login · register	food site

	All Forums		Hot Topics		Gallery

Broadband Tech → Security → Security Cleanup > Re: [Malware] Help Please.

uniqs
103

« Tower infected • How to bring back my old homepage? »

This is a sub-selection from [Malware] Help Please.

brandieewine join:2013-07-27	brandieewine reply to brandieewine Re: [Malware] Help Please. # AdwCleaner v2.306 - Logfile created 07/27/2013 at 18:22:13 # Updated 19/07/2013 by Xplode # Operating system : Windows 8 (64 bits) # User : Proverbs 31 - BEE # Boot Mode : Normal # Running from : C:\Users\Proverbs 31\Desktop\adwcleaner.exe # Option [Delete] *** [Services] * * [Files / Folders] * Deleted on reboot : C:\ProgramData\boost_interprocess File Deleted : C:\Users\Public\Desktop\eBay.lnk * [Registry] * Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1 Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B} * [Internet Browsers] * -\\ Internet Explorer v10.0.9200.16384 [OK] Registry is clean. *********************** AdwCleaner[S1].txt - [2444 octets] - [27/07/2013 18:22:13] ########## EOF - C:\AdwCleaner[S1].txt - [2504 octets] ##########
	actions · 2013-Jul-27 9:06 pm · (locked)
brandieewine join:2013-07-27	brandieewine OTL logfile created on: 7/27/2013 6:29:17 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Proverbs 31\Desktop 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16384) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 3.71 Gb Total Physical Memory \| 2.77 Gb Available Physical Memory \| 74.70% Memory free 7.09 Gb Paging File \| 6.10 Gb Available in Paging File \| 86.14% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files (x86) Drive C: \| 441.95 Gb Total Space \| 417.72 Gb Free Space \| 94.52% Space Free \| Partition Type: NTFS Computer Name: BEE \| User Name: Proverbs 31 \| Logged in as Administrator. Boot Mode: Normal \| Scan Mode: All users \| Include 64bit Scans Company Name Whitelist: Off \| Skip Microsoft Files: Off \| No Company Name Whitelist: On \| File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013/07/27 18:26:19 \| 000,602,112 \| ---- \| M] (OldTimer Tools) -- C:\Users\Proverbs 31\Desktop\OTL.exe PRC - [2013/06/19 23:13:16 \| 002,445,304 \| ---- \| M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe PRC - [2013/06/19 22:41:38 \| 000,073,832 \| ---- \| M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe PRC - [2013/06/18 03:34:34 \| 000,054,160 \| ---- \| M] (Check Point Software Technologies, Ltd.) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe PRC - [2013/04/04 14:50:32 \| 000,701,512 \| ---- \| M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2013/04/04 14:50:32 \| 000,532,040 \| ---- \| M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2013/04/04 14:50:32 \| 000,418,376 \| ---- \| M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012/07/05 18:50:26 \| 000,553,616 \| ---- \| M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe PRC - [2012/07/04 10:57:44 \| 000,990,320 \| ---- \| M] (CyberLink) -- C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe PRC - [2012/06/22 11:00:59 \| 000,744,184 \| ---- \| M] (Symantec Corporation) -- C:\Program Files (x86)\SymSilent\SymSilentBootstrap.exe PRC - [2012/06/14 13:46:42 \| 000,143,928 \| R--- \| M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\ccSvcHst.exe PRC - [2011/11/25 16:32:36 \| 000,687,400 \| ---- \| M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2009/01/26 15:31:10 \| 001,153,368 \| ---- \| M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012/05/29 23:51:08 \| 000,699,280 \| R--- \| M] () -- C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\wincfi39.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV:64bit: - [2012/08/22 21:02:36 \| 000,658,576 \| ---- \| M] (Acer Incorporated) [On_Demand \| Running] -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe -- (ePowerSvc) SRV:64bit: - [2012/07/25 21:46:56 \| 002,366,984 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService) SRV:64bit: - [2012/07/25 20:30:05 \| 002,675,200 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify) SRV:64bit: - [2012/07/25 20:17:59 \| 000,015,440 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend) SRV:64bit: - [2012/07/25 20:08:04 \| 001,968,128 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc) SRV:64bit: - [2012/07/25 20:07:47 \| 000,065,536 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc) SRV:64bit: - [2012/07/25 20:07:42 \| 000,263,680 \| ---- \| M] (Microsoft Corporation) [Auto \| Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc) SRV:64bit: - [2012/07/25 20:07:40 \| 000,283,648 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc) SRV:64bit: - [2012/07/25 20:07:30 \| 000,169,984 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker) SRV:64bit: - [2012/07/25 20:07:27 \| 000,178,176 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker) SRV:64bit: - [2012/07/25 20:07:25 \| 000,012,800 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc) SRV:64bit: - [2012/07/25 20:06:36 \| 000,463,872 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm) SRV:64bit: - [2012/07/25 20:06:34 \| 000,743,936 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon) SRV:64bit: - [2012/07/25 20:06:33 \| 000,161,792 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc) SRV:64bit: - [2012/07/25 20:06:33 \| 000,073,728 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup) SRV:64bit: - [2012/07/25 20:06:00 \| 000,438,272 \| ---- \| M] (Microsoft Corporation) [Auto \| Running] -- C:\Windows\SysNative\lsm.dll -- (LSM) SRV:64bit: - [2012/07/25 20:05:55 \| 000,059,904 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso) SRV:64bit: - [2012/07/25 20:05:38 \| 000,116,736 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc) SRV:64bit: - [2012/07/25 20:05:34 \| 000,037,376 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS) SRV:64bit: - [2012/07/25 20:05:28 \| 000,207,872 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc) SRV:64bit: - [2012/07/25 20:05:24 \| 000,342,016 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Stopped] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService) SRV:64bit: - [2012/07/25 20:05:11 \| 000,174,080 \| ---- \| M] (Microsoft Corporation) [Auto \| Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure) SRV:64bit: - [2012/07/25 20:05:08 \| 000,169,472 \| ---- \| M] (Microsoft Corporation) [Auto \| Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder) SRV:64bit: - [2012/07/25 20:05:08 \| 000,122,368 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent) SRV:64bit: - [2012/07/25 17:24:02 \| 000,336,384 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss) SRV:64bit: - [2012/07/25 17:24:02 \| 000,336,384 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync) SRV:64bit: - [2012/07/25 17:24:02 \| 000,336,384 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown) SRV:64bit: - [2012/07/25 17:24:02 \| 000,336,384 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv) SRV:64bit: - [2012/07/25 17:24:02 \| 000,336,384 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange) SRV:64bit: - [2012/07/25 17:24:02 \| 000,336,384 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat) SRV:64bit: - [2012/07/19 23:01:32 \| 000,361,984 \| ---- \| M] (Advanced Micro Devices, Inc.) [Auto \| Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2012/07/19 07:14:42 \| 000,239,616 \| ---- \| M] (AMD) [Auto \| Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2013/06/19 23:13:16 \| 002,445,304 \| ---- \| M] (Check Point Software Technologies LTD) [Auto \| Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon) SRV - [2013/06/18 03:34:34 \| 000,054,160 \| ---- \| M] (Check Point Software Technologies, Ltd.) [Auto \| Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe -- (ZAPrivacyService) SRV - [2013/04/04 14:50:32 \| 000,701,512 \| ---- \| M] (Malwarebytes Corporation) [Auto \| Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013/04/04 14:50:32 \| 000,418,376 \| ---- \| M] (Malwarebytes Corporation) [Auto \| Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012/08/15 12:44:50 \| 003,943,104 \| ---- \| M] (Symantec Corporation) [Auto \| Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU) SRV - [2012/07/25 20:30:05 \| 002,675,200 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify) SRV - [2012/07/25 20:20:04 \| 000,018,432 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc) SRV - [2012/07/13 02:02:16 \| 002,451,456 \| ---- \| M] (Realsil Microelectronics Inc.) [Auto \| Running] -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe -- (IconMan_R) SRV - [2012/06/14 13:46:42 \| 000,143,928 \| R--- \| M] (Symantec Corporation) [Auto \| Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\ccSvcHst.exe -- (NIS) SRV - [2011/11/25 16:32:36 \| 000,687,400 \| ---- \| M] (Nero AG) [Auto \| Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2010/10/12 10:59:12 \| 000,206,072 \| ---- \| M] (WildTangent, Inc.) [On_Demand \| Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:64bit: - [2013/06/13 16:34:16 \| 000,451,096 \| ---- \| M] (Check Point Software Technologies LTD) [Kernel \| System \| Running] -- C:\Windows\SysNative\Drivers\vsdatant.sys -- (Vsdatant) DRV:64bit: - [2013/04/04 14:50:32 \| 000,025,928 \| ---- \| M] (Malwarebytes Corporation) [File_System \| On_Demand \| Running] -- C:\Windows\SysNative\Drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012/08/28 05:08:34 \| 000,177,312 \| ---- \| M] (Symantec Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2012/07/25 22:26:46 \| 000,025,328 \| ---- \| M] (Microsoft Corporation) [Recognizer \| Boot \| Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/07/25 22:26:45 \| 000,033,792 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv) DRV:64bit: - [2012/07/25 22:00:58 \| 000,445,168 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3) DRV:64bit: - [2012/07/25 22:00:58 \| 000,337,136 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI) DRV:64bit: - [2012/07/25 22:00:58 \| 000,322,800 \| ---- \| M] (VIA Corporation) [Kernel \| Boot \| Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID) DRV:64bit: - [2012/07/25 22:00:58 \| 000,212,208 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000) DRV:64bit: - [2012/07/25 22:00:58 \| 000,106,224 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt) DRV:64bit: - [2012/07/25 22:00:58 \| 000,097,008 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor) DRV:64bit: - [2012/07/25 22:00:57 \| 000,077,040 \| ---- \| M] (Microsoft Corporation) [Kernel \| Boot \| Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex) DRV:64bit: - [2012/07/25 22:00:55 \| 000,283,888 \| ---- \| M] (Microsoft Corporation) [Kernel \| Boot \| Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport) DRV:64bit: - [2012/07/25 22:00:55 \| 000,120,048 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101) DRV:64bit: - [2012/07/25 22:00:55 \| 000,077,552 \| ---- \| M] (Microsoft Corporation) [Kernel \| Boot \| Running] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci) DRV:64bit: - [2012/07/25 22:00:55 \| 000,064,240 \| ---- \| M] (Marvell Semiconductor, Inc.) [Kernel \| Boot \| Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis) DRV:64bit: - [2012/07/25 22:00:55 \| 000,030,960 \| ---- \| M] (Promise Technology, Inc.) [Kernel \| Boot \| Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2012/07/25 22:00:55 \| 000,028,400 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32) DRV:64bit: - [2012/07/25 22:00:54 \| 000,056,560 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor) DRV:64bit: - [2012/07/25 22:00:52 \| 003,295,984 \| ---- \| M] (Broadcom Corporation) [Kernel \| Boot \| Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2012/07/25 22:00:52 \| 000,092,400 \| ---- \| M] (LSI Corporation) [Kernel \| Boot \| Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2012/07/25 22:00:52 \| 000,081,136 \| ---- \| M] (LSI Corporation) [Kernel \| Boot \| Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS) DRV:64bit: - [2012/07/25 22:00:52 \| 000,064,752 \| ---- \| M] (Hewlett-Packard Company) [Kernel \| Boot \| Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2012/07/25 22:00:51 \| 000,113,904 \| ---- \| M] (Microsoft Corporation) [Kernel \| Boot \| Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv) DRV:64bit: - [2012/07/25 22:00:51 \| 000,081,136 \| ---- \| M] (Microsoft Corporation) [Kernel \| Boot \| Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass) DRV:64bit: - [2012/07/25 22:00:49 \| 000,539,376 \| ---- \| M] (Broadcom Corporation) [Kernel \| Boot \| Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2012/07/25 22:00:49 \| 000,258,288 \| ---- \| M] (AMD Technologies Inc.) [Kernel \| Boot \| Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2012/07/25 22:00:49 \| 000,106,736 \| ---- \| M] (LSI) [Kernel \| Boot \| Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware) DRV:64bit: - [2012/07/25 22:00:49 \| 000,076,016 \| ---- \| M] (Advanced Micro Devices) [Kernel \| Boot \| Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2012/07/25 22:00:48 \| 000,026,352 \| ---- \| M] (Advanced Micro Devices) [Kernel \| Boot \| Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2012/07/25 21:59:35 \| 000,193,264 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2012/07/25 21:59:35 \| 000,148,720 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM) DRV:64bit: - [2012/07/25 21:59:32 \| 000,055,024 \| ---- \| M] (Microsoft Corporation) [Kernel \| System \| Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam) DRV:64bit: - [2012/07/25 21:58:00 \| 000,068,848 \| ---- \| M] (Microsoft Corporation) [Kernel \| Boot \| Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc) DRV:64bit: - [2012/07/25 21:57:54 \| 000,361,200 \| ---- \| M] (Microsoft Corporation) [Kernel \| Boot \| Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS) DRV:64bit: - [2012/07/25 21:54:34 \| 000,096,496 \| ---- \| M] (Microsoft Corporation) [Kernel \| Boot \| Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS) DRV:64bit: - [2012/07/25 21:53:16 \| 000,067,824 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci) DRV:64bit: - [2012/07/25 21:44:30 \| 000,258,288 \| ---- \| M] (Microsoft Corporation) [File_System \| On_Demand \| Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter) DRV:64bit: - [2012/07/25 21:36:15 \| 000,034,216 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot) DRV:64bit: - [2012/07/25 20:17:38 \| 000,036,592 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2012/07/25 20:17:38 \| 000,027,888 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012/07/25 19:29:14 \| 000,010,752 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf) DRV:64bit: - [2012/07/25 19:29:08 \| 000,048,640 \| ---- \| M] (Microsoft Corporation) [Kernel \| System \| Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay) DRV:64bit: - [2012/07/25 19:29:03 \| 000,024,576 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo) DRV:64bit: - [2012/07/25 19:28:52 \| 000,029,696 \| ---- \| M] (Microsoft Corporation) [Kernel \| System \| Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender) DRV:64bit: - [2012/07/25 19:28:27 \| 000,031,104 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg) DRV:64bit: - [2012/07/25 19:27:58 \| 000,022,528 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM) DRV:64bit: - [2012/07/25 19:27:58 \| 000,012,288 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter) DRV:64bit: - [2012/07/25 19:27:41 \| 000,018,432 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic) DRV:64bit: - [2012/07/25 19:27:37 \| 000,010,752 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime) DRV:64bit: - [2012/07/25 19:27:33 \| 000,023,552 \| ---- \| M] (Microsoft Corporation) [Kernel \| System \| Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig) DRV:64bit: - [2012/07/25 19:27:31 \| 000,029,952 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid) DRV:64bit: - [2012/07/25 19:27:29 \| 000,019,968 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr) DRV:64bit: - [2012/07/25 19:27:16 \| 000,010,240 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr) DRV:64bit: - [2012/07/25 19:27:01 \| 000,011,776 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd) DRV:64bit: - [2012/07/25 19:26:46 \| 000,062,976 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx) DRV:64bit: - [2012/07/25 19:26:43 \| 000,059,392 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx) DRV:64bit: - [2012/07/25 19:26:34 \| 000,030,208 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012/07/25 19:26:13 \| 000,051,200 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum) DRV:64bit: - [2012/07/25 19:25:57 \| 000,033,280 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2012/07/25 19:25:56 \| 000,057,344 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012/07/25 19:25:54 \| 000,038,400 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c) DRV:64bit: - [2012/07/25 19:25:13 \| 000,045,056 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr) DRV:64bit: - [2012/07/25 19:25:01 \| 000,126,464 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform) DRV:64bit: - [2012/07/25 19:23:53 \| 000,068,608 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp) DRV:64bit: - [2012/07/25 19:23:42 \| 000,097,792 \| ---- \| M] (Microsoft Corporation) [Kernel \| Auto \| Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu) DRV:64bit: - [2012/07/19 08:19:02 \| 010,279,424 \| ---- \| M] (Advanced Micro Devices, Inc.) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\Drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012/07/19 06:13:32 \| 000,368,640 \| ---- \| M] (Advanced Micro Devices, Inc.) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\Drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012/07/16 17:59:12 \| 000,098,472 \| ---- \| M] (Advanced Micro Devices) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\Drivers\AtihdW86.sys -- (AtiHDAudioService) DRV:64bit: - [2012/07/04 20:18:06 \| 000,252,048 \| ---- \| M] (Realtek Semiconductor Corp.) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\Drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2012/06/20 22:12:20 \| 000,683,664 \| ---- \| M] (Realtek ) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168) DRV:64bit: - [2012/06/20 14:27:30 \| 000,023,448 \| R--- \| M] (Symantec Corporation) [Kernel \| Boot \| Stopped] -- C:\Windows\SysNative\Drivers\NISx64\1400000.088\SymELAM.sys -- (SymELAM) DRV:64bit: - [2012/05/25 17:56:14 \| 000,168,608 \| R--- \| M] (Symantec Corporation) [Kernel \| System \| Running] -- C:\Windows\SysNative\Drivers\NARAx64\0401000.00E\ccSetx64.sys -- (ccSet_NARA) DRV:64bit: - [2012/05/25 08:56:14 \| 000,168,608 \| R--- \| M] (Symantec Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\Drivers\NISx64\1400000.088\ccSetx64.sys -- (ccSet_NIS) DRV:64bit: - [2012/05/24 17:23:10 \| 000,485,024 \| R--- \| M] (Symantec Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\Drivers\NISx64\1400000.088\SymDS64.sys -- (SymDS) DRV:64bit: - [2012/05/24 17:01:16 \| 000,222,368 \| R--- \| M] (Symantec Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\Drivers\NISx64\1400000.088\Ironx64.sys -- (SymIRON) DRV:64bit: - [2012/05/24 16:54:58 \| 000,753,312 \| R--- \| M] (Symantec Corporation) [File_System \| On_Demand \| Running] -- C:\Windows\SysNative\Drivers\NISx64\1400000.088\srtsp64.sys -- (SRTSP) DRV:64bit: - [2012/05/21 10:25:20 \| 001,129,120 \| R--- \| M] (Symantec Corporation) [File_System \| On_Demand \| Running] -- C:\Windows\SysNative\Drivers\NISx64\1400000.088\SymEFA64.sys -- (SymEFA) DRV:64bit: - [2012/05/09 11:04:26 \| 000,431,224 \| R--- \| M] (Symantec Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\Drivers\NISx64\1400000.088\symnets.sys -- (SymNetS) DRV:64bit: - [2012/01/11 11:11:54 \| 000,037,496 \| R--- \| M] (Symantec Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\Drivers\NISx64\1400000.088\srtspx64.sys -- (SRTSPX) DRV - [2013/07/27 08:43:48 \| 002,098,776 \| ---- \| M] (Symantec Corporation) [Kernel \| On_Demand \| Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130727.004\ex64.sys -- (NAVEX15) DRV - [2013/07/27 08:43:48 \| 000,484,512 \| ---- \| M] (Symantec Corporation) [Kernel \| On_Demand \| Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2013/07/27 08:43:48 \| 000,138,912 \| ---- \| M] (Symantec Corporation) [Kernel \| On_Demand \| Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2013/07/27 08:43:48 \| 000,126,040 \| ---- \| M] (Symantec Corporation) [Kernel \| On_Demand \| Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130727.004\eng64.sys -- (NAVENG) DRV - [2013/07/26 15:27:36 \| 000,513,184 \| ---- \| M] (Symantec Corporation) [Kernel \| On_Demand \| Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20130726.001\IDSviA64.sys -- (IDSVia64) DRV - [2013/07/15 22:58:54 \| 001,393,240 \| ---- \| M] (Symantec Corporation) [Kernel \| On_Demand \| Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130715.001\BHDrvx64.sys -- (BHDrvx64) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{2BDBA4CA-E2FE-4E85-B335-A1C3E5919D8C}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAGWJS IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{2BDBA4CA-E2FE-4E85-B335-A1C3E5919D8C}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAGWJS IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-249487183-3276952955-2055839612-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com IE - HKU\S-1-5-21-249487183-3276952955-2055839612-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.zonealarm.com/?src=hp&tbid=goughDev3&Lan=en&gu=3713999a2d6a469192b66eef88516283&tu=10G9y009F2B0CO0&sku=&tstsId=&ver=& IE - HKU\S-1-5-21-249487183-3276952955-2055839612-1002\..\SearchScopes,DefaultScope = {7DFAD943-8A56-44F2-9C84-C9D8161AB697} IE - HKU\S-1-5-21-249487183-3276952955-2055839612-1002\..\SearchScopes\{7DFAD943-8A56-44F2-9C84-C9D8161AB697}: "URL" = http://search.zonealarm.com/search?src=sp&tbid=goughDev3&Lan=en&q={searchTerms}&gu=3713999a2d6a469192b66eef88516283&tu=10G9y009F2B0CO0&sku=&tstsId=&ver=&&r=182 IE - HKU\S-1-5-21-249487183-3276952955-2055839612-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFFPlgn\ [2013/07/27 08:22:02 \| 000,000,000 \| ---D \| M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn\ [2013/07/27 18:26:05 \| 000,000,000 \| ---D \| M] [2013/07/27 08:33:42 \| 000,000,000 \| ---D \| M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions O1 HOSTS File: ([2012/07/25 22:26:49 \| 000,000,824 \| ---- \| M]) - C:\Windows\SysNative\Drivers\etc\hosts O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.21.15\bh\zonealarm.dll (Check Point Software Technologies LTD) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\CoIEPlg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\IPS\IPSBHO.dll (Symantec Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.21.15\zonealarmTlbr.dll (Check Point Software Technologies LTD) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\CoIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F774F5B7-6F43-4CB5-8B05-D13304E9A2E2}: DhcpNameServer = 75.75.75.75 75.75.76.76 O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30 - LSA: Security Packages - (livessp) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk ) O35:64bit:* - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013/07/27 18:26:19 \| 000,602,112 \| ---- \| C] (OldTimer Tools) -- C:\Users\Proverbs 31\Desktop\OTL.exe [2013/07/27 18:10:22 \| 000,448,512 \| ---- \| C] (OldTimer Tools) -- C:\Users\Proverbs 31\Desktop\TFC.exe [2013/07/27 14:48:55 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2013/07/27 14:48:47 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Spybot - Search & Destroy [2013/07/27 14:48:47 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2013/07/27 14:35:59 \| 000,000,000 \| ---D \| C] -- C:\Users\Proverbs 31\AppData\Roaming\Malwarebytes [2013/07/27 14:35:48 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/07/27 14:35:47 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Malwarebytes [2013/07/27 14:35:45 \| 000,025,928 \| ---- \| C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013/07/27 14:35:45 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013/07/27 14:35:33 \| 000,000,000 \| ---D \| C] -- C:\Users\Proverbs 31\AppData\Local\Programs [2013/07/27 08:53:18 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\Common Files\Symantec Shared [2013/07/27 08:39:29 \| 000,000,000 \| ---D \| C] -- C:\Users\Proverbs 31\AppData\Roaming\Macromedia [2013/07/27 08:35:32 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point [2013/07/27 08:33:46 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\Check Point Software Technologies LTD [2013/07/27 08:33:42 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\Mozilla Firefox [2013/07/27 08:33:36 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\CheckPoint [2013/07/27 08:33:09 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\CheckPoint [2013/07/27 08:23:30 \| 000,000,000 \| R--D \| C] -- C:\Users\Proverbs 31\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2013/07/27 08:23:30 \| 000,000,000 \| R--D \| C] -- C:\Users\Proverbs 31\Searches [2013/07/27 08:23:30 \| 000,000,000 \| R--D \| C] -- C:\Users\Proverbs 31\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2013/07/27 08:23:29 \| 000,000,000 \| R--D \| C] -- C:\Users\Proverbs 31\Contacts [2013/07/27 08:23:29 \| 000,000,000 \| -H-D \| C] -- C:\Users\Proverbs 31\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned [2013/07/27 