WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

"Browse to Save" has embedded itself into my browser [Closed

Started by tinpanalley , Feb 21 2013 05:46 AM

This topic is locked

11 replies to this topic

#1 tinpanalley

Authentic Member

Authentic Member
189 posts

Posted 21 February 2013 - 05:46 AM

I don't really feel any effects other than randomly selected words on my browser that are fake links to an ad landing page made to look like a news site.
The laptop itself seems to run fine. There is also a pop-up window in the bottom right corner of the browser window that brings up coupons of some kind with an obviously malicious button to "disable the pop-up".

I hope someone can help. Thanks!

OTL file

OTL logfile created on: 21-02-13 12:34:36 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Home\Desktop\OTL
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MM-yy

7.90 Gb Total Physical Memory | 5.56 Gb Available Physical Memory | 70.39% Memory free
15.81 Gb Paging File | 13.38 Gb Available in Paging File | 84.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 886.32 Gb Total Space | 744.56 Gb Free Space | 84.01% Space Free | Partition Type: NTFS
Drive D: | 25.47 Gb Total Space | 21.72 Gb Free Space | 85.28% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 158.32 Gb Free Space | 17.00% Space Free | Partition Type: NTFS
Drive G: | 1.35 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: LAPTOP | User Name: Home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Home\Desktop\OTL\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\WEB\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\WEB\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe (Microsoft Corp.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\WEB\uTorrent\uTorrent.exe (BitTorrent, Inc.)
PRC - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Users\Home\AppData\Local\Autobahn\nexdef.exe ()
PRC - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Windows\KMService.exe ()
PRC - C:\Windows\SysWOW64\srvany.exe ()

========== Modules (No Company Name) ==========

MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll ()
MOD - C:\Program Files (x86)\WEB\Mozilla Thunderbird\mozjs.dll ()
MOD - C:\Program Files (x86)\WEB\Mozilla Thunderbird\nsldap32v60.dll ()
MOD - C:\Program Files (x86)\WEB\Mozilla Thunderbird\nsldappr32v60.dll ()
MOD - C:\Program Files (x86)\WEB\Mozilla Firefox\mozjs.dll ()
MOD - C:\Users\Home\AppData\Local\Autobahn\rt\jetrt\baseline720.dll ()
MOD - C:\Users\Home\AppData\Local\Autobahn\rt\bin\java.dll ()
MOD - C:\Users\Home\AppData\Local\Autobahn\nexdef.exe ()
MOD - C:\Users\Home\AppData\Local\Autobahn\rt\bin\zip.dll ()
MOD - C:\Users\Home\AppData\Local\Autobahn\rt\bin\jetvm\jvm.dll ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()

========== Services (SafeList) ==========

SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (Intel® -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel® Corporation)
SRV:64bit: - (btwdins) -- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (NSDSvc) -- C:\Windows\SysNative\NSDSvc.exe (Lenovo)
SRV:64bit: - (ZeroConfigService) -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Intel® Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV:64bit: - (AMPPALR3) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)
SRV:64bit: - (BTHSSecurityMgr) -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel® Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (BingDesktopUpdate) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe (Microsoft Corp.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\WEB\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (CLKMSVC10_3A60B698) -- C:\Program Files (x86)\Lenovo\PowerDVD10\NavFilter\kmsvc.exe (CyberLink)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (KMService) -- C:\Windows\SysWOW64\srvany.exe ()

========== Driver Services (SafeList) ==========

DRV:64bit: - (SSCBFS3) -- C:\Windows\SysNative\drivers\sscbfs3.sys (EldoS Corporation)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (fbfmon) -- C:\Windows\SysNative\drivers\fbfmon.sys (Lenovo)
DRV:64bit: - (BPntDrv) -- C:\Windows\SysNative\drivers\BPntDrv.sys (Lenovo)
DRV:64bit: - (ACPIVPC) -- C:\Windows\SysNative\drivers\AcpiVpc.sys (Lenovo Corporation)
DRV:64bit: - (LHDmgr) -- C:\Windows\SysNative\drivers\LhdX64.sys (Lenovo.)
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (btwampfl) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (bcbtums) -- C:\Windows\SysNative\drivers\bcbtums.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (hswpan) -- C:\Windows\SysNative\drivers\hswpan.sys (Ozmo Inc)
DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation)
DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation)
DRV:64bit: - (NSD) -- C:\Windows\SysNative\drivers\nsd.sys (Lenovo Corporation")
DRV:64bit: - (Nsdfltr) -- C:\Windows\SysNative\drivers\Nsdfltr.sys (Lenovo Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (rtsuvc) -- C:\Windows\SysNative\drivers\rtsuvc.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...mp;sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.easyli...p...lg=EN&cc=FR
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{01bd49d7-c76b-4310-8beb-14d7e5f322c6}: "URL" = http://search.easyli...e...lg=EN&cc=FR
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...mp;sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...r...N&bmod=LENN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.easyli...p...lg=EN&cc=FR
IE - HKCU\..\SearchScopes,DefaultScope = {01bd49d7-c76b-4310-8beb-14d7e5f322c6}
IE - HKCU\..\SearchScopes\{01bd49d7-c76b-4310-8beb-14d7e5f322c6}: "URL" = http://search.easyli...e...lg=EN&cc=FR
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...amp;rlz=1I7LENN
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaultenginename,S: S", "Bing"
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com"
FF - prefs.js..browser.search.order.1: "Bing"
FF - prefs.js..browser.search.order.1,S: S", "Bing"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.selectedEngine,S: S", "Bing"
FF - prefs.js..browser.startup.homepage: "bing.com"
FF - prefs.js..extensions.enabledAddons: foxmarks%40kei.com:4.1.3
FF - prefs.js..extensions.enabledAddons: isreaditlater%40ideashower.com:3.0.1
FF - prefs.js..extensions.enabledAddons: save-as-pdf-ff%40pdfcrowd.com:1.5
FF - prefs.js..extensions.enabledAddons: rssicon%40jasnapaka.com:1.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - prefs.js..keyword.URL: "http://www.bing.com/search?q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "EasyLife"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "EasyLife"
FF - prefs.js..browser.startup.homepage: "http://search.easyli...08&lg=EN&cc=FR"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.easyli...N&cc=FR&l=1&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_168.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Home\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Home\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Home\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Home\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\WEB\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Uplay\npuplaypc.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\WEB\Mozilla Firefox\components [2013-02-20 11:59:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\WEB\Mozilla Firefox\plugins [2013-02-20 11:59:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Components: C:\Program Files (x86)\WEB\Mozilla Thunderbird\components [2013-02-20 15:08:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Plugins: C:\Program Files (x86)\WEB\Mozilla Thunderbird\plugins

[2012-11-05 16:24:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home\AppData\Roaming\Mozilla\Extensions
[2012-11-05 16:24:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home\AppData\Roaming\Mozilla\Extensions\uploadr@flickr.com
[2013-02-14 15:01:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\mze0hrnh.default\extensions
[2013-02-14 15:01:22 | 000,000,000 | ---D | M] (Browse2save) -- C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\mze0hrnh.default\extensions\511ced8218cd0@511ced8218d09.com
[2012-10-01 23:55:40 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\mze0hrnh.default\extensions\foxmarks@kei.com
[2013-01-10 11:49:37 | 000,223,719 | ---- | M] () (No name found) -- C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\mze0hrnh.default\extensions\isreaditlater@ideashower.com.xpi
[2013-02-11 12:40:22 | 000,363,393 | ---- | M] () (No name found) -- C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\mze0hrnh.default\extensions\jid1-4P0kohSJxU1qGg@jetpack.xpi
[2013-02-07 07:54:23 | 000,015,618 | ---- | M] () (No name found) -- C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\mze0hrnh.default\extensions\rssicon@jasnapaka.com.xpi
[2013-01-19 01:31:02 | 000,057,194 | ---- | M] () (No name found) -- C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\mze0hrnh.default\extensions\save-as-pdf-ff@pdfcrowd.com.xpi
[2013-02-14 12:43:07 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\mze0hrnh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013-02-14 15:00:44 | 000,000,579 | ---- | M] () -- C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\mze0hrnh.default\searchplugins\EasyLife.xml

========== Chrome ==========

CHR - homepage: http://www.bing.com/
CHR - Extension: No name found = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.22_0\
CHR - Extension: No name found = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.22_0\.bak
CHR - Extension: No name found = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmopjaaicbgbhamlgkbebjhfmhnicple\1\
CHR - Extension: No name found = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\
CHR - Extension: No name found = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg\1.3_0\
CHR - Extension: No name found = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak\1.0.12_0\
CHR - Extension: No name found = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj\1.1.5_0\

