Win64/Patched.A in Services.exe

Solved
By JMerlPE
Oct 21, 2012
  1. Broni

    Broni Malware Annihilator Posts: 45,175   +242

  2. JMerlPE

    JMerlPE Newcomer, in training Topic Starter Posts: 45

    Ok, I'll do this when I get home from work, I've been doing everything else on my phone, I'll keep you posted.
  3. JMerlPE

    JMerlPE Newcomer, in training Topic Starter Posts: 45

    It worked! Thank you SO much for your patience and helping me figure this out step by step. I can't tell you how much I appreciate it. Again, thank you!
  4. Broni

    Broni Malware Annihilator Posts: 45,175   +242

    Excellent!

    Let's run couple more scans to make sure you're clean.

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  5. JMerlPE

    JMerlPE Newcomer, in training Topic Starter Posts: 45

    OTL logfile created on: 10/25/2012 9:12:31 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jen\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.86 Gb Total Physical Memory | 2.94 Gb Available Physical Memory | 76.21% Memory free
    7.73 Gb Paging File | 6.68 Gb Available in Paging File | 86.44% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 100.00 Gb Total Space | 29.33 Gb Free Space | 29.33% Space Free | Partition Type: NTFS
    Drive D: | 350.66 Gb Total Space | 281.33 Gb Free Space | 80.23% Space Free | Partition Type: NTFS
    Drive E: | 3.09 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: JEN-PC | User Name: Jen | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/10/25 20:43:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jen\Desktop\OTL.exe
    PRC - [2012/08/16 18:03:43 | 001,353,080 | ---- | M] (Valve Corporation) -- D:\Games\Steam\Steam.exe
    PRC - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) -- C:\Program Files (x86)\Skype\Updater\Updater.exe
    PRC - [2012/06/06 15:54:16 | 000,048,680 | ---- | M] (Mobile Stream) -- C:\Program Files (x86)\Mobile Stream\EasyTether\easytthr.exe
    PRC - [2012/06/05 11:48:30 | 000,087,400 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
    PRC - [2011/09/02 16:06:38 | 000,065,657 | ---- | M] (Motorola) -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
    PRC - [2010/01/18 22:34:48 | 002,201,192 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
    PRC - [2009/12/14 03:17:48 | 000,091,136 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
    PRC - [2009/12/04 03:59:28 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    PRC - [2009/11/20 16:49:14 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
    PRC - [2009/11/04 00:11:48 | 000,835,072 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
    PRC - [2009/10/13 06:03:04 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
    PRC - [2009/07/16 07:08:20 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
    PRC - [2009/03/05 05:54:50 | 000,311,296 | ---- | M] () -- C:\Windows\SysWOW64\Rezip.exe
    PRC - [2008/11/14 14:35:28 | 001,453,992 | R--- | M] (Take-Two Interactive Software, Inc.) -- D:\Games\Grand Theft Auto IV\Rockstar Games Social Club\1_0_0_0\RGSC.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/10/25 20:21:08 | 020,317,008 | ---- | M] () -- D:\Games\Steam\bin\libcef.dll
    MOD - [2012/10/25 20:20:51 | 001,099,616 | ---- | M] () -- D:\Games\Steam\bin\avcodec-53.dll
    MOD - [2012/10/25 20:20:51 | 000,902,480 | ---- | M] () -- D:\Games\Steam\bin\chromehtml.dll
    MOD - [2012/10/25 20:20:51 | 000,190,816 | ---- | M] () -- D:\Games\Steam\bin\avformat-53.dll
    MOD - [2012/10/25 20:20:51 | 000,123,232 | ---- | M] () -- D:\Games\Steam\bin\avutil-51.dll
    MOD - [2010/11/20 23:49:45 | 001,917,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\2101dbd9fa083a2ed0cc112636260070\System.Workflow.Runtime.ni.dll
    MOD - [2010/11/20 23:49:43 | 004,515,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\e1a68d2a01e132ebc60a5565a771902b\System.Workflow.ComponentModel.ni.dll
    MOD - [2010/11/20 23:49:40 | 002,995,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\b2a2c534c407bbe46e8536445d0ada50\System.Workflow.Activities.ni.dll
    MOD - [2010/11/20 23:49:28 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\299d0b38053fd7cbd84bac2178c3703b\PresentationFramework.Aero.ni.dll
    MOD - [2010/11/20 23:49:02 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\bfaf8f86e69928fb2f67987c0203f603\PresentationFramework.ni.dll
    MOD - [2010/11/20 23:48:40 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\2ad23de8284d4594aa658dfb5e667d97\PresentationCore.ni.dll
    MOD - [2010/11/20 23:48:30 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf293040f3a93afa1ea782487acae816\WindowsBase.ni.dll
    MOD - [2010/11/20 23:48:25 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll
    MOD - [2010/11/20 23:48:22 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni.dll
    MOD - [2010/11/20 23:48:21 | 007,963,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
    MOD - [2010/11/20 23:48:14 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
    MOD - [2009/12/04 04:04:32 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
    MOD - [2009/12/04 03:59:54 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
    MOD - [2006/08/11 23:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2009/10/02 05:39:44 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
    SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/10/25 20:21:09 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2012/10/09 12:40:13 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/07/19 23:08:50 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/07/17 16:31:18 | 000,116,632 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe -- (Motorola Device Manager)
    SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/06/05 11:48:30 | 000,087,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe -- (DeviceMonitorService)
    SRV - [2011/09/02 16:06:38 | 000,065,657 | ---- | M] (Motorola) [Auto | Running] -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe -- (PST Service)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/03/05 05:54:50 | 000,311,296 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\Rezip.exe -- (Rezip)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/10/25 20:09:49 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
    DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2012/04/19 22:56:56 | 002,811,392 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2012/03/27 10:48:00 | 000,398,112 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
    DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 23:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2010/11/20 23:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
    DRV:64bit: - [2009/11/25 17:32:58 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
    DRV:64bit: - [2009/11/20 02:09:48 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2009/10/09 23:16:28 | 000,293,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2009/08/21 20:24:04 | 000,084,512 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
    DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 21:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 16:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2009/06/10 16:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/28 02:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
    DRV - [2011/11/19 21:29:52 | 000,202,592 | ---- | M] (Oracle Corporation) [Kernel | Auto | Running] -- C:\Program Files (x86)\YouWave_Android\vb\VBoxDrv.sys -- (VBoxDrv)
    DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://www.searchqu.com/web?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
    IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://www.searchqu.com/web?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}