08:23:26 \| 000,000,000 \| ---D \| C] -- C:\Users\Proverbs 31\AppData\Roaming\Identities [2013/07/27 08:22:17 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\OEM [2013/07/27 08:22:11 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Accessory Store [2013/07/27 08:22:04 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\OEM_E471269A730D [2013/07/27 08:22:00 \| 000,000,000 \| ---D \| C] -- C:\Users\Proverbs 31\AppData\Roaming\Adobe [2013/07/27 08:21:52 \| 000,000,000 \| -H-D \| C] -- C:\Program Files (x86)\Uninstall Information [2013/07/27 08:20:42 \| 000,000,000 \| ---D \| C] -- C:\Users\Proverbs 31\AppData\Local\VirtualStore [2013/07/27 08:20:29 \| 000,000,000 \| ---D \| C] -- C:\Users\Proverbs 31\AppData\Local\Packages [2013/07/27 08:20:22 \| 000,000,000 \| --SD \| C] -- C:\Users\Proverbs 31\AppData\Roaming\Microsoft [2013/07/27 08:20:22 \| 000,000,000 \| R--D \| C] -- C:\Users\Proverbs 31\Videos [2013/07/27 08:20:22 \| 000,000,000 \| R--D \| C] -- C:\Users\Proverbs 31\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools [2013/07/27 08:20:22 \| 000,000,000 \| R--D \| C] -- C:\Users\Proverbs 31\Saved Games [2013/07/27 08:20:22 \| 000,000,000 \| R--D \| C] -- C:\Users\Proverbs 31\Pictures [2013/07/27 08:20:22 \| 000,000,000 \| R--D \| C] -- C:\Users\Proverbs 31\Music [2013/07/27 08:20:22 \| 000,000,000 \| R--D \| C] -- C:\Users\Proverbs 31\Links [2013/07/27 08:20:22 \| 000,000,000 \| R--D \| C] -- C:\Users\Proverbs 31\Favorites [2013/07/27 08:20:22 \| 000,000,000 \| R--D \| C] -- C:\Users\Proverbs 31\Downloads [2013/07/27 08:20:22 \| 000,000,000 \| R--D \| C] -- C:\Users\Proverbs 31\Documents [2013/07/27 08:20:22 \| 000,000,000 \| R--D \| C] -- C:\Users\Proverbs 31\Desktop [2013/07/27 08:20:22 \| 000,000,000 \| R--D \| C] -- C:\Users\Proverbs 31\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2013/07/27 08:20:22 \| 000,000,000 \| R--D \| C] -- C:\Users\Proverbs 31\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility [2013/07/27 08:20:22 \| 000,000,000 \| -HSD \| C] -- C:\Users\Proverbs 31\AppData\Local\Temporary Internet Files [2013/07/27 08:20:22 \| 000,000,000 \| -HSD \| C] -- C:\Users\Proverbs 31\Templates [2013/07/27 08:20:22 \| 000,000,000 \| -HSD \| C] -- C:\Users\Proverbs 31\Start Menu [2013/07/27 08:20:22 \| 000,000,000 \| -HSD \| C] -- C:\Users\Proverbs 31\SendTo [2013/07/27 08:20:22 \| 000,000,000 \| -HSD \| C] -- C:\Users\Proverbs 31\Recent [2013/07/27 08:20:22 \| 000,000,000 \| -HSD \| C] -- C:\Users\Proverbs 31\PrintHood [2013/07/27 08:20:22 \| 000,000,000 \| -HSD \| C] -- C:\Users\Proverbs 31\NetHood [2013/07/27 08:20:22 \| 000,000,000 \| -HSD \| C] -- C:\Users\Proverbs 31\Documents\My Videos [2013/07/27 08:20:22 \| 000,000,000 \| -HSD \| C] -- C:\Users\Proverbs 31\Documents\My Pictures [2013/07/27 08:20:22 \| 000,000,000 \| -HSD \| C] -- C:\Users\Proverbs 31\Documents\My Music [2013/07/27 08:20:22 \| 000,000,000 \| -HSD \| C] -- C:\Users\Proverbs 31\My Documents [2013/07/27 08:20:22 \| 000,000,000 \| -HSD \| C] -- C:\Users\Proverbs 31\Local Settings [2013/07/27 08:20:22 \| 000,000,000 \| -HSD \| C] -- C:\Users\Proverbs 31\AppData\Local\History [2013/07/27 08:20:22 \| 000,000,000 \| -HSD \| C] -- C:\Users\Proverbs 31\Cookies [2013/07/27 08:20:22 \| 000,000,000 \| -HSD \| C] -- C:\Users\Proverbs 31\Application Data [2013/07/27 08:20:22 \| 000,000,000 \| -HSD \| C] -- C:\Users\Proverbs 31\AppData\Local\Application Data [2013/07/27 08:20:22 \| 000,000,000 \| -H-D \| C] -- C:\Users\Proverbs 31\AppData [2013/07/27 08:20:22 \| 000,000,000 \| ---D \| C] -- C:\Users\Proverbs 31\AppData\Local\Temp [2013/07/27 08:20:22 \| 000,000,000 \| ---D \| C] -- C:\Users\Proverbs 31\AppData\Local\Microsoft [2013/07/27 08:20:22 \| 000,000,000 \| ---D \| C] -- C:\Users\Proverbs 31\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2013/07/27 06:08:52 \| 000,000,000 \| -HSD \| C] -- C:\System Volume Information [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013/07/27 18:28:11 \| 000,848,230 \| ---- \| M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/07/27 18:28:11 \| 000,718,176 \| ---- \| M] () -- C:\Windows\SysNative\perfh009.dat [2013/07/27 18:28:11 \| 000,132,542 \| ---- \| M] () -- C:\Windows\SysNative\perfc009.dat [2013/07/27 18:26:19 \| 000,602,112 \| ---- \| M] (OldTimer Tools) -- C:\Users\Proverbs 31\Desktop\OTL.exe [2013/07/27 18:25:45 \| 000,067,584 \| --S- \| M] () -- C:\Windows\bootstat.dat [2013/07/27 18:23:36 \| 268,435,456 \| -HS- \| M] () -- C:\swapfile.sys [2013/07/27 18:23:34 \| 3187,687,424 \| -HS- \| M] () -- C:\hiberfil.sys [2013/07/27 18:22:41 \| 000,000,101 \| ---- \| M] () -- C:\Windows\DeleteOnReboot.bat [2013/07/27 18:21:04 \| 000,666,633 \| ---- \| M] () -- C:\Users\Proverbs 31\Desktop\adwcleaner.exe [2013/07/27 18:10:22 \| 000,448,512 \| ---- \| M] (OldTimer Tools) -- C:\Users\Proverbs 31\Desktop\TFC.exe [2013/07/27 14:48:55 \| 000,001,289 \| ---- \| M] () -- C:\Users\Proverbs 31\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk [2013/07/27 14:48:55 \| 000,001,265 \| ---- \| M] () -- C:\Users\Proverbs 31\Desktop\Spybot - Search & Destroy.lnk [2013/07/27 14:35:48 \| 000,001,140 \| ---- \| M] () -- C:\Users\Proverbs 31\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk [2013/07/27 14:35:48 \| 000,001,116 \| ---- \| M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/07/27 08:38:41 \| 000,417,513 \| ---- \| M] () -- C:\Windows\SysNative\drivers\vsconfig.xml [2013/07/27 08:35:34 \| 000,000,762 \| ---- \| M] () -- C:\Users\Public\Desktop\ZoneAlarm Security.lnk [2013/07/27 08:26:46 \| 000,001,431 \| ---- \| M] () -- C:\Users\Proverbs 31\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2013/07/27 08:22:11 \| 000,001,738 \| ---- \| M] () -- C:\Users\Public\Desktop\Buy Online.lnk [2013/07/27 08:22:05 \| 000,001,967 \| ---- \| M] () -- C:\Users\Public\Desktop\Netflix.lnk [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013/07/27 18:22:22 \| 000,000,101 \| ---- \| C] () -- C:\Windows\DeleteOnReboot.bat [2013/07/27 18:21:04 \| 000,666,633 \| ---- \| C] () -- C:\Users\Proverbs 31\Desktop\adwcleaner.exe [2013/07/27 14:48:55 \| 000,001,289 \| ---- \| C] () -- C:\Users\Proverbs 31\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk [2013/07/27 14:48:55 \| 000,001,265 \| ---- \| C] () -- C:\Users\Proverbs 31\Desktop\Spybot - Search & Destroy.lnk [2013/07/27 14:35:48 \| 000,001,140 \| ---- \| C] () -- C:\Users\Proverbs 31\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk [2013/07/27 14:35:48 \| 000,001,116 \| ---- \| C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/07/27 08:36:01 \| 000,417,513 \| ---- \| C] () -- C:\Windows\SysNative\drivers\vsconfig.xml [2013/07/27 08:35:34 \| 000,000,762 \| ---- \| C] () -- C:\Users\Public\Desktop\ZoneAlarm Security.lnk [2013/07/27 08:26:46 \| 000,001,431 \| ---- \| C] () -- C:\Users\Proverbs 31\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2013/07/27 08:22:21 \| 000,000,000 \| ---- \| C] () -- C:\Users\Proverbs 31\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center [2013/07/27 08:22:11 \| 000,001,738 \| ---- \| C] () -- C:\Users\Public\Desktop\Buy Online.lnk [2013/07/27 08:22:05 \| 000,001,967 \| ---- \| C] () -- C:\Users\Public\Desktop\Netflix.lnk [2013/07/27 08:21:59 \| 000,001,437 \| ---- \| C] () -- C:\Users\Proverbs 31\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2013/07/27 08:20:22 \| 000,000,352 \| ---- \| C] () -- C:\Users\Proverbs 31\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk [2013/07/27 08:20:22 \| 000,000,334 \| ---- \| C] () -- C:\Users\Proverbs 31\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk [2013/07/27 06:08:52 \| 268,435,456 \| -HS- \| C] () -- C:\swapfile.sys [2013/07/27 06:08:51 \| 3187,687,424 \| -HS- \| C] () -- C:\hiberfil.sys [2013/01/30 00:12:24 \| 000,000,000 \| ---- \| C] () -- C:\Windows\ativpsrm.bin [2012/08/28 05:47:39 \| 000,204,952 \| ---- \| C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012/08/28 05:47:39 \| 000,157,144 \| ---- \| C] () -- C:\Windows\SysWow64\ativvsva.dat [2012/08/28 05:47:39 \| 000,003,917 \| ---- \| C] () -- C:\Windows\SysWow64\atipblag.dat [2012/07/26 01:13:10 \| 000,215,943 \| ---- \| C] () -- C:\Windows\SysWow64\dssec.dat [2012/07/26 01:13:09 \| 000,000,741 \| ---- \| C] () -- C:\Windows\SysWow64\NOISE.DAT [2012/07/26 00:21:26 \| 000,067,584 \| --S- \| C] () -- C:\Windows\bootstat.dat [2012/07/25 18:17:42 \| 000,043,520 \| ---- \| C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2012/07/25 17:48:53 \| 000,083,968 \| ---- \| C] () -- C:\Windows\SysWow64\OEMLicense.dll [2012/07/25 13:37:29 \| 000,043,131 \| ---- \| C] () -- C:\Windows\mib.bin [2012/07/25 13:28:31 \| 000,364,544 \| ---- \| C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2012/06/02 07:31:19 \| 000,673,088 \| ---- \| C] () -- C:\Windows\SysWow64\mlang.dat [2012/05/10 17:35:16 \| 000,029,184 \| ---- \| C] () -- C:\Windows\SysWow64\kdbsdk32.dll [color=#E56717]========== ZeroAccess Check ==========[/color] [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/07/25 20:07:16 \| 019,779,584 \| ---- \| M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/07/25 20:19:59 \| 017,559,552 \| ---- \| M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 20:05:38 \| 001,004,544 \| ---- \| M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 20:18:27 \| 000,784,896 \| ---- \| M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 20:07:41 \| 000,455,680 \| ---- \| M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== LOP Check ==========[/color] [color=#E56717]========== Purity Check ==========[/color]