O1 HOSTS File: ([2013-01-18 13:43:24 | 000,001,659 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\MEDIA\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [SugarSync] C:\Program Files (x86)\SugarSync\SugarSync.exe (SugarSync, Inc.)
O4 - Startup: C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Home\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NexDef Plug-in.lnk = C:\Users\Home\AppData\Local\Autobahn\nexdef.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{177DC005-5A14-4A3D-B9B5-514988FA7AEA}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4FBEA771-4661-4C4B-A01E-03E6526DB2E3}: DhcpNameServer = 0.0.0.0
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\osf - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (c:\windows\syswow64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\SysNative\SSCbFsMntNtf3.dll (EldoS Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\SysWOW64\SSCbFsMntNtf3.dll (EldoS Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files (x86)\MISC\Stardock\Fences\FencesMenu64.dll (Stardock)
O22:64bit: - SharedTaskScheduler: {C28617FD-4FE7-4043-AD51-C8132CE90106} - Virtual Storage Mount Notification - C:\Windows\SysNative\SSCbFsMntNtf3.dll (EldoS Corporation)
O22 - SharedTaskScheduler: {C28617FD-4FE7-4043-AD51-C8132CE90106} - Virtual Storage Mount Notification - C:\Windows\SysWOW64\SSCbFsMntNtf3.dll (EldoS Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-07-15 18:15:47 | 000,016,958 | R--- | M] () - G:\autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2009-07-15 18:18:22 | 000,000,043 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{8c0f724f-0c77-11e2-888a-dc0ea1f7b541}\Shell - "" = AutoRun
O33 - MountPoints2\{8c0f724f-0c77-11e2-888a-dc0ea1f7b541}\Shell\AutoRun\command - "" = G:\setup.exe -- [2009-07-15 18:23:28 | 050,000,000 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.clmp3enc - C:\Program Files (x86)\Lenovo\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.l3acm - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.HFYU - C:\Windows\SysWow64\huffyuv.dll (Disappearing Inc.)
Drivers32: VIDC.LAGS - C:\Windows\SysWow64\lagarith.dll ( )
Drivers32: vidc.tscc - C:\Windows\SysWow64\tsccvid.dll (TechSmith Corporation)
Drivers32: VIDC.X264 - C:\Windows\SysWow64\x264vfw.dll (x264vfw project)
Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013-02-21 12:34:01 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\OTL
[2013-02-21 00:28:53 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\LucasArts
[2013-02-16 17:50:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Pendulo Studios
[2013-02-16 13:28:47 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\Chromium
[2013-02-16 13:28:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rockstar Games
[2013-02-16 13:23:28 | 000,000,000 | ---D | C] -- C:\Users\Home\Documents\Rockstar Games
[2013-02-16 10:36:00 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2013-02-16 10:35:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Repack by Fenixx
[2013-02-16 09:59:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CoffeeCup Software
[2013-02-16 02:42:46 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\Programs
[2013-02-14 15:00:55 | 000,000,000 | ---D | C] -- C:\ProgramData\RightClick
[2013-02-14 15:00:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BrowseToSave
[2013-02-14 15:00:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Browse2save
[2013-02-14 15:00:15 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2013-02-14 14:59:09 | 000,000,000 | ---D | C] -- C:\Users\Home\Documents\My Kindle Content
[2013-02-14 14:59:01 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
[2013-02-14 14:59:01 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\Amazon
[2013-02-14 14:58:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon
[2013-02-14 03:29:42 | 000,000,000 | ---D | C] -- C:\_Documents
[2013-02-13 23:37:44 | 000,225,024 | ---- | C] (EldoS Corporation) -- C:\Windows\SysWow64\SSCbFsNetRdr3.dll
[2013-02-13 23:37:44 | 000,192,256 | ---- | C] (EldoS Corporation) -- C:\Windows\SysNative\SSCbFsMntNtf3.dll
[2013-02-13 23:37:44 | 000,159,488 | ---- | C] (EldoS Corporation) -- C:\Windows\SysWow64\SSCbFsMntNtf3.dll
[2013-02-13 23:37:44 | 000,143,104 | ---- | C] (EldoS Corporation) -- C:\Windows\SysNative\SSCbFsNetRdr3.dll
[2013-02-13 23:36:56 | 000,347,904 | ---- | C] (EldoS Corporation) -- C:\Windows\SysNative\drivers\sscbfs3.sys
[2013-02-13 04:01:14 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013-02-13 04:01:14 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013-02-13 04:01:13 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013-02-13 04:01:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013-02-13 04:01:12 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013-02-13 04:01:12 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013-02-13 04:01:12 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013-02-13 04:01:12 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013-02-13 04:01:11 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013-02-13 04:01:11 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013-02-13 04:01:10 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013-02-13 04:01:10 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013-02-13 04:01:07 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013-02-13 04:01:07 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013-02-13 04:01:07 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013-02-13 03:40:53 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013-02-13 03:40:53 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013-02-13 03:40:52 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013-02-13 03:40:45 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013-02-13 03:40:45 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013-02-13 03:40:45 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013-02-13 03:40:45 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013-02-13 03:40:45 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013-02-13 03:40:44 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013-02-13 03:40:43 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013-02-12 14:26:06 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\cYo
[2013-02-12 14:26:06 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\cYo
[2013-02-12 14:24:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ComicRack
[2013-02-12 14:10:45 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\CDisplayEx
[2013-02-10 13:11:33 | 000,000,000 | RH-D | C] -- C:\ESD
[2013-02-09 22:55:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013-02-09 22:55:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013-02-04 21:49:59 | 000,000,000 | ---D | C] -- C:\Users\Home\Calibre Library
[2013-02-03 23:31:48 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013-02-03 23:31:42 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013-02-03 23:31:42 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013-02-03 23:31:42 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013-02-03 23:31:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013-02-03 14:09:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VINYL
[2013-02-02 02:40:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VIDEO
[2013-02-01 23:22:05 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2013-02-01 23:13:57 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2013-02-01 00:37:34 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Doublefine
[2013-01-27 02:02:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013-02-21 12:11:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013-02-21 12:10:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2196896337-1785881382-3878986201-1001UA.job
[2013-02-21 11:55:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013-02-21 03:11:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013-02-21 02:58:32 | 000,000,021 | ---- | M] () -- C:\Windows\SurCode.INI
[2013-02-21 00:28:48 | 000,001,737 | ---- | M] () -- C:\Users\Home\Desktop\MISE - Shortcut.lnk
[2013-02-20 23:07:31 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013-02-20 23:07:31 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013-02-20 23:06:19 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013-02-20 23:06:19 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013-02-20 23:04:05 | 000,660,318 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013-02-20 23:04:05 | 000,121,214 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013-02-20 23:04:04 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013-02-20 23:00:26 | 000,126,091 | ---- | M] () -- C:\Windows\SysNative\fastboot.set
[2013-02-20 22:59:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-02-20 22:59:32 | 2070,691,839 | -HS- | M] () -- C:\hiberfil.sys
[2013-02-20 15:32:44 | 000,002,223 | ---- | M] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2013-02-20 14:10:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2196896337-1785881382-3878986201-1001Core.job
[2013-02-20 12:08:09 | 000,051,630 | ---- | M] () -- C:\Users\Home\Desktop\spinaltap.jpg
[2013-02-20 02:52:33 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013-02-19 18:55:51 | 000,000,013 | ---- | M] () -- C:\Windows\SysWow64\WinSys32.crc
[2013-02-19 11:42:23 | 000,001,001 | ---- | M] () -- C:\Users\Public\Desktop\ComicRack.lnk
[2013-02-17 23:48:38 | 000,001,622 | ---- | M] () -- C:\Users\Public\Desktop\Back To The Future The Game.lnk
[2013-02-16 17:42:42 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2013-02-16 17:42:42 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2013-02-16 17:42:42 | 000,122,904 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2013-02-16 17:42:42 | 000,109,080 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2013-02-16 17:37:56 | 000,001,308 | ---- | M] () -- C:\Users\Public\Desktop\Play Yesterday.lnk
[2013-02-16 13:55:07 | 000,002,023 | ---- | M] () -- C:\Users\Home\Desktop\LANoire - Shortcut.lnk
[2013-02-16 10:31:31 | 000,000,716 | ---- | M] () -- C:\Users\Home\Desktop\_Documents - Shortcut.lnk
[2013-02-16 10:00:36 | 000,000,861 | ---- | M] () -- C:\Users\Home\Desktop\CoffeeCup HTML Editor.lnk
[2013-02-16 00:08:54 | 000,001,195 | ---- | M] () -- C:\Users\Home\Desktop\Expenses - Shortcut.lnk
[2013-02-15 23:46:30 | 000,001,273 | ---- | M] () -- C:\Users\Home\Desktop\Passwords - Ana - Shortcut.lnk
