login · register	food site

	All Forums		Hot Topics		Gallery

Forums →

Broadband Tech → Security → Security Cleanup > [Malware] Multiple toolbars needed to be removed. Logs included.

uniqs
1312

« Windows update does not work. • Avast dectected two threats »

harry12345 join:2013-07-15 Westport, MA	harry12345 [Malware] Multiple toolbars needed to be removed. Logs included. Friend gave me her machine with multiple toolbars and other fun stuff installed on it. Thanks in advance. Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.07.11.08 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Barbara :: HOME-PC [administrator] 7/14/2013 11:29:57 PM mbam-log-2013-07-14 (23-29-57).txt Scan type: Full scan (C:\\|D:\\|) Scan options enabled: Memory \| Startup \| Registry \| File System \| Heuristics/Extra \| Heuristics/Shuriken \| PUP \| PUM Scan options disabled: P2P Objects scanned: 419516 Time elapsed: 4 hour(s), 12 minute(s), 8 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ----------------------------------------------------- # AdwCleaner v2.305 - Logfile created 07/15/2013 at 18:21:41 # Updated 11/07/2013 by Xplode # Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits) # User : Barbara - HOME-PC # Boot Mode : Normal # Running from : C:\Users\Barbara\Desktop\adwcleaner.exe # Option [Delete] *** [Services] * Stopped & Deleted : MyWebSearchService * [Files / Folders] * Deleted on reboot : C:\Program Files\comcasttb File Deleted : C:\END File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml File Deleted : C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data File Deleted : C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences File Deleted : C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ojcgaoafcmbadjkfdippkdddgkeaipbn_0.localstorage-journal File Deleted : C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\ogyaxgbd.default\bprotector_extensions.sqlite File Deleted : C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\ogyaxgbd.default\bprotector_prefs.js File Deleted : C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\ogyaxgbd.default\searchplugins\ask-search.xml File Deleted : C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\ogyaxgbd.default\searchplugins\Babylon.xml File Deleted : C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\ogyaxgbd.default\searchplugins\delta.xml File Deleted : C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\ogyaxgbd.default\searchplugins\SweetIm.xml File Deleted : C:\Windows\system32\roboot.exe File Disinfected : C:\Users\Barbara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk File Disinfected : C:\Users\Barbara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk Folder Deleted : C:\Program Files\Common Files\337 Folder Deleted : C:\Program Files\Common Files\Software Update Utility Folder Deleted : C:\Program Files\Conduit Folder Deleted : C:\Program Files\Desk 365 Folder Deleted : C:\Program Files\FindLyrics Folder Deleted : C:\Program Files\Iminent Folder Deleted : C:\Program Files\MyWebSearch Folder Deleted : C:\Program Files\Omiga Plus Folder Deleted : C:\Program Files\Search Guard Plus Folder Deleted : C:\Program Files\Search Guard PlusU Folder Deleted : C:\Program Files\xfin_portal Folder Deleted : C:\ProgramData\APN Folder Deleted : C:\ProgramData\Ask Folder Deleted : C:\ProgramData\Babylon Folder Deleted : C:\ProgramData\BrowserProtect Folder Deleted : C:\ProgramData\eSafe Folder Deleted : C:\ProgramData\GamesBar Folder Deleted : C:\ProgramData\Tarma Installer Folder Deleted : C:\ProgramData\Trymedia Folder Deleted : C:\ProgramData\visualbee Folder Deleted : C:\Users\Barbara\AppData\Local\APN Folder Deleted : C:\Users\Barbara\AppData\Local\Conduit Folder Deleted : C:\Users\Barbara\AppData\Local\Deal Vault Folder Deleted : C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfeonecgpoepapkmdgdmjolonaakdknd Folder Deleted : C:\Users\Barbara\AppData\Local\SwvUpdater Folder Deleted : C:\Users\Barbara\AppData\Local\visualbeeexe Folder Deleted : C:\Users\Barbara\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Barbara\AppData\LocalLow\CouponAlert_2p Folder Deleted : C:\Users\Barbara\AppData\LocalLow\delta Folder Deleted : C:\Users\Barbara\AppData\LocalLow\FunWebProducts Folder Deleted : C:\Users\Barbara\AppData\LocalLow\MyWebSearch Folder Deleted : C:\Users\Barbara\AppData\LocalLow\PriceGong Folder Deleted : C:\Users\Barbara\AppData\LocalLow\Toolbar4 Folder Deleted : C:\Users\Barbara\AppData\LocalLow\xfin_portal Folder Deleted : C:\Users\Barbara\AppData\Roaming\337 Folder Deleted : C:\Users\Barbara\AppData\Roaming\Babylon Folder Deleted : C:\Users\Barbara\AppData\Roaming\Desk 365 Folder Deleted : C:\Users\Barbara\AppData\Roaming\eIntaller Folder Deleted : C:\Users\Barbara\AppData\Roaming\iWin Folder Deleted : C:\Users\Barbara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect Folder Deleted : C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\ogyaxgbd.default\extensions\crossriderapp19866@crossrider.com Folder Deleted : C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\ogyaxgbd.default\extensions\ffxtlbr@incredibar.com Folder Deleted : C:\Users\Barbara\AppData\Roaming\Omiga Plus Folder Deleted : C:\Users\Barbara\AppData\Roaming\OpenCandy Folder Deleted : C:\Users\Barbara\AppData\Roaming\PerformerSoft * [Registry] * Data Deleted : HKLM\...\StartMenuInternet\IEXPLORE.EXE [(Default)] = C:\Program Files\Internet Explorer\iexplore.exe hxxp://en.v9.com/?utm_source=b&utm_medium=update&from=update&uid=ST3500630AS_9QG49AG2XXXX9QG49AG2&ts=1369829267 Key Deleted : HKCU\Software\530d9dcb23ab849 Key Deleted : HKCU\Software\APN PIP Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider Key Deleted : HKCU\Software\AppDataLow\Software\Freecause Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products Key Deleted : HKCU\Software\AppDataLow\Software\FunWebProducts Key Deleted : HKCU\Software\AppDataLow\Software\iWon Key Deleted : HKCU\Software\AppDataLow\Software\LyricsFan Key Deleted : HKCU\Software\AppDataLow\Software\MyWebSearch Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong Key Deleted : HKCU\Software\AppDataLow\Software\Smart Suggestor Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar Key Deleted : HKCU\Software\AppDataLow\Software\xfin_portal Key Deleted : HKCU\Software\BabSolution Key Deleted : HKCU\Software\BabylonToolbar Key Deleted : HKCU\Software\BI Key Deleted : HKCU\Software\DataMngr Key Deleted : HKCU\Software\FBSearch Key Deleted : HKCU\Software\Freeze.com Key Deleted : HKCU\Software\IGearSettings Key Deleted : HKCU\Software\IM Key Deleted : HKCU\Software\Iminent Key Deleted : HKCU\Software\ImInstaller Key Deleted : HKCU\Software\InstallCore Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\lrcfan@fansoft.br Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mywebsearch bar uninstall Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PlaySushi Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SmartSuggestor Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\xfin_portal Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF6-072E-44CF-8957-5838F569A31D} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0579B4B6-0293-4D73-B02D-5EBB0BA0F0A2} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6F282B65-56BF-4BD1-A8B2-A4449A05863D} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0579B4B6-0293-4D73-B02D-5EBB0BA0F0A2} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0BDF6C42-132C-45F5-92DE-DC13F40C6DAB} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{23B38049-323F-443D-9732-F454E5B15B72} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} Key Deleted : HKCU\Software\MyWebSearch Key Deleted : HKCU\Software\SGPUpdater Key Deleted : HKCU\Software\SmartBar Key Deleted : HKCU\Software\Softonic Key Deleted : HKCU\Software\V9 Key Deleted : HKCU\Software\XBTB03021 Key Deleted : HKLM\SOFTWARE\530d9dcb23ab849 Key Deleted : HKLM\Software\Babylon Key Deleted : HKLM\Software\BabylonToolbar Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3A188115-B81B-48F2-A958-F974C8F3F309} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{49BC4DD1-0E69-4611-9164-0009538C5E46} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE Key Deleted : HKLM\SOFTWARE\Classes\AppID\SMBarBroker.EXE Key Deleted : HKLM\SOFTWARE\Classes\b Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1 Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1 Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1 Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{08635077-8829-49E2-B338-C968817EB460} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{20A3F109-F7C1-47B4-8098-8E654B264B1D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{25560540-9571-4D7B-9389-0F166788785A} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3E720452-B472-4954-B7AA-33069EB53906} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7473D292-B7BB-4F24-AE82-7E2CE94BB6A9} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7473D296-B7BB-4F24-AE82-7E2CE94BB6A9} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{799391D3-EB86-4BAC-9BD3-CBFEA58A0E15} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8C7478AB-3155-463E-936F-55F91F0F10D0} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9E1B65EE-A131-42B4-94CA-847505E2F611} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4730EBE-43A6-443E-9776-36915D323AD3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9571378-68A1-443D-B082-284F960C6D17} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B813095C-81C0-4E40-AA14-67520372B987} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D858DAFC-9573-4811-B323-7011A3AA7E61} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1 Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1 Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1 Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1 Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.DataControl Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.DataControl.1 Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.HistoryKillerScheduler Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.HistoryKillerScheduler.1 Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.HistorySwatterControlBar Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.HistorySwatterControlBar.1 Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.HTMLMenu Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.HTMLMenu.1 Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.HTMLMenu.2 Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.IECookiesManager Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.IECookiesManager.1 Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.KillerObjManager Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.KillerObjManager.1 Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.PopSwatterBarButton Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.PopSwatterBarButton.1 Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.PopSwatterSettingsControl Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.PopSwatterSettingsControl.1 Key Deleted : HKLM\SOFTWARE\Classes\IMsiDe1egate.Application.1 Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01947140-417F-46B6-8751-A3A2B8345E1A} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1093995A-BA37-41D2-836E-091067C4AD17} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{78CE34FD-F6D4-4866-B79C-A37268D06A04} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{80904944-C726-4C7D-A452-3FFF2A882095} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7} Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.ChatSessionPlugin Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.ChatSessionPlugin.1 Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.HTMLPanel Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.HTMLPanel.1 Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.MultipleButton Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.MultipleButton.1 Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.OutlookAddin Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.OutlookAddin.1 Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.PseudoTransparentPlugin Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.PseudoTransparentPlugin.1 Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.ThirdPartyInstaller Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.ThirdPartyInstaller.1 Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.UrlAlertButton Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.UrlAlertButton.1 Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearchToolBar.SettingsPlugin Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearchToolBar.SettingsPlugin.1 Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearchToolBar.ToolbarPlugin Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearchToolBar.ToolbarPlugin.1 Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\SOFTWARE\Classes\ScreenSaverControl.ScreenSaverInstaller Key Deleted : HKLM\SOFTWARE\Classes\ScreenSaverControl.ScreenSaverInstaller.1 Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar.1 Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898 Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898.3 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3227981 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3272810 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3282812 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3287802 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3287819 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289847 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3294791 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898.1 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2D9B1B31-D034-4738-8F6E-40F0AFCC742C} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A11A6BD-7880-49BD-92D4-6F09D0BD3250} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{68DE31F7-43FF-4EE2-B88B-10665016970D} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8FFDF636-0D87-4B33-B9E9-79A53F6E1DAE} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C} Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\DataMngr Key Deleted : HKLM\Software\Desksvc Key Deleted : HKLM\Software\DomaIQ Key Deleted : HKLM\Software\eSafeSecControl Key Deleted : HKLM\SOFTWARE\FCTB000060231 Key Deleted : HKLM\Software\FocusInteractive Key Deleted : HKLM\Software\Freeze.com Key Deleted : HKLM\Software\Fun Web Products Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd Key Deleted : HKLM\Software\IB Updater Key Deleted : HKLM\Software\Iminent Key Deleted : HKLM\Software\InfoAtoms Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48DD-9B6D-7A13A3E42127} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40FD-8DAE-FF14757F60C7} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Key Deleted : HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss Key Deleted : HKLM\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin Key Deleted : HKLM\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\de7123bf7f00a65431bd1ff61b0bcade Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TBSB07183.TBSB07183Toolbar Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\xfin_portal Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@mywebsearch.com/Plugin Key Deleted : HKLM\Software\MyWebSearch Key Deleted : HKLM\Software\PIP Key Deleted : HKLM\Software\Tarma Installer Key Deleted : HKLM\Software\V9Software Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{07B18EA9-A523-4961-B6BB-170DE4475CCA}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{07B18EA9-A523-4961-B6BB-170DE4475CCA}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows Media\Wmsdk\Sources [F3PopularScreenSavers] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform [FunWebProducts] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\post platform [FunWebProducts] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [m3ffxtbr@mywebsearch.com] * [Internet Browsers] * -\\ Internet Explorer v9.0.8112.16496 Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://en.v9.com/?utm_source=b&utm_medium=update&from=update&uid=ST3500630AS_9QG49AG2XXXX9QG49AG2&ts=1369829267 --> hxxp://www.google.com Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=US&userid=e0eda1d0-b29e-4f09-b8ea-f5cf530e6121&searchtype=ds&q={searchTerms}&installDate=06/05/2013 --> hxxp://www.google.com Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://en.v9.com/?utm_source=b&utm_medium=update&from=update&uid=ST3500630AS_9QG49AG2XXXX9QG49AG2&ts=1369829267 --> hxxp://www.google.com Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://en.v9.com/?utm_source=b&utm_medium=update&from=update&uid=ST3500630AS_9QG49AG2XXXX9QG49AG2&ts=1369829267 --> hxxp://www.google.com -\\ Mozilla Firefox v [Unable to get version] File : C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\ogyaxgbd.default\prefs.js C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\ogyaxgbd.default\user.js ... Deleted ! Deleted : user_pref("extensions.crossriderapp19866.adsOldValue", -1); Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "about:home"); Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.[...] Deleted : user_pref("extensions.BCPA3.previous-keyword-url", "\"hxxp://start.sweetpacks.com/?src=2&st=12&barid[...] Deleted : user_pref("extensions.APN_TB.first-previous-keyword-url", "hxxp://start.sweetpacks.com/?src=2&st=12&[...] -\\ Google Chrome v [Unable to get version] File : C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Preferences Deleted [l.42] : icon_url = "hxxp://www.babylon.com/favicon.ico", Deleted [l.45] : keyword = "babylon.com", Deleted [l.49] : search_url = "hxxp://search.babylon.com/?q={searchTerms}&affID=119351&tt=gc_&babsrc=SP_ss_g[...] Deleted [l.2659] : homepage = "hxxp://search.conduit.com/?ctid=CT3307015&SearchSource=48&CUI=UN25838433863171217&U[...] Deleted [l.3165] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3307015&SearchSource=48&C[...] *********************** AdwCleaner[R1].txt - [40447 octets] - [15/07/2013 18:20:57] AdwCleaner[S1].txt - [40451 octets] - [15/07/2013 18:21:41] ########## EOF - C:\AdwCleaner[S1].txt - [40512 octets] ##########
	actions · 2013-Jul-15 9:52 pm ·