	actions · 2013-Jul-27 9:07 pm · (locked)
brandieewine join:2013-07-27 2 edits	brandieewine reply to brandieewine OTL Extras logfile created on: 7/27/2013 6:29:17 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Proverbs 31\Desktop 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16384) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 3.71 Gb Total Physical Memory \| 2.77 Gb Available Physical Memory \| 74.70% Memory free 7.09 Gb Paging File \| 6.10 Gb Available in Paging File \| 86.14% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files (x86) Drive C: \| 441.95 Gb Total Space \| 417.72 Gb Free Space \| 94.52% Space Free \| Partition Type: NTFS Computer Name: BEE \| User Name: Proverbs 31 \| Logged in as Administrator. Boot Mode: Normal \| Scan Mode: All users \| Include 64bit Scans Company Name Whitelist: Off \| Skip Microsoft Files: Off \| No Company Name Whitelist: On \| File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [color=#E56717]========== Shell Spawning ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. [color=#E56717]========== Security Center Settings ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{09022E88-9636-4EEC-91F8-570A765B3073}" = dir=out \| name=skitch \| "{0D984F66-A26D-4F0B-A438-9DFDD8CBC4AD}" = dir=out \| name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} \| "{0F0E901F-2723-417E-9DFD-8669CC246CC3}" = protocol=6 \| dir=in \| app=c:\program files (x86)\spotify\data\spotifywebhelper.exe \| "{141EBFD8-8CB3-4938-A66E-5904719EA875}" = dir=out \| name=amazon for windows \| "{16AA54DA-178E-440A-98AC-9E60FEACDEF6}" = dir=out \| name=ebay \| "{18A66121-343D-41A9-97FF-869072ECBE8A}" = dir=in \| name=skype \| "{1F134917-C17E-49DB-972D-7073D814F88B}" = dir=in \| name=kindle \| "{2DDC7A8C-2357-4484-A0F5-BDA9A5223A9B}" = dir=out \| name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} \| "{2FE322E6-4840-424A-B670-58ACA41339CB}" = dir=in \| name=evernote \| "{32555A4E-733F-4914-AEA3-E19B3B5ED352}" = dir=out \| name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} \| "{362A8DC0-463D-43DA-8D51-68F5DB01252A}" = dir=in \| name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} \| "{3C0B2656-9EC0-4338-81C9-396E238DB8D6}" = protocol=17 \| dir=in \| app=c:\program files (x86)\spotify\data\spotifywebhelper.exe \| "{40B6DA9D-D212-45DD-A7AF-66CF3A7A602A}" = dir=out \| name=windows_ie_ac_001 \| "{45926539-7B26-471D-801A-15183993A3A1}" = protocol=6 \| dir=in \| app=c:\program files (x86)\spotify\spotify.exe \| "{45A71FED-B841-4B99-80A0-9B9DC84FCFF7}" = dir=out \| name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} \| "{470A25EA-6D3C-4C32-AE36-7ED12CEAFF03}" = dir=out \| name=hulu plus \| "{5135B953-216E-471E-8899-35D0075EB3EC}" = dir=out \| name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} \| "{58346FE5-05D1-410B-8862-C8ABF16FFBAE}" = dir=in \| app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe \| "{5C0C8EE2-751E-4BA4-8D5C-E9CC58B593D9}" = dir=in \| name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} \| "{649AF061-0F76-4E14-85B5-1A91F8DB759F}" = dir=out \| name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} \| "{6695A926-0701-48A9-B133-148DBEA74339}" = dir=out \| name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} \| "{752754C8-F71A-45D2-8A78-00229CFD0910}" = dir=out \| name=evernote \| "{75D00DB3-3DEE-4D82-8ECD-636C23BDEEF0}" = dir=out \| name=chacha \| "{76DDF855-2B61-4E80-A0CF-5E1674878CEE}" = dir=out \| name=stumbleupon \| "{775304FA-C250-4D41-8A71-3BFE878E53BF}" = dir=out \| name=gateway explorer \| "{7952A7BC-57CC-474F-A491-D07BFC672B63}" = dir=in \| name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} \| "{7A1C3F7A-5BDC-4A1B-A2C4-576C6C6198AA}" = dir=out \| name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} \| "{7CF2A1B0-5023-432D-8165-3BFF79D0E0AD}" = dir=out \| name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} \| "{7FAD793C-6432-441D-8646-ADC7CE6BE207}" = dir=out \| name=kindle \| "{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out \| name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} \| "{818B042C-9FBA-4C04-AABF-EA613D482354}" = dir=out \| name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} \| "{837974C1-11DE-4F50-8867-0A977E5224DD}" = dir=out \| name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} \| "{89442599-1E66-49F7-9477-38B701A6454A}" = dir=out \| name=merriam-webster dictionary \| "{8D92BCA1-41AC-45EF-9B69-8195892B5764}" = dir=out \| name=cut the rope \| "{9C43AD11-2C0F-4B97-9508-A145B0711C1E}" = dir=out \| name=newsxpresso metro \| "{9DB36C08-2DBE-4A45-BD69-0B39B8ACB2C9}" = dir=in \| name=ebay \| "{BA2165EB-8463-42EF-83C5-8060F93B6332}" = dir=out \| name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} \| "{BF314784-A03A-4405-84F8-009ADD66AC56}" = dir=in \| name=amazon for windows \| "{BFE7A909-9F92-4024-BBB1-6E580E58B6F7}" = dir=in \| app=c:\program files (x86)\nero\nero 12\nero backitup\backitup.exe \| "{C2FF5B03-4021-48AA-B17F-C232CCEA881E}" = dir=out \| name=7digital music store \| "{C4629CD6-BF86-4C78-927F-111C2143A859}" = dir=out \| name=encyclopaedia britannica \| "{C821A7F4-520A-40A8-8F26-41D7147871EC}" = dir=in \| name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} \| "{CB62180A-30EC-40B0-A097-5A4639A8ADDB}" = protocol=17 \| dir=in \| app=c:\program files (x86)\spotify\spotify.exe \| "{D340FF44-856D-41BE-AED5-8401BD034084}" = dir=out \| name=netflix \| "{D5350C34-15F6-405A-B74D-3D6F15472A5C}" = dir=out \| name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} \| "{D889D786-B504-46DC-995F-5AA4B80F2834}" = dir=out \| name=icookbook se \| "{DEC15BDB-C648-4DB5-A01C-BDA3F77538FA}" = dir=out \| name=tunein radio \| "{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in \| name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} \| "{EF067289-9683-4EDE-BE05-6BA30F5D1B9B}" = dir=out \| name=skype \| "{F1E3C19A-A7D6-4CAB-80B2-29A16031299B}" = dir=out \| name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} \| [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}" = Gateway Recovery Management "{19CB64EB-ACFE-681D-B571-A8A3398F1943}" = AMD Catalyst Install Manager "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5073FD73-33B5-5056-D2F1-3CECCEE76E37}" = AMD AVIVO64 Codecs "{91F52DE4-B789-42B0-9311-A349F10E5479}" = Gateway Power Management "{DB80E09D-CADA-E15F-F26A-25199559FC28}" = AMD Fuel "{E429154B-6C65-2BE9-AC80-60DF73CB9774}" = AMD Accelerated Video Transcoding "{FC5E805E-3215-51A0-B658-86CDFA440C47}" = ccc-utility64 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0708FF30-78C0-47B0-81F0-C84604DC769C}" = Nero Express Help (CHM) "{099776E0-A602-8FE6-F0A9-2E9F377EF5BD}" = CCC Help Greek "{0B311221-05A5-4766-8D03-7A6446794156}" = Nero RescueAgent Help (CHM) "{0E4630AF-0AB7-440E-A978-1A78FC4F43B9}" = Nero Launcher "{17B097DD-CF9B-A21F-53CB-B8B21193D96C}" = CCC Help Dutch "{182728B1-8727-4AB3-A1AE-F1ED2C8B1BAC}" = Catalyst Control Center - Branding "{192971BE-6FCE-6A65-3921-7C21DAEE0B5D}" = CCC Help Czech "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2128FF2D-7134-3E13-4E80-F6D71AF59BA9}" = Catalyst Control Center Localization All "{216308F1-6AC9-5F6F-987D-7B4CE983A392}" = CCC Help Finnish "{21E7D71D-3F2A-3E62-7372-E2215DCBDF35}" = CCC Help Polish "{296CEBB6-C5EF-0706-62F4-AF621E4CFCEA}" = CCC Help English "{2E2598F9-5B42-4199-9DA6-249117FC2414}" = CCC Help Thai "{2F8E3D85-1773-560E-50AB-87DFE61A62A2}" = CCC Help