[2013-02-15 23:46:18 | 000,001,295 | ---- | M] () -- C:\Users\Home\Desktop\Passwords - Phil - Shortcut.lnk
[2013-02-14 14:59:01 | 000,002,009 | ---- | M] () -- C:\Users\Home\Desktop\Kindle.lnk
[2013-02-14 14:58:32 | 000,000,854 | ---- | M] () -- C:\Users\Home\Desktop\Downloads.lnk
[2013-02-13 23:37:45 | 000,001,916 | ---- | M] () -- C:\Users\Public\Desktop\SugarSync.lnk
[2013-02-13 11:43:08 | 005,278,632 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013-02-12 01:46:05 | 000,001,133 | ---- | M] () -- C:\Users\Home\Desktop\Adobe Media Encoder CS5.lnk
[2013-02-11 21:15:12 | 000,058,714 | ---- | M] () -- C:\Users\Home\Desktop\Analytics www.tpapictures.com Traffic Sources Overview 20130201-20130211.pdf
[2013-02-11 21:13:25 | 000,067,064 | ---- | M] () -- C:\Users\Home\Desktop\Analytics www.tpapictures.com Audience Overview 20130201-20130211.pdf
[2013-02-11 21:12:39 | 000,102,095 | ---- | M] () -- C:\Users\Home\Desktop\Analytics www.tpapictures.com Location 20130201-20130211.pdf
[2013-02-10 13:53:02 | 000,000,638 | ---- | M] () -- C:\Users\Home\Desktop\Music - Shortcut.lnk
[2013-02-10 13:52:50 | 000,000,684 | ---- | M] () -- C:\Users\Home\Desktop\My Pictures - Shortcut.lnk
[2013-02-10 13:11:29 | 000,001,370 | ---- | M] () -- C:\Users\Home\Desktop\Download Windows.lnk
[2013-02-09 22:55:37 | 000,002,523 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013-02-08 01:44:31 | 001,316,352 | ---- | M] () -- C:\Users\Home\Desktop\21Gobelins.bld
[2013-02-07 23:28:39 | 003,205,967 | ---- | M] () -- C:\Users\Home\Desktop\Paris bus.pdf
[2013-02-03 23:31:39 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013-02-03 23:31:37 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013-02-03 23:31:37 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013-02-03 23:31:36 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013-02-03 23:31:36 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013-02-03 23:31:36 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013-02-03 17:45:08 | 000,001,516 | ---- | M] () -- C:\Users\Home\Desktop\The Testament of Sherlock Holmes.lnk
[2013-02-03 14:12:26 | 000,001,933 | ---- | M] () -- C:\Users\Home\Desktop\DeNoiseLF.lnk
[2013-02-03 14:12:26 | 000,001,924 | ---- | M] () -- C:\Users\Home\Desktop\DeNoise.lnk
[2013-02-03 14:09:29 | 000,001,984 | ---- | M] () -- C:\Users\Home\Desktop\ClickRepair.lnk
[2013-02-02 04:07:28 | 000,002,194 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013-02-02 02:41:46 | 000,001,197 | ---- | M] () -- C:\Users\Public\Desktop\Vegas Pro 10.0 (64-bit).lnk
[2013-02-01 00:37:26 | 000,001,104 | ---- | M] () -- C:\Users\Home\Desktop\The Cave.lnk
[2013-01-30 13:12:24 | 000,143,104 | ---- | M] (EldoS Corporation) -- C:\Windows\SysNative\SSCbFsNetRdr3.dll
[2013-01-30 13:12:20 | 000,225,024 | ---- | M] (EldoS Corporation) -- C:\Windows\SysWow64\SSCbFsNetRdr3.dll
[2013-01-30 13:12:16 | 000,192,256 | ---- | M] (EldoS Corporation) -- C:\Windows\SysNative\SSCbFsMntNtf3.dll
[2013-01-30 13:12:06 | 000,159,488 | ---- | M] (EldoS Corporation) -- C:\Windows\SysWow64\SSCbFsMntNtf3.dll
[2013-01-30 13:11:50 | 000,347,904 | ---- | M] (EldoS Corporation) -- C:\Windows\SysNative\drivers\sscbfs3.sys
[2013-01-26 21:54:41 | 000,001,021 | ---- | M] () -- C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013-01-26 21:54:37 | 000,000,987 | ---- | M] () -- C:\Users\Home\Desktop\Dropbox.lnk
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013-02-21 00:28:48 | 000,001,737 | ---- | C] () -- C:\Users\Home\Desktop\MISE - Shortcut.lnk
[2013-02-20 12:08:03 | 000,051,630 | ---- | C] () -- C:\Users\Home\Desktop\spinaltap.jpg
[2013-02-19 18:52:36 | 000,000,013 | ---- | C] () -- C:\Windows\SysWow64\WinSys32.crc
[2013-02-17 23:48:38 | 000,001,622 | ---- | C] () -- C:\Users\Public\Desktop\Back To The Future The Game.lnk
[2013-02-16 17:37:56 | 000,001,308 | ---- | C] () -- C:\Users\Public\Desktop\Play Yesterday.lnk
[2013-02-16 13:55:07 | 000,002,023 | ---- | C] () -- C:\Users\Home\Desktop\LANoire - Shortcut.lnk
[2013-02-16 10:31:31 | 000,000,716 | ---- | C] () -- C:\Users\Home\Desktop\_Documents - Shortcut.lnk
[2013-02-15 23:46:30 | 000,001,273 | ---- | C] () -- C:\Users\Home\Desktop\Passwords - Ana - Shortcut.lnk
[2013-02-15 23:46:18 | 000,001,295 | ---- | C] () -- C:\Users\Home\Desktop\Passwords - Phil - Shortcut.lnk
[2013-02-15 17:24:09 | 000,001,195 | ---- | C] () -- C:\Users\Home\Desktop\Expenses - Shortcut.lnk
[2013-02-14 14:59:01 | 000,002,009 | ---- | C] () -- C:\Users\Home\Desktop\Kindle.lnk
[2013-02-14 14:58:32 | 000,000,854 | ---- | C] () -- C:\Users\Home\Desktop\Downloads.lnk
[2013-02-13 23:37:45 | 000,001,928 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SugarSync.lnk
[2013-02-13 23:37:45 | 000,001,916 | ---- | C] () -- C:\Users\Public\Desktop\SugarSync.lnk
[2013-02-12 14:24:11 | 000,001,001 | ---- | C] () -- C:\Users\Public\Desktop\ComicRack.lnk
[2013-02-11 21:15:11 | 000,058,714 | ---- | C] () -- C:\Users\Home\Desktop\Analytics www.tpapictures.com Traffic Sources Overview 20130201-20130211.pdf
[2013-02-11 21:13:25 | 000,067,064 | ---- | C] () -- C:\Users\Home\Desktop\Analytics www.tpapictures.com Audience Overview 20130201-20130211.pdf
[2013-02-11 21:12:39 | 000,102,095 | ---- | C] () -- C:\Users\Home\Desktop\Analytics www.tpapictures.com Location 20130201-20130211.pdf
[2013-02-10 13:53:02 | 000,000,638 | ---- | C] () -- C:\Users\Home\Desktop\Music - Shortcut.lnk
[2013-02-10 13:52:50 | 000,000,684 | ---- | C] () -- C:\Users\Home\Desktop\My Pictures - Shortcut.lnk
[2013-02-10 13:11:20 | 000,001,370 | ---- | C] () -- C:\Users\Home\Desktop\Download Windows.lnk
[2013-02-08 01:40:26 | 001,316,352 | ---- | C] () -- C:\Users\Home\Desktop\21Gobelins.bld
[2013-02-07 23:28:39 | 003,205,967 | ---- | C] () -- C:\Users\Home\Desktop\Paris bus.pdf
[2013-02-03 17:45:08 | 000,001,516 | ---- | C] () -- C:\Users\Home\Desktop\The Testament of Sherlock Holmes.lnk
[2013-02-03 14:12:26 | 000,001,933 | ---- | C] () -- C:\Users\Home\Desktop\DeNoiseLF.lnk
[2013-02-03 14:12:26 | 000,001,924 | ---- | C] () -- C:\Users\Home\Desktop\DeNoise.lnk
[2013-02-03 14:09:29 | 000,001,984 | ---- | C] () -- C:\Users\Home\Desktop\ClickRepair.lnk
[2013-02-02 02:41:46 | 000,001,197 | ---- | C] () -- C:\Users\Public\Desktop\Vegas Pro 10.0 (64-bit).lnk
[2013-02-01 00:37:26 | 000,001,104 | ---- | C] () -- C:\Users\Home\Desktop\The Cave.lnk
[2013-01-18 14:04:02 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2013-01-13 15:24:15 | 000,000,000 | ---- | C] () -- C:\Users\Home\AppData\Roaming\Stardockfences_debug_snapshot.dat
[2013-01-13 15:19:39 | 000,000,093 | ---- | C] () -- C:\Windows\WFT-E5Utility.INI
[2012-12-12 22:35:01 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012-12-12 22:35:00 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012-11-20 23:32:40 | 003,123,272 | R--- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012-10-10 02:22:34 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012-10-10 02:22:32 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2012-10-10 02:22:16 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2012-10-03 02:33:56 | 000,077,824 | ---- | C] () -- C:\Windows\KMService.exe
[2012-10-03 02:33:56 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2012-10-01 15:43:29 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012-10-01 15:43:29 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012-10-01 15:43:29 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2012-10-01 15:43:27 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012-10-01 15:43:23 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012-09-25 05:48:13 | 000,000,000 | ---- | C] () -- C:\Windows\firstboot.dat
[2012-07-04 01:14:53 | 002,086,240 | ---- | C] () -- C:\Windows\SysWow64\LenovoVeriface.Interface.dll
[2012-07-04 01:14:53 | 001,500,512 | ---- | C] () -- C:\Windows\SysWow64\Apblend.dll
[2012-07-04 01:14:53 | 001,171,456 | ---- | C] () -- C:\Windows\SysWow64\PicNotify.dll
[2012-07-04 01:14:53 | 000,472,416 | ---- | C] () -- C:\Windows\SysWow64\Lenovo.VerifaceStub.dll
[2012-07-04 01:14:46 | 001,044,480 | ---- | C] () -- C:\Windows\SysWow64\3DImageRenderer.dll
[2012-07-04 00:43:24 | 000,773,050 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012-03-19 22:37:12 | 000,755,188 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2012-03-19 22:37:12 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2012-02-03 06:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012-06-09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012-11-24 21:04:44 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Amazon
[2013-02-14 15:24:42 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\calibre
[2013-01-13 15:16:54 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Canon
[2013-02-12 14:50:46 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\CDisplayEx
[2013-02-19 18:52:37 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\CoffeeCup Software
[2013-02-12 14:26:06 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\cYo
[2013-01-11 02:03:52 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\DAEMON Tools Lite
[2013-02-01 00:37:34 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Doublefine
[2013-02-20 23:01:42 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Dropbox
[2013-01-12 14:40:07 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\FileZilla
[2012-11-05 16:24:06 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Flickr
[2012-11-16 02:48:11 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Frogwares
[2012-12-18 22:30:45 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Home Designer Suite 8.0
[2013-02-21 00:28:53 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\LucasArts
[2012-09-25 09:28:32 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\ooVoo Details
[2013-01-18 14:04:02 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\PACE Anti-Piracy
[2012-10-22 23:03:01 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Publish Providers
[2013-02-15 01:03:36 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Sony
[2013-02-01 23:22:05 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2013-02-09 00:39:39 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Stardock
[2013-01-02 01:13:30 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Theta
[2012-09-27 04:44:22 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Thunderbird
[2013-02-21 12:34:43 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\uTorrent