harry12345 join:2013-07-15 Westport, MA	harry12345 Re: [Malware] Multiple toolbars needed to be removed. Logs inclu Post was too big. here is page2 OTL logfile created on: 7/15/2013 6:38:24 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Barbara\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 2.99 Gb Total Physical Memory \| 1.72 Gb Available Physical Memory \| 57.45% Memory free 6.17 Gb Paging File \| 4.67 Gb Available in Paging File \| 75.69% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files Drive C: \| 455.71 Gb Total Space \| 330.27 Gb Free Space \| 72.47% Space Free \| Partition Type: NTFS Drive D: \| 10.00 Gb Total Space \| 5.68 Gb Free Space \| 56.78% Space Free \| Partition Type: NTFS Computer Name: HOME-PC \| User Name: Barbara \| Logged in as Administrator. Boot Mode: Normal \| Scan Mode: Current user Company Name Whitelist: Off \| Skip Microsoft Files: Off \| No Company Name Whitelist: On \| File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013/07/15 18:36:39 \| 000,602,112 \| ---- \| M] (OldTimer Tools) -- C:\Users\Barbara\Desktop\OTL.exe PRC - [2013/05/16 10:59:00 \| 003,830,224 \| ---- \| M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe PRC - [2013/05/16 10:56:34 \| 001,033,688 \| ---- \| M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe PRC - [2013/05/16 10:56:30 \| 001,817,560 \| ---- \| M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe PRC - [2013/05/15 13:21:32 \| 000,171,928 \| ---- \| M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe PRC - [2013/05/10 03:57:22 \| 000,065,640 \| ---- \| M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013/05/08 19:45:06 \| 000,056,872 \| ---- \| M] (White Sky, Inc.) -- C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe PRC - [2013/05/08 19:45:03 \| 004,023,848 \| ---- \| M] (White Sky, Inc.) -- C:\Program Files\Constant Guard Protection Suite\IDVault.exe PRC - [2013/01/27 12:11:46 \| 000,295,232 \| ---- \| M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe PRC - [2013/01/27 12:11:46 \| 000,020,456 \| ---- \| M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe PRC - [2013/01/27 12:11:06 \| 000,947,152 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe PRC - [2011/12/11 01:48:30 \| 002,756,608 \| ---- \| M] (Eastman Kodak Company) -- C:\Windows\System32\spool\drivers\w32x86\3\EKAiO2MUI.exe PRC - [2011/04/16 20:45:11 \| 000,130,008 \| R--- \| M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccsvchst.exe PRC - [2009/06/17 13:49:44 \| 000,616,408 \| ---- \| M] () -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe PRC - [2009/05/21 10:55:32 \| 000,206,064 \| ---- \| M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe PRC - [2009/04/11 02:27:36 \| 002,926,592 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008/08/13 19:32:40 \| 000,201,968 \| ---- \| M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe PRC - [2008/01/17 07:22:20 \| 004,907,008 \| ---- \| M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007/12/05 06:17:24 \| 000,077,824 \| ---- \| M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2013/07/11 10:08:15 \| 000,253,952 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\41009db1b6120bff064313a0a7bc1622\WindowsFormsIntegration.ni.dll MOD - [2013/07/11 10:08:09 \| 001,226,752 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\a3994a19741e3d9a415a1d9f92640f94\System.WorkflowServices.ni.dll MOD - [2013/07/11 10:07:18 \| 000,369,664 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\c24b36ceb832eabefe020b7453994a87\System.ServiceModel.Routing.ni.dll MOD - [2013/07/11 10:07:16 \| 001,141,760 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\4e250337cd18240b68997db97a661701\System.ServiceModel.Discovery.ni.dll MOD - [2013/07/11 10:07:14 \| 000,082,432 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\aab5ffcd3df45c984400184a9a041a8f\System.ServiceModel.Channels.ni.dll MOD - [2013/07/11 10:06:50 \| 001,218,560 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\36d4abefb9287140975d11057bb8f7ee\System.Management.ni.dll MOD - [2013/07/11 10:06:48 \| 001,394,176 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\fd6ee30e73a33e86f4da7180a38feec7\System.ServiceModel.Activities.ni.dll MOD - [2013/07/11 10:06:42 \| 001,078,272 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\1489265c93f726f72f59fa268b99af37\System.IdentityModel.ni.dll MOD - [2013/07/11 10:06:40 \| 018,101,760 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\1fd03dbce5fb842598861bcc46d549a2\System.ServiceModel.ni.dll MOD - [2013/07/11 10:06:10 \| 001,087,488 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\083809e6dd5e41755ad44b9807bece48\System.ServiceModel.Web.ni.dll MOD - [2013/07/11 10:03:53 \| 000,096,768 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\3f0863816ab6f5fef4e0abb442752b9f\UIAutomationProvider.ni.dll MOD - [2013/07/11 10:03:52 \| 000,221,696 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\9f22d07e9863e4e1bf4f47ef4c3862e6\System.ServiceProcess.ni.dll MOD - [2013/07/11 10:03:49 \| 001,926,144 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\e2819c91784da9b6889a883a79ce66a3\System.Web.Services.ni.dll MOD - [2013/07/11 10:03:33 \| 000,649,728 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\5ec5f80f35fbc6665e2eddb7711a8410\System.Transactions.ni.dll MOD - [2013/07/11 10:03:32 \| 001,021,952 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\da2cc25eb270a9d8607ab7486f3ce890\System.Runtime.DurableInstancing.ni.dll MOD - [2013/07/11 10:03:31 \| 000,143,360 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\8a26ba5b45d30874fbebb0a475b22a75\SMDiagnostics.ni.dll MOD - [2013/07/11 10:03:30 \| 002,647,552 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\6b3adc90b6f811b557d290e1436e7ff8\System.Runtime.Serialization.ni.dll MOD - [2013/07/11 10:02:35 \| 001,801,728 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\e8aafadcd1fc0f8f406434176fb97477\System.Xaml.ni.dll MOD - [2013/07/10 22:25:16 \| 005,462,016 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\4a249ccdc8817127b91bc36d1aa52b5e\System.Xml.ni.dll MOD - [2013/07/10 22:23:03 \| 007,977,984 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\e3cc2cbffd5fb21da64e93d9b6c27c7c\System.ni.dll MOD - [2013/07/10 22:22:51 \| 011,497,984 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6a938df70a8b7996a3890b4f34c83906\mscorlib.ni.dll MOD - [2013/07/10 13:44:38 \| 018,003,456 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\4c152db66c5438fbf9e3975858dde0bc\PresentationFramework.ni.dll MOD - [2013/07/10 13:44:22 \| 011,451,904 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\8d9db55b1eef7728c04fb1ec500089c6\PresentationCore.ni.dll MOD - [2013/07/10 13:44:08 \| 003,858,944 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\d3c944049319ebe51e939c9342f0bcc2\WindowsBase.ni.dll MOD - [2013/07/10 13:44:07 \| 000,595,968 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\9631f1dac820cb6987560f074492150d\PresentationFramework.Aero.ni.dll MOD - [2013/07/10 13:44:03 \| 013,199,360 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\6ea5ee4386d67f4b432a27c40fbff93c\System.Windows.Forms.ni.dll MOD - [2013/07/10 13:44:03 \| 006,817,280 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\a77cef85535aec07317e7b1a302365c1\System.Data.ni.dll MOD - [2013/07/10 13:43:51 \| 001,667,584 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4787bb699ed4291859fb86f15d793add\System.Drawing.ni.dll MOD - [2013/07/10 13:43:47 \| 000,749,568 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\dc48e3e467309e2bbde8a876614b38e4\System.Security.ni.dll MOD - [2013/07/10 13:43:46 \| 007,070,720 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\a1c174e579c9ad4e5b6eeed8a58a721b\System.Core.ni.dll MOD - [2013/07/10 13:43:43 \| 005,628,928 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\91c185bd043af039dcdc93e3fcf87f3d\System.Xml.ni.dll MOD - [2013/07/10 13:43:37 \| 001,013,248 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\256b7bb1216345c5a66ced50c1cf239d\System.Configuration.ni.dll MOD - [2013/07/10 13:43:35 \| 009,099,776 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\8a6d1c8abeb8eb82f06c7d075130cc67\System.ni.dll MOD - [2013/07/10 13:43:29 \| 000,145,408 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\cfbc74c91b44af85d10b272ae5c70d5a\System.Numerics.ni.dll MOD - [2013/07/10 13:43:28 \| 014,416,896 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll MOD - [2013/05/16 10:55:28 \| 000,161,112 \| ---- \| M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl MOD - [2013/05/16 10:55:26 \| 000,113,496 \| ---- \| M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl MOD - [2013/05/16 10:55:24 \| 000,416,600 \| ---- \| M] () -- C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl MOD - [2013/05/08 19:43:45 \| 000,548,488 \| ---- \| M] () -- C:\Program Files\Constant Guard Protection Suite\sqlite3.dll MOD - [2011/06/24 22:56:36 \| 000,087,328 \| ---- \| M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/06/24 22:56:14 \| 001,241,888 \| ---- \| M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2007/06/16 16:18:20 \| 000,032,768 \| ---- \| M] () -- C:\Program Files\MP3 Player Utilities 4.16\AMVConverter\AmvTransform.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV - File not found [Auto \| Running] -- C:\Program Files\Spybot -- (SDWSCService) SRV - File not found [Auto \| Running] -- C:\Program Files\Spybot -- (SDUpdateService) SRV - File not found [Auto \| Running] -- C:\Program Files\Spybot -- (SDScannerService) SRV - [2013/06/12 12:03:22 \| 000,256,904 \| ---- \| M] (Adobe Systems Incorporated) [On_Demand \| Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/05/10 03:57:22 \| 000,065,640 \| ---- \| M] (Adobe Systems Incorporated) [Auto \| Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013/05/08 19:45:06 \| 000,056,872 \| ---- \| M] (White Sky, Inc.) [Auto \| Running] -- C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe -- (IDVaultSvc) SRV - [2013/01/27 12:11:46 \| 000,295,232 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2013/01/27 12:11:46 \| 000,020,456 \| ---- \| M] (Microsoft Corporation) [Auto \| Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2011/04/16 20:45:11 \| 000,130,008 \| R--- \| M] (Symantec Corporation) [Auto \| Running] -- C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe -- (N360) SRV - [2009/07/20 12:28:10 \| 000,121,360 \| ---- \| M] (Logitech, Inc.) [On_Demand \| Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2009/06/17 13:49:44 \| 000,616,408 \| ---- \| M] () [Auto \| Running] -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe -- (AntiSpywareService) SRV - [2008/08/13 19:32:40 \| 000,201,968 \| ---- \| M] (SupportSoft, Inc.) [Auto \| Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SRV - [2008/07/28 20:23:00 \| 000,016,680 \| ---- \| M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand \| Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist) SRV - [2008/01/19 03:38:24 \| 000,272,952 \| ---- \| M] (Microsoft Corporation) [Auto \| Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007/12/05 06:17:24 \| 000,077,824 \| ---- \| M] (Andrea Electronics Corporation) [Auto \| Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters) SRV - [2007/05/31 10:21:24 \| 000,379,784 \| ---- \| M] (Microsoft Corporation) [Auto \| Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007/05/31 10:21:18 \| 000,183,688 \| ---- \| M] (Microsoft Corporation) [Auto \| Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel \| On_Demand \| Stopped] -- C:\Program Files\Webroot\Washer\wrssweep.sys -- (wrssweep) DRV - File not found [Kernel \| On_Demand \| Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel \| Disabled \| Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2013/05/31 12:58:19 \| 001,002,072 \| ---- \| M] (Symantec Corporation) [Kernel \| System \| Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20130702.001\BHDrvx86.sys -- (BHDrvx86) DRV - [2013/05/22 11:32:57 \| 001,611,992 \| ---- \| M] (Symantec Corporation) [Kernel \| On_Demand \| Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20130715.003\NAVEX15.SYS -- (NAVEX15) DRV - [2013/05/22 11:32:56 \| 000,093,272 \| ---- \| M] (Symantec Corporation) [Kernel \| On_Demand \| Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20130715.003\NAVENG.SYS -- (NAVENG) DRV - [2013/05/22 11:25:48 \| 000,080,104 \| ---- \| M] (Zemana Ltd.) [Kernel \| System \| Running] -- C:\Windows\System32\drivers\AntiLog32.sys -- (AntiLog32) DRV - [2013/03/19 22:22:40 \| 000,376,480 \| ---- \| M] (Symantec Corporation) [Kernel \| System \| Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2013/03/07 17:41:20 \| 000,024,760 \| ---- \| M] (Zemana Ltd.) [Kernel \| On_Demand \| Running] -- C:\Windows\System32\drivers\KeyCrypt32.sys -- (keycrypt) DRV - [2013/01/20 16:59:04 \| 000,100,328 \| ---- \| M] (Microsoft Corporation) [Kernel \| Auto \| Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2012/08/31 20:27:25 \| 000,386,720 \| ---- \| M] (Symantec Corporation) [Kernel \| System \| Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20130712.001\IDSvix86.sys -- (IDSVix86) DRV - [2012/08/09 13:04:41 \| 000,106,656 \| ---- \| M] (Symantec Corporation) [Kernel \| On_Demand \| Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2011/07/08 10:51:29 \| 000,126,584 \| ---- \| M] (Symantec Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2011/04/20 21:37:49 \| 000,331,384 \| ---- \| M] (Symantec Corporation) [Kernel \| System \| Running] -- C:\Windows\System32\drivers\N360\0502020.003\symtdiv.sys -- (SYMTDIv) DRV - [2011/03/30 23:00:09 \| 000,516,216 \| ---- \| M] (Symantec Corporation) [File_System \| On_Demand \| Stopped] -- C:\Windows\System32\drivers\N360\0502020.003\srtsp.sys -- (SRTSP) DRV - [2011/03/30 23:00:09 \| 000,050,168 \| ---- \| M] (Symantec Corporation) [Kernel \| System \| Running] -- C:\Windows\System32\drivers\N360\0502020.003\srtspx.sys -- (SRTSPX) DRV - [2011/03/14 22:31:23 \| 000,744,568 \| ---- \| M] (Symantec Corporation) [File_System \| Boot \| Running] -- C:\Windows\System32\drivers\N360\0502020.003\symefa.sys -- (SymEFA) DRV - [2011/01/27 02:47:10 \| 000,340,088 \| ---- \| M] (Symantec Corporation) [Kernel \| Boot \| Running] -- C:\Windows\System32\drivers\N360\0502020.003\symds.sys -- (SymDS) DRV - [2010/11/15 21:45:33 \| 000,136,312 \| R--- \| M] (Symantec Corporation) [Kernel \| System \| Running] -- C:\Windows\System32\drivers\N360\0502020.003\ironx86.sys -- (SymIRON) DRV - [2009/06/17 12:56:16 \| 000,037,392 \| ---- \| M] (Logitech, Inc.) [Kernel \| On_Demand \| Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2009/06/17 12:56:06 \| 000,035,472 \| ---- \| M] (Logitech, Inc.) [Kernel \| On_Demand \| Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2009/04/02 16:39:10 \| 000,054,784 \| ---- \| M] (ASIX Electronics Corp.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\System32\drivers\ax88772.sys -- (AX88772) DRV - [2008/01/04 20:34:36 \| 000,023,920 \| ---- \| M] (Webroot Software Inc (www.webroot.com)) [Kernel \| On_Demand \| Stopped] -- C:\Windows\System32\drivers\sskbfd.sys -- (SSKBFD) DRV - [2007/04/29 04:42:24 \| 000,228,224 \| ---- \| M] (Intel Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) DRV - [2006/11/02 03:36:43 \| 002,028,032 \| ---- \| M] (ATI Technologies Inc.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2006/10/18 14:08:18 \| 000,258,048 \| ---- \| M] (Conexant Systems, Inc.) [Kernel \| On_Demand \| Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2) DRV - [2006/08/04 20:39:10 \| 000,008,192 \| ---- \| M] (Conexant Systems, Inc.) [Kernel \| Auto \| Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2004/09/29 14:45:32 \| 000,026,525 \| ---- \| M] (SMC2208USB/ETH) [Kernel \| On_Demand \| Stopped] -- C:\Windows\System32\drivers\SMC2208.SYS -- (SMC2208) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKLM\..\URLSearchHook: {54d0da58-64e7-4408-be1f-72659f70fcbe} - No CLSID value found IE - HKLM\..\URLSearchHook: {72a0f495-ba60-4524-827b-b36b8c18587a} - No CLSID value found IE - HKLM\..\URLSearchHook: {f6f0f973-a4a3-48cf-9a7a-b7a69c30d71a} - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comcast.net/?cid=mtmh07112013 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/defaultc.aspx IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=US&userid=e0eda1d0-b29e-4f09-b8ea-f5cf530e6121&searchtype=ds&q={searchTerms}&installDate=06/05/2013 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=US&userid=e0eda1d0-b29e-4f09-b8ea-f5cf530e6121&searchtype=ds&q={searchTerms}&installDate=06/05/2013 IE - HKCU\..\URLSearchHook: {D8278076-BC68-4484-9233-6E7F1628B56C} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {F6852A03-96D6-4A74-B941-CBC418B4114E} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\..\SearchScopes\{F6852A03-96D6-4A74-B941-CBC418B4114E}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=1I7_____en IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = .local [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..extensions.enabledAddons: idvaultaddin@whitesky:1.1.716.0 FF - prefs.js..network.proxy.no_proxies_on: ".local" FF - prefs.js..network.proxy.type: 0 FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.defaultengine: "Ask Search" FF - prefs.js..browser.startup.homepage: FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\Barbara\AppData\Local\Roblox\Versions\version-1bebb2d1460c4423\\NPRobloxProxy.dll () FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Barbara\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\npsoe.dll () FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012/02/07 18:37:46 \| 000,000,000 \| ---D \| M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_13_2 [2013/07/15 18:34:07 \| 000,000,000 \| ---D \| M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}: C:\Program Files\Coupons.com CouponBar\firefox\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\Coupons.com.xpi [2012/01/26 14:18:46 \| 000,185,164 \| ---- \| M] () FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1650a312-02bc-40ee-977e-83f158701739}: C:\Program Files\SiteAdvisor\6261\FF\ [2009/11/14 19:30:06 \| 000,000,000 \| ---D \| M] (No name found) -- C:\Users\Barbara\AppData\Roaming\Mozilla\Extensions [2013/07/15 18:25:25 \| 000,000,000 \| ---D \| M] (No name found) -- C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\ogyaxgbd.default\extensions [2013/07/11 23:18:16 \| 000,000,000 \| ---D \| M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/06/20 12:54:54 \| 000,091,584 \| ---- \| M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll [2012/06/20 12:54:56 \| 000,091,584 \| ---- \| M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Babylon (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter} CHR - homepage: http://www.google.com/ CHR - plugin: iTunes Application Detector (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: Google Docs = C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: Google Search = C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Gmail = C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2011/01/20 12:13:59 \| 000,000,761 \| ---- \| M]) - C:\Windows\System32\drivers\etc\HOSTS O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Constant Guard Protection Suite) - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.13.506.2\NativeBHO.dll (WhiteSky) O2 - BHO: (Updater For XFIN_PORTAL) - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files\xfin_portal\auxi\comcastAu.dll File not found O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Coupons.com CouponBar) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll () O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42435041-3300-A76A-76A7-7A786E7484D7} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Coupons.com CouponBar) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll () O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [Conime] C:\Windows\System32\conime.exe (Microsoft Corporation) O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKLM..\Run: [EKAIO2StatusMonitor] C:\Windows\System32\spool\drivers\w32x86\3\EKAiO2MUI.exe (Eastman Kodak Company) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [ComcastAntispyClient] "C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide File not found O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; OfficeLiveConnector.1.5; OfficeLivePatch.1.3; .NET4.0C; FunWebProducts; BRI/2; .NET4.0E; BOIE9;ENUS)" -"http://www.ojosweb.com/downloads/runner.dir" File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 10.21.2) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 10.21.2) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 66.189.0.100 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{65E3B85E-DACD-4389-8941-72767281D516}: DhcpNameServer = 75.75.75.75 75.75.76.76 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9254096E-F9BA-426C-8F1B-1CD938358311}: DhcpNameServer = 75.75.75.75 75.75.76.76 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9D6E5DDE-63A2-4A58-ADDE-972B322B9B85}: DhcpNameServer = 192.168.1.1 66.189.0.100 O20 - AppInit_DLLs: (C:\PROGRA~1\KEYCRY~1\KEYCRY~4.DLL) - C:\Program Files\KeyCryptSDK\KeyCrypt32(2).dll (Zemana Ltd.) O20 - AppInit_DLLs: (c:\progra~1\google\google~2\goec62~1.dll) - c:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{111d4040-7d5d-11df-9437-001d0979c268}\Shell - "" = AutoRun O33 - MountPoints2\{111d4040-7d5d-11df-9437-001d0979c268}\Shell\AutoRun\command - "" = F:\Photo_Viewer.exe O33 - MountPoints2\{acd5f426-4880-11df-9b43-001d0979c268}\Shell\AutoRun\command - "" = F:\DmailerSync_9_1_18359.exe O33 - MountPoints2\{d426fbe9-1d58-11df-921f-001d0979c268}\Shell - "" = AutoRun O33 - MountPoints2\{d426fbe9-1d58-11df-921f-001d0979c268}\Shell\AutoRun\command - "" = G:\laucher.exe O33 - MountPoints2\{f6f586bf-ba66-11df-bddb-001d0979c268}\Shell - "" = AutoRun O33 - MountPoints2\{f6f586bf-ba66-11df-bddb-001d0979c268}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk ) O35 - HKLM\..comfile [open] -- "%1" % O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013/07/15 18:36:34 \| 000,602,112 \| ---- \| C] (OldTimer Tools) -- C:\Users\Barbara\Desktop\OTL.exe [2013/07/14 23:21:18 \| 000,448,512 \| ---- \| C] (OldTimer Tools) -- C:\Users\Barbara\Desktop\TFC.exe [2013/07/14 23:12:00 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Spybot - Search & Destroy [2013/07/14 23:11:44 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 [2013/07/14 23:11:39 \| 000,015,224 \| ---- \| C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe [2013/07/14 23:11:30 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Spybot - Search & Destroy 2 [2013/07/14 22:22:07 \| 000,000,000 \| ---D \| C] -- C:\Program Files\CCleaner [2013/07/12 00:02:11 \| 000,000,000 \| ---D \| C] -- C:\Users\Barbara\Desktop\New Folder [2013/07/11 22:02:01 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/07/11 22:01:45 \| 000,022,856 \| ---- \| C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013/07/11 22:01:45 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013/07/11 17:11:33 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Real [2013/07/11 17:07:17 \| 179,539,422 \| ---- \| C] (contendo media Ltd. ) -- C:\Users\Barbara\Desktop\BusSimulator08_EnglishDemo.exe [2013/07/10 13:24:36 \| 002,382,848 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013/07/10 13:24:35 \| 000,176,640 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013/07/10 13:24:34 \| 000,065,024 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013/07/10 13:24:33 \| 000,607,744 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013/07/10 13:24:33 \| 000,142,848 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013/07/10 13:24:32 \| 001,800,704 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013/07/10 13:24:31 \| 000,231,936 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013/07/10 13:24:30 \| 001,427,968 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013/07/09 20:03:21 \| 002,049,024 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013/07/09 20:03:00 \| 001,069,056 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2013/07/09 20:03:00 \| 000,486,400 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2013/07/09 20:03:00 \| 000,189,952 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2013/07/09 20:02:59 \| 001,172,480 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2013/07/09 20:02:59 \| 001,029,120 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2013/07/09 20:02:59 \| 000,683,008 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2013/07/09 20:02:59 \| 000,219,648 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2013/07/09 20:02:59 \| 000,160,768 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2013/07/09 20:02:57 \| 000,505,344 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll [2013/07/09 20:02:56 \| 001,548,288 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL [2013/07/02 15:45:45 \| 004,953,944 \| ---- \| C] (FLVMPlayer ) -- C:\Users\Barbara\Desktop\FLVMPlayer(1).exe [2013/07/02 15:45:44 \| 004,953,944 \| ---- \| C] (FLVMPlayer ) -- C:\Users\Barbara\Desktop\FLVMPlayer.exe [2013/06/21 19:24:03 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bus Simulator 2008 Demo [2013/06/21 19:23:26 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Bus Simulator 2008 Demo [2013/06/21 18:59:31 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bus Simulator Deluxe [2013/06/21 18:56:36 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Contendo Games [2013/06/21 18:39:25 \| 000,519,304 \| ---- \| C] (Ask Partner Network) -- C:\Users\Barbara\Documents\APNSetup1.exe [2013/06/21 18:12:06 \| 000,000,000 \| ---D \| C] -- C:\Users\Barbara\AppData\Local\CRE [2013/06/19 15:06:49 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013/06/19 15:05:54 \| 000,000,000 \| ---D \| C] -- C:\Program Files\iPod [2013/06/19 15:05:51 \| 000,000,000 \| ---D \| C] -- C:\Program Files\iTunes [2013/06/19 15:05:51 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2008/11/17 23:32:08 \| 008,653,312 \| ---- \| C] (Dell, Inc. ) -- C:\Users\Barbara\AppData\Roaming\DataSafeDotNet.exe [2008/02/28 17:20:01 \| 000,774,144 \| ---- \| C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll [38 C:\ProgramData\.tmp files -> C:\ProgramData\.tmp -> ] [38 C:\ProgramData\.tmp files -> C:\ProgramData\.tmp -> ] [1 C:\Users\Barbara\Documents\.tmp files -> C:\Users\Barbara\Documents\.tmp -> ]
	actions · 2013-Jul-15 10:34 pm ·
harry12345 join:2013-07-15 Westport, MA	harry12345 reply to harry12345 last page [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013/07/15 18:36:39 \| 000,602,112 \| ---- \| M] (OldTimer Tools) -- C:\Users\Barbara\Desktop\OTL.exe [2013/07/15 18:33:26 \| 000,003,696 \| -H-- \| M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013/07/15 18:33:22 \| 000,003,696 \| -H-- \| M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013/07/15 18:31:41 \| 000,000,882 \| ---- \| M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/07/15 18:30:53 \| 000,067,584 \| --S- \| M] () -- C:\Windows\bootstat.dat [2013/07/15 18:29:35 \| 000,000,012 \| ---- \| M] () -- C:\Windows\bthservsdp.dat [2013/07/15 18:25:43 \| 000,000,094 \| ---- \| M] () -- C:\Windows\DeleteOnReboot.bat [2013/07/15 18:25:28 \| 000,000,869 \| ---- \| M] () -- C:\Users\Barbara\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2013/07/15 18:19:46 \| 000,662,345 \| ---- \| M] () -- C:\Users\Barbara\Desktop\adwcleaner.exe [2013/07/15 18:03:00 \| 000,000,830 \| ---- \| M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/07/15 17:47:01 \| 000,000,886 \| ---- \| M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/07/14 23:21:19 \| 000,448,512 \| ---- \| M] (OldTimer Tools) -- C:\Users\Barbara\Desktop\TFC.exe [2013/07/14 23:11:45 \| 000,001,920 \| ---- \| M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2013/07/14 22:25:47 \| 000,531,038 \| ---- \| M] () -- C:\Users\Barbara\Documents\cc_20130714_222519.reg [2013/07/14 22:16:14 \| 000,000,104 \| ---- \| M] () -- C:\Users\Barbara\Desktop\Recycle Bin - Shortcut.lnk [2013/07/11 22:43:09 \| 000,005,216 \| ---- \| M] () -- C:\Users\Barbara\AppData\Local\d3d9caps.dat [2013/07/11 22:12:16 \| 000,003,128 \| ---- \| M] () -- C:\{EF422D00-CE42-48EB-94B7-529864AA49D6} [2013/07/11 17:09:20 \| 179,539,422 \| ---- \| M] (contendo media Ltd. ) -- C:\Users\Barbara\Desktop\BusSimulator08_EnglishDemo.exe [2013/07/11 14:58:00 \| 000,000,868 \| ---- \| M] () -- C:\Windows\tasks\Google Software Updater.job [2013/07/10 22:19:19 \| 000,356,584 \| ---- \| M] () -- C:\Windows\System32\FNTCACHE.DAT [2013/07/02 15:46:06 \| 000,000,832 \| ---- \| M] () -- C:\Users\Public\Desktop\FLV Media Player.lnk [2013/07/02 15:45:50 \| 004,953,944 \| ---- \| M] (FLVMPlayer ) -- C:\Users\Barbara\Desktop\FLVMPlayer(1).exe [2013/07/02 15:45:47 \| 004,953,944 \| ---- \| M] (FLVMPlayer ) -- C:\Users\Barbara\Desktop\FLVMPlayer.exe [2013/07/02 14:51:37 \| 2553,474,430 \| ---- \| M] () -- C:\Users\Barbara\Desktop\EuropeanBusSimulator_2012Demo_BASIC_ENG.rar [2013/06/19 15:06:49 \| 000,001,626 \| ---- \| M] () -- C:\Users\Public\Desktop\iTunes.lnk [38 C:\ProgramData\.tmp files -> C:\ProgramData\.tmp -> ] [38 C:\ProgramData\.tmp files -> C:\ProgramData\.tmp -> ] [1 C:\Users\Barbara\Documents\.tmp files -> C:\Users\Barbara\Documents\.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013/07/15 18:21:52 \| 000,000,094 \| ---- \| C] () -- C:\Windows\DeleteOnReboot.bat [2013/07/15 18:19:34 \| 000,662,345 \| ---- \| C] () -- C:\Users\Barbara\Desktop\adwcleaner.exe [2013/07/14 23:11:45 \| 000,001,932 \| ---- \| C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk [2013/07/14 23:11:45 \| 000,001,920 \| ---- \| C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2013/07/14 22:25:24 \| 000,531,038 \| ---- \| C] () -- C:\Users\Barbara\Documents\cc_20130714_222519.reg [2013/07/14 22:16:14 \| 000,000,104 \| ---- \| C] () -- C:\Users\Barbara\Desktop\Recycle Bin - Shortcut.lnk [2013/07/11 22:12:15 \| 000,003,128 \| ---- \| C] () -- C:\{EF422D00-CE42-48EB-94B7-529864AA49D6} [2013/07/02 15:46:05 \| 000,000,832 \| ---- \| C] () -- C:\Users\Public\Desktop\FLV Media Player.lnk [2013/07/02 14:34:32 \| 2553,474,430 \| ---- \| C] () -- C:\Users\Barbara\Desktop\EuropeanBusSimulator_2012Demo_BASIC_ENG.rar [2013/06/19 15:06:49 \| 000,001,626 \| ---- \| C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013/06/15 23:25:23 \| 000,000,583 \| ---- \| C] () -- C:\Users\Barbara\Documents\IMG_3495.lnk [2013/05/15 12:53:57 \| 000,000,552 \| ---- \| C] () -- C:\Users\Barbara\AppData\Local\d3d8caps.dat [2012/09/08 23:27:19 \| 000,000,736 \| ---- \| C] () -- C:\Windows\SamsungMaster.INI [2012/06/12 19:40:28 \| 000,000,064 \| ---- \| C] () -- C:\Windows\GPlrLanc.dat [2012/02/20 23:45:23 \| 012,448,541 \| ---- \| C] () -- C:\Users\Barbara\AppData\Roaming\SMRBackup250.dat [2011/05/18 17:23:31 \| 000,001,940 \| ---- \| C] () -- C:\Users\Barbara\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini [2010/11/26 20:01:43 \| 000,000,760 \| ---- \| C] () -- C:\Users\Barbara\AppData\Roaming\setup_ldm.iss [2009/10/20 12:13:13 \| 000,005,216 \| ---- \| C] () -- C:\Users\Barbara\AppData\Local\d3d9caps.dat [2008/08/17 19:21:32 \| 000,004,384 \| ---- \| C] () -- C:\ProgramData\lxdf [2008/07/28 20:22:58 \| 000,061,224 \| ---- \| C] () -- C:\Users\Barbara\GoToAssistDownloadHelper.exe [2008/05/06 07:23:02 \| 000,000,632 \| RHS- \| C] () -- C:\Users\Barbara\ntuser.pol [2008/01/04 21:59:37 \| 000,031,007 \| ---- \| C] () -- C:\Users\Barbara\AppData\Roaming\UserTile.png [2007/12/25 15:59:28 \| 000,034,304 \| ---- \| C] () -- C:\Users\Barbara\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [color=#E56717]========== ZeroAccess Check ==========[/color] [2006/11/02 08:54:22 \| 000,000,227 \| RHS- \| M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 13:47:00 \| 011,586,048 \| ---- \| M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 02:28:19 \| 000,614,912 \| ---- \| M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 02:28:25 \| 000,347,648 \| ---- \| M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== LOP Check ==========[/color] [2013/06/01 23:25:16 \| 000,000,000 \| ---D \| M] -- C:\Users\Barbara\AppData\Roaming\337 Wallpaper [2010/06/14 13:59:12 \| 000,000,000 \| ---D \| M] -- C:\Users\Barbara\AppData\Roaming\6500 Series [2011/10/15 11:20:42 \| 000,000,000 \| ---D \| M] -- C:\Users\Barbara\AppData\Roaming\Catalina Marketing Corp [2008/10/22 07:54:55 \| 000,000,000 \| ---D \| M] -- C:\Users\Barbara\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2008/01/01 13:30:00 \| 000,000,000 \| ---D \| M] -- C:\Users\Barbara\AppData\Roaming\DataSafeOnline [2008/10/14 11:22:24 \| 000,000,000 \| ---D \| M] -- C:\Users\Barbara\AppData\Roaming\funkitron [2013/07/15 18:41:00 \| 000,000,000 \| ---D \| M] -- C:\Users\Barbara\AppData\Roaming\ID Vault [2009/01/23 22:46:31 \| 000,000,000 \| ---D \| M] -- C:\Users\Barbara\AppData\Roaming\JewelMatch2 [2008/10/10 20:41:08 \| 000,000,000 \| ---D \| M] -- C:\Users\Barbara\AppData\Roaming\LearnSomething [2008/04/06 10:33:13 \| 000,000,000 \| ---D \| M] -- C:\Users\Barbara\AppData\Roaming\Lexmark Productivity Studio [2008/05/20 17:08:48 \| 000,000,000 \| ---D \| M] -- C:\Users\Barbara\AppData\Roaming\Ludia [2008/01/04 21:59:37 \| 000,000,000 \| ---D \| M] -- C:\Users\Barbara\AppData\Roaming\PeerNetworking [2008/10/18 14:20:52 \| 000,000,000 \| ---D \| M] -- C:\Users\Barbara\AppData\Roaming\Pharmacy Assessments [2013/07/11 23:29:33 \| 000,000,000 \| ---D \| M] -- C:\Users\Barbara\AppData\Roaming\player [2009/03/19 18:20:35 \| 000,000,000 \| ---D \| M] -- C:\Users\Barbara\AppData\Roaming\PlayFirst [2008/10/06 18:34:18 \| 000,000,000 \| ---D \| M] -- C:\Users\Barbara\AppData\Roaming\Rx2000 Courses [2008/04/05 09:55:26 \| 000,000,000 \| ---D \| M] -- C:\Users\Barbara\AppData\Roaming\SBTT [2008/01/01 12:47:38 \| 000,000,000 \| ---D \| M] -- C:\Users\Barbara\AppData\Roaming\School Zone Preferences [2013/01/13 01:04:33 \| 000,000,000 \| ---D \| M] -- C:\Users\Barbara\AppData\Roaming\Strongvault [2012/03/04 14:15:08 \| 000,000,000 \| ---D \| M] -- C:\Users\Barbara\AppData\Roaming\Temp [2009/10/09 10:35:14 \| 000,000,000 \| ---D \| M] -- C:\Users\Barbara\AppData\Roaming\Tific [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 201 bytes -> C:\ProgramData\TEMP:1663E41B @Alternate Data Stream - 177 bytes -> C:\ProgramData\TEMP:2193C133 @Alternate Data Stream - 175 bytes -> C:\ProgramData\TEMP:8D09A3F7 @Alternate Data Stream - 163 bytes -> C:\ProgramData\TEMP:8C20507F @Alternate Data Stream - 163 bytes -> C:\ProgramData\TEMP:6BD5DF7E @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:E9A76859 @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:A3AB6321 @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:373E1720 @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:98F0614F @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:38673444 @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:2BFC67DE @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:60C47453 @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:F8A67568 @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:3CBB9ED6 @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:140CF428 @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:F8342E7B @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:512B5648 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:81F83028 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:522EA216 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:1A5D64BE @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:E0AE69BE @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:CBA65743 @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:20C69EEE @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:3D69B4B5 @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:38760F1C @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:5B85C37B @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:9979F105 @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:67785E6A @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:57B4E612 @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:7C017FB1 @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:04639FCC @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:C46995DA @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:442CBC07 @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:CB2A7E51 @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:F3F95A98 @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:C3A4217C @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:1A368015 @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:193426B4 @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:75EFCFC2 @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:2430E4FC @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:20FFCF0B @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:ABE30DDB @Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:8C5ED159 ---------------------- OTL Extras logfile created on: 7/15/2013 6:38:24 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Barbara\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 2.99 Gb Total Physical Memory \| 1.72 Gb Available Physical Memory \| 57.45% Memory free 6.17 Gb Paging File \| 4.67 Gb Available in Paging File \| 75.69% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files Drive C: \| 455.71 Gb Total Space \| 330.27 Gb Free Space \| 72.47% Space Free \| Partition Type: NTFS Drive D: \| 10.00 Gb Total Space \| 5.68 Gb Free Space \| 56.78% Space Free \| Partition Type: NTFS Computer Name: HOME-PC \| User Name: Barbara \| Logged in as Administrator. Boot Mode: Normal \| Scan Mode: Current user Company Name Whitelist: Off \| Skip Microsoft Files: Off \| No Company Name Whitelist: On \| File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) http [open] -- Reg Error: Key error. https [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" %* txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 1 "InternetSettingsDisableNotify" = 1 "AutoUpdateDisableNotify" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe::Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.) "C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe::Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.) "C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe::Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.) "C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe::Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.) [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{064532A0-93C5-4EFA-BB7C-76D578E66EE1}" = rport=3702 \| protocol=17 \| dir=out \| svc=fdphost \| app=%systemroot%\system32\svchost.exe \| "{097F46C2-9273-4C41-8E56-E98F5501E2ED}" = lport=2869 \| protocol=6 \| dir=in \| name=windows live communications platform (upnp) \| "{265D6968-D84E-4FB0-82CC-302DC22AE31F}" = rport=1900 \| protocol=17 \| dir=out \| svc=ssdpsrv \| app=%systemroot%\system32\svchost.exe \| "{3C3C330C-857C-4B96-BF1A-CD8BEC0A232A}" = lport=137 \| protocol=17 \| dir=in \| app=system \| "{3D4F6ECB-DF78-4564-B7B9-621D87ED776C}" = lport=3702 \| protocol=17 \| dir=in \| svc=fdphost \| app=%systemroot%\system32\svchost.exe \| "{43BAB699-C8BA-4309-92BA-666C7CA116B6}" = lport=1900 \| protocol=17 \| dir=in \| svc=ssdpsrv \| app=svchost.exe \| "{5D9C70A7-7481-4141-ADE0-C3CE02993485}" = lport=445 \| protocol=6 \| dir=in \| app=system \| "{5EBF2F0D-0040-4840-AABF-AE5EAE75D1B8}" = lport=139 \| protocol=6 \| dir=in \| app=system \| "{5F929ED2-4A2A-4B87-9C0C-9A2A201E1096}" = lport=2869 \| protocol=6 \| dir=in \| app=system \| "{6F8B333A-ED35-450E-B502-3364BF920014}" = lport=1900 \| protocol=17 \| dir=in \| svc=ssdpsrv \| app=%systemroot%\system32\svchost.exe \| "{78F6F197-D07B-40A6-8EC3-918BBD273125}" = rport=138 \| protocol=17 \| dir=out \| app=system \| "{8065F2D6-413D-48CD-AC18-7A58BB40730E}" = rport=139 \| protocol=6 \| dir=out \| app=system \| "{8731B98D-8DF8-47FF-BDD2-7BA5BFD4E4CB}" = rport=3702 \| protocol=17 \| dir=out \| svc=fdrespub \| app=%systemroot%\system32\svchost.exe \| "{8CD01D20-0EFB-4914-B0C6-305C466EDEB9}" = lport=3702 \| protocol=17 \| dir=in \| svc=fdrespub \| app=%systemroot%\system32\svchost.exe \| "{9F1BD4D1-7250-494A-A2BC-AA2082CA7A7D}" = lport=rpc-epmap \| protocol=6 \| dir=in \| svc=rpcss \| name=@firewallapi.dll,-28539 \| "{B79AAEE7-689B-4E2A-AC9F-A3C25347FA13}" = rport=5355 \| protocol=17 \| dir=out \| svc=dnscache \| app=%systemroot%\system32\svchost.exe \| "{BBF687B2-C056-4690-A929-97C29B8A15A7}" = rport=445 \| protocol=6 \| dir=out \| app=system \| "{D0FFC91F-E513-444A-826F-DBC5F5411BFF}" = lport=rpc \| protocol=6 \| dir=in \| svc=spooler \| app=%systemroot%\system32\spoolsv.exe \| "{E707BFDB-8B56-4F23-9639-769E10C0CBCE}" = lport=5355 \| protocol=17 \| dir=in \| svc=dnscache \| app=%systemroot%\system32\svchost.exe \| "{F13B0E3F-F261-4E19-819F-DD01F1AAB660}" = lport=138 \| protocol=17 \| dir=in \| app=system \| "{FD558824-9766-4B4E-9A49-C560B2B44A34}" = rport=137 \| protocol=17 \| dir=out \| app=system \| "{FED32E6A-0F11-4D60-8E38-CD76E78C0E09}" = lport=1900 \| protocol=17 \| dir=in \| name=windows live communications platform (ssdp) \| [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02F57B08-C011-4A04-8E5E-E83827704FB1}" = protocol=6 \| dir=in \| app=c:\program files\microsoft office\office12\onenote.exe \| "{03B072BB-5DD1-463C-B48D-724BB9EFEF0D}" = protocol=6 \| dir=in \| app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe \| "{19AF0F9D-5999-456B-8A83-D5F255A4A3C2}" = protocol=6 \| dir=in \| app=c:\program files\bonjour\mdnsresponder.exe \| "{2C24AC73-DA2B-4081-A52E-90C8A25B6808}" = protocol=1 \| dir=out \| name=@firewallapi.dll,-28544 \| "{5243B4C8-F7D0-4E56-88E5-38F68574567C}" = protocol=58 \| dir=out \| name=@firewallapi.dll,-28546 \| "{5498C074-B8D3-4E4F-ADA6-A46D0CD6EA41}" = dir=in \| app=c:\program files\windows live\messenger\msnmsgr.exe \| "{5ACFF614-E53E-4F1C-91D0-4B72ED74E34C}" = protocol=1 \| dir=in \| name=@firewallapi.dll,-28543 \| "{6563BC16-F1AD-4E11-9E14-9A60CAB7397E}" = protocol=6 \| dir=in \| app=c:\program files\bonjour\mdnsresponder.exe \| "{853FA0C5-9741-484A-A7BE-2F1F7D1F6CD7}" = protocol=17 \| dir=in \| app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe \| "{85F3BF02-E98A-499E-8F32-58BF845D27D3}" = dir=in \| app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe \| "{879CA7A3-FA67-4615-B9EE-394E7A8A4892}" = protocol=17 \| dir=in \| app=c:\program files\bonjour\mdnsresponder.exe \| "{98320B65-E6D2-4BB3-B5BB-0E59596F6F7B}" = protocol=58 \| dir=in \| name=@firewallapi.dll,-28545 \| "{A44DFE59-2DB8-46C1-91E7-D43724E7DAA2}" = protocol=6 \| dir=in \| svc=wcescomm \| app=%systemroot%\system32\svchost.exe \| "{A7B4B83F-0653-433E-AC06-90A20B1B8768}" = dir=in \| app=c:\program files\itunes\itunes.exe \| "{B81BC41D-368E-4EEB-BD32-814BC9B04F49}" = dir=in \| app=c:\program files\windows live\contacts\wlcomm.exe \| "{CF569DDA-DB06-43E2-B12F-E3BB4E599303}" = protocol=17 \| dir=out \| svc=wcescomm \| app=%systemroot%\system32\svchost.exe \| "{D499F66D-91AD-4902-AA25-581AE602A73B}" = protocol=17 \| dir=in \| app=c:\program files\microsoft office\office12\onenote.exe \| "{E9EE3A0B-A481-4902-B102-96D908D44E9F}" = protocol=6 \| dir=out \| svc=wcescomm \| app=%systemroot%\system32\svchost.exe \| "{EA29317A-6FE2-4FD6-8196-2683435BA408}" = protocol=17 \| dir=out \| svc=rapimgr \| app=%systemroot%\system32\svchost.exe \| "{EBAC6C2A-59CF-4C2D-A275-A91C6D589E38}" = protocol=6 \| dir=out \| svc=upnphost \| app=%systemroot%\system32\svchost.exe \| "{ED545241-81C2-4D1E-AC59-2B584948E84D}" = protocol=6 \| dir=out \| svc=rapimgr \| app=%systemroot%\system32\svchost.exe \| "{F329A94B-4113-4C76-A328-89BA1126C5CC}" = dir=in \| app=c:\program files\windows live\sync\windowslivesync.exe \| "{FCF60912-DDDD-4304-8BA9-5C6C3748CBD0}" = protocol=17 \| dir=in \| app=c:\program files\bonjour\mdnsresponder.exe \| "TCP Query User{9BD48933-B32B-497D-A1DF-13AADC36A7C6}C:\program files\internet explorer\iexplore.exe" = protocol=6 \| dir=in \| app=c:\program files\internet explorer\iexplore.exe \| "TCP Query User{9E18523A-87E1-4030-88FE-1395384427F5}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 \| dir=in \| app=c:\program files\google\google earth\client\googleearth.exe \| "TCP Query User{CD688821-291A-4ECD-8BC9-3645FFC6C698}C:\program files\internet explorer\iexplore.exe" = protocol=6 \| dir=in \| app=c:\program files\internet explorer\iexplore.exe \| "UDP Query User{287D35F1-5A1A-4257-A1F9-EBBC2BDECF2F}C:\program files\internet explorer\iexplore.exe" = protocol=17 \| dir=in \| app=c:\program files\internet explorer\iexplore.exe \| "UDP Query User{A517CCBC-22F9-4781-89B8-6762016E4723}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 \| dir=in \| app=c:\program files\google\google earth\client\googleearth.exe \| "UDP Query User{E363366B-4273-4C76-A0E1-26E76219499C}C:\program files\internet explorer\iexplore.exe" = protocol=17 \| dir=in \| app=c:\program files\internet explorer\iexplore.exe \| [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools "{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer "{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data "{10934A28-0CC6-4B98-A14F-76B3546003AF}" = ksDIP "{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio EasyArchive "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21 "{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager "{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper "{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0 "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6 "{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6 "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module "{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting "{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD "{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth "{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform "{4D46DE30-49FE-4043-99F7-D7E8C06175E0}_is1" = AntiLogger SDK version 1.5.6.849 "{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides "{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI "{5E33D30D-D896-4D92-B033-5F45819B2937}" = Strongvault Online Backup "{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant "{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.11.0 "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111119303}" = Fresco Wizard "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112783907}" = Bubble Elements "{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin "{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}" = MP3 Player Utilities 4.16 "{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{91FD46D2-4FB7-4A51-8637-556E1BE1DB7C}" = iTunes "{925F1DB6-E86E-4378-9091-D1F68B0583C9}" = iCloud "{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A0FE0292-D3BE-3447-80F2-72E032A54875}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101 "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAC90D5F-B8B1-4A06-B888-F3A241124D0D}" = Roxio MyDVD Premier "{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7) "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy "{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Premier "{CAAF899F-D15F-480F-AF10-22B1431A5E9F}" = AX88772A "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D50AD12E-4EDC-48D4-992C-A74B2FBE05B3}" = PCsync "{D7769185-9A7C-48D4-8874-5388743A1DE2}" = Music, Photos & Videos Launcher "{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software) "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect "{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety "{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool "{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "BFG-Bus Driver" = Bus Driver "Bus Simulator 2008 Demo_is1" = Bus Simulator 2008 Demo "Bus Simulator Deluxe" = Bus Simulator Deluxe (remove only) "CCleaner" = CCleaner "CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 PCI V.92 Modem "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "Coupon Printer for Windows4.0" = Coupon Printer for Windows "Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows "CouponBar5.0.0.5" = CouponBar "Google Desktop" = Google Desktop "Google Updater" = Google Updater "GoToAssist" = GoToAssist 8.0.0.514 "Graboid Video" = Graboid Video 1.65 "HDMI" = Intel(R) Graphics Media Accelerator Driver "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "ID Vault" = Constant Guard Protection Suite "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft Security Client" = Microsoft Security Essentials "Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) "N360" = Norton Security Suite "PROSetDX" = Intel(R) PRO Network Connections 12.1.11.0 "SpongeBob SquarePants 3-D" = SpongeBob SquarePants 3-D "WinLiveSuite" = Windows Live Essentials "Yahoo! Toolbar" = Yahoo! Toolbar [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{373B1718-8CC5-4567-8EE2-9033AD08A680}" = ROBLOX Player for Barbara "AOL Toolbar" = AOL Toolbar [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 7/10/2013 1:44:40 PM \| Computer Name = Home-pc \| Source = LoadPerf \| ID = 3002 Description = Error - 7/10/2013 10:41:59 PM \| Computer Name = Home-pc \| Source = Application Error \| ID = 1000 Description = Faulting application iexplore.exe, version 9.0.8112.16496, time stamp 0x51a55c6d, faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception code 0xc0000005, fault offset 0x0003dd6d, process id 0x5dd0, application start time 0x01ce7ddfd431fcd1. Error - 7/10/2013 11:00:05 PM \| Computer Name = Home-pc \| Source = Application Error \| ID = 1000 Description = Faulting application iexplore.exe, version 9.0.8112.16496, time stamp 0x51a55c6d, faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception code 0xc0000005, fault offset 0x0003dd6d, process id 0x679c, application start time 0x01ce7de04173ce41. Error - 7/11/2013 2:13:31 PM \| Computer Name = Home-pc \| Source = Application Hang \| ID = 1002 Description = The program iexplore.exe version 9.0.8112.16496 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 22888 Start Time: 01ce7e615169a532 Termination Time: 289 Error - 7/11/2013 3:46:21 PM \| Computer Name = Home-pc \| Source = Application Error \| ID = 1000 Description = Faulting application iexplore.exe, version 9.0.8112.16496, time stamp 0x51a55c6d, faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception code 0xc0000005, fault offset 0x0003dd6d, process id 0x294f0, application start time 0x01ce7e6e1cd72ab2. Error - 7/11/2013 3:53:27 PM \| Computer Name = Home-pc \| Source = Application Error \| ID = 1000 Description = Faulting application iexplore.exe, version 9.0.8112.16496, time stamp 0x51a55c6d, faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception code 0xc0000005, fault offset 0x0003dd6d, process id 0x2adec, application start time 0x01ce7e6f558c6b82. Error - 7/11/2013 3:54:45 PM \| Computer Name = Home-pc \| Source = Application Error \| ID = 1000 Description = Faulting application iexplore.exe, version 9.0.8112.16496, time stamp 0x51a55c6d, faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception code 0xc0000005, fault offset 0x0003dd6d, process id 0x2cd38, application start time 0x01ce7e7051c47192. Error - 7/11/2013 3:55:01 PM \| Computer Name = Home-pc \| Source = Application Error \| ID = 1000 Description = Faulting application iexplore.exe, version 9.0.8112.16496, time stamp 0x51a55c6d, faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception code 0xc0000005, fault offset 0x0003dd6d, process id 0x2d354, application start time 0x01ce7e707f887272. Error - 7/11/2013 3:55:26 PM \| Computer Name = Home-pc \| Source = Application Error \| ID = 1000 Description = Faulting application iexplore.exe, version 9.0.8112.16496, time stamp 0x51a55c6d, faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception code 0xc0000005, fault offset 0x0003dd6d, process id 0x2d59c, application start time 0x01ce7e708ad75832. Error - 7/11/2013 8:07:27 PM \| Computer Name = Home-pc \| Source = Application Hang \| ID = 1002 Description = The program Explorer.EXE version 6.0.6002.18005 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 7c4 Start Time: 01ce7e9382f44d16 Termination Time: 95 Error - 7/11/2013 11:58:23 PM \| Computer Name = Home-pc \| Source = Application Hang \| ID = 1002 Description = The program iexplore.exe version 9.0.8112.16496 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 4f34 Start Time: 01ce7eb3b8490271 Termination Time: 33 [ Media Center Events ] Error - 12/29/2008 2:34:32 PM \| Computer Name = Home-pc \| Source = MCUpdate \| ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule. Error - 1/27/2009 2:46:25 AM \| Computer Name = Home-pc \| Source = MCUpdate \| ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule. Error - 6/9/2009 10:29:34 AM \| Computer Name = Home-pc \| Source = MCUpdate \| ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule. Error - 6/11/2009 2:33:26 PM \| Computer Name = Home-pc \| Source = MCUpdate \| ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule. Error - 6/21/2009 5:26:26 PM \| Computer Name = Home-pc \| Source = MCUpdate \| ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule. Error - 7/3/2009 3:27:03 PM \| Computer Name = Home-pc \| Source = MCUpdate \| ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule. [ OSession Events ] Error - 12/21/2008 8:43:36 PM \| Computer Name = Home-pc \| Source = Microsoft Office 12 Sessions \| ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 224 seconds with 60 seconds of active time. This session ended with a crash. [ System Events ] Error - 7/14/2013 11:27:25 PM \| Computer Name = Home-pc \| Source = Service Control Manager \| ID = 7009 Description = Error - 7/14/2013 11:27:25 PM \| Computer Name = Home-pc \| Source = Service Control Manager \| ID = 7000 Description = Error - 7/14/2013 11:27:27 PM \| Computer Name = Home-pc \| Source = Service Control Manager \| ID = 7009 Description = Error - 7/14/2013 11:27:27 PM \| Computer Name = Home-pc \| Source = Service Control Manager \| ID = 7000 Description = Error - 7/14/2013 11:27:58 PM \| Computer Name = Home-pc \| Source = Service Control Manager \| ID = 7009 Description = Error - 7/14/2013 11:27:58 PM \| Computer Name = Home-pc \| Source = Service Control Manager \| ID = 7000 Description = Error - 7/15/2013 6:31:32 PM \| Computer Name = Home-pc \| Source = netbt \| ID = 4321 Description = The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.17. The computer with the IP address 192.168.1.9 did not allow the name to be claimed by this computer. Error - 7/15/2013 6:36:42 PM \| Computer Name = Home-pc \| Source = netbt \| ID = 4321 Description = The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.17. The computer with the IP address 192.168.1.9 did not allow the name to be claimed by this computer. Error - 7/15/2013 6:41:52 PM \| Computer Name = Home-pc \| Source = netbt \| ID = 4321 Description = The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.17. The computer with the IP address 192.168.1.9 did not allow the name to be claimed by this computer. Error - 7/15/2013 6:47:02 PM \| Computer Name = Home-pc \| Source = netbt \| ID = 4321 Description = The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.17. The computer with the IP address 192.168.1.9 did not allow the name to be claimed by this computer. -------********* Results of screen317's Security Check version 0.99.69 Windows Vista Service Pack 2 x86 (UAC is enabled) Internet Explorer 9 Internet Explorer 8 [u]``````````````Antivirus/Firewall Check:``````````````[/u] Windows Firewall Enabled! Windows Firewall Disabled! Microsoft Security Essentials Norton Security Suite Antivirus up to date! [u]`````````Anti-malware/Other Utilities Check:`````````[/u] Spybot - Search & Destroy Malwarebytes Anti-Malware version 1.75.0.1300 CCleaner Java 7 Update 21 Java(TM) SE Runtime Environment 6 [color=red]Java version out of Date![/color] Adobe Flash Player 11.7.700.224 Adobe Reader 9 [color=red]Adobe Reader out of Date![/color] Adobe Reader 10.1.7 [color=red]Adobe Reader out of Date![/color] [u]````````Process Check: objlist.exe by Laurent````````[/u] Norton ccSvcHst.exe Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe [color=red]Spybot Teatimer.exe is disabled![/color] [u]`````````````````System Health check`````````````````[/u] Total Fragmentation on Drive C: 0 % [u]````````````````````End of Log``````````````````````**[/u] ------ ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK
	actions · 2013-Jul-15 10:35 pm ·
LoPhatPhuud Premium,VIP,MVM join:2002-01-06 Albuquerque, NM kudos:26 Reviews: ·Comcast 1 recommendation	LoPhatPhuud VIP,MVM reply to harry12345 First: Use Add/Remove Programs and uninstall the following: "Coupon Printer for Windows4.0" = Coupon Printer for Windows "Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows "CouponBar5.0.0.5" = CouponBar "Microsoft Security Client" = Microsoft Security Essentials Note: MSE is not needed since Comcast's Norton Security Suite is installed. Running more than one active AntiVirus program can lead to slowdowns and possible corruption. Second: Uninstall Comcast AntiSpy toolbar. It's outdated and worthless. Since there is no Add/Remove Program entry, using the following instructions: Navigate to the folder: C:\Program Files\comcasttb. Run the uninstall program. Reboot your system and double check the process is no longer running (task manager). You'll need to manually remove the folder called "comcasttb". Third: Time for a rootkit check to be safe. Download and run Sophos AntiRootkit. Post the log in this thread, even if nothing is found. You find link(s) and instructions here: »Security Cleanup FAQ »Rootkit Detection Applications Note: The DSLR link goes to an area containing instructions for more than one anti rootkit program. We only want to run the Sophos AntiRootkit program. Finally: Please run OTL again, and post the new log in this thread. Note that there will not be a new Extras log this time. -- When angry count four; when very angry, swear. Microsoft MVP/Consumer Security 2005-2013
	actions · 2013-Jul-16 10:58 am ·
harry12345 join:2013-07-15 Westport, MA	harry12345 Thanks for the help. I uninstalled the toolbars but could not find an uninstall for Uninstall Comcast AntiSpy toolbar. I checked the task manager and it does not look like the process is running. here are the 2 logs. GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-07-16 20:12:07 Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3500630AS rev.3.ADG 465.76GB Running: djlovvcr.exe; Driver: C:\Users\Barbara\AppData\Local\Temp\pxldipow.sys ---- System - GMER 2.1 ---- SSDT 87B8DD68 ZwAlertResumeThread SSDT 87B8DE48 ZwAlertThread SSDT 87B8FBC0 ZwAllocateVirtualMemory SSDT 87ACEF28 ZwAlpcConnectPort SSDT 87B8D510 ZwAssignProcessToJobObject SSDT \??\C:\Windows\system32\drivers\AntiLog32.sys ZwCreateFile [0x999029D8] SSDT 87B8DAB8 ZwCreateMutant SSDT \??\C:\Windows\system32\drivers\AntiLog32.sys ZwCreateSymbolicLinkObject [0x99902DB6] SSDT \??\C:\Windows\system32\drivers\AntiLog32.sys ZwCreateThread [0x999030FE] SSDT 87B8D5F0 ZwDebugActiveProcess SSDT \??\C:\Windows\system32\drivers\AntiLog32.sys ZwDeleteKey [0x99903472] SSDT \??\C:\Windows\system32\drivers\AntiLog32.sys ZwDeleteValueKey [0x99903540] SSDT \??\C:\Windows\system32\drivers\AntiLog32.sys ZwDeviceIoControlFile [0x9990368C] SSDT 87B8FD50 ZwDuplicateObject SSDT 87B8F978 ZwFreeVirtualMemory SSDT 87B8DBA8 ZwImpersonateAnonymousToken SSDT 87B8DC88 ZwImpersonateThread SSDT \??\C:\Windows\system32\drivers\AntiLog32.sys ZwLoadDriver [0x99905062] SSDT \??\C:\Windows\system32\drivers\AntiLog32.sys ZwMapViewOfSection [0x99905480] SSDT 87B8D9D8 ZwOpenEvent SSDT \??\C:\Windows\system32\drivers\AntiLog32.sys ZwOpenFile [0x99905798] SSDT \??\C:\Windows\system32\drivers\AntiLog32.sys ZwOpenKey [0x99905962] SSDT \??\C:\Windows\system32\drivers\AntiLog32.sys ZwOpenProcess [0x99905974] SSDT 87B8FC90 ZwOpenProcessToken SSDT 87B8D818 ZwOpenSection SSDT \??\C:\Windows\system32\drivers\AntiLog32.sys ZwOpenThread [0x9990603E] SSDT \??\C:\Windows\system32\drivers\AntiLog32.sys ZwProtectVirtualMemory [0x999060D2] SSDT \??\C:\Windows\system32\drivers\AntiLog32.sys ZwQueueApcThread [0x999060E4] SSDT 87B8DF28 ZwResumeThread SSDT \??\C:\Windows\system32\drivers\AntiLog32.sys ZwSecureConnectPort [0x999063E6] SSDT \??\C:\Windows\system32\drivers\AntiLog32.sys ZwSetContextThread [0x99906452] SSDT 87B8F6A8 ZwSetInformationProcess SSDT \??\C:\Windows\system32\drivers\AntiLog32.sys ZwSetSystemInformation [0x9990678A] SSDT \??\C:\Windows\system32\drivers\AntiLog32.sys ZwSetValueKey [0x999067F4] SSDT 87B8D8F8 ZwSuspendProcess SSDT 87B8D008 ZwSuspendThread SSDT \??\C:\Windows\system32\drivers\AntiLog32.sys ZwTerminateProcess [0x99906BC6] SSDT 87B8F4E8 ZwTerminateThread SSDT 87B8F798 ZwUnmapViewOfSection SSDT \??\C:\Windows\system32\drivers\AntiLog32.sys ZwWriteVirtualMemory [0x99908CBA] SSDT 87B8D320 ZwCreateThreadEx ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!KeSetEvent + 11D 824B66E8 8 Bytes [68, DD, B8, 87, 48, DE, B8, ...] .text ntkrnlpa.exe!KeSetEvent + 131 824B66FC 4 Bytes [C0, FB, B8, 87] .text ntkrnlpa.exe!KeSetEvent + 13D 824B6708 4 Bytes [28, EF, AC, 87] .text ntkrnlpa.exe!KeSetEvent + 191 824B675C 4 Bytes [10, D5, B8, 87] .text ntkrnlpa.exe!KeSetEvent + 1D9 824B67A4 4 Bytes [D8, 29, 90, 99] {FSUBR DWORD [ECX]; NOP ; CDQ } .text ... ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Constant Guard Protection Suite\IDVault.exe[3520] USER32.dll!PeekMessageA 77B08343 6 Bytes PUSH 760A3520; RET C:\PROGRA~1\KEYCRY~1\KEYCRY~4.DLL .text C:\Program Files\Constant Guard Protection Suite\IDVault.exe[3520] USER32.dll!GetMessageA 77B08AB3 6 Bytes PUSH 760A33E0; RET C:\PROGRA~1\KEYCRY~1\KEYCRY~4.DLL .text C:\Program Files\Constant Guard Protection Suite\IDVault.exe[3520] USER32.dll!GetMessageW 77B0FEF7 6 Bytes PUSH 760A3480; RET C:\PROGRA~1\KEYCRY~1\KEYCRY~4.DLL .text C:\Program Files\Constant Guard Protection Suite\IDVault.exe[3520] USER32.dll!PeekMessageW 77B1045A 6 Bytes PUSH 760A35D0; RET C:\PROGRA~1\KEYCRY~1\KEYCRY~4.DLL .text C:\Program Files\Constant Guard Protection Suite\IDVault.exe[3520] USER32.dll!IsDialogMessageW 77B10745 6 Bytes PUSH 760A3360; RET C:\PROGRA~1\KEYCRY~1\KEYCRY~4.DLL .text C:\Program Files\Constant Guard Protection Suite\IDVault.exe[3520] USER32.dll!IsDialogMessage 77B11847 6 Bytes PUSH 760A32E0; RET C:\PROGRA~1\KEYCRY~1\KEYCRY~4.DLL ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys ---- EOF - GMER 2.1 ---- OTL logfile created on: 7/16/2013 8:12:50 PM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Barbara\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 2.99 Gb Total Physical Memory \| 1.74 Gb Available Physical Memory \| 58.11% Memory free 6.19 Gb Paging File \| 4.42 Gb Available in Paging File \| 71.44% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files Drive C: \| 455.71 Gb Total Space \| 330.80 Gb Free Space \| 72.59% Space Free \| Partition Type: NTFS Drive D: \| 10.00 Gb Total Space \| 5.68 Gb Free Space \| 56.78% Space Free \| Partition Type: NTFS Computer Name: HOME-PC \| User Name: Barbara \| Logged in as Administrator. Boot Mode: Normal \| Scan Mode: Current user Company Name Whitelist: Off \| Skip Microsoft Files: Off \| No Company Name Whitelist: On \| File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013/07/15 18:36:39 \| 000,602,112 \| ---- \| M] (OldTimer Tools) -- C:\Users\Barbara\Desktop\OTL.exe PRC - [2013/05/16 10:59:00 \| 003,830,224 \| ---- \| M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe PRC - [2013/05/16 10:56:34 \| 001,033,688 \| ---- \| M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe PRC - [2013/05/16 10:56:30 \| 001,817,560 \| ---- \| M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe PRC - [2013/05/15 13:21:32 \| 000,171,928 \| ---- \| M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe PRC - [2013/05/10 03:57:22 \| 000,065,640 \| ---- \| M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013/05/08 19:45:06 \| 000,056,872 \| ---- \| M] (White Sky, Inc.) -- C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe PRC - [2013/05/08 19:45:03 \| 004,023,848 \| ---- \| M] (White Sky, Inc.) -- C:\Program Files\Constant Guard Protection Suite\IDVault.exe PRC - [2011/12/11 01:48:30 \| 002,756,608 \| ---- \| M] (Eastman Kodak Company) -- C:\Windows\System32\spool\drivers\w32x86\3\EKAiO2MUI.exe PRC - [2011/04/16 20:45:11 \| 000,130,008 \| R--- \| M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccsvchst.exe PRC - [2009/06/17 13:49:44 \| 000,616,408 \| ---- \| M] () -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe PRC - [2009/05/21 10:55:32 \| 000,206,064 \| ---- \| M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe PRC - [2009/04/11 02:27:36 \| 002,926,592 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008/08/13 19:32:40 \| 000,201,968 \| ---- \| M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe PRC - [2008/01/17 07:22:20 \| 004,907,008 \| ---- \| M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007/12/05 06:17:24 \| 000,077,824 \| ---- \| M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2013/07/11 10:08:09 \| 001,226,752 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\a3994a19741e3d9a415a1d9f92640f94\System.WorkflowServices.ni.dll MOD - [2013/07/11 10:07:18 \| 000,369,664 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\c24b36ceb832eabefe020b7453994a87\System.ServiceModel.Routing.ni.dll MOD - [2013/07/11 10:07:16 \| 001,141,760 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\4e250337cd18240b68997db97a661701\System.ServiceModel.Discovery.ni.dll MOD - [2013/07/11 10:07:14 \| 000,082,432 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\aab5ffcd3df45c984400184a9a041a8f\System.ServiceModel.Channels.ni.dll MOD - [2013/07/11 10:06:50 \| 001,218,560 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\36d4abefb9287140975d11057bb8f7ee\System.Management.ni.dll MOD - [2013/07/11 10:06:48 \| 001,394,176 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\fd6ee30e73a33e86f4da7180a38feec7\System.ServiceModel.Activities.ni.dll MOD - [2013/07/11 10:06:42 \| 001,078,272 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\1489265c93f726f72f59fa268b99af37\System.IdentityModel.ni.dll MOD - [2013/07/11 10:06:40 \| 018,101,760 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\1fd03dbce5fb842598861bcc46d549a2\System.ServiceModel.ni.dll MOD - [2013/07/11 10:06:10 \| 001,087,488 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\083809e6dd5e41755ad44b9807bece48\System.ServiceModel.Web.ni.dll MOD - [2013/07/11 10:03:53 \| 000,096,768 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\3f0863816ab6f5fef4e0abb442752b9f\UIAutomationProvider.ni.dll MOD - [2013/07/11 10:03:52 \| 000,221,696 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\9f22d07e9863e4e1bf4f47ef4c3862e6\System.ServiceProcess.ni.dll MOD - [2013/07/11 10:03:49 \| 001,926,144 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\e2819c91784da9b6889a883a79ce66a3\System.Web.Services.ni.dll MOD - [2013/07/11 10:03:33 \| 000,649,728 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\5ec5f80f35fbc6665e2eddb7711a8410\System.Transactions.ni.dll MOD - [2013/07/11 10:03:32 \| 001,021,952 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\da2cc25eb270a9d8607ab7486f3ce890\System.Runtime.DurableInstancing.ni.dll MOD - [2013/07/11 10:03:31 \| 000,143,360 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\8a26ba5b45d30874fbebb0a475b22a75\SMDiagnostics.ni.dll MOD - [2013/07/11 10:03:30 \| 002,647,552 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\6b3adc90b6f811b557d290e1436e7ff8\System.Runtime.Serialization.ni.dll MOD - [2013/07/11 10:02:35 \| 001,801,728 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\e8aafadcd1fc0f8f406434176fb97477\System.Xaml.ni.dll MOD - [2013/07/10 22:25:16 \| 005,462,016 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\4a249ccdc8817127b91bc36d1aa52b5e\System.Xml.ni.dll MOD - [2013/07/10 22:23:03 \| 007,977,984 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\e3cc2cbffd5fb21da64e93d9b6c27c7c\System.ni.dll MOD - [2013/07/10 22:22:51 \| 011,497,984 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6a938df70a8b7996a3890b4f34c83906\mscorlib.ni.dll MOD - [2013/07/10 13:44:38 \| 018,003,456 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\4c152db66c5438fbf9e3975858dde0bc\PresentationFramework.ni.dll MOD - [2013/07/10 13:44:22 \| 011,451,904 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\8d9db55b1eef7728c04fb1ec500089c6\PresentationCore.ni.dll MOD - [2013/07/10 13:44:08 \| 003,858,944 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\d3c944049319ebe51e939c9342f0bcc2\WindowsBase.ni.dll MOD - [2013/07/10 13:44:07 \| 000,595,968 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\9631f1dac820cb6987560f074492150d\PresentationFramework.Aero.ni.dll MOD - [2013/07/10 13:44:03 \| 013,199,360 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\6ea5ee4386d67f4b432a27c40fbff93c\System.Windows.Forms.ni.dll MOD - [2013/07/10 13:44:03 \| 006,817,280 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\a77cef85535aec07317e7b1a302365c1\System.Data.ni.dll MOD - [2013/07/10 13:43:51 \| 001,667,584 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4787bb699ed4291859fb86f15d793add\System.Drawing.ni.dll MOD - [2013/07/10 13:43:47 \| 000,749,568 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\dc48e3e467309e2bbde8a876614b38e4\System.Security.ni.dll MOD - [2013/07/10 13:43:46 \| 007,070,720 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\a1c174e579c9ad4e5b6eeed8a58a721b\System.Core.ni.dll MOD - [2013/07/10 13:43:43 \| 005,628,928 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\91c185bd043af039dcdc93e3fcf87f3d\System.Xml.ni.dll MOD - [2013/07/10 13:43:37 \| 001,013,248 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\256b7bb1216345c5a66ced50c1cf239d\System.Configuration.ni.dll MOD - [2013/07/10 13:43:35 \| 009,099,776 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\8a6d1c8abeb8eb82f06c7d075130cc67\System.ni.dll MOD - [2013/07/10 13:43:29 \| 000,145,408 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\cfbc74c91b44af85d10b272ae5c70d5a\System.Numerics.ni.dll MOD - [2013/07/10 13:43:28 \| 014,416,896 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll MOD - [2013/05/16 10:55:28 \| 000,161,112 \| ---- \| M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl MOD - [2013/05/16 10:55:26 \| 000,113,496 \| ---- \| M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl MOD - [2013/05/16 10:55:24 \| 000,416,600 \| ---- \| M] () -- C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl MOD - [2013/05/08 19:43:45 \| 000,548,488 \| ---- \| M] () -- C:\Program Files\Constant Guard Protection Suite\sqlite3.dll MOD - [2011/06/24 22:56:36 \| 000,087,328 \| ---- \| M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/06/24 22:56:14 \| 001,241,888 \| ---- \| M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV - File not found [Auto \| Running] -- C:\Program Files\Spybot -- (SDWSCService) SRV - File not found [Auto \| Running] -- C:\Program Files\Spybot -- (SDUpdateService) SRV - File not found [Auto \| Running] -- C:\Program Files\Spybot -- (SDScannerService) SRV - [2013/06/12 12:03:22 \| 000,256,904 \| ---- \| M] (Adobe Systems Incorporated) [On_Demand \| Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/05/10 03:57:22 \| 000,065,640 \| ---- \| M] (Adobe Systems Incorporated) [Auto \| Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013/05/08 19:45:06 \| 000,056,872 \| ---- \| M] (White Sky, Inc.) [Auto \| Running] -- C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe -- (IDVaultSvc) SRV - [2011/04/16 20:45:11 \| 000,130,008 \| R--- \| M] (Symantec Corporation) [Auto \| Running] -- C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe -- (N360) SRV - [2009/07/20 12:28:10 \| 000,121,360 \| ---- \| M] (Logitech, Inc.) [On_Demand \| Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2009/06/17 13:49:44 \| 000,616,408 \| ---- \| M] () [Auto \| Running] -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe -- (AntiSpywareService) SRV - [2008/08/13 19:32:40 \| 000,201,968 \| ---- \| M] (SupportSoft, Inc.) [Auto \| Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SRV - [2008/07/28 20:23:00 \| 000,016,680 \| ---- \| M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand \| Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist) SRV - [2008/01/19 03:38:24 \| 000,272,952 \| ---- \| M] (Microsoft Corporation) [Auto \| Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007/12/05 06:17:24 \| 000,077,824 \| ---- \| M] (Andrea Electronics Corporation) [Auto \| Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters) SRV - [2007/05/31 10:21:24 \| 000,379,784 \| ---- \| M] (Microsoft Corporation) [Auto \| Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007/05/31 10:21:18 \| 000,183,688 \| ---- \| M] (Microsoft Corporation) [Auto \| Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel \| On_Demand \| Stopped] -- C:\Program Files\Webroot\Washer\wrssweep.sys -- (wrssweep) DRV - File not found [Kernel \| On_Demand \| Unknown] -- C:\Users\Barbara\AppData\Local\Temp\pxldipow.sys -- (pxldipow) DRV - File not found [Kernel \| On_Demand \| Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel \| Disabled \| Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2013/05/31 12:58:19 \| 001,002,072 \| ---- \| M] (Symantec Corporation) [Kernel \| System \| Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20130715.001\BHDrvx86.sys -- (BHDrvx86) DRV - [2013/05/22 11:32:57 \| 001,611,992 \| ---- \| M] (Symantec Corporation) [Kernel \| On_Demand \| Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20130716.017\NAVEX15.SYS -- (NAVEX15) DRV - [2013/05/22 11:32:56 \| 000,093,272 \| ---- \| M] (Symantec Corporation) [Kernel \| On_Demand \| Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20130716.017\NAVENG.SYS -- (NAVENG) DRV - [2013/05/22 11:25:48 \| 000,080,104 \| ---- \| M] (Zemana Ltd.) [Kernel \| System \| Running] -- C:\Windows\System32\drivers\AntiLog32.sys -- (AntiLog32) DRV - [2013/03/19 22:22:40 \| 000,376,480 \| ---- \| M] (Symantec Corporation) [Kernel \| System \| Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2013/03/07 17:41:20 \| 000,024,760 \| ---- \| M] (Zemana Ltd.) [Kernel \| On_Demand \| Running] -- C:\Windows\System32\drivers\KeyCrypt32.sys -- (keycrypt) DRV - [2012/08/31 20:27:25 \| 000,386,720 \| ---- \| M] (Symantec Corporation) [Kernel \| System \| Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20130716.001\IDSvix86.sys -- (IDSVix86) DRV - [2012/08/09 13:04:41 \| 000,106,656 \| ---- \| M] (Symantec Corporation) [Kernel \| On_Demand \| Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2011/07/08 10:51:29 \| 000,126,584 \| ---- \| M] (Symantec Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2011/04/20 21:37:49 \| 000,331,384 \| ---- \| M] (Symantec Corporation) [Kernel \| System \| Running] -- C:\Windows\System32\drivers\N360\0502020.003\symtdiv.sys -- (SYMTDIv) DRV - [2011/03/30 23:00:09 \| 000,516,216 \| ---- \| M] (Symantec Corporation) [File_System \| System \| Running] -- C:\Windows\System32\drivers\N360\0502020.003\srtsp.sys -- (SRTSP) DRV - [2011/03/30 23:00:09 \| 000,050,168 \| ---- \| M] (Symantec Corporation) [Kernel \| System \| Running] -- C:\Windows\System32\drivers\N360\0502020.003\srtspx.sys -- (SRTSPX) DRV - [2011/03/14 22:31:23 \| 000,744,568 \| ---- \| M] (Symantec Corporation) [File_System \| Boot \| Running] -- C:\Windows\System32\drivers\N360\0502020.003\symefa.sys -- (SymEFA) DRV - [2011/01/27 02:47:10 \| 000,340,088 \| ---- \| M] (Symantec Corporation) [Kernel \| Boot \| Running] -- C:\Windows\System32\drivers\N360\0502020.003\symds.sys -- (SymDS) DRV - [2010/11/15 21:45:33 \| 000,136,312 \| R--- \| M] (Symantec Corporation) [Kernel \| System \| Running] -- C:\Windows\System32\drivers\N360\0502020.003\ironx86.sys -- (SymIRON) DRV - [2009/06/17 12:56:16 \| 000,037,392 \| ---- \| M] (Logitech, Inc.) [Kernel \| On_Demand \| Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2009/06/17 12:56:06 \| 000,035,472 \| ---- \| M] (Logitech, Inc.) [Kernel \| On_Demand \| Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2009/04/02 16:39:10 \| 000,054,784 \| ---- \| M] (ASIX Electronics Corp.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\System32\drivers\ax88772.sys -- (AX88772) DRV - [2008/01/04 20:34:36 \| 000,023,920 \| ---- \| M] (Webroot Software Inc (www.webroot.com)) [Kernel \| On_Demand \| Stopped] -- C:\Windows\System32\drivers\sskbfd.sys -- (SSKBFD) DRV - [2007/04/29 04:42:24 \| 000,228,224 \| ---- \| M] (Intel Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) DRV - [2006/11/02 03:36:43 \| 002,028,032 \| ---- \| M] (ATI Technologies Inc.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2006/10/18 14:08:18 \| 000,258,048 \| ---- \| M] (Conexant Systems, Inc.) [Kernel \| On_Demand \| Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2) DRV - [2006/08/04 20:39:10 \| 000,008,192 \| ---- \| M] (Conexant Systems, Inc.) [Kernel \| Auto \| Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2004/09/29 14:45:32 \| 000,026,525 \| ---- \| M] (SMC2208USB/ETH) [Kernel \| On_Demand \| Stopped] -- C:\Windows\System32\drivers\SMC2208.SYS -- (SMC2208) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKLM\..\URLSearchHook: {54d0da58-64e7-4408-be1f-72659f70fcbe} - No CLSID value found IE - HKLM\..\URLSearchHook: {72a0f495-ba60-4524-827b-b36b8c18587a} - No CLSID value found IE - HKLM\..\URLSearchHook: {f6f0f973-a4a3-48cf-9a7a-b7a69c30d71a} - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comcast.net/?cid=mtmh07112013 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/defaultc.aspx IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=US&userid=e0eda1d0-b29e-4f09-b8ea-f5cf530e6121&searchtype=ds&q={searchTerms}&installDate=06/05/2013 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=US&userid=e0eda1d0-b29e-4f09-b8ea-f5cf530e6121&searchtype=ds&q={searchTerms}&installDate=06/05/2013 IE - HKCU\..\URLSearchHook: {D8278076-BC68-4484-9233-6E7F1628B56C} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {F6852A03-96D6-4A74-B941-CBC418B4114E} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\..\SearchScopes\{F6852A03-96D6-4A74-B941-CBC418B4114E}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=1I7_____en IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = .local [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..extensions.enabledAddons: idvaultaddin@whitesky:1.1.716.0 FF - prefs.js..network.proxy.no_proxies_on: ".local" FF - prefs.js..network.proxy.type: 0 FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.defaultengine: "Ask Search" FF - prefs.js..browser.startup.homepage: FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\Barbara\AppData\Local\Roblox\Versions\version-1bebb2d1460c4423\\NPRobloxProxy.dll () FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Barbara\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\npsoe.dll () FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012/02/07 18:37:46 \| 000,000,000 \| ---D \| M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_13_2 [2013/07/16 16:41:58 \| 000,000,000 \| ---D \| M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}: C:\Program Files\Coupons.com CouponBar\firefox\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\Coupons.com.xpi FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1650a312-02bc-40ee-977e-83f158701739}: C:\Program Files\SiteAdvisor\6261\FF\ [2009/11/14 19:30:06 \| 000,000,000 \| ---D \| M] (No name found) -- C:\Users\Barbara\AppData\Roaming\Mozilla\Extensions [2013/07/15 18:25:25 \| 000,000,000 \| ---D \| M] (No name found) -- C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\ogyaxgbd.default\extensions [2013/07/11 23:18:16 \| 000,000,000 \| ---D \| M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/06/20 12:54:54 \| 000,091,584 \| ---- \| M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll [2012/06/20 12:54:56 \| 000,091,584 \| ---- \| M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Babylon (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter} CHR - homepage: http://www.google.com/ CHR - plugin: iTunes Application Detector (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: Google Docs = C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: Google Search = C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Gmail = C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2011/01/20 12:13:59 \| 000,000,761 \| ---- \| M]) - C:\Windows\System32\drivers\etc\HOSTS O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Constant Guard Protection Suite) - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.13.506.2\NativeBHO.dll (WhiteSky) O2 - BHO: (Updater For XFIN_PORTAL) - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files\xfin_portal\auxi\comcastAu.dll File not found O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Coupons.com CouponBar) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll File not found O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42435041-3300-A76A-76A7-7A786E7484D7} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Coupons.com CouponBar) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [Conime] C:\Windows\System32\conime.exe (Microsoft Corporation) O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKLM..\Run: [EKAIO2StatusMonitor] C:\Windows\System32\spool\drivers\w32x86\3\EKAiO2MUI.exe (Eastman Kodak Company) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [ComcastAntispyClient] "C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide File not found O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; OfficeLiveConnector.1.5; OfficeLivePatch.1.3; .NET4.0C; FunWebProducts; BRI/2; .NET4.0E; BOIE9;ENUS)" -"http://www.ojosweb.com/downloads/runner.dir" File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 10.21.2) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 10.21.2) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 66.189.0.100 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{65E3B85E-DACD-4389-8941-72767281D516}: DhcpNameServer = 75.75.75.75 75.75.76.76 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9254096E-F9BA-426C-8F1B-1CD938358311}: DhcpNameServer = 75.75.75.75 75.75.76.76 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9D6E5DDE-63A2-4A58-ADDE-972B322B9B85}: DhcpNameServer = 192.168.1.1 66.189.0.100 O20 - AppInit_DLLs: (C:\PROGRA~1\KEYCRY~1\KEYCRY~4.DLL) - C:\Program Files\KeyCryptSDK\KeyCrypt32(2).dll (Zemana Ltd.) O20 - AppInit_DLLs: (c:\progra~1\google\google~2\goec62~1.dll) - c:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{111d4040-7d5d-11df-9437-001d0979c268}\Shell - "" = AutoRun O33 - MountPoints2\{111d4040-7d5d-11df-9437-001d0979c268}\Shell\AutoRun\command - "" = F:\Photo_Viewer.exe O33 - MountPoints2\{acd5f426-4880-11df-9b43-001d0979c268}\Shell\AutoRun\command - "" = F:\DmailerSync_9_1_18359.exe O33 - MountPoints2\{d426fbe9-1d58-11df-921f-001d0979c268}\Shell - "" = AutoRun O33 - MountPoints2\{d426fbe9-1d58-11df-921f-001d0979c268}\Shell\AutoRun\command - "" = G:\laucher.exe O33 - MountPoints2\{f6f586bf-ba66-11df-bddb-001d0979c268}\Shell - "" = AutoRun O33 - MountPoints2\{f6f586bf-ba66-11df-bddb-001d0979c268}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk ) O35 - HKLM\..comfile [open] -- "%1" % O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013/07/16 16:52:44 \| 000,000,000 \| -HSD \| C] -- C:\Config.Msi [2013/07/15 19:23:09 \| 000,000,000 \| ---D \| C] -- C:\Program Files\ESET [2013/07/15 18:36:34 \| 000,602,112 \| ---- \| C] (OldTimer Tools) -- C:\Users\Barbara\Desktop\OTL.exe [2013/07/14 23:21:18 \| 000,448,512 \| ---- \| C] (OldTimer Tools) -- C:\Users\Barbara\Desktop\TFC.exe [2013/07/14 23:12:00 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Spybot - Search & Destroy [2013/07/14 23:11:44 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 [2013/07/14 23:11:39 \| 000,015,224 \| ---- \| C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe [2013/07/14 23:11:30 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Spybot - Search & Destroy 2 [2013/07/14 22:22:07 \| 000,000,000 \| ---D \| C] -- C:\Program Files\CCleaner [2013/07/12 00:02:11 \| 000,000,000 \| ---D \| C] -- C:\Users\Barbara\Desktop\New Folder [2013/07/11 22:02:01 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/07/11 22:01:45 \| 000,022,856 \| ---- \| C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013/07/11 22:01:45 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013/07/11 17:11:33 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Real [2013/07/11 17:07:17 \| 179,539,422 \| ---- \| C] (contendo media Ltd. ) -- C:\Users\Barbara\Desktop\BusSimulator08_EnglishDemo.exe [2013/07/10 13:24:36 \| 002,382,848 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013/07/10 13:24:35 \| 000,176,640 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013/07/10 13:24:34 \| 000,065,024 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013/07/10 13:24:33 \| 000,607,744 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013/07/10 13:24:33 \| 000,142,848 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013/07/10 13:24:32 \| 001,800,704 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013/07/10 13:24:31 \| 000,231,936 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013/07/10 13:24:30 \| 001,427,968 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013/07/09 20:03:21 \| 002,049,024 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013/07/09 20:03:00 \| 001,069,056 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2013/07/09 20:03:00 \| 000,486,400 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2013/07/09 20:03:00 \| 000,189,952 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2013/07/09 20:02:59 \| 001,172,480 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2013/07/09 20:02:59 \| 001,029,120 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2013/07/09 20:02:59 \| 000,683,008 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2013/07/09 20:02:59 \| 000,219,648 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2013/07/09 20:02:59 \| 000,160,768 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2013/07/09 20:02:57 \| 000,505,344 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll [2013/07/09 20:02:56 \| 001,548,288 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL [2013/07/02 15:45:45 \| 004,953,944 \| ---- \| C] (FLVMPlayer ) -- C:\Users\Barbara\Desktop\FLVMPlayer(1).exe [2013/07/02 15:45:44 \| 004,953,944 \| ---- \| C] (FLVMPlayer ) -- C:\Users\Barbara\Desktop\FLVMPlayer.exe [2013/06/21 19:24:03 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bus Simulator 2008 Demo [2013/06/21 19:23:26 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Bus Simulator 2008 Demo [2013/06/21 18:59:31 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bus Simulator Deluxe [2013/06/21 18:56:36 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Contendo Games [2013/06/21 18:39:25 \| 000,519,304 \| ---- \| C] (Ask Partner Network) -- C:\Users\Barbara\Documents\APNSetup1.exe [2013/06/21 18:12:06 \| 000,000,000 \| ---D \| C] -- C:\Users\Barbara\AppData\Local\CRE [2013/06/19 15:06:49 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013/06/19 15:05:54 \| 000,000,000 \| ---D \| C] -- C:\Program Files\iPod [2013/06/19 15:05:51 \| 000,000,000 \| ---D \| C] -- C:\Program Files\iTunes [2013/06/19 15:05:51 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2008/11/17 23:32:08 \| 008,653,312 \| ---- \| C] (Dell, Inc. ) -- C:\Users\Barbara\AppData\Roaming\DataSafeDotNet.exe [2008/02/28 17:20:01 \| 000,774,144 \| ---- \| C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll [38 C:\ProgramData\.tmp files -> C:\ProgramData\.tmp -> ] [38 C:\ProgramData\.tmp files -> C:\ProgramData\.tmp -> ] [1 C:\Users\Barbara\Documents\.tmp files -> C:\Users\Barbara\Documents\.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013/07/16 20:03:00 \| 000,000,830 \| ---- \| M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/07/16 19:47:00 \| 000,000,886 \| ---- \| M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/07/16 19:37:27 \| 000,001,945 \| ---- \| M] () -- C:\Windows\epplauncher.mif [2013/07/16 18:40:44 \| 000,003,696 \| -H-- \| M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013/07/16 18:40:44 \| 000,003,696 \| -H-- \| M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013/07/16 16:46:49 \| 000,377,856 \| ---- \| M] () -- C:\Users\Barbara\Desktop\djlovvcr.exe [2013/07/16 16:40:51 \| 000,000,882 \| ---- \| M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/07/16 16:40:39 \| 000,067,584 \| --S- \| M] () -- C:\Windows\bootstat.dat [2013/07/16 00:14:37 \| 000,000,012 \| ---- \| M] () -- C:\Windows\bthservsdp.dat [2013/07/15 20:00:01 \| 000,000,522 \| ---- \| M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Barbara.job [2013/07/15 19:06:27 \| 000,891,022 \| ---- \| M] () -- C:\Users\Barbara\Desktop\SecurityCheck.exe [2013/07/15 18:36:39 \| 000,602,112 \| ---- \| M] (OldTimer Tools) -- C:\Users\Barbara\Desktop\OTL.exe [2013/07/15 18:25:43 \| 000,000,094 \| ---- \| M] () -- C:\Windows\DeleteOnReboot.bat [2013/07/15 18:25:28 \| 000,000,869 \| ---- \| M] () -- C:\Users\Barbara\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2013/07/15 18:19:46 \| 000,662,345 \| ---- \| M] () -- C:\Users\Barbara\Desktop\adwcleaner.exe [2013/07/14 23:21:19 \| 000,448,512 \| ---- \| M] (OldTimer Tools) -- C:\Users\Barbara\Desktop\TFC.exe [2013/07/14 23:11:45 \| 000,001,920 \| ---- \| M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2013/07/14 22:25:47 \| 000,531,038 \| ---- \| M] () -- C:\Users\Barbara\Documents\cc_20130714_222519.reg [2013/07/14 22:16:14 \| 000,000,104 \| ---- \| M] () -- C:\Users\Barbara\Desktop\Recycle Bin - Shortcut.lnk [2013/07/11 22:43:09 \| 000,005,216 \| ---- \| M] () -- C:\Users\Barbara\AppData\Local\d3d9caps.dat [2013/07/11 22:12:16 \| 000,003,128 \| ---- \| M] () -- C:\{EF422D00-CE42-48EB-94B7-529864AA49D6} [2013/07/11 17:09:20 \| 179,539,422 \| ---- \| M] (contendo media Ltd. ) -- C:\Users\Barbara\Desktop\BusSimulator08_EnglishDemo.exe [2013/07/11 14:58:00 \| 000,000,868 \| ---- \| M] () -- C:\Windows\tasks\Google Software Updater.job [2013/07/10 22:19:19 \| 000,356,584 \| ---- \| M] () -- C:\Windows\System32\FNTCACHE.DAT [2013/07/02 15:46:06 \| 000,000,832 \| ---- \| M] () -- C:\Users\Public\Desktop\FLV Media Player.lnk [2013/07/02 15:45:50 \| 004,953,944 \| ---- \| M] (FLVMPlayer ) -- C:\Users\Barbara\Desktop\FLVMPlayer(1).exe [2013/07/02 15:45:47 \| 004,953,944 \| ---- \| M] (FLVMPlayer ) -- C:\Users\Barbara\Desktop\FLVMPlayer.exe [2013/07/02 14:51:37 \| 2553,474,430 \| ---- \| M] () -- C:\Users\Barbara\Desktop\EuropeanBusSimulator_2012Demo_BASIC_ENG.rar [2013/06/19 15:06:49 \| 000,001,626 \| ---- \| M] () -- C:\Users\Public\Desktop\iTunes.lnk [38 C:\ProgramData\.tmp files -> C:\ProgramData\.tmp -> ] [38 C:\ProgramData\.tmp files -> C:\ProgramData\.tmp -> ] [1 C:\Users\Barbara\Documents\.tmp files -> C:\Users\Barbara\Documents\.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013/07/16 16:46:45 \| 000,377,856 \| ---- \| C] () -- C:\Users\Barbara\Desktop\djlovvcr.exe [2013/07/15 19:06:20 \| 000,891,022 \| ---- \| C] () -- C:\Users\Barbara\Desktop\SecurityCheck.exe [2013/07/15 18:21:52 \| 000,000,094 \| ---- \| C] () -- C:\Windows\DeleteOnReboot.bat [2013/07/15 18:19:34 \| 000,662,345 \| ---- \| C] () -- C:\Users\Barbara\Desktop\adwcleaner.exe [2013/07/14 23:11:45 \| 000,001,932 \| ---- \| C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk [2013/07/14 23:11:45 \| 000,001,920 \| ---- \| C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2013/07/14 22:25:24 \| 000,531,038 \| ---- \| C] () -- C:\Users\Barbara\Documents\cc_20130714_222519.reg [2013/07/14 22:16:14 \| 000,000,104 \| ---- \| C] () -- C:\Users\Barbara\Desktop\Recycle Bin - Shortcut.lnk [2013/07/11 22:12:15 \| 000,003,128 \| ---- \| C] () -- C:\{EF422D00-CE42-48EB-94B7-529864AA49D6} [2013/07/02 15:46:05 \| 000,000,832 \| ---- \| C] () -- C:\Users\Public\Desktop\FLV Media Player.lnk [2013/07/02 14:34:32 \| 2553,474,430 \| ---- \| C] () -- C:\Users\Barbara\Desktop\EuropeanBusSimulator_2012Demo_BASIC_ENG.rar [2013/06/19 15:06:49 \| 000,001,626 \| ---- \| C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013/05/15 12:53:57 \| 000,000,552 \| ---- \| C] () -- C:\Users\Barbara\AppData\Local\d3d8caps.dat [2012/09/08 23:27:19 \| 000,000,736 \| ---- \| C] () -- C:\Windows\SamsungMaster.INI [2012/06/12 19:40:28 \| 000,000,064 \| ---- \| C] () -- C:\Windows\GPlrLanc.dat [2012/02/20 23:45:23 \| 012,448,541 \| ---- \| C] () -- C:\Users\Barbara\AppData\Roaming\SMRBackup250.dat [2011/05/18 17:23:31 \| 000,001,940 \| ---- \| C] () -- C:\Users\Barbara\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini [2010/11/26 20:01:43 \| 000,000,760 \| ---- \| C] () -- C:\Users\Barbara\AppData\Roaming\setup_ldm.iss [2009/10/20 12:13:13 \| 000,005,216 \| ---- \| C] () -- C:\Users\Barbara\AppData\Local\d3d9caps.dat [2008/08/17 19:21:32 \| 000,004,384 \| ---- \| C] () -- C:\ProgramData\lxdf [2008/07/28 20:22:58 \| 000,061,224 \| ---- \| C] () -- C:\Users\Barbara\GoToAssistDownloadHelper.exe [2008/05/06 07:23:02 \| 000,000,632 \| RHS- \| C] () -- C:\Users\Barbara\ntuser.pol [2008/01/04 21:59:37 \| 000,031,007 \| ---- \| C] () -- C:\Users\Barbara\AppData\Roaming\UserTile.png [2007/12/25 15:59:28 \| 000,034,304 \| ---- \| C] () -- C:\Users\Barbara\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [color=#E56717]========== ZeroAccess Check ==========[/color] [2006/11/02 08:54:22 \| 000,000,227 \| RHS- \| M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 13:47:00 \| 011,586,048 \| ---- \| M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 02:28:19 \| 000,614,912 \| ---- \| M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 02:28:25 \| 000,347,648 \| ---- \| M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== LOP Check ==========[/color] [2013/06/01 23:25:16 \| 000,000,000 \| ---D \| M] -- C:\Users\Barbara\AppData\Roaming\337 Wallpaper [2010/06/14 13:59:12 \| 000,000,000 \| ---D \| M] -- C:\Users\Barbara\AppData\Roaming\6500 Series [2011/10/15 11:20:42 \| 000,000,000 \| ---D \| M] -- C:\Users\Barbara\AppData\Roaming\Catalina Marketing Corp [2008/10/22 07:54:55 \| 000,000,000 \| ---D \| M] -- C:\Users\Barbara\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2008/01/01 13:30:00 \| 000,000,000 \| ---D \| M] -- C:\Users\Barbara\AppData\Roaming\DataSafeOnline [2008/10/14 11:22:24 \| 000,000,000 \| ---D \| M] -- C:\Users\Barbara\AppData\Roaming\funkitron [2013/07/16 16:49:36 \| 000,000,000 \| ---D \| M] -- C:\Users\Barbara\AppData\Roaming\ID Vault [2009/01/23 22:46:31 \| 000,000,000 \| ---D \| M] -- C:\Users\Barbara\AppData\Roaming\JewelMatch2 [2008/10/10 20:41:08 \| 000,000,000 \| ---D \| M] -- C:\Users\Barbara\AppData\Roaming\LearnSomething [2008/04/06 10:33:13 \| 000,000,000 \| ---D \| M] -- C:\Users\Barbara\AppData\Roaming\Lexmark Productivity Studio [2008/05/20 17:08:48 \| 000,000,000 \| ---D \| M] -- C:\Users\Barbara\AppData\Roaming\Ludia [2008/01/04 21:59:37 \| 000,000,000 \| ---D \| M] -- C:\Users\Barbara\AppData\Roaming\PeerNetworking [2008/10/18 14:20:52 \| 000,000,000 \| ---D \| M] -- C:\Users\Barbara\AppData\Roaming\Pharmacy Assessments [2013/07/11 23:29:33 \| 000,000,000 \| ---D \| M] -- C:\Users\Barbara\AppData\Roaming\player [2009/03/19 18:20:35 \| 000,000,000 \| ---D \| M] -- C:\Users\Barbara\AppData\Roaming\PlayFirst [2008/10/06 18:34:18 \| 000,000,000 \| ---D \| M] -- C:\Users\Barbara\AppData\Roaming\Rx2000 Courses [2008/04/05 09:55:26 \| 000,000,000 \| ---D \| M] -- C:\Users\Barbara\AppData\Roaming\SBTT [2008/01/01 12:47:38 \| 000,000,000 \| ---D \| M] -- C:\Users\Barbara\AppData\Roaming\School Zone Preferences [2013/01/13 01:04:33 \| 000,000,000 \| ---D \| M] -- C:\Users\Barbara\AppData\Roaming\Strongvault [2012/03/04 14:15:08 \| 000,000,000 \| ---D \| M] -- C:\Users\Barbara\AppData\Roaming\Temp [2009/10/09 10:35:14 \| 000,000,000 \| ---D \| M] -- C:\Users\Barbara\AppData\Roaming\Tific [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 201 bytes -> C:\ProgramData\TEMP:1663E41B @Alternate Data Stream - 177 bytes -> C:\ProgramData\TEMP:2193C133 @Alternate Data Stream - 175 bytes -> C:\ProgramData\TEMP:8D09A3F7 @Alternate Data Stream - 163 bytes -> C:\ProgramData\TEMP:8C20507F @Alternate Data Stream - 163 bytes -> C:\ProgramData\TEMP:6BD5DF7E @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:E9A76859 @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:A3AB6321 @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:373E1720 @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:98F0614F @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:38673444 @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:2BFC67DE @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:60C47453 @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:F8A67568 @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:3CBB9ED6 @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:140CF428 @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:F8342E7B @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:512B5648 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:81F83028 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:522EA216 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:1A5D64BE @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:E0AE69BE @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:CBA65743 @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:20C69EEE @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:3D69B4B5 @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:38760F1C @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:5B85C37B @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:9979F105 @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:67785E6A @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:57B4E612 @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:7C017FB1 @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:04639FCC @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:C46995DA @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:442CBC07 @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:CB2A7E51 @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:F3F95A98 @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:C3A4217C @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:1A368015 @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:193426B4 @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:75EFCFC2 @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:2430E4FC @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:20FFCF0B @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:ABE30DDB @Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:8C5ED159
	actions · 2013-Jul-16 8:56 pm ·
LoPhatPhuud Premium,VIP,MVM join:2002-01-06 Albuquerque, NM kudos:26 Reviews: ·Comcast 1 recommendation	LoPhatPhuud VIP,MVM reply to harry12345 First: OK, looks good so far. Lets cleanup some leftovers. Run OTL []Under the Custom Scans/Fixes* box at the bottom, copy and paste the contents of the following box: :OTL IE - HKLM\..\URLSearchHook: {54d0da58-64e7-4408-be1f-72659f70fcbe} - No CLSID value found IE - HKLM\..\URLSearchHook: {72a0f495-ba60-4524-827b-b36b8c18587a} - No CLSID value found IE - HKLM\..\URLSearchHook: {f6f0f973-a4a3-48cf-9a7a-b7a69c30d71a} - No CLSID value found IE - HKCU\..\URLSearchHook: {D8278076-BC68-4484-9233-6E7F1628B56C} - No CLSID value found O3 - HKLM\..\Toolbar: (Coupons.com CouponBar) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll File not found O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42435041-3300-A76A-76A7-7A786E7484D7} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Coupons.com CouponBar) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll File not found O4 - HKCU..\Run: [ComcastAntispyClient] "C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide File not found @Alternate Data Stream - 201 bytes -> C:\ProgramData\TEMP:1663E41B @Alternate Data Stream - 177 bytes -> C:\ProgramData\TEMP:2193C133 @Alternate Data Stream - 175 bytes -> C:\ProgramData\TEMP:8D09A3F7 @Alternate Data Stream - 163 bytes -> C:\ProgramData\TEMP:8C20507F @Alternate Data Stream - 163 bytes -> C:\ProgramData\TEMP:6BD5DF7E @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:E9A76859 @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:A3AB6321 @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:373E1720 @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:98F0614F @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:38673444 @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:2BFC67DE @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:60C47453 @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:F8A67568 @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:3CBB9ED6 @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:140CF428 @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:F8342E7B @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:512B5648 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:81F83028 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:522EA216 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:1A5D64BE @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:E0AE69BE @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:CBA65743 @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:20C69EEE @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:3D69B4B5 @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:38760F1C @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:5B85C37B @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:9979F105 @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:67785E6A @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:57B4E612 @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:7C017FB1 @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:04639FCC @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:C46995DA @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:442CBC07 @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:CB2A7E51 @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:F3F95A98 @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:C3A4217C @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:1A368015 @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:193426B4 @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:75EFCFC2 @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:2430E4FC @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:20FFCF0B @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:ABE30DDB @Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:8C5ED159 :Services :Reg :Files :Commands [purity] [emptytemp] [EMPTYFLASH] [Reboot] []Then click the Run Fix* button at the top []Let the program run unhindered, reboot the PC when it is done []Once you see a message box "Fix complete! Click OK to open the fix log." []Click the OK button []The log will open in Notepad (your default text editor). {]Save the log. Post a copy of that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start-All Programs-Accessories-Notepad), click File->Open, in the File Name box enter .log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post. Second: Please run OTL again, and post the new log in this thread. Note that there will not be a new Extras log this time. -- When angry count four; when very angry, swear. Microsoft MVP/Consumer Security 2005-2013
	actions · 2013-Jul-17 10:44 am ·
harry12345 join:2013-07-15 Westport, MA	harry12345 I'll run this when I get home and post the results but I need to return the machine back to her tonight so hopefully this solves most of the issues. Thanks for all your help.