    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found

    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found



    IE - HKU\S-1-5-21-1025616775-32965946-2427245248-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comcast.net/?cid=insDate09242012
    IE - HKU\S-1-5-21-1025616775-32965946-2427245248-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-1025616775-32965946-2427245248-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-1025616775-32965946-2427245248-1001\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
    IE - HKU\S-1-5-21-1025616775-32965946-2427245248-1001\..\SearchScopes\{180780f0-b348-4b44-8210-94a8f3ee15b2}: "URL" = http://search.comcast.net/search/?cat=Web&con=toolbar&q={searchTerms}
    IE - HKU\S-1-5-21-1025616775-32965946-2427245248-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?source...tEncoding}&oe={outputEncoding}&rlz=1I7SMSN_en
    IE - HKU\S-1-5-21-1025616775-32965946-2427245248-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKU\S-1-5-21-1025616775-32965946-2427245248-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://www.searchqu.com/web?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
    IE - HKU\S-1-5-21-1025616775-32965946-2427245248-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.order.1: "iLivid Web Search"
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "www.google.com"
    FF - prefs.js..extensions.enabledAddons: {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F}:1.3.4
    FF - prefs.js..extensions.enabledAddons: {bdfb4ed0-af58-4b39-9ece-b9b90c41b946}:1.300.428
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
    FF - prefs.js..extensions.enabledItems: searchtoolbar@zugo.com:1.2
    FF - prefs.js..extensions.enabledItems: {bdfb4ed0-af58-4b39-9ece-b9b90c41b946}:1.300.367
    FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1319


    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Jen\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Jen\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jen\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jen\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Jen\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/10/25 19:25:59 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/25 19:24:55 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/25 19:24:55 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/25 19:24:55 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/25 19:24:55 | 000,000,000 | ---D | M]

    [2012/10/25 19:42:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jen\AppData\Roaming\mozilla\Extensions
    [2012/10/25 19:42:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jen\AppData\Roaming\mozilla\Firefox\Profiles\2vsan3bg.default\extensions
    [2011/05/08 12:09:42 | 000,035,290 | ---- | M] () (No name found) -- C:\Users\Jen\AppData\Roaming\mozilla\firefox\profiles\2vsan3bg.default\extensions\{77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F}.xpi
    [2012/07/18 21:39:35 | 000,553,327 | ---- | M] () (No name found) -- C:\Users\Jen\AppData\Roaming\mozilla\firefox\profiles\2vsan3bg.default\extensions\{bdfb4ed0-af58-4b39-9ece-b9b90c41b946}.xpi
    [2012/10/17 16:24:31 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Jen\AppData\Roaming\mozilla\firefox\profiles\2vsan3bg.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    [2011/10/10 18:23:46 | 000,002,520 | ---- | M] () -- C:\Users\Jen\AppData\Roaming\mozilla\firefox\profiles\2vsan3bg.default\searchplugins\SearchResults.xml
    [2012/10/25 19:24:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/10/25 19:24:55 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    [2012/07/19 23:08:50 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/07/15 16:24:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2011/10/10 12:58:25 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
    [2011/10/10 18:23:46 | 000,002,520 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
    [2012/07/15 16:24:08 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
    [2012/02/28 16:04:46 | 000,020,569 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\xfinity.xml
  6. JMerlPE