========== Purity Check ==========

========== Custom Scans ==========

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< %temp%\smtmp\*.* /s > >

< MD5 for: EXPLORER.ADML >
[2010-11-21 08:06:30 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows\winsxs\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7ef5713984067904\Explorer.adml

< MD5 for: EXPLORER.ADMX >
[2009-06-10 21:53:55 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\winsxs\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.1.7600.16385_none_71af9b5b0a86e6b7\Explorer.admx

< MD5 for: EXPLORER.EXE >
[2011-10-10 08:52:17 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011-10-10 08:52:17 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011-10-10 08:52:17 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011-10-10 08:52:17 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010-11-21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011-10-10 08:52:17 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011-10-10 08:52:17 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010-11-21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: EXPLORER.EXE.MUI >
[2010-11-21 08:06:17 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\en-US\explorer.exe.mui
[2010-11-21 08:06:17 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_61e778c48d52d19b\explorer.exe.mui
[2010-11-21 08:06:19 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\SysWOW64\en-US\explorer.exe.mui
[2010-11-21 08:06:19 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6c3c2316c1b39396\explorer.exe.mui

< MD5 for: EXPLORER.EXE-254441E9.PF >
[2013-02-21 12:17:20 | 000,031,888 | ---- | M] () MD5=12C301B966FD58D7A2D7340A5DE264C8 -- C:\Windows\Prefetch\EXPLORER.EXE-254441E9.pf

< MD5 for: EXPLORER.EXE-A80E4F97.PF >
[2013-02-21 12:17:30 | 000,136,484 | ---- | M] () MD5=7686446C49C52A23D492BC513CBC129F -- C:\Windows\Prefetch\EXPLORER.EXE-A80E4F97.pf

< MD5 for: EXPLORER.ZIP >
[2009-06-03 19:15:06 | 000,020,394 | ---- | M] () MD5=B469409C2B2A33C542190B720E11BD79 -- C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Explorer.zip

< MD5 for: IEXPLORE.EXE >
[2013-01-09 02:53:45 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=0100BCF23941C83462E4A70F94C3392E -- C:\Program Files\Internet Explorer\iexplore.exe
[2013-01-09 02:53:45 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=0100BCF23941C83462E4A70F94C3392E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16464_none_0d2c5bc980874648\iexplore.exe
[2012-11-14 03:56:04 | 000,757,296 | ---- | M] (Microsoft Corporation) MD5=0D286C0FE561D1A7EB30E83A0FF305B2 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16457_none_178ed6e5b4dd3857\iexplore.exe
[2012-08-24 08:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation) MD5=22CC6CDBA678790046693654C3B212E4 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16450_none_1787d4dfb4e386f6\iexplore.exe
[2012-10-08 09:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation) MD5=270A1342BD5AF95CA25A586B4C2F1522 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16455_none_178cd651b4df05a9\iexplore.exe
[2012-08-24 12:23:44 | 000,754,824 | ---- | M] (Microsoft Corporation) MD5=2D53C5F71653EF94E7829846405D4ED2 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16450_none_0d332a8d8082c4fb\iexplore.exe
[2012-10-08 13:29:46 | 000,754,848 | ---- | M] (Microsoft Corporation) MD5=49442BA6DCE4B4E3C1CB0AB193FE29AD -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16455_none_0d382bff807e43ae\iexplore.exe
[2012-08-24 11:49:07 | 000,754,824 | ---- | M] (Microsoft Corporation) MD5=5A150AFABB25BEA50CEDC8650A7B8A9E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20557_none_0dc3c95e999a1626\iexplore.exe
[2012-08-24 08:49:25 | 000,748,680 | ---- | M] (Microsoft Corporation) MD5=62188720CE27B982B4285C03163C9FB3 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20557_none_181873b0cdfad821\iexplore.exe
[2013-01-08 23:42:06 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=698EB1E5F8C66344D97C00B5699E871D -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
[2013-01-08 23:42:06 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=698EB1E5F8C66344D97C00B5699E871D -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16464_none_1781061bb4e80843\iexplore.exe
[2010-11-21 04:24:43 | 000,695,056 | ---- | M] (Microsoft Corporation) MD5=86257731DDB311FBC283534CC0091634 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1196a9003b674a92\iexplore.exe
[2011-10-10 08:48:08 | 000,748,336 | ---- | M] (Microsoft Corporation) MD5=904E13BA41AF2E353A32CF351CA53639 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16421_none_17a944edb4ca4c7a\iexplore.exe
[2012-11-16 04:08:58 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=AC4957E154F750DF54F36ADC8E3E040D -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20565_none_0db6f8de99a3ff69\iexplore.exe
[2010-11-21 04:25:08 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C613E69C3B191BB02C7A191741A1D024 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1beb53526fc80c8d\iexplore.exe
[2012-10-08 09:22:05 | 000,748,704 | ---- | M] (Microsoft Corporation) MD5=CECB15F834FC2B4B150449717ADE18DD -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20562_none_1808a252ce07755f\iexplore.exe
[2013-01-09 01:51:57 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=EF1F6F41FB2C9BBB484B21017F380201 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20573_none_0daa285e99ade8ac\iexplore.exe
[2013-01-08 22:32:42 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=F05982E56ABD835AA8DF260EEC873E5B -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20573_none_17fed2b0ce0eaaa7\iexplore.exe
[2011-10-10 08:48:08 | 000,754,480 | ---- | M] (Microsoft Corporation) MD5=F1424C1B9B1813BF825E45DF3790BC8A -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16421_none_0d549a9b80698a7f\iexplore.exe
[2012-10-08 12:09:10 | 000,754,824 | ---- | M] (Microsoft Corporation) MD5=F61714ABCF9BF0CEF0A6249AD4FD490B -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20562_none_0db3f80099a6b364\iexplore.exe
[2012-11-14 03:19:28 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=F691418EE9A6344AEB5C1B0518FBF8AE -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20565_none_180ba330ce04c164\iexplore.exe
[2012-11-14 08:11:18 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=FD0D2E1FAEBAE5031BE2EB8000D973F1 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16457_none_0d3a2c93807c765c\iexplore.exe