	actions · 2013-Jul-17 11:20 am ·
harry12345 join:2013-07-15 Westport, MA	harry12345 Here are the 2 OTl files. I'm returning the computer to its owner tonight. Thank you. All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{54d0da58-64e7-4408-be1f-72659f70fcbe} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{54d0da58-64e7-4408-be1f-72659f70fcbe}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{72a0f495-ba60-4524-827b-b36b8c18587a} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72a0f495-ba60-4524-827b-b36b8c18587a}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{f6f0f973-a4a3-48cf-9a7a-b7a69c30d71a} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f6f0f973-a4a3-48cf-9a7a-b7a69c30d71a}\ not found. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{D8278076-BC68-4484-9233-6E7F1628B56C} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8660E5B3-6C41-44DE-8503-98D99BBECD41} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\ deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42435041-3300-A76A-76A7-7A786E7484D7} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42435041-3300-A76A-76A7-7A786E7484D7}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8660E5B3-6C41-44DE-8503-98D99BBECD41} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ComcastAntispyClient deleted successfully. ADS C:\ProgramData\TEMP:1663E41B deleted successfully. ADS C:\ProgramData\TEMP:2193C133 deleted successfully. ADS C:\ProgramData\TEMP:8D09A3F7 deleted successfully. ADS C:\ProgramData\TEMP:8C20507F deleted successfully. ADS C:\ProgramData\TEMP:6BD5DF7E deleted successfully. ADS C:\ProgramData\TEMP:E9A76859 deleted successfully. ADS C:\ProgramData\TEMP:A3AB6321 deleted successfully. ADS C:\ProgramData\TEMP:373E1720 deleted successfully. ADS C:\ProgramData\TEMP:98F0614F deleted successfully. ADS C:\ProgramData\TEMP:38673444 deleted successfully. ADS C:\ProgramData\TEMP:2BFC67DE deleted successfully. ADS C:\ProgramData\TEMP:60C47453 deleted successfully. ADS C:\ProgramData\TEMP:F8A67568 deleted successfully. ADS C:\ProgramData\TEMP:3CBB9ED6 deleted successfully. ADS C:\ProgramData\TEMP:140CF428 deleted successfully. ADS C:\ProgramData\TEMP:F8342E7B deleted successfully. ADS C:\ProgramData\TEMP:512B5648 deleted successfully. ADS C:\ProgramData\TEMP:81F83028 deleted successfully. ADS C:\ProgramData\TEMP:522EA216 deleted successfully. ADS C:\ProgramData\TEMP:1A5D64BE deleted successfully. ADS C:\ProgramData\TEMP:E0AE69BE deleted successfully. ADS C:\ProgramData\TEMP:CBA65743 deleted successfully. ADS C:\ProgramData\TEMP:20C69EEE deleted successfully. ADS C:\ProgramData\TEMP:3D69B4B5 deleted successfully. ADS C:\ProgramData\TEMP:38760F1C deleted successfully. ADS C:\ProgramData\TEMP:5B85C37B deleted successfully. ADS C:\ProgramData\TEMP:9979F105 deleted successfully. ADS C:\ProgramData\TEMP:67785E6A deleted successfully. ADS C:\ProgramData\TEMP:57B4E612 deleted successfully. ADS C:\ProgramData\TEMP:7C017FB1 deleted successfully. ADS C:\ProgramData\TEMP:04639FCC deleted successfully. ADS C:\ProgramData\TEMP:C46995DA deleted successfully. ADS C:\ProgramData\TEMP:442CBC07 deleted successfully. ADS C:\ProgramData\TEMP:CB2A7E51 deleted successfully. ADS C:\ProgramData\TEMP:F3F95A98 deleted successfully. ADS C:\ProgramData\TEMP:C3A4217C deleted successfully. ADS C:\ProgramData\TEMP:1A368015 deleted successfully. ADS C:\ProgramData\TEMP:193426B4 deleted successfully. ADS C:\ProgramData\TEMP:75EFCFC2 deleted successfully. ADS C:\ProgramData\TEMP:2430E4FC deleted successfully. ADS C:\ProgramData\TEMP:20FFCF0B deleted successfully. ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully. ADS C:\ProgramData\TEMP:ABE30DDB deleted successfully. ADS C:\ProgramData\TEMP:8C5ED159 deleted successfully. ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== ========== FILES ========== ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Barbara ->Temp folder emptied: 1310240 bytes ->Temporary Internet Files folder emptied: 1049147 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Google Chrome cache emptied: 0 bytes ->Apple Safari cache emptied: 28667904 bytes ->Flash cache emptied: 506 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public User: Tiger!!!!!!!!! User: trainingadmin User: trainingpc %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 13220718 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 42.00 mb [EMPTYFLASH] User: All Users User: Barbara ->Flash cache emptied: 0 bytes User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: Public User: Tiger!!!!!!!!! User: trainingadmin User: trainingpc Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 07172013_171017 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... -------------------------------------------------- OTL logfile created on: 7/17/2013 5:16:59 PM - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Barbara\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 2.99 Gb Total Physical Memory \| 1.44 Gb Available Physical Memory \| 48.23% Memory free 6.17 Gb Paging File \| 4.42 Gb Available in Paging File \| 71.56% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files Drive C: \| 455.71 Gb Total Space \| 330.89 Gb Free Space \| 72.61% Space Free \| Partition Type: NTFS Drive D: \| 10.00 Gb Total Space \| 5.68 Gb Free Space \| 56.78% Space Free \| Partition Type: NTFS Computer Name: HOME-PC \| User Name: Barbara \| Logged in as Administrator. Boot Mode: Normal \| Scan Mode: Current user Company Name Whitelist: Off \| Skip Microsoft Files: Off \| No Company Name Whitelist: On \| File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013/07/15 18:36:39 \| 000,602,112 \| ---- \| M] (OldTimer Tools) -- C:\Users\Barbara\Desktop\OTL.exe PRC - [2013/05/16 10:59:00 \| 003,830,224 \| ---- \| M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe PRC - [2013/05/16 10:56:34 \| 001,033,688 \| ---- \| M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe PRC - [2013/05/16 10:56:30 \| 001,817,560 \| ---- \| M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe PRC - [2013/05/15 13:21:32 \| 000,171,928 \| ---- \| M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe PRC - [2013/05/10 03:57:22 \| 000,065,640 \| ---- \| M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013/05/08 19:45:06 \| 000,056,872 \| ---- \| M] (White Sky, Inc.) -- C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe PRC - [2013/05/08 19:45:03 \| 004,023,848 \| ---- \| M] (White Sky, Inc.) -- C:\Program Files\Constant Guard Protection Suite\IDVault.exe PRC - [2011/12/11 01:48:30 \| 002,756,608 \| ---- \| M] (Eastman Kodak Company) -- C:\Windows\System32\spool\drivers\w32x86\3\EKAiO2MUI.exe PRC - [2011/04/16 20:45:11 \| 000,130,008 \| R--- \| M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccsvchst.exe PRC - [2009/06/17 13:49:44 \| 000,616,408 \| ---- \| M] () -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe PRC - [2009/05/21 10:55:32 \| 000,206,064 \| ---- \| M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe PRC - [2009/04/11 02:27:36 \| 002,926,592 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008/08/13 19:32:40 \| 000,201,968 \| ---- \| M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe PRC - [2008/01/17 07:22:20 \| 004,907,008 \| ---- \| M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007/12/05 06:17:24 \| 000,077,824 \| ---- \| M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2013/07/11 10:08:15 \| 000,253,952 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\41009db1b6120bff064313a0a7bc1622\WindowsFormsIntegration.ni.dll MOD - [2013/07/11 10:08:09 \| 001,226,752 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\a3994a19741e3d9a415a1d9f92640f94\System.WorkflowServices.ni.dll MOD - [2013/07/11 10:07:18 \| 000,369,664 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\c24b36ceb832eabefe020b7453994a87\System.ServiceModel.Routing.ni.dll MOD - [2013/07/11 10:07:16 \| 001,141,760 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\4e250337cd18240b68997db97a661701\System.ServiceModel.Discovery.ni.dll MOD - [2013/07/11 10:07:14 \| 000,082,432 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\aab5ffcd3df45c984400184a9a041a8f\System.ServiceModel.Channels.ni.dll MOD - [2013/07/11 10:06:50 \| 001,218,560 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\36d4abefb9287140975d11057bb8f7ee\System.Management.ni.dll MOD - [2013/07/11 10:06:48 \| 001,394,176 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\fd6ee30e73a33e86f4da7180a38feec7\System.ServiceModel.Activities.ni.dll MOD - [2013/07/11 10:06:42 \| 001,078,272 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\1489265c93f726f72f59fa268b99af37\System.IdentityModel.ni.dll MOD - [2013/07/11 10:06:40 \| 018,101,760 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\1fd03dbce5fb842598861bcc46d549a2\System.ServiceModel.ni.dll MOD - [2013/07/11 10:06:10 \| 001,087,488 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\083809e6dd5e41755ad44b9807bece48\System.ServiceModel.Web.ni.dll MOD - [2013/07/11 10:03:53 \| 000,096,768 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\3f0863816ab6f5fef4e0abb442752b9f\UIAutomationProvider.ni.dll MOD - [2013/07/11 10:03:52 \| 000,221,696 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\9f22d07e9863e4e1bf4f47ef4c3862e6\System.ServiceProcess.ni.dll MOD - [2013/07/11 10:03:49 \| 001,926,144 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\e2819c91784da9b6889a883a79ce66a3\System.Web.Services.ni.dll MOD - [2013/07/11 10:03:33 \| 000,649,728 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\5ec5f80f35fbc6665e2eddb7711a8410\System.Transactions.ni.dll MOD - [2013/07/11 10:03:32 \| 001,021,952 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\da2cc25eb270a9d8607ab7486f3ce890\System.Runtime.DurableInstancing.ni.dll MOD - [2013/07/11 10:03:31 \| 000,143,360 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\8a26ba5b45d30874fbebb0a475b22a75\SMDiagnostics.ni.dll MOD - [2013/07/11 10:03:30 \| 002,647,552 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\6b3adc90b6f811b557d290e1436e7ff8\System.Runtime.Serialization.ni.dll MOD - [2013/07/11 10:02:35 \| 001,801,728 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\e8aafadcd1fc0f8f406434176fb97477\System.Xaml.ni.dll MOD - [2013/07/10 22:25:16 \| 005,462,016 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\4a249ccdc8817127b91bc36d1aa52b5e\System.Xml.ni.dll MOD - [2013/07/10 22:23:03 \| 007,977,984 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\e3cc2cbffd5fb21da64e93d9b6c27c7c\System.ni.dll MOD - [2013/07/10 22:22:51 \| 011,497,984 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6a938df70a8b7996a3890b4f34c83906\mscorlib.ni.dll MOD - [2013/07/10 13:44:38 \| 018,003,456 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\4c152db66c5438fbf9e3975858dde0bc\PresentationFramework.ni.dll MOD - [2013/07/10 13:44:22 \| 011,451,904 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\8d9db55b1eef7728c04fb1ec500089c6\PresentationCore.ni.dll MOD - [2013/07/10 13:44:08 \| 003,858,944 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\d3c944049319ebe51e939c9342f0bcc2\WindowsBase.ni.dll MOD - [2013/07/10 13:44:07 \| 000,595,968 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\9631f1dac820cb6987560f074492150d\PresentationFramework.Aero.ni.dll MOD - [2013/07/10 13:44:03 \| 013,199,360 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\6ea5ee4386d67f4b432a27c40fbff93c\System.Windows.Forms.ni.dll MOD - [2013/07/10 13:44:03 \| 006,817,280 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\a77cef85535aec07317e7b1a302365c1\System.Data.ni.dll MOD - [2013/07/10 13:43:51 \| 001,667,584 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4787bb699ed4291859fb86f15d793add\System.Drawing.ni.dll MOD - [2013/07/10 13:43:47 \| 000,749,568 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\dc48e3e467309e2bbde8a876614b38e4\System.Security.ni.dll MOD - [2013/07/10 13:43:46 \| 007,070,720 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\a1c174e579c9ad4e5b6eeed8a58a721b\System.Core.ni.dll MOD - [2013/07/10 13:43:43 \| 005,628,928 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\91c185bd043af039dcdc93e3fcf87f3d\System.Xml.ni.dll MOD - [2013/07/10 13:43:37 \| 001,013,248 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\256b7bb1216345c5a66ced50c1cf239d\System.Configuration.ni.dll MOD - [2013/07/10 13:43:35 \| 009,099,776 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\8a6d1c8abeb8eb82f06c7d075130cc67\System.ni.dll MOD - [2013/07/10 13:43:29 \| 000,145,408 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\cfbc74c91b44af85d10b272ae5c70d5a\System.Numerics.ni.dll MOD - [2013/07/10 13:43:28 \| 014,416,896 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll MOD - [2013/05/16 10:55:28 \| 000,161,112 \| ---- \| M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl MOD - [2013/05/16 10:55:26 \| 000,113,496 \| ---- \| M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl MOD - [2013/05/16 10:55:24 \| 000,416,600 \| ---- \| M] () -- C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl MOD - [2013/05/08 19:43:45 \| 000,548,488 \| ---- \| M] () -- C:\Program Files\Constant Guard Protection Suite\sqlite3.dll MOD - [2011/06/24 22:56:36 \| 000,087,328 \| ---- \| M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/06/24 22:56:14 \| 001,241,888 \| ---- \| M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV - File not found [Auto \| Running] -- C:\Program Files\Spybot -- (SDWSCService) SRV - File not found [Auto \| Running] -- C:\Program Files\Spybot -- (SDUpdateService) SRV - File not found [Auto \| Running] -- C:\Program Files\Spybot -- (SDScannerService) SRV - [2013/06/12 12:03:22 \| 000,256,904 \| ---- \| M] (Adobe Systems Incorporated) [On_Demand \| Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/05/10 03:57:22 \| 000,065,640 \| ---- \| M] (Adobe Systems Incorporated) [Auto \| Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013/05/08 19:45:06 \| 000,056,872 \| ---- \| M] (White Sky, Inc.) [Auto \| Running] -- C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe -- (IDVaultSvc) SRV - [2011/04/16 20:45:11 \| 000,130,008 \| R--- \| M] (Symantec Corporation) [Auto \| Running] -- C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe -- (N360) SRV - [2009/07/20 12:28:10 \| 000,121,360 \| ---- \| M] (Logitech, Inc.) [On_Demand \| Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2009/06/17 13:49:44 \| 000,616,408 \| ---- \| M] () [Auto \| Running] -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe -- (AntiSpywareService) SRV - [2008/08/13 19:32:40 \| 000,201,968 \| ---- \| M] (SupportSoft, Inc.) [Auto \| Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SRV - [2008/07/28 20:23:00 \| 000,016,680 \| ---- \| M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand \| Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist) SRV - [2008/01/19 03:38:24 \| 000,272,952 \| ---- \| M] (Microsoft Corporation) [Auto \| Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007/12/05 06:17:24 \| 000,077,824 \| ---- \| M] (Andrea Electronics Corporation) [Auto \| Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters) SRV - [2007/05/31 10:21:24 \| 000,379,784 \| ---- \| M] (Microsoft Corporation) [Auto \| Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007/05/31 10:21:18 \| 000,183,688 \| ---- \| M] (Microsoft Corporation) [Auto \| Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel \| On_Demand \| Stopped] -- C:\Program Files\Webroot\Washer\wrssweep.sys -- (wrssweep) DRV - File not found [Kernel \| On_Demand \| Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel \| Disabled \| Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2013/05/31 12:58:19 \| 001,002,072 \| ---- \| M] (Symantec Corporation) [Kernel \| System \| Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20130715.001\BHDrvx86.sys -- (BHDrvx86) DRV - [2013/05/22 11:32:57 \| 001,611,992 \| ---- \| M] (Symantec Corporation) [Kernel \| On_Demand \| Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20130716.017\NAVEX15.SYS -- (NAVEX15) DRV - [2013/05/22 11:32:56 \| 000,093,272 \| ---- \| M] (Symantec Corporation) [Kernel \| On_Demand \| Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20130716.017\NAVENG.SYS -- (NAVENG) DRV - [2013/05/22 11:25:48 \| 000,080,104 \| ---- \| M] (Zemana Ltd.) [Kernel \| System \| Running] -- C:\Windows\System32\drivers\AntiLog32.sys -- (AntiLog32) DRV - [2013/03/19 22:22:40 \| 000,376,480 \| ---- \| M] (Symantec Corporation) [Kernel \| System \| Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2013/03/07 17:41:20 \| 000,024,760 \| ---- \| M] (Zemana Ltd.) [Kernel \| On_Demand \| Running] -- C:\Windows\System32\drivers\KeyCrypt32.sys -- (keycrypt) DRV - [2012/08/31 20:27:25 \| 000,386,720 \| ---- \| M] (Symantec Corporation) [Kernel \| System \| Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20130716.001\IDSvix86.sys -- (IDSVix86) DRV - [2012/08/09 13:04:41 \| 000,106,656 \| ---- \| M] (Symantec Corporation) [Kernel \| On_Demand \| Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2011/07/08 10:51:29 \| 000,126,584 \| ---- \| M] (Symantec Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2011/04/20 21:37:49 \| 000,331,384 \| ---- \| M] (Symantec Corporation) [Kernel \| System \| Running] -- C:\Windows\System32\drivers\N360\0502020.003\symtdiv.sys -- (SYMTDIv) DRV - [2011/03/30 23:00:09 \| 000,516,216 \| ---- \| M] (Symantec Corporation) [File_System \| System \| Running] -- C:\Windows\System32\drivers\N360\0502020.003\srtsp.sys -- (SRTSP) DRV - [2011/03/30 23:00:09 \| 000,050,168 \| ---- \| M] (Symantec Corporation) [Kernel \| System \| Running] -- C:\Windows\System32\drivers\N360\0502020.003\srtspx.sys -- (SRTSPX) DRV - [2011/03/14 22:31:23 \| 000,744,568 \| ---- \| M] (Symantec Corporation) [File_System \| Boot \| Running] -- C:\Windows\System32\drivers\N360\0502020.003\symefa.sys -- (SymEFA) DRV - [2011/01/27 02:47:10 \| 000,340,088 \| ---- \| M] (Symantec Corporation) [Kernel \| Boot \| Running] -- C:\Windows\System32\drivers\N360\0502020.003\symds.sys -- (SymDS) DRV - [2010/11/15 21:45:33 \| 000,136,312 \| R--- \| M] (Symantec Corporation) [Kernel \| System \| Running] -- C:\Windows\System32\drivers\N360\0502020.003\ironx86.sys -- (SymIRON) DRV - [2009/06/17 12:56:16 \| 000,037,392 \| ---- \| M] (Logitech, Inc.) [Kernel \| On_Demand \| Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2009/06/17 12:56:06 \| 000,035,472 \| ---- \| M] (Logitech, Inc.) [Kernel \| On_Demand \| Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2009/04/02 16:39:10 \| 000,054,784 \| ---- \| M] (ASIX Electronics Corp.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\System32\drivers\ax88772.sys -- (AX88772) DRV - [2008/01/04 20:34:36 \| 000,023,920 \| ---- \| M] (Webroot Software Inc (www.webroot.com)) [Kernel \| On_Demand \| Stopped] -- C:\Windows\System32\drivers\sskbfd.sys -- (SSKBFD) DRV - [2007/04/29 04:42:24 \| 000,228,224 \| ---- \| M] (Intel Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) DRV - [2006/11/02 03:36:43 \| 002,028,032 \| ---- \| M] (ATI Technologies Inc.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2006/10/18 14:08:18 \| 000,258,048 \| ---- \| M] (Conexant Systems, Inc.) [Kernel \| On_Demand \| Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2) DRV - [2006/08/04 20:39:10 \| 000,008,192 \| ---- \| M] (Conexant Systems, Inc.) [Kernel \| Auto \| Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2004/09/29 14:45:32 \| 000,026,525 \| ---- \| M] (SMC2208USB/ETH) [Kernel \| On_Demand \| Stopped] -- C:\Windows\System32\drivers\SMC2208.SYS -- (SMC2208) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comcast.net/?cid=mtmh07112013 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/defaultc.aspx IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=US&userid=e0eda1d0-b29e-4f09-b8ea-f5cf530e6121&searchtype=ds&q={searchTerms}&installDate=06/05/2013 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=US&userid=e0eda1d0-b29e-4f09-b8ea-f5cf530e6121&searchtype=ds&q={searchTerms}&installDate=06/05/2013 IE - HKCU\..