Spanish "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App "{3AAB08A3-F129-4BD5-B409-AE674F93759D}" = Prerequisite installer "{3D9CB654-99AD-4301-89C6-0D12A790767C}" = Identity Card "{3E3A2325-7712-454A-AC84-7816C3F69C3D}" = ZoneAlarm Firewall "{404E5AC6-39FC-0C8B-3E68-87AA7F066982}" = CCC Help Japanese "{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup "{43B3565F-D8A0-2019-EBC4-BF3E2C8FD51B}" = CCC Help Russian "{5B81F6D8-AFA6-BBD4-0B74-342EE195C4FF}" = Catalyst Control Center InstallProxy "{5B97339C-5A3D-3563-CAF9-0F7081F06D94}" = CCC Help Chinese Traditional "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-gateway" = WildTangent Games App "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{763163B5-8092-DC95-37AF-8436E7B3D00F}" = CCC Help Chinese Standard "{7EC5403A-3BE9-0504-4F38-F0E36129D984}" = CCC Help French "{7FC9C5DC-7742-F1F1-7D77-EADCEB110AC1}" = CCC Help German "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{848A7C68-0ADC-4193-8A89-2CEA78E56A0C}" = Nero Express "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BF0D9FE-9893-4647-81B9-17B7BEA4E6FD}" = Nero 12 Essentials OEM.a01 "{9F9D286C-C66A-A6D9-3801-9310718E4072}" = CCC Help Swedish "{A2D43081-CF7B-4637-A9F3-E2651AA5C4A8}" = Nero RescueAgent "{A694AF57-9891-4D62-824C-7E55A1361A14}" = eBay Worldwide "{A6DC88AD-501A-44BC-884D-57435F972E2C}" = Hotkey Utility "{A96AFD67-7556-FD6F-BE81-DB694E78C387}" = CCC Help Italian "{ABC88553-8770-4B97-B43E-5A90647A5B63}" = Nero ControlCenter "{ADB86C61-74E4-8ED8-35DF-2CA7E33226FC}" = CCC Help Turkish "{B2B0EC73-AD4A-4716-A3DE-CEA8440B309B}" = Nero BackItUp 12 Essentials OEM.a01 "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B4E8FA87-32E3-4CAB-5C62-1D5E4D400579}" = CCC Help Portuguese "{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components "{C5E1DE30-1B3A-9006-87E7-7847C0F4F121}" = CCC Help Hungarian "{C994C746-C6D0-4EBA-B09E-DF7B18381B69}" = Nero ControlCenter Help (CHM) "{CA34560F-5827-B40F-3EF3-4D2F1D8379E5}" = CCC Help Norwegian "{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10 "{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso 6.5 "{E63014A6-9E7B-46A5-B9FE-6E4B76072D1F}" = ZoneAlarm Security "{E70B2F2C-94D1-4287-B5B0-CBBE618E2652}" = Nero BackItUp "{E860214B-76D7-B131-BB7B-57A7BC130C18}" = AMD VISION Engine Control Center "{EA2FFDFA-0228-9D5D-D451-7E0706184350}" = CCC Help Danish "{EE26E302-876A-48D9-9058-3129E5B99999}" = Live Updater "{EF0D1292-8FC1-41BE-9740-DBC134F66415}" = Nero BackItUp Help (CHM) "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F4A3CD4A-CAF5-A7D0-B870-49D6941D6C1D}" = CCC Help Korean "InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10 "InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso 6.5 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300 "NARA" = Norton Online Backup ARA "NIS" = Norton Internet Security "Spotify" = Spotify "WildTangent wildgames Master Uninstall" = WildTangent Games "WTA-2625c0b6-2237-4309-9a1e-8063cb1658cd" = Peggle Nights "WTA-2ba32642-6c34-4fe5-8ea4-8cb3885594ae" = Aloha TriPeaks "WTA-327e37dc-8a0e-42f8-9087-d89dee3fd7cb" = Polar Golfer "WTA-3a597353-79e9-4ff6-b23f-da2cb41cc45f" = Jewel Match 3 "WTA-5bd7e1c0-1ecf-494d-9b15-beaad339f313" = Tales of Lagoona "WTA-77f013e3-3e11-4d4b-a94a-f563feff1b4b" = Penguins! "WTA-7ade21c0-b25d-4eb8-b01b-3e5cebbb07db" = Plants vs. Zombies - Game of the Year "WTA-7f2bf24b-855f-4dbd-a500-f0bcc1568773" = Mystery P.I. - Curious Case of Counterfeit Cove "WTA-9594d1e0-6f3b-4cb0-afd4-60fa99f89ea2" = Delicious: Emily's True Love Premium Edition "WTA-97980c0b-7975-49e5-a8d7-b613f2500e26" = Cradle Of Egypt Collector's Edition "WTA-a4504516-89d3-49ac-847f-22d0db490738" = Zuma's Revenge "WTA-ba009eeb-9c21-4248-8b39-c28dd51d465e" = Polar Bowler "WTA-bf2463ff-1da5-487a-a396-433cf3b661cf" = Bejeweled 3 "WTA-c15245fa-d28c-4be1-a1b1-43eed965a9cf" = Agatha Christie - Death on the Nile "ZoneAlarm Free Firewall" = ZoneAlarm Free Firewall "ZoneAlarm Security Toolbar" = ZoneAlarm Security Toolbar [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 7/27/2013 9:17:50 PM \| Computer Name = Bee \| Source = Application Error \| ID = 1000 Description = Faulting application name: iexplore.exe, version: 10.0.9200.16384, time stamp: 0x50107ebe Faulting module name: iertutil.dll, version: 10.0.9200.16390, time stamp: 0x501b55b2 Exception code: 0xc0000005 Fault offset: 0x0000000000172efb Faulting process id: 0x99c Faulting application start time: 0x01ce8b3045bce78c Faulting application path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\system32\iertutil.dll Report Id: 84636433-f723-11e2-be6e-7427ea277a48 Faulting package full name: Faulting package-relative application ID: Error - 7/27/2013 9:18:09 PM \| Computer Name = Bee \| Source = Microsoft-Windows-Immersive-Shell \| ID = 2486 Description = App DefaultBrowser_NOPUBLISHERID!Microsoft.InternetExplorer.Default did not launch within its allotted time. Error - 7/27/2013 9:18:17 PM \| Computer Name = Bee \| Source = Application Error \| ID = 1000 Description = Faulting application name: iexplore.exe, version: 10.0.9200.16384, time stamp: 0x50107ebe Faulting module name: iertutil.dll, version: 10.0.9200.16390, time stamp: 0x501b55b2 Exception code: 0xc0000005 Fault offset: 0x0000000000172efb Faulting process id: 0xdac Faulting application start time: 0x01ce8b3056f588cc Faulting application path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\system32\iertutil.dll Report Id: 94fa26d7-f723-11e2-be6e-7427ea277a48 Faulting package full name: Faulting package-relative application ID: Error - 7/27/2013 9:18:37 PM \| Computer Name = Bee \| Source = Microsoft-Windows-Immersive-Shell \| ID = 2486 Description = App DefaultBrowser_NOPUBLISHERID!Microsoft.InternetExplorer.Default did not launch within its allotted time. Error - 7/27/2013 9:18:41 PM \| Computer Name = Bee \| Source = Application Error \| ID = 1000 Description = Faulting application name: iexplore.exe, version: 10.0.9200.16384, time stamp: 0x50107ebe Faulting module name: iertutil.dll, version: 10.0.9200.16390, time stamp: 0x501b55b2 Exception code: 0xc0000005 Fault offset: 0x0000000000172efb Faulting process id: 0xc48 Faulting application start time: 0x01ce8b3064ed04f1 Faulting application path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\system32\iertutil.dll Report Id: a2f665bf-f723-11e2-be6e-7427ea277a48 Faulting package full name: Faulting package-relative application ID: Error - 7/27/2013 9:19:01 PM \| Computer Name = Bee \| Source = Microsoft-Windows-Immersive-Shell \| ID = 2486 Description = App DefaultBrowser_NOPUBLISHERID!Microsoft.InternetExplorer.Default did not launch within its allotted time. [ System Events ] Error - 7/27/2013 5:25:23 PM \| Computer Name = Bee \| Source = Schannel \| ID = 36888 Description = A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 51. The Windows SChannel error state is 900. Error - 7/27/2013 5:27:34 PM \| Computer Name = Bee \| Source = Schannel \| ID = 36888 Description = A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 51. The Windows SChannel error state is 900. Error - 7/27/2013 5:31:57 PM \| Computer Name = Bee \| Source = Schannel \| ID = 36888 Description = A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 51. The Windows SChannel error state is 900. Error - 7/27/2013 5:31:57 PM \| Computer Name = Bee \| Source = Schannel \| ID = 36888 Description = A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 51. The Windows SChannel error state is 900. Error - 7/27/2013 5:31:57 PM \| Computer Name = Bee \| Source = Schannel \| ID = 36888 Description = A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 51. The Windows SChannel error state is 900. Error - 7/27/2013 5:31:57 PM \| Computer Name = Bee \| Source = Schannel \| ID = 36888 Description = A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 51. The Windows SChannel error state is 900. Error - 7/27/2013 9:24:00 PM \| Computer Name = Bee \| Source = DCOM \| ID = 10016 Description = Error - 7/27/2013 9:24:00 PM \| Computer Name = Bee \| Source = DCOM \| ID = 10016 Description = Error - 7/27/2013 9:24:00 PM \| Computer Name = Bee \| Source = DCOM \| ID = 10016 Description = Error - 7/27/2013 9:24:00 PM \| Computer Name = Bee \| Source = DCOM \| ID = 10016 Description = The ESET ran for an hour and a half and then once complete would not allow me to obtain a log file. I tried everything. Results of screen317's Security Check version 0.99.71 x64 (UAC is enabled) Internet Explorer 10 [u]``````````````Antivirus/Firewall Check:``````````````[/u] Windows Firewall Disabled! Windows Defender Norton Internet Security [size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size] [u]`````````Anti-malware/Other Utilities Check:`````````[/u] Spybot - Search & Destroy Malwarebytes Anti-Malware version 1.75.0.1300 [u]````````Process Check: objlist.exe by Laurent````````[/u] Norton ccSvcHst.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe [color=red]Spybot Teatimer.exe is disabled![/color] Malwarebytes' Anti-Malware mbamscheduler.exe Symantec Norton Online Backup NOBuAgent.exe CheckPoint ZoneAlarm vsmon.exe CheckPoint ZoneAlarm ZAPrivacyService.exe CheckPoint ZoneAlarm zatray.exe [u]`````````````````System Health check`````````````````[/u] Total Fragmentation on Drive C: % [u]````````````````````End of Log``````````````````````[/u]