< MD5 for: IEXPLORE.EXE.MUI >
[2011-10-10 08:48:08 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=17FAE936C452188D05852DE8D1082013 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2011-10-10 08:48:08 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=17FAE936C452188D05852DE8D1082013 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_en-us_07013012b816cb66\iexplore.exe.mui
[2011-10-10 08:48:09 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C71CCB3C8817185E67210856778831F -- C:\Program Files (x86)\Internet Explorer\en-US\iexplore.exe.mui
[2011-10-10 08:48:09 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C71CCB3C8817185E67210856778831F -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_en-us_1155da64ec778d61\iexplore.exe.mui
[2009-07-14 03:29:20 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_0b433e7773148b79\iexplore.exe.mui
[2009-07-14 03:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_1597e8c9a7754d74\iexplore.exe.mui

< MD5 for: SERVICES >
[2009-06-10 22:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.CFG >
[2012-12-18 20:08:30 | 000,559,043 | ---- | M] () MD5=BA25E8F1460C7453B7488FE4B42F6919 -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Services\Services.cfg

< MD5 for: SERVICES.EXE >
[2009-07-14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009-07-14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2010-11-21 08:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2010-11-21 08:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.HTML >
[2011-07-08 13:35:42 | 000,004,770 | ---- | M] () MD5=17188A92538CDC0F24BC49FC21BA6B48 -- C:\Users\Home\Documents\CoffeeCup Software\Themes\HTML Editor\Themes\Effekt\html\services.html
[2011-07-08 13:35:28 | 000,003,270 | ---- | M] () MD5=926E634B7120226FA931E1831A0CF475 -- C:\Users\Home\Documents\CoffeeCup Software\Themes\HTML Editor\Themes\Deep Red\html\services.html
[2011-07-08 13:35:14 | 000,005,651 | ---- | M] () MD5=B5F08DF2FC202830257079A2A7A92784 -- C:\Users\Home\Documents\CoffeeCup Software\Themes\HTML Editor\Themes\Ecologic\html\services.html
[2011-07-08 13:35:46 | 000,003,876 | ---- | M] () MD5=D793AE36644E61E7E024AE033F0A164B -- C:\Users\Home\Documents\CoffeeCup Software\Themes\HTML Editor\Themes\PaperMag\html\services.html
[2011-07-11 13:19:50 | 000,003,152 | ---- | M] () MD5=F711D40576F7BABFF66CEF6B089ED5D1 -- C:\Users\Home\Documents\CoffeeCup Software\Themes\HTML Editor\Themes\Kids\html\services.html

< MD5 for: SERVICES.LNK >
[2009-07-14 05:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009-07-14 05:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009-06-10 21:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009-06-10 21:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2010-11-21 08:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009-06-10 21:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2010-11-21 08:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009-06-10 22:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2010-11-21 08:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009-06-10 21:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2010-11-21 08:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009-06-10 22:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PNG >
[2008-03-27 05:57:28 | 000,003,334 | ---- | M] () MD5=5FF3A00670DE8D80ADA4BD034B55D154 -- C:\Users\Home\Documents\CoffeeCup Software\Graphics\CoffeeCup Graphics Pack Samples\Red\services.png
[2008-03-27 05:38:18 | 000,003,827 | ---- | M] () MD5=BFC0958B73C61EE6C5EEA8D8C6073D26 -- C:\Users\Home\Documents\CoffeeCup Software\Graphics\CoffeeCup Graphics Pack Samples\Blue\services.png

< MD5 for: SERVICES.PTXML >
[2009-07-13 21:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009-07-13 21:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: WINLOGON.ADML >
[2010-11-21 08:06:30 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f0f9032ef6930070\WinLogon.adml

< MD5 for: WINLOGON.ADMX >
[2009-06-10 22:04:41 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm_31bf3856ad364e35_6.1.7600.16385_none_d7024e6992f3424d\WinLogon.admx

< MD5 for: WINLOGON.EXE >
[2010-11-21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010-11-21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

< MD5 for: WINLOGON.EXE.MUI >
[2010-11-21 08:06:14 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\SysNative\en-US\winlogon.exe.mui
[2010-11-21 08:06:14 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_en-us_291e96fa1ab5fc7b\winlogon.exe.mui

< MD5 for: WINLOGON.MFL >
[2010-11-21 08:06:15 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\SysNative\wbem\en-US\winlogon.mfl
[2010-11-21 08:06:15 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_en-us_84afd4fd38ffd276\winlogon.mfl

< MD5 for: WINLOGON.MOF >
[2009-07-13 21:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\SysNative\wbem\winlogon.mof
[2009-07-13 21:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.1.7600.16385_none_dc2dbb778f98e40f\winlogon.mof

< %SYSTEMDRIVE%\*.* >
[2010-11-21 04:23:51 | 000,383,786 | RHS- | M] () -- C:\bootmgr
[2011-02-24 18:03:41 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2007-11-07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007-11-07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007-11-07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007-11-07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007-11-07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007-11-07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007-11-07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007-11-07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007-11-07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2013-02-20 23:00:01 | 000,604,690 | ---- | M] () -- C:\FaceProv.log
[2012-11-27 23:59:16 | 000,051,537 | ---- | M] () -- C:\formatter.log
[2007-11-07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2013-02-20 22:59:32 | 2070,691,839 | -HS- | M] () -- C:\hiberfil.sys
[2007-11-07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007-11-07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007-11-07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007-11-07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007-11-07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007-11-07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007-11-07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007-11-07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007-11-07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007-11-07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007-11-07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2013-02-20 22:59:38 | 4192,579,583 | -HS- | M] () -- C:\pagefile.sys
[2007-11-07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007-11-07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007-11-07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< %systemroot%\Fonts\*.com >
[2009-07-14 06:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009-07-14 06:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009-07-14 06:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009-07-14 06:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009-06-10 21:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010-11-10 10:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009-07-14 05:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2012-09-25 06:56:18 | 000,000,221 | -HS- | M] () -- C:\Users\Home\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 1185 bytes -> C:\Program Files\Common Files\Microsoft Shared:eZUPtNrBT0hhzV8YJeD0JYLr
@Alternate Data Stream - 1184 bytes -> C:\ProgramData\Microsoft:gRJ8p0nOStNmOr0z3Opd
@Alternate Data Stream - 1143 bytes -> C:\Program Files\Common Files\Microsoft Shared:g2Iq3GsXbtFZzG0fHMdpM5s44
@Alternate Data Stream - 1042 bytes -> C:\ProgramData\Microsoft:mjoYXVnYQmtEPJQ2K9bb

< End of report >

Extras.txt

OTL Extras logfile created on: 21-02-13 12:34:36 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Home\Desktop\OTL
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MM-yy

