C:\users\paul\appdata\roaming\syqat\ecus.exe" = protocol=17 | dir=in | app=c:\users\paul\appdata\roaming\syqat\ecus.exe |
"UDP Query User{32085705-E06F-4F87-888E-9EE5B792DDDF}C:\users\paul\downloads\bittorrent.exe" = protocol=17 | dir=in | app=c:\users\paul\downloads\bittorrent.exe |
"UDP Query User{3B27F3A2-747E-4A3D-8F9E-6DCFA9B2376E}C:\program files (x86)\gog.com\the witcher 2 enhanced edition\bin\witcher2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gog.com\the witcher 2 enhanced edition\bin\witcher2.exe |
"UDP Query User{88416D0E-2EFC-43F0-9B3F-597EBA22A906}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"UDP Query User{ED3AABBF-6D7B-49BC-BEC9-E305F25A8294}C:\users\paul\appdata\roaming\ykig\biob.exe" = protocol=17 | dir=in | app=c:\users\paul\appdata\roaming\ykig\biob.exe |
"UDP Query User{F6D6D0E5-9457-4A04-8F50-34BEA9050A85}C:\program files (x86)\ingenious\ingenious.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ingenious\ingenious.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{2ABA2E8D-23CF-418F-BC8F-2EC99FA51A3F}" = Intel® PROSet/Wireless Software for Bluetooth® Technology
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUS_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-1000-0000000FF1CE}_Office14.PROPLUS_{270CA0B9-9881-44DB-BC3B-37C7E66A044A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0043-0409-1000-0000000FF1CE}_Office14.PROPLUS_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}_Office14.PROPLUS_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}_Office14.PROPLUS_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 285.77
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.77
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 285.77
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.5.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C0C31BCC-56FB-42a7-8766-D29E1BD74C7d}" = Python 2.7.3 (64-bit)
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D61E4101-9E15-4D0E-ABD1-1ABD36B43330}" = Intel® PROSet/Wireless WiFi Software
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{E65099C4-9110-4C31-BD03-5C17EFB5FE92}" = HP LaserJet Professional M1210 MFP Series Fax Installer
"{E8A34AC8-0137-4515-A94B-0A0946DDC251}" = Scan To
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 9.2.0.1499
"HP LaserJet Professional M1130-M1210 MFP Series" = HP LaserJet Professional M1130-M1210 MFP Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"ProInst" = Intel PROSet Wireless
"R for Windows 2.15.0_is1" = R for Windows 2.15.0
"R for Windows 2.15.1_is1" = R for Windows 2.15.1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{03594E81-55C6-4036-BB32-6FB27BC7A497}_is1" = Sid Meier's Civilization V - Game of the Year Edition
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Dell WLAN and Bluetooth Client Installation
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}" = Sid Meier's Civilization 4 Complete
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{39417F21-6193-4349-AE25-8813A6273546}" = TurboTax 2012 wiliper
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B3230C5-F069-416B-9169-1B84A216ED6A}" = Dell Digital Delivery
"{4CA54C97-67B1-4507-9BE0-0ED39C24FA32}" = TurboTax 2012 wpaiper
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{51071D66-D034-4239-94E0-723FCA10B6FE}" = OpenOffice.org 3.4
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{59C80C5E-8C92-40FF-B910-2BB5C7281F61}" = Europa Universalis III
"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{766FE104-4127-4B3C-95B9-219176245342}" = Wizorb
"{84D008A6-8159-442E-8FD8-0148EF42F3E0}" = Shatter
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89EC099E-958D-462E-972C-385591946978}" = TurboTax 2012 WinPerFedFormset
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}" = Microsoft Games for Windows - LIVE Redistributable
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A8B1F076-965D-4663-A9D4-C2FB58A42AE4}" = TurboTax 2012 WinPerTaxSupport
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{B124E3EA-59C5-462B-98EF-374099EA7A61}" = LeapFrog LeapPad Explorer Plugin
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}" = THE SETTLERS - Rise of an Empire
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{DD768D96-E5EB-4AC7-ADFC-6FECE02EB5CB}" = IDX Imagecast iPACS Viewer
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E83F5F27-43F3-4163-ABE5-F68C989286ED}" = TurboTax 2012 wrapper
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EF2EAA92-D38C-4967-A1A3-D8D812B9887F}_is1" = Ingenious
"{F014B696-28C5-4554-802F-A15380418F53}" = TurboTax 2012 WinPerReleaseEngine
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F73C47CA-879E-4906-9298-D93D6FCEC4D0}" = TurboTax 2012 wnyiper
"{F9233F02-5617-4BDC-8EC6-4B798EDFE6F4}" = LeapFrog Connect
"{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"ACBLscore" = ACBLscore
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"BitTorrent" = BitTorrent
"BookSmart® 3.4.3 3.4.3" = BookSmart® 3.4.3 3.4.3
"Bounty_Seraph1_is1" = King's Bounty - Platinum Edition
"Capsule" = Capsule
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"Diablo III" = Diablo III
"Disciples II Rise of the Elves" = Disciples II Rise of the Elves
"Fallout2" = Fallout2
"Fotosizer" = Fotosizer 1.37
"Generic Mod Manager_is1" = Fallout Mod Manager 0.13.21
"Heroes of Might and Magic V - Collectors Edition3.1" = Heroes of Might and Magic V - Collectors Edition
"ImgBurn" = ImgBurn
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"LeapPadExplorerPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"MiKTeX 2.9" = MiKTeX 2.9
"Mozilla Firefox 21.0 (x86 en-US)" = Mozilla Firefox 21.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Open Broadcaster Software" = Open Broadcaster Software
"PokerStars" = PokerStars
"ProInst" = Intel PROSet Wireless
"Puzzle Agent" = Puzzle Agent - Puzzle Agent
"Puzzle Agent 2" = Puzzle Agent 2
"QuickTime" = QuickTime
"Reader Rabbit Kindergarten" = Reader Rabbit Kindergarten
"Reader Rabbit's® Math Ages 6 - 9" = Reader Rabbit's® Math Ages 6 - 9
"Runic Games Torchlight" = Torchlight
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Texmaker" = Texmaker
"The Witcher 2 - Assassins of Kings Enhanced Edition_is1" = The Witcher 2 - Assassins of Kings Enhanced Edition
"Tinn-R_is1" = Tinn-R 2.3.7.1
"TurboTax 2012" = TurboTax 2012
"UPCShell" = LeapFrog Connect
"Windows Scheduler_is1" = System Scheduler 4.17
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AIM" = AIM for Windows
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/7/2013 4:46:19 PM | Computer Name = PaulWorkLaptop | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\R\r-2.15.0\Tcl\bin64\tk85.dll".Error
in manifest or policy file "c:\program files\R\r-2.15.0\Tcl\bin64\tk85.dll" on
line 9. The value "x64" of attribute "processorArchitecture" in element "assemblyIdentity"
is invalid.