	actions · 2013-Jul-27 9:09 pm · (locked)
your moderator at work hidden :
lilhurricane Crunchin' For Cures Premium,Mod join:2003-01-11 Purple Zone kudos:56 Reviews: ·Comcast	lilhurricane Mod Re: [Malware] Help Please. Temp File Cleaner Temp File Cleaner OTL Extras logfile created on: 7/27/2013 6:29:17 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Proverbs 31\Desktop 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16384) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 3.71 Gb Total Physical Memory \| 2.77 Gb Available Physical Memory \| 74.70% Memory free 7.09 Gb Paging File \| 6.10 Gb Available in Paging File \| 86.14% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files (x86) Drive C: \| 441.95 Gb Total Space \| 417.72 Gb Free Space \| 94.52% Space Free \| Partition Type: NTFS Computer Name: BEE \| User Name: Proverbs 31 \| Logged in as Administrator. Boot Mode: Normal \| Scan Mode: All users \| Include 64bit Scans Company Name Whitelist: Off \| Skip Microsoft Files: Off \| No Company Name Whitelist: On \| File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [color=#E56717]========== Shell Spawning ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. [color=#E56717]========== Security Center Settings ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{09022E88-9636-4EEC-91F8-570A765B3073}" = dir=out \| name=skitch \| "{0D984F66-A26D-4F0B-A438-9DFDD8CBC4AD}" = dir=out \| name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} \| "{0F0E901F-2723-417E-9DFD-8669CC246CC3}" = protocol=6 \| dir=in \| app=c:\program files (x86)\spotify\data\spotifywebhelper.exe \| "{141EBFD8-8CB3-4938-A66E-5904719EA875}" = dir=out \| name=amazon for windows \| "{16AA54DA-178E-440A-98AC-9E60FEACDEF6}" = dir=out \| name=ebay \| "{18A66121-343D-41A9-97FF-869072ECBE8A}" = dir=in \| name=skype \| "{1F134917-C17E-49DB-972D-7073D814F88B}" = dir=in \| name=kindle \| "{2DDC7A8C-2357-4484-A0F5-BDA9A5223A9B}" = dir=out \| name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} \| "{2FE322E6-4840-424A-B670-58ACA41339CB}" = dir=in \| name=evernote \| "{32555A4E-733F-4914-AEA3-E19B3B5ED352}" = dir=out \| name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} \| "{362A8DC0-463D-43DA-8D51-68F5DB01252A}" = dir=in \| name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} \| "{3C0B2656-9EC0-4338-81C9-396E238DB8D6}" = protocol=17 \| dir=in \| app=c:\program files (x86)\spotify\data\spotifywebhelper.exe \| "{40B6DA9D-D212-45DD-A7AF-66CF3A7A602A}" = dir=out \| name=windows_ie_ac_001 \| "{45926539-7B26-471D-801A-15183993A3A1}" = protocol=6 \| dir=in \| app=c:\program files (x86)\spotify\spotify.exe \| "{45A71FED-B841-4B99-80A0-9B9DC84FCFF7}" = dir=out \| name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} \| "{470A25EA-6D3C-4C32-AE36-7ED12CEAFF03}" = dir=out \| name=hulu plus \| "{5135B953-216E-471E-8899-35D0075EB3EC}" = dir=out \| name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} \| "{58346FE5-05D1-410B-8862-C8ABF16FFBAE}" = dir=in \| app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe \| "{5C0C8EE2-751E-4BA4-8D5C-E9CC58B593D9}" = dir=in \| name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} \| "{649AF061-0F76-4E14-85B5-1A91F8DB759F}" = dir=out \| name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} \| "{6695A926-0701-48A9-B133-148DBEA74339}" = dir=out \| name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} \| "{752754C8-F71A-45D2-8A78-00229CFD0910}" = dir=out \| name=evernote \| "{75D00DB3-3DEE-4D82-8ECD-636C23BDEEF0}" = dir=out \| name=chacha \| "{76DDF855-2B61-4E80-A0CF-5E1674878CEE}" = dir=out \| name=stumbleupon \| "{775304FA-C250-4D41-8A71-3BFE878E53BF}" = dir=out \| name=gateway explorer \| "{7952A7BC-57CC-474F-A491-D07BFC672B63}" = dir=in \| name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} \| "{7A1C3F7A-5BDC-4A1B-A2C4-576C6C6198AA}" = dir=out \| name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} \| "{7CF2A1B0-5023-432D-8165-3BFF79D0E0AD}" = dir=out \| name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} \| "{7FAD793C-6432-441D-8646-ADC7CE6BE207}" = dir=out \| name=kindle \| "{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out \| name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} \| "{818B042C-9FBA-4C04-AABF-EA613D482354}" = dir=out \| name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} \| "{837974C1-11DE-4F50-8867-0A977E5224DD}" = dir=out \| name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} \| "{89442599-1E66-49F7-9477-38B701A6454A}" = dir=out \| name=merriam-webster dictionary \| "{8D92BCA1-41AC-45EF-9B69-8195892B5764}" = dir=out \| name=cut the rope \| "{9C43AD11-2C0F-4B97-9508-A145B0711C1E}" = dir=out \| name=newsxpresso metro \| "{9DB36C08-2DBE-4A45-BD69-0B39B8ACB2C9}" = dir=in \| name=ebay \| "{BA2165EB-8463-42EF-83C5-8060F93B6332}" = dir=out \| name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} \| "{BF314784-A03A-4405-84F8-009ADD66AC56}" = dir=in \| name=amazon for windows \| "{BFE7A909-9F92-4024-BBB1-6E580E58B6F7}" = dir=in \| app=c:\program files (x86)\nero\nero 12\nero backitup\backitup.exe \| "{C2FF5B03-4021-48AA-B17F-C232CCEA881E}" = dir=out \| name=7digital music store \| "{C4629CD6-BF86-4C78-927F-111C2143A859}" = dir=out \| name=encyclopaedia britannica \| "{C821A7F4-520A-40A8-8F26-41D7147871EC}" = dir=in \| name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} \| "{CB62180A-30EC-40B0-A097-5A4639A8ADDB}" = protocol=17 \| dir=in \| app=c:\program files (x86)\spotify\spotify.exe \| "{D340FF44-856D-41BE-AED5-8401BD034084}" = dir=out \| name=netflix \| "{D5350C34-15F6-405A-B74D-3D6F15472A5C}" = dir=out \| name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} \| "{D889D786-B504-46DC-995F-5AA4B80F2834}" = dir=out \| name=icookbook se \| "{DEC15BDB-C648-4DB5-A01C-BDA3F77538FA}" = dir=out \| name=tunein radio \| "{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in \| name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} \| "{EF067289-9683-4EDE-BE05-6BA30F5D1B9B}" = dir=out \| name=skype \| "{F1E3C19A-A7D6-4CAB-80B2-29A16031299B}" = dir=out \| name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} \| [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}" = Gateway Recovery Management "{19CB64EB-ACFE-681D-B571-A8A3398F1943}" = AMD Catalyst Install Manager "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5073FD73-33B5-5056-D2F1-3CECCEE76E37}" = AMD AVIVO64 Codecs "{91F52DE4-B789-42B0-9311-A349F10E5479}" = Gateway Power Management "{DB80E09D-CADA-E15F-F26A-25199559FC28}" = AMD Fuel "{E429154B-6C65-2BE9-AC80-60DF73CB9774}" = AMD Accelerated Video Transcoding "{FC5E805E-3215-51A0-B658-86CDFA440C47}" = ccc-utility64 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0708FF30-78C0-47B0-81F0-C84604DC769C}" = Nero Express Help (CHM) "{099776E0-A602-8FE6-F0A9-2E9F377EF5BD}" = CCC Help Greek "{0B311221-05A5-4766-8D03-7A6446794156}" = Nero RescueAgent Help (CHM) "{0E4630AF-0AB7-440E-A978-1A78FC4F43B9}" = Nero Launcher "{17B097DD-CF9B-A21F-53CB-B8B21193D96C}" = CCC Help Dutch "{182728B1-8727-4AB3-A1AE-F1ED2C8B1BAC}" = Catalyst Control Center - Branding "{192971BE-6FCE-6A65-3921-7C21DAEE0B5D}" = CCC Help Czech "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2128FF2D-7134-3E13-4E80-F6D71AF59BA9}" = Catalyst Control Center Localization All "{216308F1-6AC9-5F6F-987D-7B4CE983A392}" = CCC Help Finnish "{21E7D71D-3F2A-3E62-7372-E2215DCBDF35}" = CCC Help Polish "{296CEBB6-C5EF-0706-62F4-AF621E4CFCEA}" = CCC Help English "{2E2598F9-5B42-4199-9DA6-249117FC2414}" = CCC Help Thai "{2F8E3D85-1773-560E-50AB-87DFE61A62A2}" = CCC Help Spanish "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App "{3AAB08A3-F129-4BD5-B409-AE674F93759D}" = Prerequisite installer "{3D9CB654-99AD-4301-89C6-0D12A790767C}" = Identity Card "{3E3A2325-7712-454A-AC84-7816C3F69C3D}" = ZoneAlarm Firewall "{404E5AC6-39FC-0C8B-3E68-87AA7F066982}" = CCC Help Japanese "{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup "{43B3565F-D8A0-2019-EBC4-BF3E2C8FD51B}" = CCC Help Russian "{5B81F6D8-AFA6-BBD4-0B74-342EE195C4FF}" = Catalyst Control Center InstallProxy "{5B97339C-5A3D-3563-CAF9-0F7081F06D94}" = CCC Help Chinese Traditional "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-gateway" = WildTangent Games App "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{763163B5-8092-DC95-37AF-8436E7B3D00F}" = CCC Help Chinese Standard "{7EC5403A-3BE9-0504-4F38-F0E36129D984}" = CCC Help French "{7FC9C5DC-7742-F1F1-7D77-EADCEB110AC1}" = CCC Help German "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{848A7C68-0ADC-4193-8A89-2CEA78E56A0C}" = Nero Express "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BF0D9FE-9893-4647-81B9-17B7BEA4E6FD}" = Nero 12 Essentials OEM.a01 "{9F9D286C-C66A-A6D9-3801-9310718E4072}" = CCC Help Swedish "{A2D43081-CF7B-4637-A9F3-E2651AA5C4A8}" = Nero RescueAgent "{A694AF57-9891-4D62-824C-7E55A1361A14}" = eBay Worldwide "{A6DC88AD-501A-44BC-884D-57435F972E2C}" = Hotkey Utility "{A96AFD67-7556-FD6F-BE81-DB694E78C387}" = CCC Help Italian "{ABC88553-8770-4B97-B43E-5A90647A5B63}" = Nero ControlCenter "{ADB86C61-74E4-8ED8-35DF-2CA7E33226FC}" = CCC Help Turkish "{B2B0EC73-AD4A-4716-A3DE-CEA8440B309B}" = Nero BackItUp 12 Essentials OEM.a01 "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B4E8FA87-32E3-4CAB-5C62-1D5E4D400579}" = CCC Help Portuguese "{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components "{C5E1DE30-1B3A-9006-87E7-7847C0F4F121}" = CCC Help Hungarian "{C994C746-C6D0-4EBA-B09E-DF7B18381B69}" = Nero ControlCenter Help (CHM) "{CA34560F-5827-B40F-3EF3-4D2F1D8379E5}" = CCC Help Norwegian "{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10 "{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso 6.5 "{E63014A6-9E7B-46A5-B9FE-6E4B76072D1F}" = ZoneAlarm Security "{E70B2F2C-94D1-4287-B5B0-CBBE618E2652}" = Nero BackItUp "{E860214B-76D7-B131-BB7B-57A7BC130C18}" = AMD VISION Engine Control Center "{EA2FFDFA-0228-9D5D-D451-7E0706184350}" = CCC Help Danish "{EE26E302-876A-48D9-9058-3129E5B99999}" = Live Updater "{EF0D1292-8FC1-41BE-9740-DBC134F66415}" = Nero BackItUp Help (CHM) "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F4A3CD4A-CAF5-A7D0-B870-49D6941D6C1D}" = CCC Help Korean "InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10 "InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso 6.5 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300 "NARA" = Norton Online Backup ARA "NIS" = Norton Internet Security "Spotify" = Spotify "WildTangent wildgames Master Uninstall" = WildTangent Games "WTA-2625c0b6-2237-4309-9a1e-8063cb1658cd" = Peggle Nights "WTA-2ba32642-6c34-4fe5-8ea4-8cb3885594ae" = Aloha TriPeaks "WTA-327e37dc-8a0e-42f8-9087-d89dee3fd7cb" = Polar Golfer "WTA-3a597353-79e9-4ff6-b23f-da2cb41cc45f" = Jewel Match 3 "WTA-5bd7e1c0-1ecf-494d-9b15-beaad339f313" = Tales of Lagoona "WTA-77f013e3-3e11-4d4b-a94a-f563feff1b4b" = Penguins! "WTA-7ade21c0-b25d-4eb8-b01b-3e5cebbb07db" = Plants vs. Zombies - Game of the Year "WTA-7f2bf24b-855f-4dbd-a500-f0bcc1568773" = Mystery P.I. - Curious Case of Counterfeit Cove "WTA-9594d1e0-6f3b-4cb0-afd4-60fa99f89ea2" = Delicious: Emily's True Love Premium Edition "WTA-97980c0b-7975-49e5-a8d7-b613f2500e26" = Cradle Of Egypt Collector's Edition "WTA-a4504516-89d3-49ac-847f-22d0db490738" = Zuma's Revenge "WTA-ba009eeb-9c21-4248-8b39-c28dd51d465e" = Polar Bowler "WTA-bf2463ff-1da5-487a-a396-433cf3b661cf" = Bejeweled 3 "WTA-c15245fa-d28c-4be1-a1b1-43eed965a9cf" = Agatha Christie - Death on the Nile "ZoneAlarm Free Firewall" = ZoneAlarm Free Firewall "ZoneAlarm Security Toolbar" = ZoneAlarm Security Toolbar [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 7/27/2013 9:17:50 PM \| Computer Name = Bee \| Source = Application Error \| ID = 1000 Description = Faulting application name: iexplore.exe, version: 10.0.9200.16384, time stamp: 0x50107ebe Faulting module name: iertutil.dll, version: 10.0.9200.16390, time stamp: 0x501b55b2 Exception code: 0xc0000005 Fault offset: 0x0000000000172efb Faulting process id: 0x99c Faulting application start time: 0x01ce8b3045bce78c Faulting application path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\system32\iertutil.dll Report Id: 84636433-f723-11e2-be6e-7427ea277a48 Faulting package full name: Faulting package-relative application ID: Error - 7/27/2013 9:18:09 PM \| Computer Name = Bee \| Source = Microsoft-Windows-Immersive-Shell \| ID = 2486 Description = App DefaultBrowser_NOPUBLISHERID!Microsoft.InternetExplorer.Default did not launch within its allotted time. Error - 7/27/2013 9:18:17 PM \| Computer Name = Bee \| Source = Application Error \| ID = 1000 Description = Faulting application name: iexplore.exe, version: 10.0.9200.16384, time stamp: 0x50107ebe Faulting module name: iertutil.dll, version: 10.0.9200.16390, time stamp: 0x501b55b2 Exception code: 0xc0000005 Fault offset: 0x0000000000172efb Faulting process id: 0xdac Faulting application start time: 0x01ce8b3056f588cc Faulting application path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\system32\iertutil.dll Report Id: 94fa26d7-f723-11e2-be6e-7427ea277a48 Faulting package full name: Faulting package-relative application ID: Error - 7/27/2013 9:18:37 PM \| Computer Name = Bee \| Source = Microsoft-Windows-Immersive-Shell \| ID = 2486 Description = App DefaultBrowser_NOPUBLISHERID!Microsoft.InternetExplorer.Default did not launch within its allotted time. Error - 7/27/2013 9:18:41 PM \| Computer Name = Bee \| Source = Application Error \| ID = 1000 Description = Faulting application name: iexplore.exe, version: 10.0.9200.16384, time stamp: 0x50107ebe Faulting module name: iertutil.dll, version: 10.0.9200.16390, time stamp: 0x501b55b2 Exception code: 0xc0000005 Fault offset: 0x0000000000172efb Faulting process id: 0xc48 Faulting application start time: 0x01ce8b3064ed04f1 Faulting application path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\system32\iertutil.dll Report Id: a2f665bf-f723-11e2-be6e-7427ea277a48 Faulting package full name: Faulting package-relative application ID: Error - 7/27/2013 9:19:01 PM \| Computer Name = Bee \| Source = Microsoft-Windows-Immersive-Shell \| ID = 2486 Description = App DefaultBrowser_NOPUBLISHERID!Microsoft.InternetExplorer.Default did not launch within its allotted time. [ System Events ] Error - 7/27/2013 5:25:23 PM \| Computer Name = Bee \| Source = Schannel \| ID = 36888 Description = A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 51. The Windows SChannel error state is 900. Error - 7/27/2013 5:27:34 PM \| Computer Name = Bee \| Source = Schannel \| ID = 36888 Description = A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 51. The Windows SChannel error state is 900. Error - 7/27/2013 5:31:57 PM \| Computer Name = Bee \| Source = Schannel \| ID = 36888 Description = A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 51. The Windows SChannel error state is 900. Error - 7/27/2013 5:31:57 PM \| Computer Name = Bee \| Source = Schannel \| ID = 36888 Description = A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 51. The Windows SChannel error state is 900. Error - 7/27/2013 5:31:57 PM \| Computer Name = Bee \| Source = Schannel \| ID = 36888 Description = A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 51. The Windows SChannel error state is 900. Error - 7/27/2013 5:31:57 PM \| Computer Name = Bee \| Source = Schannel \| ID = 36888 Description = A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 51. The Windows SChannel error state is 900. Error - 7/27/2013 9:24:00 PM \| Computer Name = Bee \| Source = DCOM \| ID = 10016 Description = Error - 7/27/2013 9:24:00 PM \| Computer Name = Bee \| Source = DCOM \| ID = 10016 Description = Error - 7/27/2013 9:24:00 PM \| Computer Name = Bee \| Source = DCOM \| ID = 10016 Description = Error - 7/27/2013 9:24:00 PM \| Computer Name = Bee \| Source = DCOM \| ID = 10016 Description = -- ~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~
	actions · 2013-Jul-27 9:12 pm · (locked)

Forums → Broadband Tech → Security → Security Cleanup	« Tower infected • How to bring back my old homepage? »
This is a sub-selection from [Malware] Help Please.