\SearchScopes,DefaultScope = {F6852A03-96D6-4A74-B941-CBC418B4114E} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\..\SearchScopes\{F6852A03-96D6-4A74-B941-CBC418B4114E}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=1I7_____en IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = .local [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..extensions.enabledAddons: idvaultaddin@whitesky:1.1.716.0 FF - prefs.js..network.proxy.no_proxies_on: ".local" FF - prefs.js..network.proxy.type: 0 FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.defaultengine: "Ask Search" FF - prefs.js..browser.startup.homepage: FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\Barbara\AppData\Local\Roblox\Versions\version-1bebb2d1460c4423\\NPRobloxProxy.dll () FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Barbara\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\npsoe.dll () FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012/02/07 18:37:46 \| 000,000,000 \| ---D \| M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_13_2 [2013/07/17 17:13:28 \| 000,000,000 \| ---D \| M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}: C:\Program Files\Coupons.com CouponBar\firefox\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\Coupons.com.xpi FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1650a312-02bc-40ee-977e-83f158701739}: C:\Program Files\SiteAdvisor\6261\FF\ [2009/11/14 19:30:06 \| 000,000,000 \| ---D \| M] (No name found) -- C:\Users\Barbara\AppData\Roaming\Mozilla\Extensions [2013/07/15 18:25:25 \| 000,000,000 \| ---D \| M] (No name found) -- C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\ogyaxgbd.default\extensions [2013/07/11 23:18:16 \| 000,000,000 \| ---D \| M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/06/20 12:54:54 \| 000,091,584 \| ---- \| M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll [2012/06/20 12:54:56 \| 000,091,584 \| ---- \| M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Babylon (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter} CHR - homepage: http://www.google.com/ CHR - plugin: iTunes Application Detector (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: Google Docs = C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: Google Search = C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Gmail = C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2011/01/20 12:13:59 \| 000,000,761 \| ---- \| M]) - C:\Windows\System32\drivers\etc\HOSTS O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Constant Guard Protection Suite) - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.13.506.2\NativeBHO.dll (WhiteSky) O2 - BHO: (Updater For XFIN_PORTAL) - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files\xfin_portal\auxi\comcastAu.dll File not found O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [Conime] C:\Windows\System32\conime.exe (Microsoft Corporation) O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKLM..\Run: [EKAIO2StatusMonitor] C:\Windows\System32\spool\drivers\w32x86\3\EKAiO2MUI.exe (Eastman Kodak Company) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; OfficeLiveConnector.1.5; OfficeLivePatch.1.3; .NET4.0C; FunWebProducts; BRI/2; .NET4.0E; BOIE9;ENUS)" -"http://www.ojosweb.com/downloads/runner.dir" File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 10.21.2) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 10.21.2) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 66.189.0.100 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{65E3B85E-DACD-4389-8941-72767281D516}: DhcpNameServer = 75.75.75.75 75.75.76.76 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9254096E-F9BA-426C-8F1B-1CD938358311}: DhcpNameServer = 75.75.75.75 75.75.76.76 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9D6E5DDE-63A2-4A58-ADDE-972B322B9B85}: DhcpNameServer = 192.168.1.1 66.189.0.100 O20 - AppInit_DLLs: (C:\PROGRA~1\KEYCRY~1\KEYCRY~4.DLL) - C:\Program Files\KeyCryptSDK\KeyCrypt32(2).dll (Zemana Ltd.) O20 - AppInit_DLLs: (c:\progra~1\google\google~2\goec62~1.dll) - c:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{111d4040-7d5d-11df-9437-001d0979c268}\Shell - "" = AutoRun O33 - MountPoints2\{111d4040-7d5d-11df-9437-001d0979c268}\Shell\AutoRun\command - "" = F:\Photo_Viewer.exe O33 - MountPoints2\{acd5f426-4880-11df-9b43-001d0979c268}\Shell\AutoRun\command - "" = F:\DmailerSync_9_1_18359.exe O33 - MountPoints2\{d426fbe9-1d58-11df-921f-001d0979c268}\Shell - "" = AutoRun O33 - MountPoints2\{d426fbe9-1d58-11df-921f-001d0979c268}\Shell\AutoRun\command - "" = G:\laucher.exe O33 - MountPoints2\{f6f586bf-ba66-11df-bddb-001d0979c268}\Shell - "" = AutoRun O33 - MountPoints2\{f6f586bf-ba66-11df-bddb-001d0979c268}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk ) O35 - HKLM\..comfile [open] -- "%1" % O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013/07/17 17:10:17 \| 000,000,000 \| ---D \| C] -- C:\_OTL [2013/07/16 16:52:44 \| 000,000,000 \| -HSD \| C] -- C:\Config.Msi [2013/07/15 19:23:09 \| 000,000,000 \| ---D \| C] -- C:\Program Files\ESET [2013/07/15 18:36:34 \| 000,602,112 \| ---- \| C] (OldTimer Tools) -- C:\Users\Barbara\Desktop\OTL.exe [2013/07/14 23:21:18 \| 000,448,512 \| ---- \| C] (OldTimer Tools) -- C:\Users\Barbara\Desktop\TFC.exe [2013/07/14 23:12:00 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Spybot - Search & Destroy [2013/07/14 23:11:44 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 [2013/07/14 23:11:39 \| 000,015,224 \| ---- \| C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe [2013/07/14 23:11:30 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Spybot - Search & Destroy 2 [2013/07/14 22:22:07 \| 000,000,000 \| ---D \| C] -- C:\Program Files\CCleaner [2013/07/12 00:02:11 \| 000,000,000 \| ---D \| C] -- C:\Users\Barbara\Desktop\New Folder [2013/07/11 22:02:01 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/07/11 22:01:45 \| 000,022,856 \| ---- \| C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013/07/11 22:01:45 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013/07/11 17:11:33 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Real [2013/07/11 17:07:17 \| 179,539,422 \| ---- \| C] (contendo media Ltd. ) -- C:\Users\Barbara\Desktop\BusSimulator08_EnglishDemo.exe [2013/07/10 13:24:36 \| 002,382,848 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013/07/10 13:24:35 \| 000,176,640 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013/07/10 13:24:34 \| 000,065,024 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013/07/10 13:24:33 \| 000,607,744 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013/07/10 13:24:33 \| 000,142,848 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013/07/10 13:24:32 \| 001,800,704 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013/07/10 13:24:31 \| 000,231,936 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013/07/10 13:24:30 \| 001,427,968 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013/07/09 20:03:21 \| 002,049,024 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013/07/09 20:03:00 \| 001,069,056 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2013/07/09 20:03:00 \| 000,486,400 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2013/07/09 20:03:00 \| 000,189,952 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2013/07/09 20:02:59 \| 001,172,480 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2013/07/09 20:02:59 \| 001,029,120 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2013/07/09 20:02:59 \| 000,683,008 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2013/07/09 20:02:59 \| 000,219,648 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2013/07/09 20:02:59 \| 000,160,768 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2013/07/09 20:02:57 \| 000,505,344 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll [2013/07/09 20:02:56 \| 001,548,288 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL [2013/07/02 15:45:45 \| 004,953,944 \| ---- \| C] (FLVMPlayer ) -- C:\Users\Barbara\Desktop\FLVMPlayer(1).exe [2013/07/02 15:45:44 \| 004,953,944 \| ---- \| C] (FLVMPlayer ) -- C:\Users\Barbara\Desktop\FLVMPlayer.exe [2013/06/21 19:24:03 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bus Simulator 2008 Demo [2013/06/21 19:23:26 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Bus Simulator 2008 Demo [2013/06/21 18:59:31 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bus Simulator Deluxe [2013/06/21 18:56:36 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Contendo Games [2013/06/21 18:39:25 \| 000,519,304 \| ---- \| C] (Ask Partner Network) -- C:\Users\Barbara\Documents\APNSetup1.exe [2013/06/21 18:12:06 \| 000,000,000 \| ---D \| C] -- C:\Users\Barbara\AppData\Local\CRE [2013/06/19 15:06:49 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013/06/19 15:05:54 \| 000,000,000 \| ---D \| C] -- C:\Program Files\iPod [2013/06/19 15:05:51 \| 000,000,000 \| ---D \| C] -- C:\Program Files\iTunes [2013/06/19 15:05:51 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2008/11/17 23:32:08 \| 008,653,312 \| ---- \| C] (Dell, Inc. ) -- C:\Users\Barbara\AppData\Roaming\DataSafeDotNet.exe [2008/02/28 17:20:01 \| 000,774,144 \| ---- \| C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll [38 C:\ProgramData\.tmp files -> C:\ProgramData\.tmp -> ] [38 C:\ProgramData\.tmp files -> C:\ProgramData\.tmp -> ] [1 C:\Users\Barbara\Documents\.tmp files -> C:\Users\Barbara\Documents\.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013/07/17 17:12:45 \| 000,003,696 \| -H-- \| M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013/07/17 17:12:45 \| 000,003,696 \| -H-- \| M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013/07/17 17:12:45 \| 000,000,882 \| ---- \| M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/07/17 17:12:38 \| 000,067,584 \| --S- \| M] () -- C:\Windows\bootstat.dat [2013/07/17 17:10:46 \| 000,000,012 \| ---- \| M] () -- C:\Windows\bthservsdp.dat [2013/07/17 17:03:00 \| 000,000,830 \| ---- \| M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/07/17 16:47:00 \| 000,000,886 \| ---- \| M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/07/17 14:58:00 \| 000,000,868 \| ---- \| M] () -- C:\Windows\tasks\Google Software Updater.job [2013/07/16 19:37:27 \| 000,001,945 \| ---- \| M] () -- C:\Windows\epplauncher.mif [2013/07/16 16:46:49 \| 000,377,856 \| ---- \| M] () -- C:\Users\Barbara\Desktop\djlovvcr.exe [2013/07/15 20:00:01 \| 000,000,522 \| ---- \| M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Barbara.job [2013/07/15 19:06:27 \| 000,891,022 \| ---- \| M] () -- C:\Users\Barbara\Desktop\SecurityCheck.exe [2013/07/15 18:36:39 \| 000,602,112 \| ---- \| M] (OldTimer Tools) -- C:\Users\Barbara\Desktop\OTL.exe [2013/07/15 18:25:43 \| 000,000,094 \| ---- \| M] () -- C:\Windows\DeleteOnReboot.bat [2013/07/15 18:25:28 \| 000,000,869 \| ---- \| M] () -- C:\Users\Barbara\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2013/07/15 18:19:46 \| 000,662,345 \| ---- \| M] () -- C:\Users\Barbara\Desktop\adwcleaner.exe [2013/07/14 23:21:19 \| 000,448,512 \| ---- \| M] (OldTimer Tools) -- C:\Users\Barbara\Desktop\TFC.exe [2013/07/14 23:11:45 \| 000,001,920 \| ---- \| M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2013/07/14 22:25:47 \| 000,531,038 \| ---- \| M] () -- C:\Users\Barbara\Documents\cc_20130714_222519.reg [2013/07/14 22:16:14 \| 000,000,104 \| ---- \| M] () -- C:\Users\Barbara\Desktop\Recycle Bin - Shortcut.lnk [2013/07/11 22:43:09 \| 000,005,216 \| ---- \| M] () -- C:\Users\Barbara\AppData\Local\d3d9caps.dat [2013/07/11 22:12:16 \| 000,003,128 \| ---- \| M] () -- C:\{EF422D00-CE42-48EB-94B7-529864AA49D6} [2013/07/11 17:09:20 \| 179,539,422 \| ---- \| M] (contendo media Ltd. ) -- C:\Users\Barbara\Desktop\BusSimulator08_EnglishDemo.exe [2013/07/10 22:19:19 \| 000,356,584 \| ---- \| M] () -- C:\Windows\System32\FNTCACHE.DAT [2013/07/02 15:46:06 \| 000,000,832 \| ---- \| M] () -- C:\Users\Public\Desktop\FLV Media Player.lnk [2013/07/02 15:45:50 \| 004,953,944 \| ---- \| M] (FLVMPlayer ) -- C:\Users\Barbara\Desktop\FLVMPlayer(1).exe [2013/07/02 15:45:47 \| 004,953,944 \| ---- \| M] (FLVMPlayer ) -- C:\Users\Barbara\Desktop\FLVMPlayer.exe [2013/07/02 14:51:37 \| 2553,474,430 \| ---- \| M] () -- C:\Users\Barbara\Desktop\EuropeanBusSimulator_2012Demo_BASIC_ENG.rar [2013/06/19 15:06:49 \| 000,001,626 \| ---- \| M] () -- C:\Users\Public\Desktop\iTunes.lnk [38 C:\ProgramData\.tmp files -> C:\ProgramData\.tmp -> ] [38 C:\ProgramData\.tmp files -> C:\ProgramData\.tmp -> ] [1 C:\Users\Barbara\Documents\.tmp files -> C:\Users\Barbara\Documents\.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013/07/16 16:46:45 \| 000,377,856 \| ---- \| C] () -- C:\Users\Barbara\Desktop\djlovvcr.exe [2013/07/15 19:06:20 \| 000,891,022 \| ---- \| C] () -- C:\Users\Barbara\Desktop\SecurityCheck.exe [2013/07/15 18:21:52 \| 000,000,094 \| ---- \| C] () -- C:\Windows\DeleteOnReboot.bat [2013/07/15 18:19:34 \| 000,662,345 \| ---- \| C] () -- C:\Users\Barbara\Desktop\adwcleaner.exe [2013/07/14 23:11:45 \| 000,001,932 \| ---- \| C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk [2013/07/14 23:11:45 \| 000,001,920 \| ---- \| C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2013/07/14 22:25:24 \| 000,531,038 \| ---- \| C] () -- C:\Users\Barbara\Documents\cc_20130714_222519.reg [2013/07/14 22:16:14 \| 000,000,104 \| ---- \| C] () -- C:\Users\Barbara\Desktop\Recycle Bin - Shortcut.lnk [2013/07/11 22:12:15 \| 000,003,128 \| ---- \| C] () -- C:\{EF422D00-CE42-48EB-94B7-529864AA49D6} [2013/07/02 15:46:05 \| 000,000,832 \| ---- \| C] () -- C:\Users\Public\Desktop\FLV Media Player.lnk [2013/07/02 14:34:32 \| 2553,474,430 \| ---- \| C] () -- C:\Users\Barbara\Desktop\EuropeanBusSimulator_2012Demo_BASIC_ENG.rar [2013/06/19 15:06:49 \| 000,001,626 \| ---- \| C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013/05/15 12:53:57 \| 000,000,552 \| ---- \| C] () -- C:\Users\Barbara\AppData\Local\d3d8caps.dat [2012/09/08 23:27:19 \| 000,000,736 \| ---- \| C] () -- C:\Windows\SamsungMaster.INI [2012/06/12 19:40:28 \| 000,000,064 \| ---- \| C] () -- C:\Windows\GPlrLanc.dat [2012/02/20 23:45:23 \| 012,448,541 \| ---- \| C] () -- C:\Users\Barbara\AppData\Roaming\SMRBackup250.dat [2011/05/18 17:23:31 \| 000,001,940 \| ---- \| C] () -- C:\Users\Barbara\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini [2010/11/26 20:01:43 \| 000,000,760 \| ---- \| C] () -- C:\Users\Barbara\AppData\Roaming\setup_ldm.iss [2009/10/20 12:13:13 \| 000,005,216 \| ---- \| C] () -- C:\Users\Barbara\AppData\Local\d3d9caps.dat [2008/08/17 19:21:32 \| 000,004,384 \| ---- \| C] () -- C:\ProgramData\lxdf [2008/07/28 20:22:58 \| 000,061,224 \| ---- \| C] () -- C:\Users\Barbara\GoToAssistDownloadHelper.exe [2008/05/06 07:23:02 \| 000,000,632 \| RHS- \| C] () -- C:\Users\Barbara\ntuser.pol [2008/01/04 21:59:37 \| 000,031,007 \| ---- \| C] () -- C:\Users\Barbara\AppData\Roaming\UserTile.png [2007/12/25 15:59:28 \| 000,034,304 \| ---- \| C] () -- C:\Users\Barbara\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [color=#E56717]========== ZeroAccess Check ==========[/color] [2006/11/02 08:54:22 \| 000,000,227 \| RHS- \| M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 13:47:00 \| 011,586,048 \| ---- \| M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 02:28:19 \| 000,614,912 \| ---- \| M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 02:28:25 \| 000,347,648 \| ---- \| M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== LOP Check ==========[/color] [2013/06/01 23:25:16 \| 000,000,000 \| ---D \| M] -- C:\Users\Barbara\AppData\Roaming\337 Wallpaper [2010/06/14 13:59:12 \| 000,000,000 \| ---D \| M] -- C:\Users\Barbara\AppData\Roaming\6500 Series [2011/10/15 11:20:42 \| 000,000,000 \| ---D \| M] -- C:\Users\Barbara\AppData\Roaming\Catalina Marketing Corp [2008/10/22 07:54:55 \| 000,000,000 \| ---D \| M] -- C:\Users\Barbara\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2008/01/01 13:30:00 \| 000,000,000 \| ---D \| M] -- C:\Users\Barbara\AppData\Roaming\DataSafeOnline [2008/10/14 11:22:24 \| 000,000,000 \| ---D \| M] -- C:\Users\Barbara\AppData\Roaming\funkitron [2013/07/17 17:19:36 \| 000,000,000 \| ---D \| M] -- C:\Users\Barbara\AppData\Roaming\ID Vault [2009/01/23 22:46:31 \| 000,000,000 \| ---D \| M] -- C:\Users\Barbara\AppData\Roaming\JewelMatch2 [2008/10/10 20:41:08 \| 000,000,000 \| ---D \| M] -- C:\Users\Barbara\AppData\Roaming\LearnSomething [2008/04/06 10:33:13 \| 000,000,000 \| ---D \| M] -- C:\Users\Barbara\AppData\Roaming\Lexmark Productivity Studio [2008/05/20 17:08:48 \| 000,000,000 \| ---D \| M] -- C:\Users\Barbara\AppData\Roaming\Ludia [2008/01/04 21:59:37 \| 000,000,000 \| ---D \| M] -- C:\Users\Barbara\AppData\Roaming\PeerNetworking [2008/10/18 14:20:52 \| 000,000,000 \| ---D \| M] -- C:\Users\Barbara\AppData\Roaming\Pharmacy Assessments [2013/07/11 23:29:33 \| 000,000,000 \| ---D \| M] -- C:\Users\Barbara\AppData\Roaming\player [2009/03/19 18:20:35 \| 000,000,000 \| ---D \| M] -- C:\Users\Barbara\AppData\Roaming\PlayFirst [2008/10/06 18:34:18 \| 000,000,000 \| ---D \| M] -- C:\Users\Barbara\AppData\Roaming\Rx2000 Courses [2008/04/05 09:55:26 \| 000,000,000 \| ---D \| M] -- C:\Users\Barbara\AppData\Roaming\SBTT [2008/01/01 12:47:38 \| 000,000,000 \| ---D \| M] -- C:\Users\Barbara\AppData\Roaming\School Zone Preferences [2013/01/13 01:04:33 \| 000,000,000 \| ---D \| M] -- C:\Users\Barbara\AppData\Roaming\Strongvault [2012/03/04 14:15:08 \| 000,000,000 \| ---D \| M] -- C:\Users\Barbara\AppData\Roaming\Temp [2009/10/09 10:35:14 \| 000,000,000 \| ---D \| M] -- C:\Users\Barbara\AppData\Roaming\Tific [color=#E56717]========== Purity Check ==========[/color]
	actions · 2013-Jul-17 5:33 pm ·
LoPhatPhuud Premium,VIP,MVM join:2002-01-06 Albuquerque, NM kudos:26	LoPhatPhuud VIP,MVM reply to harry12345 Looks good from here. The rootkit test was clean and stray leftovers have been removed. Unless there are items still needing attention, we can go to cleanup. I'll hold pending your advice(s).
	actions · 2013-Jul-17 5:42 pm ·

harry12345 join:2013-07-15 Westport, MA	harry12345 I have about 2 hours left so anything we can do in that time will be greatly appreciated.
	actions · 2013-Jul-17 5:45 pm ·
LoPhatPhuud Premium,VIP,MVM join:2002-01-06 Albuquerque, NM kudos:26 Reviews: ·Comcast 1 recommendation	LoPhatPhuud VIP,MVM reply to harry12345 Cleanup instructions... Cleaning Up: Delete TFC: Delete the TFC icon on your Desktop Delete OTL: Double click the OTL icon on your Desktop Press the 'Cleanup' button Delete Security Check: Delete the SecurityCheck icon on your Desktop Delete Malware Bytes: We recommend that you keep MalwareBytes (MBAM) and run it every week. There is no charge to keep the program however the real time protection will stop after the trial period. Be sure to update the definitions before each use. If you decide not to keep MBAM, use Add/Remove Programs to uninstall it. Delete AdwCleaner: Double click the AdwCleaner icon on your Desktop Press the 'Uninstall' button Other Programs: If we asked you to install any other programs that are not removed by the OTL Cleanup procedure, we will provide separate removal instructions. -- When angry count four; when very angry, swear. Microsoft MVP/Consumer Security 2005-2013
	actions · 2013-Jul-18 10:26 am ·

Forums → Broadband Tech → Security → Security Cleanup	« Windows update does not work. • Avast dectected two threats »

Broadband Tech → Security → Security Cleanup > [Malware] Multiple toolbars needed to be removed. Logs included.

[Malware] Multiple toolbars needed to be removed. Logs included.

Re: [Malware] Multiple toolbars needed to be removed. Logs inclu