Error - 6/7/2013 4:46:22 PM | Computer Name = PaulWorkLaptop | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\R\r-2.15.1\Tcl\bin64\tk85.dll".Error
in manifest or policy file "c:\program files\R\r-2.15.1\Tcl\bin64\tk85.dll" on
line 9. The value "x64" of attribute "processorArchitecture" in element "assemblyIdentity"
is invalid.

Error - 6/9/2013 12:31:46 AM | Computer Name = PaulWorkLaptop | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\R\r-2.15.0\Tcl\bin64\tk85.dll".Error
in manifest or policy file "c:\program files\R\r-2.15.0\Tcl\bin64\tk85.dll" on
line 9. The value "x64" of attribute "processorArchitecture" in element "assemblyIdentity"
is invalid.

Error - 6/9/2013 12:31:49 AM | Computer Name = PaulWorkLaptop | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\R\r-2.15.1\Tcl\bin64\tk85.dll".Error
in manifest or policy file "c:\program files\R\r-2.15.1\Tcl\bin64\tk85.dll" on
line 9. The value "x64" of attribute "processorArchitecture" in element "assemblyIdentity"
is invalid.

Error - 6/10/2013 12:31:48 AM | Computer Name = PaulWorkLaptop | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\R\r-2.15.0\Tcl\bin64\tk85.dll".Error
in manifest or policy file "c:\program files\R\r-2.15.0\Tcl\bin64\tk85.dll" on
line 9. The value "x64" of attribute "processorArchitecture" in element "assemblyIdentity"
is invalid.

Error - 6/10/2013 12:31:51 AM | Computer Name = PaulWorkLaptop | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\R\r-2.15.1\Tcl\bin64\tk85.dll".Error
in manifest or policy file "c:\program files\R\r-2.15.1\Tcl\bin64\tk85.dll" on
line 9. The value "x64" of attribute "processorArchitecture" in element "assemblyIdentity"
is invalid.

Error - 6/11/2013 12:31:55 AM | Computer Name = PaulWorkLaptop | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\R\r-2.15.0\Tcl\bin64\tk85.dll".Error
in manifest or policy file "c:\program files\R\r-2.15.0\Tcl\bin64\tk85.dll" on
line 9. The value "x64" of attribute "processorArchitecture" in element "assemblyIdentity"
is invalid.

Error - 6/11/2013 12:31:59 AM | Computer Name = PaulWorkLaptop | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\R\r-2.15.1\Tcl\bin64\tk85.dll".Error
in manifest or policy file "c:\program files\R\r-2.15.1\Tcl\bin64\tk85.dll" on
line 9. The value "x64" of attribute "processorArchitecture" in element "assemblyIdentity"
is invalid.

Error - 6/12/2013 12:32:07 AM | Computer Name = PaulWorkLaptop | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\R\r-2.15.0\Tcl\bin64\tk85.dll".Error
in manifest or policy file "c:\program files\R\r-2.15.0\Tcl\bin64\tk85.dll" on
line 9. The value "x64" of attribute "processorArchitecture" in element "assemblyIdentity"
is invalid.