    JMerlPE Newcomer, in training Topic Starter Posts: 45

    ========== Chrome ==========

    CHR - homepage: http://www.google.com/
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: http://www.google.com/
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
    CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2191_0\plugins/avgnpss.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
    CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
    CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Jen\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Jen\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\windows\system32\Adobe\Director\np32dsw.dll
    CHR - Extension: YouTube = C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\
    CHR - Extension: Gmail = C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/10/23 10:17:58 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3:64bit: - HKLM\..\Toolbar: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [APLangApp] C:\Program Files (x86)\AnyPC Client\APLangApp.exe (DoctorSoft)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
    O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
    O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1025616775-32965946-2427245248-1001..\Run: [DAEMON Tools Lite] D:\DTools\DTLite.exe (DT Soft Ltd)
    O4 - HKU\S-1-5-21-1025616775-32965946-2427245248-1001..\Run: [EasyTether] C:\Program Files (x86)\Mobile Stream\EasyTether\easytthr.exe (Mobile Stream)
    O4 - HKU\S-1-5-21-1025616775-32965946-2427245248-1001..\Run: [Magellan CmTray] C:\Program Files (x86)\Content Manager\CmTray.exe (MiTAC Digital Corporation.)
    O4 - HKU\S-1-5-21-1025616775-32965946-2427245248-1001..\Run: [MotoCast] C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk ()
    O4 - HKU\S-1-5-21-1025616775-32965946-2427245248-1001..\Run: [RGSC] D:\Games\Grand Theft Auto IV\Rockstar Games Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc.)
    O4 - HKU\S-1-5-21-1025616775-32965946-2427245248-1001..\Run: [Steam] D:\Games\Steam\Steam.exe (Valve Corporation)
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\S-1-5-21-1025616775-32965946-2427245248-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1025616775-32965946-2427245248-1001\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\S-1-5-21-1025616775-32965946-2427245248-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
    O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16:64bit: - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.9.2)
    O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.9.2)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{901F4ABB-862A-4DF0-B86C-946C604B1837}: DhcpNameServer = 75.75.75.75 75.75.76.76
    O18:64bit: - Protocol\Handler\dssrequest - No CLSID value found
    O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
    O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\sacore - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\dssrequest - No CLSID value found
    O18 - Protocol\Handler\linkscanner - No CLSID value found
    O18 - Protocol\Handler\sacore - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2011/04/12 05:38:58 | 000,000,122 | R--- | M] () - E:\autorun.inf -- [ UDF ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/10/25 23:09:54 | 000,000,000 | ---D | C] -- C:\Windows\Panther
    [2012/10/25 22:56:39 | 000,000,000 | -H-D | C] -- C:\$WINDOWS.~Q
    [2012/10/25 22:49:15 | 000,000,000 | -H-D | C] -- C:\$INPLACE.~TR
    [2012/10/25 20:43:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jen\Desktop\OTL.exe
    [2012/10/25 19:14:57 | 000,000,000 | --SD | C] -- C:\Users\Jen\AppData\Roaming\Microsoft
    [2012/10/25 19:14:57 | 000,000,000 | R--D | C] -- C:\Users\Jen\Videos
    [2012/10/25 19:14:57 | 000,000,000 | R--D | C] -- C:\Users\Jen\Saved Games
    [2012/10/25 19:14:57 | 000,000,000 | R--D | C] -- C:\Users\Jen\Pictures
    [2012/10/25 19:14:57 | 000,000,000 | R--D | C] -- C:\Users\Jen\Music
    [2012/10/25 19:14:57 | 000,000,000 | R--D | C] -- C:\Users\Jen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
    [2012/10/25 19:14:57 | 000,000,000 | R--D | C] -- C:\Users\Jen\Links
    [2012/10/25 19:14:57 | 000,000,000 | R--D | C] -- C:\Users\Jen\Favorites
    [2012/10/25 19:14:57 | 000,000,000 | R--D | C] -- C:\Users\Jen\Downloads
    [2012/10/25 19:14:57 | 000,000,000 | R--D | C] -- C:\Users\Jen\Documents
    [2012/10/25 19:14:57 | 000,000,000 | R--D | C] -- C:\Users\Jen\Desktop
    [2012/10/25 19:14:57 | 000,000,000 | R--D | C] -- C:\Users\Jen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    [2012/10/25 19:14:57 | 000,000,000 | -HSD | C] -- C:\Users\Jen\AppData\Local\Temporary Internet Files
    [2012/10/25 19:14:57 | 000,000,000 | -HSD | C] -- C:\Users\Jen\Templates
    [2012/10/25 19:14:57 | 000,000,000 | -HSD | C] -- C:\Users\Jen\Start Menu
    [2012/10/25 19:14:57 | 000,000,000 | -HSD | C] -- C:\Users\Jen\SendTo
    [2012/10/25 19:14:57 | 000,000,000 | -HSD | C] -- C:\Users\Jen\Recent
    [2012/10/25 19:14:57 | 000,000,000 | -HSD | C] -- C:\Users\Jen\PrintHood
    [2012/10/25 19:14:57 | 000,000,000 | -HSD | C] -- C:\Users\Jen\NetHood
    [2012/10/25 19:14:57 | 000,000,000 | -HSD | C] -- C:\Users\Jen\Documents\My Videos
    [2012/10/25 19:14:57 | 000,000,000 | -HSD | C] -- C:\Users\Jen\Documents\My Pictures
    [2012/10/25 19:14:57 | 000,000,000 | -HSD | C] -- C:\Users\Jen\Documents\My Music
    [2012/10/25 19:14:57 | 000,000,000 | -HSD | C] -- C:\Users\Jen\My Documents
    [2012/10/25 19:14:57 | 000,000,000 | -HSD | C] -- C:\Users\Jen\Local Settings
    [2012/10/25 19:14:57 | 000,000,000 | -HSD | C] -- C:\Users\Jen\AppData\Local\History
    [2012/10/25 19:14:57 | 000,000,000 | -HSD | C] -- C:\Users\Jen\Cookies
    [2012/10/25 19:14:57 | 000,000,000 | -HSD | C] -- C:\Users\Jen\Application Data
    [2012/10/25 19:14:57 | 000,000,000 | -HSD | C] -- C:\Users\Jen\AppData\Local\Application Data
    [2012/10/25 19:14:57 | 000,000,000 | -H-D | C] -- C:\Users\Jen\AppData
    [2012/10/25 19:14:57 | 000,000,000 | ---D | C] -- C:\Users\Jen\AppData\Local\Temp
    [2012/10/25 19:14:57 | 000,000,000 | ---D | C] -- C:\Users\Jen\AppData\Local\Microsoft
    [2012/10/25 19:14:57 | 000,000,000 | ---D | C] -- C:\Users\Jen\AppData\Roaming\Media Center Programs
    [2012/10/25 19:13:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SRSLabs
    [2012/10/25 19:13:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
    [2012/10/25 19:13:39 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
    [2012/10/25 19:13:06 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
    [2012/10/25 19:12:41 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
    [2012/10/25 19:11:57 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
    [2012/10/25 12:04:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Marvell
    [2012/10/25 12:03:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Atheros
    [2012/10/25 12:02:21 | 002,811,392 | ---- | C] (Qualcomm Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athrx.sys
    [2012/10/25 12:02:21 | 002,811,392 | ---- | C] (Qualcomm Atheros Communications, Inc.) -- C:\Windows\SysNative\athrx.sys
    [2012/10/25 12:02:21 | 000,000,000 | ---D | C] -- C:\Windows\Options
    [2012/10/25 12:02:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros
    [2012/10/24 16:20:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    [2012/10/24 16:20:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
    [2012/10/24 16:18:39 | 000,000,000 | ---D | C] -- C:\Tweaking.com_Windows_Repair_Logs
    [2012/10/23 11:46:18 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2012/10/23 10:06:06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/10/23 10:06:06 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/10/23 10:06:06 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/10/23 10:05:59 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/10/23 10:05:29 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/10/22 08:58:59 | 000,000,000 | ---D | C] -- C:\Users\Jen\AppData\Roaming\Malwarebytes
    [2012/10/22 08:58:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/10/22 08:58:46 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/10/22 08:58:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/10/22 08:58:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/10/21 19:28:17 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/10/21 18:37:23 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
    [2012/10/21 18:36:56 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/10/21 18:08:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mega Codec Pack
    [2012/10/21 10:36:12 | 000,000,000 | ---D | C] -- C:\Users\Jen\AppData\Roaming\Leadertech
    [2012/10/21 10:35:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Infogrames
    [2012/10/21 10:29:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Infogrames Interactive
    [2012/10/21 10:29:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Infogrames Interactive
    [2012/10/17 21:26:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    [2012/10/17 13:19:07 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
    [2012/10/17 13:18:59 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
    [2012/10/04 07:36:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile Stream
    [2012/10/04 07:35:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mobile Stream
    [2012/10/03 19:45:25 | 000,000,000 | ---D | C] -- C:\Users\Jen\AppData\Roaming\com.ninjakiwi.BloonsTD5Deluxe
    [2012/10/02 13:01:09 | 000,000,000 | ---D | C] -- C:\Users\Jen\Documents\Telltale Games
    [2012/10/01 09:53:23 | 000,000,000 | ---D | C] -- C:\Users\Jen\AppData\Roaming\YoudaGames
    [2012/10/01 09:52:52 | 000,000,000 | ---D | C] -- C:\Users\Jen\Documents\My Cheat Tables

    ========== Files - Modified Within 30 Days ==========

    [2012/10/25 21:18:13 | 000,834,740 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/10/25 21:18:13 | 000,704,142 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/10/25 21:18:13 | 000,132,250 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/10/25 21:11:20 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1025616775-32965946-2427245248-1001UA.job
    [2012/10/25 21:10:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/10/25 20:53:56 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/10/25 20:52:20 | 3111,555,072 | -HS- | M] () -- C:\hiberfil.sys
    [2012/10/25 20:51:42 | 000,018,464 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/10/25 20:51:42 | 000,018,464 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/10/25 20:43:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jen\Desktop\OTL.exe
    [2012/10/25 20:40:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/10/25 20:26:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/10/25 20:09:49 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
    [2012/10/25 20:07:46 | 000,001,437 | ---- | M] () -- C:\Users\Jen\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2012/10/25 20:02:02 | 000,115,640 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
    [2012/10/25 20:02:02 | 000,115,640 | ---- | M] () -- C:\Windows\SysNative\license.rtf
    [2012/10/25 19:51:06 | 000,022,744 | ---- | M] () -- C:\Windows\SysNative\emptyregdb.dat
    [2012/10/25 19:48:31 | 000,436,240 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/10/25 19:12:45 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
    [2012/10/25 17:57:24 | 000,001,890 | ---- | M] () -- C:\Windows\diagwrn.xml
    [2012/10/25 17:57:24 | 000,001,890 | ---- | M] () -- C:\Windows\diagerr.xml
    [2012/10/24 16:28:24 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
    [2012/10/23 11:09:35 | 000,001,133 | ---- | M] () -- C:\Users\Jen\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
    [2012/10/23 10:17:58 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/10/23 06:22:47 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1025616775-32965946-2427245248-1001Core.job
    [2012/10/21 10:31:33 | 000,000,000 | ---- | M] () -- C:\Windows\PowerReg.dat
    [2012/10/10 21:20:17 | 004,493,540 | ---- | M] () -- C:\Users\Jen\Desktop\01 Homecoming Mix.mp3
    [2012/10/10 18:27:58 | 000,002,374 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2012/10/01 09:49:57 | 000,000,355 | ---- | M] () -- C:\Users\Jen\Desktop\My Computer.lnk
    [2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

    ========== Files Created - No Company Name ==========

    [2012/10/25 20:07:46 | 000,001,443 | ---- | C] () -- C:\Users\Jen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    [2012/10/25 20:07:46 | 000,001,409 | ---- | C] () -- C:\Users\Jen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
    [2012/10/25 19:51:06 | 000,022,744 | ---- | C] () -- C:\Windows\SysNative\emptyregdb.dat
    [2012/10/25 19:14:57 | 000,000,290 | ---- | C] () -- C:\Users\Jen\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
    [2012/10/25 19:14:57 | 000,000,272 | ---- | C] () -- C:\Users\Jen\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
    [2012/10/25 19:14:43 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
    [2012/10/25 19:14:42 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
    [2012/10/25 19:12:45 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
    [2012/10/25 17:46:16 | 000,001,890 | ---- | C] () -- C:\Windows\diagwrn.xml
    [2012/10/25 17:46:16 | 000,001,890 | ---- | C] () -- C:\Windows\diagerr.xml
    [2012/10/25 12:02:22 | 000,480,750 | ---- | C] () -- C:\Windows\SysNative\netathrx.inf
    [2012/10/25 12:02:21 | 000,073,472 | ---- | C] () -- C:\Windows\SysNative\athrextx.cat
    [2012/10/24 16:28:24 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
    [2012/10/23 10:06:06 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/10/23 10:06:06 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/10/23 10:06:06 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/10/23 10:06:06 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/10/23 10:06:06 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/10/21 10:31:33 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
    [2012/10/10 21:20:12 | 004,493,540 | ---- | C] () -- C:\Users\Jen\Desktop\01 Homecoming Mix.mp3
    [2012/10/01 09:49:57 | 000,000,355 | ---- | C] () -- C:\Users\Jen\Desktop\My Computer.lnk
    [2012/08/25 23:25:25 | 000,000,604 | ---- | C] () -- C:\Windows\Sof2.INI
    [2012/08/25 22:42:12 | 000,080,384 | ---- | C] () -- C:\Windows\gamedelete.exe
    [2011/09/25 20:24:56 | 000,512,155 | ---- | C] () -- C:\Users\Jen\AppData\Roaming\MINDPOINTSE.PRF
    [2011/09/25 20:19:23 | 000,004,550 | ---- | C] () -- C:\Users\Jen\AppData\Roaming\evpro32.prf

    ========== ZeroAccess Check ==========

    [2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2010/11/20 23:23:55 | 014,174,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2010/11/20 23:24:02 | 012,872,192 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2012/10/25 19:46:08 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
    [2012/10/25 19:46:08 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
    [2012/10/25 19:41:01 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\acccore
    [2012/10/25 19:42:05 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\AVG2013
    [2012/10/25 19:42:06 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\AVG9
    [2012/10/25 19:42:06 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\com.ninjakiwi.BloonsTD5Deluxe
    [2012/10/25 19:42:08 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\DAEMON Tools Lite
    [2012/10/25 19:42:09 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\DAEMON Tools Pro
    [2012/10/25 19:42:09 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\Digiarty
    [2012/10/25 19:42:10 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\Eidos
    [2012/10/25 19:42:10 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\Leadertech
    [2012/10/25 19:42:29 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\Mestrelab Research S.L
    [2012/10/25 21:12:28 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\MotoCast
    [2012/10/25 19:42:36 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\Motorola
    [2012/10/25 19:42:36 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\Motorola Mobility
    [2012/10/25 19:42:39 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\MyPublisher
    [2012/10/25 19:43:12 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\Sony
    [2012/10/25 19:43:13 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\Spotify
    [2012/10/25 19:43:13 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\SystemRequirementsLab
    [2012/10/25 19:43:13 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\TuneUp Software
    [2012/10/25 19:43:13 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\Unity
    [2012/10/25 19:43:14 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\uTorrent
    [2012/10/25 19:43:14 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\Xilisoft
    [2012/10/25 19:43:14 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\YoudaGames

    ========== Purity Check ==========


    < End of report >
  7. JMerlPE

    JMerlPE Newcomer, in training Topic Starter Posts: 45

    Here is Extras.txt

    OTL Extras logfile created on: 10/25/2012 9:12:31 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jen\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.86 Gb Total Physical Memory | 2.94 Gb Available Physical Memory | 76.21% Memory free
    7.73 Gb Paging File | 6.68 Gb Available in Paging File | 86.44% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 100.00 Gb Total Space | 29.33 Gb Free Space | 29.33% Space Free | Partition Type: NTFS
    Drive D: | 350.66 Gb Total Space | 281.33 Gb Free Space | 80.23% Space Free | Partition Type: NTFS
    Drive E: | 3.09 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: JEN-PC | User Name: Jen | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-1025616775-32965946-2427245248-1001\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{240D67C0-B41B-48E8-8DE3-43B7CA45F61A}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\soap00\pirates, vikings, and knights ii\hl2.exe |
    "{385611C8-BC80-4356-B011-AB892DA5B4A5}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\soap00\pirates, vikings, and knights ii\hl2.exe |
    "TCP Query User{37FD3ED2-BE8C-4BE6-9138-D1B0FFD28517}C:\program files (x86)\motorola mobility\motocast\bin\motocast-thumbnailer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\motorola mobility\motocast\bin\motocast-thumbnailer.exe |
    "UDP Query User{00F4A2A3-04B3-42B7-81E5-75C601E27BBF}C:\program files (x86)\motorola mobility\motocast\bin\motocast-thumbnailer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\motorola mobility\motocast\bin\motocast-thumbnailer.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
    "{3B1F7D9B-B1F5-4BD4-91DD-0F87D7CB5B2D}" = EasyTether
    "{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
    "{4BC310C4-B898-46E2-B5FB-B85A30AA7142}" = iCloud
    "{4E7CCB76-687B-4C53-9A5E-08780AF3A551}" = Motorola Mobile Drivers Installation 5.9.0
    "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
    "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
    "{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "3932CA781A7894D20116FDF60F878301800EA8AB" = Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407)
    "3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
    "6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "NVIDIA Drivers" = NVIDIA Drivers
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "WinRAR archiver" = WinRAR archiver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
    "{0A353130-D22C-41DD-8C67-1B02A05F2CE0}" = Samsung Support Center
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
    "{0EB768CD-EF48-4C66-8BCB-2DA8166B2654}" = GradeQuick Web Plugin
    "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
    "{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
    "{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
    "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}" = AnyPC Client
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 30
    "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
    "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
    "{28DB8373-C1BB-444F-A427-A55585A12ED7}" = Motorola Device Manager
    "{2AADC4EE-94C8-422B-977B-547774C4A463}" = Motorola Device Software Update
    "{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
    "{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
    "{32A3A4F4-B792-11D6-A78A-00B0D0160210}" = Java(TM) SE Development Kit 6 Update 21
    "{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34B76DCB-BF7C-440F-B058-C84172C1E338}" = Easy Network Manager
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{378397D6-FD32-4092-A854-6A75CB7EDA46}" = MOTOROLA MEDIA LINK
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{3EED7541-55F8-4DC6-B9CD-28762D71310E}" = Samsung R-Series
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
    "{45B92257-603B-49C1-943F-EC27367D7CE4}" = Chemistry Add-in for Word
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
    "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
    "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
    "{5401CEE8-3C2D-4835-A802-213306537FF4}" = MotoCast
    "{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
    "{58D379F7-62BC-4748-8237-FE071ECE797C}" = Microsoft SQL Server 2005 Tools
    "{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
    "{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
    "{6F3D2F66-F050-45E3-BEB1-6523FE6D6690}" = MergeModules
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}" = RollerCoaster Tycoon 2
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.1
    "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
    "{B0F9497C-52B4-4686-8E73-74D866BBDF59}" = Microsoft SQL Server 2005 (CSSQL05)
    "{B1AD83A0-DC92-41E3-B111-E9472349768C}" = RollerCoaster Tycoon 2: Wacky Worlds
    "{B64BC516-2406-43AE-A21A-1E387A2343B1}" = ContentManager
    "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
    "{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
    "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
    "{CBB0788A-A349-4119-B11D-C7D006A90DD8}_is1" = Portal 2 version 2.0.0.1
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
    "{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DFD30824-6BD0-34E1-ABE8-308AD3CBB9A0}" = Google Talk Plugin
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
    "{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F2BC3383-F000-410C-A038-3846ADBE8D90}" = REALTEK Wireless LAN Software
    "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
    "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Cheat Engine 6.2_is1" = Cheat Engine 6.2
    "DAEMON Tools Lite" = DAEMON Tools Lite
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "Google Chrome" = Google Chrome
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
    "InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
    "InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
    "Marvell Miniport Driver" = Marvell Miniport Driver
    "Microsoft SQL Server 2005" = Microsoft SQL Server 2005
    "Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Natural Selection_is1" = Natural Selection 3.2
    "RealPlayer 15.0" = RealPlayer
    "Steam App 10" = Counter-Strike
    "Steam App 17570" = Pirates, Vikings, & Knights II
    "Steam App 20" = Team Fortress Classic
    "Steam App 211" = Source SDK
    "Steam App 218" = Source SDK Base 2007
    "Steam App 220" = Half-Life 2
    "Steam App 240" = Counter-Strike: Source
    "Steam App 310" = Source Multiplayer Dedicated Server
    "Steam App 320" = Half-Life 2: Deathmatch
    "Tweaking.com - Windows Repair (All in One)" = Tweaking.com - Windows Repair (All in One)
    "uTorrent" = µTorrent
    "Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
    "VLC media player" = VLC media player 2.0.3
    "WinLiveSuite" = Windows Live Essentials
    "Xilisoft iPod Manager" = Xilisoft iPod Rip
    "YouWave" = YouWave for Android

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1025616775-32965946-2427245248-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "MusicManager" = Music Manager
    "Spotify" = Spotify
    "UnityWebPlayer" = Unity Web Player

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 10/25/2012 8:48:40 PM | Computer Name = Jen-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 10/25/2012 8:48:40 PM | Computer Name = Jen-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 10/25/2012 8:48:40 PM | Computer Name = Jen-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 10/25/2012 8:51:25 PM | Computer Name = Jen-PC | Source = Application Hang | ID = 1002
    Description = The program OTL.exe version 3.2.69.0 stopped interacting with Windows
    and was closed. To see if more information about the problem is available, check
    the problem history in the Action Center control panel. Process ID: fc Start Time:
    01cdb3135714c9c8 Termination Time: 0 Application Path: C:\Users\Jen\Desktop\OTL.exe

    Report
    Id: 3ac3166f-1f07-11e2-937b-0024545f421e

    Error - 10/25/2012 9:12:07 PM | Computer Name = Jen-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 10/25/2012 9:19:06 PM | Computer Name = Jen-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 10/25/2012 9:19:06 PM | Computer Name = Jen-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 10/25/2012 9:19:06 PM | Computer Name = Jen-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 10/25/2012 9:19:06 PM | Computer Name = Jen-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 10/25/2012 9:19:06 PM | Computer Name = Jen-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    [ OSession Events ]
    Error - 6/5/2010 11:15:51 PM | Computer Name = Jen-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 4/17/2011 4:48:51 PM | Computer Name = Jen-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2504
    seconds with 2040 seconds of active time. This session ended with a crash.

    Error - 4/17/2011 5:14:14 PM | Computer Name = Jen-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
    Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
    lasted 3992 seconds with 120 seconds of active time. This session ended with a
    crash.

    [ System Events ]
    Error - 10/25/2012 7:48:53 PM | Computer Name = Jen-PC | Source = Service Control Manager | ID = 7000
    Description = The SQL Server (CSSQL05) service failed to start due to the following
    error: %%14001

    Error - 10/25/2012 7:48:54 PM | Computer Name = Jen-PC | Source = Service Control Manager | ID = 7001
    Description = The PST Service service depends on the Workstation service which failed
    to start because of the following error: %%1058

    Error - 10/25/2012 7:48:58 PM | Computer Name = Jen-PC | Source = Service Control Manager | ID = 7000
    Description = The SQL Server VSS Writer service failed to start due to the following
    error: %%14001

    Error - 10/25/2012 8:23:13 PM | Computer Name = Jen-PC | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the Steam
    Client Service service to connect.

    Error - 10/25/2012 8:23:13 PM | Computer Name = Jen-PC | Source = Service Control Manager | ID = 7000
    Description = The Steam Client Service service failed to start due to the following
    error: %%1053

    Error - 10/25/2012 8:53:49 PM | Computer Name = Jen-PC | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the Motorola
    Device Manager Service service to connect.

    Error - 10/25/2012 8:53:49 PM | Computer Name = Jen-PC | Source = Service Control Manager | ID = 7000
    Description = The Motorola Device Manager Service service failed to start due to
    the following error: %%1053

    Error - 10/25/2012 9:10:54 PM | Computer Name = Jen-PC | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the SQL
    Server FullText Search (CSSQL05) service to connect.

    Error - 10/25/2012 9:10:54 PM | Computer Name = Jen-PC | Source = Service Control Manager | ID = 7000
    Description = The SQL Server FullText Search (CSSQL05) service failed to start due
    to the following error: %%1053

    Error - 10/25/2012 9:12:29 PM | Computer Name = Jen-PC | Source = WMPNetworkSvc | ID = 866300
    Description =


    < End of report >
  8. Broni

    Broni Malware Annihilator Posts: 45,175   +242

    You forgot to reinstall AVG.

    ===========================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://www.searchqu.com/web?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
      IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://www.searchqu.com/web?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
      IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
      IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
      IE - HKU\S-1-5-21-1025616775-32965946-2427245248-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://www.searchqu.com/web?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
      O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
      O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
      O3:64bit: - HKLM\..\Toolbar: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
      O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
      O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
      O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
      O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
      O16:64bit: - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab (Reg Error: Key error.)
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    =================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    3. Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    Next...

    • Double click on adwcleaner.exe to run the tool.
    • Click on Uninstall.
    • Confirm with yes.

    4. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    5. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  9. JMerlPE

    JMerlPE Newcomer, in training Topic Starter Posts: 45

    Here is the OTL Fix log

    All processes killed
    ========== OTL ==========
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
    Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
    Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
    Registry key HKEY_USERS\S-1-5-21-1025616775-32965946-2427245248-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
    64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9D425283-D487-4337-BAB6-AB8354A81457} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
    Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
    Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
    64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ not found.
    Starting removal of ActiveX control {140E4DF8-9E14-4A34-9577-C77561ED7883}
    C:\Windows\Downloaded Program Files\SystemRequirementsLab.inf not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{140E4DF8-9E14-4A34-9577-C77561ED7883}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{140E4DF8-9E14-4A34-9577-C77561ED7883}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{140E4DF8-9E14-4A34-9577-C77561ED7883}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{140E4DF8-9E14-4A34-9577-C77561ED7883}\ not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Jen
    ->Temp folder emptied: 1126112 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 47551143 bytes
    ->Google Chrome cache emptied: 427099588 bytes
    ->Flash cache emptied: 323298 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 20913465 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 4421581 bytes

    Total Files Cleaned = 478.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Jen
    ->Java cache emptied: 0 bytes

    User: Public

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Jen
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 10252012_223119

    Files\Folders moved on Reboot...
    C:\Users\Jen\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
  10. JMerlPE

    JMerlPE Newcomer, in training Topic Starter Posts: 45

    Here is the Security Check Log

    Results of screen317's Security Check version 0.99.53
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 8 Out of date!
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    AVG Anti-Virus Free Edition 2013
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.65.1.1000
    JavaFX 2.1.1
    Java(TM) 6 Update 30
    Java 7 Update 9
    Java(TM) SE Development Kit 6 Update 21
    Adobe Flash Player 11.4.402.287
    Adobe Reader 9 Adobe Reader out of Date!
    Mozilla Firefox 14.0.1 Firefox out of Date!
    Google Chrome 21.0.1180.83
    Google Chrome 21.0.1180.89
    Google Chrome 22.0.1229.79
    Google Chrome 22.0.1229.92
    Google Chrome 22.0.1229.94
    ````````Process Check: objlist.exe by Laurent````````
    AVG avgwdsvc.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C:
    ````````````````````End of Log``````````````````````
  11. JMerlPE

    JMerlPE Newcomer, in training Topic Starter Posts: 45

    Here is the FSS Log

    Farbar Service Scanner Version: 19-10-2012
    Ran by Jen (administrator) on 25-10-2012 at 22:46:50
    Running from "C:\Users\Jen\Desktop"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys
    [2010-11-20 23:24] - [2010-11-20 23:24] - 0499712 ____A (Microsoft Corporation) D31DC7A16DEA4A9BAF179F3D6FBDB38C

    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys
    [2010-11-20 23:24] - [2010-11-20 23:24] - 1924480 ____A (Microsoft Corporation) 509383E505C973ED7534A06B3D19688D

    C:\Windows\System32\dnsrslvr.dll
    [2010-11-20 23:24] - [2010-11-20 23:24] - 0183296 ____A (Microsoft Corporation) CD55F5355D8F55D44C9F4ED875705BD6

    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
  12. JMerlPE

    JMerlPE Newcomer, in training Topic Starter Posts: 45

    Here is the ADWCleaner Log

    # AdwCleaner v2.005 - Logfile created 10/25/2012 at 22:49:02
    # Updated 14/10/2012 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : Jen - JEN-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Jen\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml
    File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\SearchResults.xml
    File Deleted : C:\Users\Jen\AppData\Roaming\Mozilla\Firefox\Profiles\2vsan3bg.default\searchplugins\SearchResults.xml
    Folder Deleted : C:\Program Files (x86)\Ilivid
    Folder Deleted : C:\Program Files (x86)\Windows iLivid Toolbar
    Folder Deleted : C:\ProgramData\boost_interprocess
    Folder Deleted : C:\ProgramData\Partner
    Folder Deleted : C:\Users\Jen\AppData\Local\Ilivid Player
    Folder Deleted : C:\Users\Jen\AppData\Roaming\Mozilla\Firefox\Profiles\2vsan3bg.default\FCTB

    ***** [Registry] *****

    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\Software\Freeze.com
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v8.0.7601.17514

    [OK] Registry is clean.

    -\\ Mozilla Firefox v14.0.1 (en-US)

    Profile name : default
    File : C:\Users\Jen\AppData\Roaming\Mozilla\Firefox\Profiles\2vsan3bg.default\prefs.js

    C:\Users\Jen\AppData\Roaming\Mozilla\Firefox\Profiles\2vsan3bg.default\user.js ... Deleted !

    Deleted : user_pref("browser.search.order.1", "iLivid Web Search");
    Deleted : user_pref("extensions.facemoods._xpiupdate", true);
    Deleted : user_pref("extensions.facemoods.aflt", "_#wbst");
    Deleted : user_pref("extensions.facemoods.fcmdVrsn", "1.2.7.5.4");
    Deleted : user_pref("extensions.facemoods.first_time", false);
    Deleted : user_pref("extensions.facemoods.id", "_#49b19a094a244dc8867978f166d2bc2e");
    Deleted : user_pref("extensions.facemoods.instlDay", "_#15257");
    Deleted : user_pref("extensions.facemoods.prtnrId", "_#facemoods.com");
    Deleted : user_pref("extensions.facemoods.sid", "_#49b19a094a244dc8867978f166d2bc2e");
    Deleted : user_pref("extensions.facemoods.update", "_#v1.4.0");
    Deleted : user_pref("extensions.facemoods.vrsn", "_#1.4.17.5");
    Deleted : user_pref("freecausebdfb4ed0af584b399eceb9b90c41b946.2809794.KeywordHistory", "bel%2520air%2520md%7C[...]
    Deleted : user_pref("freecausebdfb4ed0af584b399eceb9b90c41b946.AutoSearchEventData", "auto%20search");
    Deleted : user_pref("freecausebdfb4ed0af584b399eceb9b90c41b946.ClearCacheDate", 25);
    Deleted : user_pref("freecausebdfb4ed0af584b399eceb9b90c41b946.DisplayEULA", false);
    Deleted : user_pref("freecausebdfb4ed0af584b399eceb9b90c41b946.DnsCatchEventData", "dns%20catch");
    Deleted : user_pref("freecausebdfb4ed0af584b399eceb9b90c41b946.FirstLaunchShown", true);
    Deleted : user_pref("freecausebdfb4ed0af584b399eceb9b90c41b946.LoadLayoutDate.63323", 25);
    Deleted : user_pref("freecausebdfb4ed0af584b399eceb9b90c41b946.NewTabSearchEventData", "tab%20search");
    Deleted : user_pref("freecausebdfb4ed0af584b399eceb9b90c41b946.ShowRecommendedOptions", true);
    Deleted : user_pref("freecausebdfb4ed0af584b399eceb9b90c41b946.StateReportDate", "1351214171791");
    Deleted : user_pref("freecausebdfb4ed0af584b399eceb9b90c41b946.TopRightSearchEventData", "top%20right%20search[...]
    Deleted : user_pref("freecausebdfb4ed0af584b399eceb9b90c41b946.comp.affiliate.2809798.disabled", false);
    Deleted : user_pref("freecausebdfb4ed0af584b399eceb9b90c41b946.comp.search.2809794.engine_img", "aHR0cDovL3NlY[...]
    Deleted : user_pref("freecausebdfb4ed0af584b399eceb9b90c41b946.comp.search.2809794.engine_url", "aHR0cDovL3NlY[...]
    Deleted : user_pref("freecausebdfb4ed0af584b399eceb9b90c41b946.comp.search.2809794.text", "Search%20the%20Web"[...]
    Deleted : user_pref("freecausebdfb4ed0af584b399eceb9b90c41b946.customNewTab", true);
    Deleted : user_pref("freecausebdfb4ed0af584b399eceb9b90c41b946.helpUsImprove", true);
    Deleted : user_pref("freecausebdfb4ed0af584b399eceb9b90c41b946.hideOthers", false);
    Deleted : user_pref("freecausebdfb4ed0af584b399eceb9b90c41b946.processAddrBar", true);
    Deleted : user_pref("freecausebdfb4ed0af584b399eceb9b90c41b946.restoreSearch", false);
    Deleted : user_pref("freecausebdfb4ed0af584b399eceb9b90c41b946.revision", "90");
    Deleted : user_pref("freecausebdfb4ed0af584b399eceb9b90c41b946.runcmd.", "1");
    Deleted : user_pref("freecausebdfb4ed0af584b399eceb9b90c41b946.runcmd.14", "1317862813");
    Deleted : user_pref("freecausebdfb4ed0af584b399eceb9b90c41b946.searchHistory", true);
    Deleted : user_pref("freecausebdfb4ed0af584b399eceb9b90c41b946.session", "5BD957C2DC44D7E74483A58DE42B3FA43FCE[...]
    Deleted : user_pref("freecausebdfb4ed0af584b399eceb9b90c41b946.showFirstLaunchOptions", false);
    Deleted : user_pref("freecausebdfb4ed0af584b399eceb9b90c41b946.tb_lang", "en");
    Deleted : user_pref("freecausebdfb4ed0af584b399eceb9b90c41b946.tool_id", "63323");
    Deleted : user_pref("freecausebdfb4ed0af584b399eceb9b90c41b946.user_id", "56199103");
    Deleted : user_pref("freecausebdfb4ed0af584b399eceb9b90c41b946.user_key", "3e66a1f759ec2f199260a8f4849edd14edd[...]
    Deleted : user_pref("freecausebdfb4ed0af584b399eceb9b90c41b946.user_layouts", "63323");
    Deleted : user_pref("freecausebdfb4ed0af584b399eceb9b90c41b946.user_lnames", "Dividend%20Miles%20Toolbar");
    Deleted : user_pref("freecausebdfb4ed0af584b399eceb9b90c41b946.xml_service_url", "64e3a27980eeceb34248bc3e680b[...]
    Deleted : user_pref("freecausebdfb4ed0af584b399eceb9b90c41b946.yahooSearch", true);

    -\\ Google Chrome v [Unable to get version]

    File : C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [7735 octets] - [25/10/2012 22:48:12]
    AdwCleaner[S1].txt - [7622 octets] - [25/10/2012 22:49:02]

    ########## EOF - C:\AdwCleaner[S1].txt - [7682 octets] ##########
  13. JMerlPE

    JMerlPE Newcomer, in training Topic Starter Posts: 45

    There were no threats found with ESET so there was no log.
     
  14. Broni

    Broni Malware Annihilator Posts: 45,175   +242

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions (if present).
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

    ===============================

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

    6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    8. Run Temporary File Cleaner (TFC) weekly.

    9. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    11. (Windows XP only) Run defrag at your convenience.

    12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    13. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

    14. Please, let me know, how your computer is doing.
  15. JMerlPE

    JMerlPE Newcomer, in training Topic Starter Posts: 45

    Here is the OTL log

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Jen
    ->Temp folder emptied: 961639 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 93652829 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 1432 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
    RecycleBin emptied: 19856544 bytes

    Total Files Cleaned = 109.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Jen
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Jen
    ->Java cache emptied: 0 bytes

    User: Public

    Total Java Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.69.0 log created on 10262012_141618

    Files\Folders moved on Reboot...
    C:\Users\Jen\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
  16. Broni

    Broni Malware Annihilator Posts: 45,175   +242

    The issue seems to be resolved.
  17. JMerlPE

    JMerlPE Newcomer, in training Topic Starter Posts: 45

    Everything on my computer has been working great! Thanks again for all your help. I am continuing to scan per your recommendations and will continue to do so.
  18. Broni

    Broni Malware Annihilator Posts: 45,175   +242

    Way to go!! [​IMG]
    Good luck and stay safe :)


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.