7.90 Gb Total Physical Memory | 5.56 Gb Available Physical Memory | 70.39% Memory free
15.81 Gb Paging File | 13.38 Gb Available in Paging File | 84.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 886.32 Gb Total Space | 744.56 Gb Free Space | 84.01% Space Free | Partition Type: NTFS
Drive D: | 25.47 Gb Total Space | 21.72 Gb Free Space | 85.28% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 158.32 Gb Free Space | 17.00% Space Free | Partition Type: NTFS
Drive G: | 1.35 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: LAPTOP | User Name: Home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\WEB\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\HARDWARE\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\MEDIA\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\MEDIA\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\MEDIA\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\HARDWARE\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\MEDIA\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\MEDIA\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\MEDIA\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{114C8E68-7E99-452A-833A-7BC01290A599}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{1F60CF42-9794-4412-97B3-B861E4F46854}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{6759CE99-A09B-4697-AD61-97926A21F0D5}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{77D76F31-CD54-45CA-B316-83C0D3968990}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7A26F7FB-2279-4700-8B4A-F64B93957385}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{89332DEE-6F20-49BF-8461-AD87DAF72452}" = rport=2869 | protocol=6 | dir=out | app=system |
"{8E63BCE0-4A24-4A3F-855A-63D0FE00880D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AB812BAC-61C5-4C32-85AA-F1EEED090665}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{B7C01C3F-8145-45E3-B6C6-B03FA5A6B25D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C80B301A-E586-445F-8507-67AE52F5C939}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{D54F5782-8168-4029-B606-D90622589EB2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{E49204AD-7FC8-4D4A-8776-EC008C06118D}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{017BCF48-89A5-4C1B-847C-D96763456606}" = protocol=6 | dir=in | app=c:\users\home\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{0BD42FFC-5C41-4164-92A7-3C0C4CAEBD1C}" = protocol=6 | dir=in | app=c:\users\home\appdata\roaming\dropbox\bin\dropbox.exe |
"{0BDBBDF2-6FBC-4666-AC04-D2F32322DC70}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{0D15B71D-4819-419B-AD34-DB299923FB40}" = dir=in | app=c:\program files (x86)\web\skype\phone\skype.exe |
"{0FB0634C-5C93-4F5A-803F-34C1AE104897}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{195DF7F4-0731-4499-BBD3-782AD9A977D3}" = dir=in | app=c:\users\home\appdata\local\microsoft\skydrive\skydrive.exe |
"{268ED807-914D-41B2-8879-F88C5BEC6ED7}" = protocol=17 | dir=in | app=c:\users\home\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{29697D0D-C0FA-4412-A487-892112D38393}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{2B7C4BB7-5C8F-4A8F-BFDA-30A66CD5C6D6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{2CD110F8-10AA-458D-8FB0-837CAF568925}" = dir=in | app=c:\program files (x86)\misc\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{2CF5B13C-D28A-4E7C-9ECD-F0A4D97338E7}" = protocol=17 | dir=in | app=c:\program files (x86)\games\ubisoft\assassin's creed iii\ac3mp.exe |
"{2E79A75F-D835-4A76-B507-FAE60D88FE88}" = protocol=6 | dir=in | app=c:\program files (x86)\games\ubisoft\assassin's creed iii\assassinscreed3.exe |
"{41498155-B735-4C68-8D52-A6C23AEC6786}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{47179690-305B-4C41-AE09-74BE85E7C1C5}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4A6AE122-8A8F-442F-8260-BC4DA29BF247}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{4E2EF85F-0EF5-499F-A375-33383DB4E8CE}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe |
"{51A6762A-FFF2-4BE4-892D-91ED22D744DE}" = protocol=6 | dir=in | app=c:\program files (x86)\games\ubisoft\assassin's creed iii\ac3mp.exe |
"{5BB63FBB-05CC-431F-9F66-70D243EF1530}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{6D60A227-C690-419D-A5C4-B1D87A388832}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{6DC4F4AB-F986-429C-8AE6-D5574DF3276E}" = protocol=6 | dir=out | app=c:\program files (x86)\misc\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{74953346-7EC5-4F4C-AD19-4A0796C0990D}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{754DF385-9D58-44DA-B469-2DD71CD9923C}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{813E3D7D-E13E-4BB7-AAAE-8BE59342F11C}" = protocol=17 | dir=in | app=c:\users\home\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{8975DCEE-4EC2-4ABC-AC46-10B45E275D90}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{8BEB54A2-89A2-4965-B632-80B45214E24C}" = dir=in | app=%programfiles% (x86)\games\ubisoft\assassin's creed iii\ac3mp.exe |
"{8C34AAE9-CFBC-449E-ADA6-33136F4F3CA0}" = dir=in | app=%programfiles% (x86)\games\ubisoft\assassin's creed iii\assassinscreed3.exe |
"{8D3D1B9E-FDCB-42EC-8A47-DFA932A39792}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{9AC2C12E-EFD3-4815-9608-35AAE8803D6F}" = protocol=17 | dir=in | app=c:\users\home\appdata\roaming\dropbox\bin\dropbox.exe |
"{9F8CC41D-A44C-4882-88C7-7B66E232D111}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{A0771C25-899C-4740-AAA3-9685CBF19EB6}" = dir=in | app=c:\program files (x86)\lenovo\powerdvd10\powerdvd10.exe |
"{A3DF7248-83AB-451A-82BD-9AC3A3F108C3}" = dir=in | app=%programfiles% (x86)\games\focus\frogwares\the testament of sherlock holmes\game.exe |
"{A7BE8117-2FED-436B-8133-BE7149313097}" = dir=in | app=c:\program files (x86)\lenovo\powerdvd10\powerdvd cinema\powerdvdcinema10.exe |
"{AB2A5D93-52E7-4454-870C-3455FFF64488}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B1142061-2BA9-4011-A89A-6845E281AF78}" = dir=in | app=c:\program files (x86)\misc\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{C2FDCC87-B372-42FD-BD2A-40246A17E4C3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{C39D046D-0459-4F58-89D5-1EB2A3CA675E}" = dir=out | app=%programfiles% (x86)\web\utorrent\utorrent.exe |
"{C8B22E8C-EF51-4EDD-96A8-3BE544FA8224}" = protocol=6 | dir=in | app=c:\program files (x86)\games\ubisoft\assassin's creed iii\ac3sp.exe |
"{C8B7F5BF-E982-4C4B-A88B-0F234EF59B9C}" = protocol=17 | dir=in | app=c:\program files (x86)\web\utorrent\utorrent.exe |
"{CB75FD71-6EB4-4267-944B-1E0777B9B4FF}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{D0B4DB50-4648-4233-AF61-DEAC22C76264}" = dir=in | app=%programfiles% (x86)\games\ubisoft\assassin's creed iii\ac3sp.exe |
"{D48AAF7E-A19D-4066-8074-1F14582C52A0}" = protocol=6 | dir=in | app=c:\users\home\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{D5467BA2-6A4C-45AE-AFF9-DC2181A58548}" = protocol=6 | dir=in | app=c:\program files (x86)\web\utorrent\utorrent.exe |
"{D6391479-9327-465A-8183-F3CD95CFF041}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{DB8BB425-063E-4D74-AF3E-EE1D431164F7}" = protocol=17 | dir=in | app=c:\program files (x86)\games\ubisoft\assassin's creed iii\assassinscreed3.exe |
"{F04BAD69-00C9-48EF-B6A2-B9AF3226C05C}" = protocol=17 | dir=in | app=c:\program files (x86)\games\ubisoft\assassin's creed iii\ac3sp.exe |
"{FE62582B-853E-4500-9F27-7BCBC670757D}" = protocol=6 | dir=out | app=c:\program files (x86)\misc\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"TCP Query User{2CE684F5-8AAA-447D-8D05-6E31C8D8A803}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"TCP Query User{57200E51-E434-4DCC-A933-FEEB6752B24B}C:\users\home\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\home\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{B5738E86-B05C-4571-B5E9-0B05B1250D09}C:\program files\media\comicrack\comicrack.exe" = protocol=6 | dir=in | app=c:\program files\media\comicrack\comicrack.exe |
"TCP Query User{FF707D69-2DE0-4D3B-8AA7-67B497D11144}C:\program files\media\comicrack\comicrack.exe" = protocol=6 | dir=in | app=c:\program files\media\comicrack\comicrack.exe |
"UDP Query User{776C92BF-291E-4100-B0F8-E437AF0B43C4}C:\program files\media\comicrack\comicrack.exe" = protocol=17 | dir=in | app=c:\program files\media\comicrack\comicrack.exe |
"UDP Query User{95F0A1A5-EAEE-40B2-8681-0CD3075C1A03}C:\users\home\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\home\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{97D5B5A6-4E68-4EB6-A6C3-6FCAA27D80FB}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"UDP Query User{E0049A1C-802D-452B-9E21-EFEED59BBB98}C:\program files\media\comicrack\comicrack.exe" = protocol=17 | dir=in | app=c:\program files\media\comicrack\comicrack.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
"{10CD364B-FFCC-48BE-B469-B9622A033075}" = Fences
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel® Wireless Display
"{2C0E6BD4-65B1-4E82-B2AC-43EFFC8F100C}" = Intel® PROSet/Wireless for Bluetooth® 3.0 + High Speed
"{3A089BB3-2CED-49B7-9B12-9AF5F623405E}" = calibre 64bit
"{4169B8AC-D144-4E38-A9CA-637EA44129ED}" = Intel® Wireless Music device driver
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}" = Lenovo Bluetooth with Enhanced Data Rate Software
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C616FD4F-11F5-11E0-A38F-0013D3D69929}" = Vegas Pro 10.0 (64-bit)
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{C9608300-11F5-11E0-A64B-0013D3D69929}" = MSVCRT Redists
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{DF7756DD-656A-45C3-BA71-74673E8259A9}" = Intel® PROSet/Wireless WiFi Software
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"99841829BE839365AA67B2AD0E50D371F59F8A1E" = Windows Driver Package - Lenovo (ACPIVPC) System (12/15/2011 7.1.0.1)
"CCleaner" = CCleaner
"ComicRack" = ComicRack v0.9.162
"Lenovo EE Boot Optimizer" = Lenovo EE Boot Optimizer
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1E76EB6E-E390-11DF-95DB-005056C00008}" = MSVCRT Redists
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel® USB 3.0 eXtensible Host Controller Driver
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{38A96559-FF39-4089-A609-BFD76C4A6C07}_is1" = The Testament of Sherlock Holmes
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4677B88C-CE16-4CBB-A2CB-B76E9D456C7F}" = Nsd
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71972D00-4596-11E2-B6EA-B8AC6F97B88E}" = Google Earth Plug-in
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}" = Bing Desktop
"{7FCB8D5D-9396-4D17-8CFA-349D6D49CD32}" = Intel® WiDi
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83EC8AE9-53A6-474D-95AF-8F5116CC9C4E}" = 3D Home Architect Design Suite Deluxe 8
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{900792CC-3203-356C-EC2D-C3E558991ACE}" = Home Designer Suite 8
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9660B18F-EC12-11DF-B006-0013D3D69929}" = Sound Forge Pro 10.0
"{96F9B265-1367-4E1A-B8B9-F8530EF3AA62}" = Add or Remove Adobe Premiere Pro CS5
"{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}" = Assassin's Creed ® III
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5355F15-F98B-4704-9BAE-E53B9FE48F48}" = SDFormatter
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.01)
"{AF192694-4B15-4AC1-92F3-1B02E98C08BD}" = LockKey
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B96D2269-568B-4CBF-9332-12FAE8B158F7}" = Medieval CUE Splitter
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAC9162B-47C5-6FC8-A4D2-A519803D51B3}" = MyFonts Order M53317
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4B060B9-AD4A-4152-9D99-28B93C615AFE}" = Onekey Theater
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D952C4F9-2488-3723-84BE-1BFA907DCAC9}" = Google Talk Plugin
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DC35AABA-EA0A-41C1-8462-F60A201DFF9B}" = Noise Reduction Plug-in 2.0i
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = Lenovo PowerDVD10
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}" = Lenovo EasyCamera
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{F06365EC-061E-48C3-B761-E1816658D618}" = 3DVIA player 5.0.0.20
"{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® OpenCL CPU Runtime
"{FDB0A81A-1173-4B15-BEA4-89FEA0474F17}" = Intelligent Touchpad
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Amazon Kindle" = Amazon Kindle
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.17
"Autobahn" = NexDef Plug-in
"Broken Sword II - The Smoking Mirror Director's Cut_is1" = Broken Sword II - The Smoking Mirror Director's Cut
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"ClickRepair_is1" = ClickRepair 3.4.1
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DAEMON Tools Lite" = DAEMON Tools Lite
"DeNoise_is1" = DeNoise 2.3.1 and DeNoiseLF 2.3.1
"DPP" = Canon Utilities Digital Photo Professional 3.8
"DVD Decrypter" = DVD Decrypter (Remove Only)
"EOS Utility" = Canon Utilities EOS Utility
"Episode 1" = Back to the Future The Game - Episode 1
"Fences" = Fences
"FileZilla Client" = FileZilla Client 3.6.0.2
"Flickr Uploadr" = Flickr Uploadr 3.2.1
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{83EC8AE9-53A6-474D-95AF-8F5116CC9C4E}" = 3D Home Architect Design Suite Deluxe 8
"InstallShield_{AF192694-4B15-4AC1-92F3-1B02E98C08BD}" = LockKey
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"InstallShield_{D4B060B9-AD4A-4152-9D99-28B93C615AFE}" = Onekey Theater
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = Lenovo PowerDVD10
"InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 9.3.0
"L.A.Noire.The Complete Edition.v 1.3.2613 + 1 DLC_is1" = L.A.Noire.The Complete Edition.v 1.3.2613 + 1 DLC
"Mozilla Firefox 19.0 (x86 en-US)" = Mozilla Firefox 19.0 (x86 en-US)
"Mozilla Thunderbird 17.0.3 (x86 en-US)" = Mozilla Thunderbird 17.0.3 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"PunkBusterSvc" = PunkBuster Services
"Rockstar Games Social Club" = Rockstar Games Social Club
"SugarSync" = SugarSync
"The Cave © SEGA_is1" = The Cave © SEGA version 1
"The Walking Dead © 3_is1" = The Walking Dead © 3 version 1
"The Walking Dead Episode 5 © Telltales_is1" = The Walking Dead Episode 5 © Telltales version 1
"Uplay" = Uplay
"VeriFace" = VeriFace
"WFTK" = Canon Utilities WFT Utility
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"Yesterday (en)" = Yesterday (English)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CoffeeCup HTML Editor" = CoffeeCup HTML Editor
"Dropbox" = Dropbox
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"SkyDriveSetup.exe" = Microsoft SkyDrive
"uTorrent" = µTorrent
"Winamp Detect" = Winamp Detector Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 14-02-13 5:46:59 AM | Computer Name = LAPTOP | Source = NSDSvc | ID = 131328
Description = An error has occurred (---ZhuDongFangYu failed with 33883, The Code
is:0x599.).

Error - 14-02-13 5:46:59 AM | Computer Name = LAPTOP | Source = NSDSvc | ID = 131328
Description = An error has occurred (---QQPCrtp failed with 33883, The Code is:0x598.).

Error - 14-02-13 5:46:59 AM | Computer Name = LAPTOP | Source = NSDSvc | ID = 131328
Description = An error has occurred (---QQPCrtp failed with 33883, The Code is:0x599.).

Error - 14-02-13 5:47:03 AM | Computer Name = LAPTOP | Source = NSDSvc | ID = 131328
Description = An error has occurred (---nvUpdatusService failed with 0, The Code
is:0x710.).

Error - 14-02-13 5:47:12 AM | Computer Name = LAPTOP | Source = NSDSvc | ID = 131328
Description = An error has occurred (---SecondWait1 failed with 46971, The Code
is:0x579.).

Error - 14-02-13 5:47:12 AM | Computer Name = LAPTOP | Source = NSDSvc | ID = 131328
Description = An error has occurred (---MsMpSvc failed with 46971, The Code is:0x598.).

Error - 14-02-13 5:47:12 AM | Computer Name = LAPTOP | Source = NSDSvc | ID = 131328
Description = An error has occurred (---MsMpSvc failed with 46971, The Code is:0x599.).

Error - 14-02-13 5:47:12 AM | Computer Name = LAPTOP | Source = NSDSvc | ID = 131328
Description = An error has occurred (---KMService failed with 46971, The Code is:0x598.).

Error - 14-02-13 5:47:12 AM | Computer Name = LAPTOP | Source = NSDSvc | ID = 131328
Description = An error has occurred (---KMService failed with 46971, The Code is:0x599.).

Error - 14-02-13 5:47:12 AM | Computer Name = LAPTOP | Source = NSDSvc | ID = 131328
Description = An error has occurred (---Bonjour Service failed with 46971, The Code
is:0x598.).

[ System Events ]
Error - 17-01-13 11:49:47 AM | Computer Name = LAPTOP | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.

Error - 17-01-13 11:49:48 AM | Computer Name = LAPTOP | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.

Error - 17-01-13 11:49:48 AM | Computer Name = LAPTOP | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.

Error - 17-01-13 11:49:49 AM | Computer Name = LAPTOP | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.

Error - 17-01-13 4:15:05 PM | Computer Name = LAPTOP | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR4.

Error - 17-01-13 4:15:06 PM | Computer Name = LAPTOP | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR4.

Error - 17-01-13 4:15:06 PM | Computer Name = LAPTOP | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR4.

Error - 17-01-13 4:15:07 PM | Computer Name = LAPTOP | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR4.

Error - 17-01-13 4:15:07 PM | Computer Name = LAPTOP | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR4.

Error - 18-01-13 4:42:58 PM | Computer Name = LAPTOP | Source = ipnathlp | ID = 31004
Description =

< End of report >

Edited by tinpanalley, 21 February 2013 - 06:56 AM.

Advertisements

Register to Remove

#2 MrCharlie

SuperMember

Malware Team
2,949 posts

Posted 21 February 2013 - 06:59 AM

Welcome to the forum.

Do you know what this extension is in Chrome:

CHR - Extension: No name found = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmopjaaicbgbhamlgkbebjhfmhnicple\1\

----------------------------------------------
Please do this:
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in bold:

:OTL
[2013-02-14 15:01:22 | 000,000,000 | ---D | M] (Browse2save) -- C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\mze0hrnh.default\extensions\511ced8218cd0@511ced8218d09.com
[2013-02-14 15:00:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BrowseToSave
[2013-02-14 15:00:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Browse2save

:Commands
[EMPTYJAVA]
[emptytemp]
[EMPTYFLASH]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
[*]Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

MrC

#3 tinpanalley

Authentic Member

Authentic Member
189 posts

Posted 21 February 2013 - 07:05 AM

I have no idea what that extension is because I hardly ever use Chrome. But it's Firefox that I'm getting this "Browse to Save" thing in. I'll run the OTL Fix and get back to you. Thank you!!!

#4 tinpanalley

Authentic Member

Authentic Member
189 posts

Posted 21 February 2013 - 07:13 AM

The FiX log... All processes killed ========== OTL ========== C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\mze0hrnh.default\extensions\511ced8218cd0@511ced8218d09.com\content folder moved successfully. C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\mze0hrnh.default\extensions\511ced8218cd0@511ced8218d09.com folder moved successfully. C:\Program Files (x86)\BrowseToSave folder moved successfully. C:\ProgramData\Browse2save folder moved successfully. ========== COMMANDS ========== [EMPTYJAVA] User: All Users User: Default User: Default User User: Home ->Java cache emptied: 1769738 bytes User: Public User: UpdatusUser Total Java Files Cleaned = 2.00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 41620 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Home ->Temp folder emptied: 265479704 bytes ->Temporary Internet Files folder emptied: 58233829 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 72144993 bytes ->Google Chrome cache emptied: 44463500 bytes ->Flash cache emptied: 1296512 bytes User: Public User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 25272878 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes RecycleBin emptied: 10388442 bytes Total Files Cleaned = 455.00 mb [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: Home ->Flash cache emptied: 0 bytes User: Public User: UpdatusUser Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 02212013_140608 Files\Folders moved on Reboot... C:\Users\Home\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot...

#5 MrCharlie

SuperMember

Malware Team
2,949 posts

Posted 21 February 2013 - 07:36 AM

Type the following into the address box of Chrome and hit Enter:

chrome:extensions

Do the same for:

chrome:plugins

See if you can see that extension or any unfamiliar ones.

------------------------------------------

Please download AdwCleaner from here and save it on your Desktop.

AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.

AdwCleaner is a tool that deletes :
· Adwares (software ads)
· PUP/LPI (Potentially Undesirable Program)
· Toolbars
· Hijacker (Hijack of the browser's homepage)

It works with a Search and Deletion methode. It can be easily uninstalled using the "Uninstall" mode.

Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
Now click on the Search tab.
Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Please look over what was found, we're going to delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.

MrC

#6 tinpanalley

Authentic Member

Authentic Member
189 posts

Posted 21 February 2013 - 07:41 AM

I definitely see it in extensions but don't think I'm seeing it in plugins. Here is the ADW log.... None of what was found with adw needs to be kept but it says Chrome is clean and I definitely saw "browse to save" in extensions. How's that possible?? # AdwCleaner v2.112 - Logfile created 02/21/2013 at 14:43:06 # Updated 10/02/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Home - LAPTOP # Boot Mode : Normal # Running from : C:\Users\Home\Desktop\adwcleaner0.exe # Option [Search] ***** [Services] ***** ***** [Files / Folders] ***** Folder Found : C:\ProgramData\InstallMate Folder Found : C:\ProgramData\Partner Folder Found : C:\ProgramData\RightClick ***** [Registry] ***** Key Found : HKCU\Software\AppDataLow\SProtector Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755} Key Found : HKLM\Software\SP Global Key Found : HKLM\Software\SProtector Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} ***** [Internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16464 [OK] Registry is clean. -\\ Mozilla Firefox v19.0 (en-US) File : C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\mze0hrnh.default\prefs.js Found : user_pref("aol_toolbar.default.homepage.check", false); Found : user_pref("aol_toolbar.default.search.check", false); Found : user_pref("extensions.511ced8218d7c.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...] Found : user_pref("extensions.BabylonToolbar.prtkDS", 0); Found : user_pref("extensions.BabylonToolbar.prtkHmpg", 0); Found : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "EasyLife"); Found : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "EasyLife"); Found : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://search.easylifeapp.com/?pid=7[...] Found : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://search.easylifeapp.com/?pid=714&abc=ff1&r=[...] Found : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ""); Found : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", ""); Found : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", ""); Found : user_pref("sweetim.toolbar.searchguard.enable", ""); -\\ Google Chrome v24.0.1312.57 File : C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [2268 octets] - [21/02/2013 14:43:06] ########## EOF - C:\AdwCleaner[R1].txt - [2328 octets] ##########

Edited by tinpanalley, 21 February 2013 - 07:45 AM.

#7 MrCharlie

SuperMember

Malware Team
2,949 posts

Posted 21 February 2013 - 07:50 AM

I would delete/disable that extension in Chrome

CHR - Extension: No name found = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmopjaaicbgbhamlgkbebjhfmhnicple\1\

--------------------------------

Some adware found....lets clear it out.....

Please re-run AdwCleaner
Click on Delete button.
Confirm each time with OK if asked.
Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

-----------------------

Let me how it is now.....MrC

#8 tinpanalley

Authentic Member

Authentic Member
189 posts

Posted 21 February 2013 - 07:53 AM

Funny that it says "no name found" cause in extensions it clearly says "Browse2save". Ok, deleting it now and I'll use the adw to kill that adware and post the log...

#9 tinpanalley

Authentic Member

Authentic Member
189 posts

Posted 21 February 2013 - 08:07 AM

Adw log... # AdwCleaner v2.112 - Logfile created 02/21/2013 at 14:55:02 # Updated 10/02/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Home - LAPTOP # Boot Mode : Normal # Running from : C:\Users\Home\Desktop\adwcleaner0.exe # Option [Delete] ***** [Services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\ProgramData\InstallMate Folder Deleted : C:\ProgramData\Partner Folder Deleted : C:\ProgramData\RightClick ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\SProtector Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755} Key Deleted : HKLM\Software\SP Global Key Deleted : HKLM\Software\SProtector Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} ***** [Internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16464 [OK] Registry is clean. -\\ Mozilla Firefox v19.0 (en-US) File : C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\mze0hrnh.default\prefs.js Deleted : user_pref("aol_toolbar.default.homepage.check", false); Deleted : user_pref("aol_toolbar.default.search.check", false); Deleted : user_pref("extensions.511ced8218d7c.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...] Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0); Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0); Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "EasyLife"); Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "EasyLife"); Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://search.easylifeapp.com/?pid=7[...] Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://search.easylifeapp.com/?pid=714&abc=ff1&r=[...] Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ""); Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", ""); Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", ""); Deleted : user_pref("sweetim.toolbar.searchguard.enable", ""); -\\ Google Chrome v24.0.1312.57 File : C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [2397 octets] - [21/02/2013 14:43:06] AdwCleaner[R2].txt - [2457 octets] - [21/02/2013 14:45:45] AdwCleaner[R3].txt - [2576 octets] - [21/02/2013 14:54:55] AdwCleaner[S1].txt - [315 octets] - [21/02/2013 14:54:26] AdwCleaner[S2].txt - [2549 octets] - [21/02/2013 14:55:02] ########## EOF - C:\AdwCleaner[S2].txt - [2609 octets] ##########

#10 MrCharlie

SuperMember

Malware Team
2,949 posts

Posted 21 February 2013 - 08:33 AM

How is it??? MrC

#11 tinpanalley

Authentic Member

Authentic Member
189 posts

Posted 21 February 2013 - 09:13 AM

Had to step out but in the 5 minutes that I played with it it seemed fine. I'll report back later. Thanks.

#12 MrCharlie

SuperMember

Malware Team
2,949 posts

Posted 24 February 2013 - 05:52 PM

Due to inactivity this topic will be closed.
If you need help please start a new thread.

New members follow the instructions here http://forums.whatth...ed_t106388.html and start a new topic

Body Background

skin color theme