Error - 6/12/2013 12:32:11 AM | Computer Name = PaulWorkLaptop | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\R\r-2.15.1\Tcl\bin64\tk85.dll".Error
in manifest or policy file "c:\program files\R\r-2.15.1\Tcl\bin64\tk85.dll" on
line 9. The value "x64" of attribute "processorArchitecture" in element "assemblyIdentity"
is invalid.

[ Media Center Events ]
Error - 11/4/2012 6:47:02 PM | Computer Name = PaulWorkLaptop | Source = MCUpdate | ID = 0
Description = 5:47:01 PM - Failed to retrieve Directory (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)


Error - 2/3/2013 12:29:40 AM | Computer Name = PaulWorkLaptop | Source = MCUpdate | ID = 0
Description = 11:29:40 PM - Error connecting to the internet. 11:29:40 PM - Unable
to contact server..

Error - 2/3/2013 12:30:14 AM | Computer Name = PaulWorkLaptop | Source = MCUpdate | ID = 0
Description = 11:30:09 PM - Error connecting to the internet. 11:30:09 PM - Unable
to contact server..

[ System Events ]
Error - 12/24/2012 3:33:41 PM | Computer Name = PaulWorkLaptop | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 0.0.0.0 with
the system having network hardware address 00-00-00-00-00-00. Network operations
on this system may be disrupted as a result.

Error - 12/26/2012 5:38:26 AM | Computer Name = PaulWorkLaptop | Source = bowser | ID = 8003
Description = The master browser has received a server announcement from the computer
OWNER-THINK that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{BD5BDD16-09A8-4D26-A8A9-5B37BAEC85C2}. The master browser is stopping
or an election is being forced.

Error - 12/26/2012 5:46:55 AM | Computer Name = PaulWorkLaptop | Source = bowser | ID = 8003
Description = The master browser has received a server announcement from the computer
OWNER-THINK that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{BD5BDD16-09A8-4D26-A8A9-5B37BAEC85C2}. The master browser is stopping
or an election is being forced.

Error - 12/29/2012 12:33:44 AM | Computer Name = PaulWorkLaptop | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR3.

Error - 12/29/2012 12:33:44 AM | Computer Name = PaulWorkLaptop | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR3.

Error - 12/29/2012 12:33:44 AM | Computer Name = PaulWorkLaptop | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR3.

Error - 12/29/2012 12:33:44 AM | Computer Name = PaulWorkLaptop | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR3.

Error - 12/29/2012 12:33:44 AM | Computer Name = PaulWorkLaptop | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR3.

Error - 12/31/2012 12:23:46 PM | Computer Name = PaulWorkLaptop | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.141.2803.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 1/1/2013 10:06:28 AM | Computer Name = PaulWorkLaptop | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.


< End of report >
  • 0

Advertisements


#2
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello palabreur

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!


  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

When they are complete let me have the two reports and let me know how things are running.

Gringo
  • 0

#3
palabreur

palabreur

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
That appears to have fixed the problem. Thank you very much! Logs included below as requested.

# AdwCleaner v2.303 - Logfile created 06/12/2013 at 21:51:20
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Paul - PAULWORKLAPTOP
# Boot Mode : Normal
# Running from : C:\Users\Paul\Downloads\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt
Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility

***** [Registry] *****

Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\WNLT
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16576

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ybhog2rs.default\prefs.js

C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ybhog2rs.default\user.js ... Deleted !

[OK] File is clean.

-\\ Google Chrome v27.0.1453.110

File : C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.2083] : homepage = "hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10045&barid={0F37A998-C891-1[...]

*************************

AdwCleaner[S1].txt - [2865 octets] - [12/06/2013 21:51:20]

########## EOF - C:\AdwCleaner[S1].txt - [2925 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Paul on Wed 06/12/2013 at 21:59:05.03
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npcouponprinter.dll"
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npmozcouponprinter.dll"
Successfully deleted: [File] "C:\Windows\couponprinter.ocx"



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"



~~~ FireFox

Successfully deleted: [File] C:\Users\Paul\AppData\Roaming\mozilla\firefox\profiles\ybhog2rs.default\extensions\cwurhehsoz@cwurhehsoz.org.xpi [Tracur]
Emptied folder: C:\Users\Paul\AppData\Roaming\mozilla\firefox\profiles\ybhog2rs.default\minidumps [2828 files]



~~~ Chrome

Dumping contents of C:\Users\Paul\appdata\local\Google\Chrome\User Data\Default\Default
C:\Users\Paul\appdata\local\Google\Chrome\User Data\Default\Default\aagbdidedcdfdedfdddadhgbdgdedede
C:\Users\Paul\appdata\local\Google\Chrome\User Data\Default\Default\aagbdidedcdfdedfdddadhgbdgdedede\manifest.json

Successfully deleted: [Folder] C:\Users\Paul\appdata\local\Google\Chrome\User Data\Default\Default [Default Extension 1.0]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 06/12/2013 at 22:03:13.52
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#4
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello palabreur

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#5
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
  • 0

#6
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP