View Full Version : PC infected with SelectionLinks
newsgroupie
2013-01-23, 02:24
Hi,
Malware causes multiple ads to appear between posts in my fb accounts when viewed with Firefox. I've uninstalled SelectionLinks and run Malwarebytes (which did not find it) but the problem continues.
Any help is appreciated.
Thanks!
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 1.6.0_37
Run by SpikeNSherry at 20:04:37 on 2013-01-22
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5887.4365 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: ZoneAlarm Free Firewall Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Users\SpikeNSherry\AppData\Local\Apps\2.0\HB26BHGH.X03\NTCOPY6P.KR8\wund..tion_45ec1bcecca77a53_0002.0000_d3bc77299ece31af\Wunderlist.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\SeaMonkey\seamonkey.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Program Files (x86)\SeaMonkey\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.zonealarm.com/?Source=Homepage&oemCode=ZLN23312474718756-1001&toolbarId=base&affiliateId=1025&Lan=en&utid=e6f87e27000000000000d0df9a1b4281
uURLSearchHooks: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCoup.dll
mURLSearchHooks: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCoup.dll
mWinlogon: Userinit = userinit.exe,
BHO: Coupon Companion Plugin: {11111111-1111-1111-1111-110211181104} - C:\Program Files (x86)\Coupon Companion Plugin\Coupon Companion Plugin.dll
BHO: Zonealarm Helper Object: {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\bh\zonealarm.dll
BHO: {300BEC06-B743-4D19-86B9-11DC711D7FFB} - <orphaned>
BHO: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCoup.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCoup.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: ZoneAlarm Security Toolbar: {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmTlbr.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
uRun: [Google Update] "C:\Users\SpikeNSherry\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [AdobeBridge] <no file>
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\SPIKEN~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\Users\SPIKEN~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{AF2B6F78-8F95-4ADD-84FA-D61E266A4D78} : DHCPNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
x64-BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\
FF - prefs.js: browser.search.selectedEngine - Search By ZoneAlarm
FF - prefs.js: browser.startup.homepage - hxxp://search.zonealarm.com/?Source=Homepage&oemCode=ZLN23312474718756-1001&toolbarId=base&affiliateId=1025&Lan=en&utid=e6f87e27000000000000d0df9a1b4281
FF - prefs.js: keyword.URL - hxxp://search.zonealarm.com/search?Source=Browser&oemCode=ZLN23312474718756-1001&toolbarId=base&affiliateId=1025&Lan=en&utid=e6f87e27000000000000d0df9a1b4281&q={searchTerms}
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\CouponAlert_2pEI\Installr\1.bin\NP2pEISb.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll
FF - plugin: C:\ProgramData\Visan\Reseller2\npRLViewer.dll
FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll
FF - plugin: C:\Users\SpikeNSherry\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2012-12-12 22:38; ffxtlbr@zonealarm.com; C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions\ffxtlbr@zonealarm.com
FF - ExtSQL: 2012-12-12 22:38; {FFB96CC1-7EB3-449D-B827-DB661701C6BB}; C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - ExtSQL: 2013-01-21 15:43; plugin@selectionlinks.com; C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions\plugin@selectionlinks.com
FF - ExtSQL: 2013-01-21 15:43; extension21804@extension21804.com; C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions\extension21804@extension21804.com
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm_i.hmpg - true
FF - user.js: extensions.zonealarm.hmpgUrl - hxxp://search.zonealarm.com/?Source=Homepage&oemCode=ZLN23312474718756-1001&toolbarId=base&affiliateId=1025&Lan=en&utid=e6f87e27000000000000d0df9a1b4281
FF - user.js: extensions.zonealarm.dfltSrch - true
FF - user.js: extensions.zonealarm.srchPrvdr - Search By ZoneAlarm
FF - user.js: extensions.zonealarm.keyWordUrl - hxxp://search.zonealarm.com/search?Source=Browser&oemCode=ZLN23312474718756-1001&toolbarId=base&affiliateId=1025&Lan=en&utid=e6f87e27000000000000d0df9a1b4281&q={searchTerms}
FF - user.js: extensions.zonealarm_i.dnsErr - true
FF - user.js: extensions.zonealarm_i.newTab - true
FF - user.js: extensions.zonealarm.newTabUrl - hxxp://search.zonealarm.com/?Source=Newtab&oemCode=ZLN23312474718756-1001&toolbarId=base&affiliateId=1025&Lan=en&utid=e6f87e27000000000000d0df9a1b4281
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?Source=ToolBar&oemCode=ZLN23312474718756-1001&toolbarId=base&affiliateId=1025&Lan={dfltLng}&utid=e6f87e27000000000000d0df9a1b4281&q=
FF - user.js: extensions.zonealarm.id - e6f87e27000000000000d0df9a1b4281
FF - user.js: extensions.zonealarm.instlDay - 15687
FF - user.js: extensions.zonealarm.vrsn - 1.6.7.4
FF - user.js: extensions.zonealarm.vrsni - 1.6.7.4
FF - user.js: extensions.zonealarm_i.vrsnTs - 1.6.7.422:34:03
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1025
FF - user.js: extensions.zonealarm_i.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - base
FF - user.js: extensions.zonealarm.instlRef - ZLN23312474718756-1001
FF - user.js: extensions.zonealarm.dfltLng - en
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.admin - false
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-5-27 75904]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-5-27 38016]
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-11-15 111968]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-5-27 203264]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-3-9 365568]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 FlipShareServer;FlipShare Server;C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2011-5-6 1085440]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2011-11-3 33712]
R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [2011-11-3 827560]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-5-27 1127448]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-10-14 46136]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-10-14 115216]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2011-5-27 1041760]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-5-27 412776]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-5-27 38456]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\Windows\System32\drivers\BVRPMPR5a64.SYS [2011-12-28 35840]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-8-12 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
ShellExec: PortraitProfessional.exe: open="C:\Program Files (x86)\Portrait Professional Studio 10\PortraitProfessionalStudio.exe" /P "%1"
.
=============== Created Last 30 ================
.
2013-01-23 00:42:08 -------- d-----w- C:\Windows\ERUNTBackups
2013-01-22 07:20:11 -------- d-----w- C:\Users\SpikeNSherry\AppData\Roaming\Malwarebytes
2013-01-22 07:19:44 -------- d-----w- C:\ProgramData\Malwarebytes
2013-01-22 07:19:43 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-01-22 07:19:42 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-01-22 07:19:08 -------- d-----w- C:\Users\SpikeNSherry\AppData\Local\Programs
2013-01-21 20:44:11 -------- d-----w- C:\Users\SpikeNSherry\AppData\Local\Coupon Companion Plugin
2013-01-21 20:43:54 -------- d-----w- C:\Users\SpikeNSherry\AppData\Local\Updater21804
2013-01-21 20:43:50 -------- d-----w- C:\Program Files (x86)\Coupon Companion Plugin
2013-01-21 20:43:38 -------- d-----w- C:\Program Files (x86)\OApps
2013-01-21 19:54:56 -------- d-----w- C:\Users\SpikeNSherry\AppData\Roaming\6Wunderkinder
2013-01-21 19:54:15 -------- d-----w- C:\Users\SpikeNSherry\AppData\Local\Deployment
2013-01-21 19:54:15 -------- d-----w- C:\Users\SpikeNSherry\AppData\Local\Apps
2013-01-21 17:34:50 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-01-21 17:34:50 -------- d-----w- C:\Program Files\iPod
2013-01-21 17:34:49 -------- d-----w- C:\Program Files\iTunes
2013-01-21 17:34:49 -------- d-----w- C:\Program Files (x86)\iTunes
2013-01-21 17:31:54 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2013-01-21 17:31:54 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2013-01-21 17:31:54 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2013-01-21 17:31:54 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2013-01-21 17:31:54 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2013-01-21 17:31:54 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2013-01-21 17:31:54 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2013-01-11 17:44:08 -------- d-----w- C:\Users\SpikeNSherry\AppData\Local\{7A26176F-8E58-4C86-9CC9-6E2E08BDCF6D}
2013-01-11 01:19:19 -------- d-----w- C:\Users\SpikeNSherry\AppData\Local\{E2D1EBCA-54E2-4D60-8EB8-C7C439A69DD6}
2013-01-09 15:42:32 750592 ----a-w- C:\Windows\System32\win32spl.dll
2013-01-09 15:42:32 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-01-09 15:42:15 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2013-01-09 15:42:14 1882624 ----a-w- C:\Windows\System32\msxml3.dll
2013-01-09 15:42:14 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2013-01-09 15:42:13 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2013-01-09 15:42:07 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-01-09 15:42:07 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-01-09 15:40:57 424448 ----a-w- C:\Windows\System32\KernelBase.dll
.
==================== Find3M ====================
.
2013-01-09 15:49:56 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-01-09 15:49:55 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-11-23 03:26:31 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-11-23 03:13:57 68608 ----a-w- C:\Windows\System32\taskhost.exe
2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll
2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2012-11-16 04:33:24 111968 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2012-10-25 08:12:26 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-10-25 08:12:26 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
.
============= FINISH: 20:05:27.32 ===============
:snwelcome:
Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.
Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.
Running programs with Vista or Windows 7 , Right Click and select RUN AS ADMINISTATOR
Still seeing entries in your log for selectionlinks,
Lets do this
Go here (http://www.bleepingcomputer.com/download/adwcleaner/dl/125/) and download AdwCleaner to your desktop
Double click on AdwCleaner.exe to run the tool.
Click on Delete
A logfile will automatically open after the scan has finished.
Please post the content of that logfile in your reply.
You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
http://i24.photobucket.com/albums/c30/ken545/AdwareCleaner.jpg
OTL by OldTimer
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
newsgroupie
2013-01-27, 23:17
Here's the AdwCleaner result. When the computer restarted, I also got a popup that said:
Unable to create file:
C:\Windows\ERDNT\AutoBackup\1-27-13\ERDNT.INF
Registry backup will continue, but no restore information for the ERDNT program will be saved. This means that later restoration of the registry can only be done manually, by using another OS to copy back the files.
I'll now run OTL and post the results.
# AdwCleaner v2.109 - Logfile created 01/27/2013 at 16:45:17
# Updated 26/01/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : SpikeNSherry - SPIKENSHERRY-HP
# Boot Mode : Normal
# Running from : C:\Users\SpikeNSherry\Desktop\AdwCleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
File Deleted : C:\user.js
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\Users\SPIKEN~1\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\searchplugins\zonealarm.xml
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Coupons.com
Folder Deleted : C:\Program Files (x86)\OApps
Folder Deleted : C:\Users\SPIKEN~1\AppData\Local\Temp\Conduit
Folder Deleted : C:\Users\SpikeNSherry\AppData\Local\Conduit
Folder Deleted : C:\Users\SpikeNSherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghnpfkmgeiojiaheaiefkilmjinpoccb
Folder Deleted : C:\Users\SpikeNSherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Folder Deleted : C:\Users\SpikeNSherry\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\SpikeNSherry\AppData\LocalLow\Coupons.com
***** [Registry] *****
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Coupons.com
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{37153479-1976-43C3-A1EE-557513977B64}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{37153479-1976-43C3-A1EE-557513977B64}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2559647
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Coupons.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{37AE00AB-70CA-4E98-B1CE-DC138AE847FA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{37153479-1976-43C3-A1EE-557513977B64}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{37AE00AB-70CA-4E98-B1CE-DC138AE847FA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ghnpfkmgeiojiaheaiefkilmjinpoccb
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1AA95632-4B62-47A6-AA63-ACC7F3C3EFE0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7507D377-7187-4F1A-AD37-54E6C4AF6E9E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{37153479-1976-43C3-A1EE-557513977B64}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Coupons.com Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{37153479-1976-43C3-A1EE-557513977B64}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{37153479-1976-43C3-A1EE-557513977B64}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{37153479-1976-43C3-A1EE-557513977B64}]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Registry is clean.
-\\ Mozilla Firefox v18.0.1 (en-US)
File : C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\prefs.js
C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\user.js ... Deleted !
Deleted : user_pref("extensions.crossriderapp21804.21804.InstallationThankYouPage", true);
Deleted : user_pref("extensions.crossriderapp21804.21804.InstallationTime", 1358801019);
Deleted : user_pref("extensions.crossriderapp21804.21804.InstallationUserSettings.searchUserConifrmation", fal[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.InstallationUserSettings.setHomepage", false);
Deleted : user_pref("extensions.crossriderapp21804.21804.InstallationUserSettings.setNewTab", false);
Deleted : user_pref("extensions.crossriderapp21804.21804.InstallationUserSettings.setSearch", false);
Deleted : user_pref("extensions.crossriderapp21804.21804.active", true);
Deleted : user_pref("extensions.crossriderapp21804.21804.addressbar", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.addressbarenhanced", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.backgroundjs", "\n\n//\n");
Deleted : user_pref("extensions.crossriderapp21804.21804.backgroundver", 5);
Deleted : user_pref("extensions.crossriderapp21804.21804.can_run_bg_code", true);
Deleted : user_pref("extensions.crossriderapp21804.21804.certdomaininstaller", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.changeprevious", false);
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie.InstallationTime.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie.InstallationTime.value", "1358801019");
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie.InstallerParams.expiration", "Fri Feb 01 2030 [...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:0[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_aoi.value", "1358801019");
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_blocklist.expiration", "Tue Jan 22 2013 1[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_blocklist.value", "%22nonexistantdomain.c[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_country_code.expiration", "Tue Jan 29 201[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_country_code.value", "%22US%22");
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:0[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_crr.value", "1358875880");
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_currenttime.value", "%221358875141%22");
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 0[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_hotfix20111102645.value", "%221%22");
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_installer_params.expiration", "Fri Feb 01[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_installer_params.value", "%7B%22source_id[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_installtime.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_installtime.value", "%221357677844%22");
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 20[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_parent_zoneid.value", "%22100086%22");
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_pc_20120828.value", "1358832528771");
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 [...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_product_id.value", "%221322%22");
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:0[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_zoneid.value", "%22134086%22");
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 [...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie.dbtest.value", "1358832517006");
Deleted : user_pref("extensions.crossriderapp21804.21804.description", "Coupon Companion");
Deleted : user_pref("extensions.crossriderapp21804.21804.domain", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.enablesearch", false);
Deleted : user_pref("extensions.crossriderapp21804.21804.fbremoteurl", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.group", 0);
Deleted : user_pref("extensions.crossriderapp21804.21804.homepage", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.iframe", false);
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.InstallerIdentifiers.expiration", "Fri Feb[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.InstallerIdentifiers.value", "%7B%22instal[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_appVer.expiration", "Fri Feb 01 [...]
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_appVer.value", "16");
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_lastVersion.expiration", "Fri Fe[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_lastVersion.value", "1");
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_meta.expiration", "Fri Feb 01 20[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_meta.value", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_nextCheck.expiration", "Tue Jan [...]
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_nextCheck.value", "true");
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_queue.expiration", "Fri Feb 01 2[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_queue.value", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.SoftwareDetected.expiration", "Fri Feb 01 [...]
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.SoftwareDetected.value", "%7B%22AnySoftwar[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.manifesturl", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.name", "Coupon Companion Plugin");
Deleted : user_pref("extensions.crossriderapp21804.21804.newtab", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.opensearch", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1.code", "appAPI._cr_config={appID:fun[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1.name", "base");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1.ver", 3);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000014.code", "Array.prototype.indexO[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000014.ver", 12);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000015.code", "\"CH\"==appAPI.platfor[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000015.name", "GPL Background (BG)");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000015.ver", 7);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_13.code", "(function(a){a.selectedText[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_13.name", "CrossriderAppUtils");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_13.ver", 2);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_14.code", "if(typeof(appAPI)===\"undef[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_14.name", "CrossriderUtils");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_14.ver", 2);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_15.code", "(function(f){var u={};var e[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_15.name", "FacebookFFIE");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_15.ver", 1);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_16.code", "if((typeof isBackground===\[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_16.name", "FFAppAPIWrapper");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_16.ver", 4);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_17.code", "if(typeof window!==\"undefi[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_17.name", "jQuery");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_17.ver", 3);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_21.code", "var CrossriderDebugManager=[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_21.name", "debug");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_21.ver", 3);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_22.code", "(function(a){appAPI.queueMa[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_22.name", "resources");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_22.ver", 2);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_28.code", "var CrossriderInitializerPl[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_28.name", "initializer");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_28.ver", 2);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_4.code", "var jQuery = $jquery_171 = $[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_4.name", "jquery_1_7_1");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_4.ver", 3);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_47.code", "(function(){appAPI.ready=fu[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_47.name", "resources_background");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_47.ver", 1);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_64.code", "(function(){var h=\"__CR_EM[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_64.name", "appApiMessage");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_64.ver", 1);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_72.code", "if(appAPI.__should_activate[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_72.name", "appApiValidation");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_72.ver", 1);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_78.code", "if(typeof jQuery!==\"undefi[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_78.name", "CrossriderInfo");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_78.ver", 2);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins_lists.plugins_0", "4,14,78,16,64,47,72,100001[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins_lists.plugins_1", "17,14,78,13,16,15,64,4,1,2[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins_lists.plugins_5", "4,14,78,13,16,64,47,72");
Deleted : user_pref("extensions.crossriderapp21804.21804.pluginsurl", "hxxp://app-static.crossrider.com/plugin[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.pluginsversion", 13);
Deleted : user_pref("extensions.crossriderapp21804.21804.publisher", "215 Apps");
Deleted : user_pref("extensions.crossriderapp21804.21804.searchstatus", 0);
Deleted : user_pref("extensions.crossriderapp21804.21804.setnewtab", false);
Deleted : user_pref("extensions.crossriderapp21804.21804.settingsurl", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.thankyou", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.updateinterval", 360);
Deleted : user_pref("extensions.crossriderapp21804.21804.ver", 16);
Deleted : user_pref("extensions.crossriderapp21804.adsOldValue", -1);
Deleted : user_pref("extensions.crossriderapp21804.apps", "21804");
Deleted : user_pref("extensions.crossriderapp21804.bic", "13c60baa20bf32f3391c44383649394f");
Deleted : user_pref("extensions.crossriderapp21804.cid", 21804);
Deleted : user_pref("extensions.crossriderapp21804.firstrun", false);
Deleted : user_pref("extensions.crossriderapp21804.hadappinstalled", true);
Deleted : user_pref("extensions.crossriderapp21804.installationdate", 1358832509);
Deleted : user_pref("extensions.crossriderapp21804.lastcheck", 22647817);
Deleted : user_pref("extensions.crossriderapp21804.lastcheckitem", 22647934);
Deleted : user_pref("extensions.crossriderapp21804.modetype", "production");
Deleted : user_pref("extensions.crossriderapp21804.reportInstall", true);
-\\ Google Chrome v24.0.1312.56
File : C:\Users\SpikeNSherry\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[S1].txt - [22371 octets] - [27/01/2013 16:45:17]
########## EOF - C:\AdwCleaner[S1].txt - [22432 octets] ##########
newsgroupie
2013-01-27, 23:23
OTL logfile created on: 1/27/2013 4:56:35 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\SpikeNSherry\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
5.75 Gb Total Physical Memory | 3.37 Gb Available Physical Memory | 58.55% Memory free
11.50 Gb Paging File | 8.84 Gb Available in Paging File | 76.89% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 920.27 Gb Total Space | 710.19 Gb Free Space | 77.17% Space Free | Partition Type: NTFS
Drive D: | 11.15 Gb Total Space | 1.36 Gb Free Space | 12.22% Space Free | Partition Type: NTFS
Drive J: | 1863.01 Gb Total Space | 1340.82 Gb Free Space | 71.97% Space Free | Partition Type: NTFS
Computer Name: SPIKENSHERRY-HP | User Name: SpikeNSherry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\SpikeNSherry\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\SeaMonkey\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\SeaMonkey\seamonkey.exe (mozilla.org)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE (Microsoft Corporation.)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe ()
PRC - C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)
PRC - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Roxio)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
PRC - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
PRC - C:\Program Files (x86)\ERUNT\ERUNT.EXE ()
========== Modules (No Company Name) ==========
MOD - C:\Program Files (x86)\SeaMonkey\mozjs.dll ()
MOD - C:\Program Files (x86)\SeaMonkey\nsldap32v60.dll ()
MOD - C:\Program Files (x86)\SeaMonkey\nsldappr32v60.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
MOD - C:\Program Files (x86)\ERUNT\ERUNT.EXE ()
========== Services (SafeList) ==========
SRV:[b]64bit: - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (vsmon) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE (Microsoft Corporation.)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (FlipShare Service) -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe ()
SRV - (FlipShareServer) -- C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe ()
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (pdfcDispatcher) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (RoxioNow Service) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Roxio)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (AODDriver4.0) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys File not found
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (ISWKL) -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (Vsdatant) -- C:\Windows\SysNative\drivers\vsdatant.sys (Check Point Software Technologies LTD)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (BVRPMPR5a64) -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS (Avanquest Software)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie64.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{E343A018-E46E-484A-B5B4-58F3CA6BB2DC}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKLM\..\SearchScopes\{E343A018-E46E-484A-B5B4-58F3CA6BB2DC}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3033990489-3245640702-141438842-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKU\S-1-5-21-3033990489-3245640702-141438842-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.zonealarm.com/?Source=Homepage&oemCode=ZLN23312474718756-1001&toolbarId=base&affiliateId=1025&Lan=en&utid=e6f87e27000000000000d0df9a1b4281
IE - HKU\S-1-5-21-3033990489-3245640702-141438842-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3033990489-3245640702-141438842-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-3033990489-3245640702-141438842-1001\..\SearchScopes\{247CB95E-3FD3-408A-829C-59D48BE79891}: "URL" = http://search.zonealarm.com/search?Source=Browser&oemCode=ZLN23312474718756-1001&toolbarId=base&affiliateId=1025&Lan=en&utid=e6f87e27000000000000d0df9a1b4281&q={searchTerms}&r=962
IE - HKU\S-1-5-21-3033990489-3245640702-141438842-1001\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE - HKU\S-1-5-21-3033990489-3245640702-141438842-1001\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-3033990489-3245640702-141438842-1001\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKU\S-1-5-21-3033990489-3245640702-141438842-1001\..\SearchScopes\{E343A018-E46E-484A-B5B4-58F3CA6BB2DC}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKU\S-1-5-21-3033990489-3245640702-141438842-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3033990489-3245640702-141438842-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Search By ZoneAlarm"
FF - prefs.js..browser.startup.homepage: "http://search.zonealarm.com/?Source=Homepage&oemCode=ZLN23312474718756-1001&toolbarId=base&affiliateId=1025&Lan=en&utid=e6f87e27000000000000d0df9a1b4281"
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40zonealarm.com:1.6.0
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.6
FF - prefs.js..extensions.enabledAddons: extension21804%40extension21804.com:0.87.11
FF - prefs.js..extensions.enabledAddons: plugin%40selectionlinks.com:1.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..keyword.URL: "http://search.zonealarm.com/search?Source=Browser&oemCode=ZLN23312474718756-1001&toolbarId=base&affiliateId=1025&Lan=en&utid=e6f87e27000000000000d0df9a1b4281&q={searchTerms}"
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@ei.CouponAlert_2p.com/Plugin: C:\Program Files (x86)\CouponAlert_2pEI\Installr\1.bin\NP2pEISB.dll (CouponAlert)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@photoproduct.rocketlife.com/RocketLife App Viewer v0.9;version=0.9: C:\ProgramData\Visan\Reseller2\npRLViewer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\SpikeNSherry\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\SpikeNSherry\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2012/12/12 22:38:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2012/12/12 22:38:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/21 09:19:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/21 09:19:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/01/21 12:31:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013/01/21 12:31:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.15.1\extensions\\Components: C:\Program Files (x86)\SeaMonkey\components [2013/01/22 10:39:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.15.1\extensions\\Plugins: C:\Program Files (x86)\SeaMonkey\plugins [2013/01/21 12:31:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/21 09:19:50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/21 09:19:46 | 000,000,000 | ---D | M]
[2011/08/11 17:23:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Extensions
[2013/01/22 00:28:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions
[2013/01/21 15:43:52 | 000,000,000 | ---D | M] ("Coupon Companion Plugin") -- C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions\extension21804@extension21804.com
[2012/12/12 22:38:34 | 000,000,000 | ---D | M] (zonealarm.com) -- C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions\ffxtlbr@zonealarm.com
[2013/01/21 15:43:44 | 000,000,000 | ---D | M] (SelectionLinks) -- C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions\plugin@selectionlinks.com
[2013/01/21 15:43:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions\extension21804@extension21804.com\chrome
[2013/01/21 15:43:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions\extension21804@extension21804.com\defaults
[2013/01/21 15:43:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions\extension21804@extension21804.com\locale
[2013/01/21 15:43:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions\extension21804@extension21804.com\skin
[2013/01/21 15:43:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions\extension21804@extension21804.com\chrome\content\extensionCode
[2012/09/20 08:05:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\SeaMonkey\Profiles\6sht0boo.default\extensions
[2012/09/20 08:05:33 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\SeaMonkey\Profiles\6sht0boo.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2012/09/05 20:30:57 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\SeaMonkey\Profiles\6sht0boo.default\extensions\inspector@mozilla.org
[2013/01/22 00:28:22 | 000,266,840 | ---- | M] () (No name found) -- C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013/01/21 09:19:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/01/21 09:19:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/01/21 09:19:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/01/21 09:19:50 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/01/03 18:11:01 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2012/06/20 11:56:43 | 000,091,584 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2012/06/20 11:56:44 | 000,091,584 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/11/03 11:17:22 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/11/03 11:17:22 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com/
CHR - Extension: No name found = C:\Users\SpikeNSherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: No name found = C:\Users\SpikeNSherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: No name found = C:\Users\SpikeNSherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\jneaojaoiajhnemidnjhoempalnidbhj\1.21.11_0\crossrider
CHR - Extension: No name found = C:\Users\SpikeNSherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\jneaojaoiajhnemidnjhoempalnidbhj\1.21.11_0\
CHR - Extension: No name found = C:\Users\SpikeNSherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: No name found = C:\Users\SpikeNSherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
CHR - Extension: No name found = C:\Users\SpikeNSherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppcjiigginhdhihbdlejjoekeemjaiml\1.1_0\
O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Coupon Companion Plugin) - {11111111-1111-1111-1111-110211181104} - C:\Program Files (x86)\Coupon Companion Plugin\Coupon Companion Plugin.dll (215 Apps)
O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\bh\zonealarm.dll (Montera Technologeis LTD)
O2 - BHO: (no name) - {300BEC06-B743-4D19-86B9-11DC711D7FFB} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\S-1-5-21-3033990489-3245640702-141438842-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3033990489-3245640702-141438842-1001..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-3033990489-3245640702-141438842-1001..\Run: [Wunderlist] C:\Users\SpikeNSherry\AppData\Local\Apps\2.0\HB26BHGH.X03\NTCOPY6P.KR8\wund..tion_45ec1bcecca77a53_0002.0000_d3bc77299ece31af\Wunderlist.exe (6 Wunderkinder GmbH)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\SpikeNSherry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\SpikeNSherry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF2B6F78-8F95-4ADD-84FA-D61E266A4D78}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\gopher - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/01/22 19:42:08 | 000,000,000 | ---D | C] -- C:\Windows\ERUNTBackups
[2013/01/22 19:40:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2013/01/22 19:40:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2013/01/22 02:20:11 | 000,000,000 | ---D | C] -- C:\Users\SpikeNSherry\AppData\Roaming\Malwarebytes
[2013/01/22 02:19:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/22 02:19:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/01/22 02:19:43 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/01/22 02:19:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/01/22 02:19:08 | 000,000,000 | ---D | C] -- C:\Users\SpikeNSherry\AppData\Local\Programs
[2013/01/21 15:44:11 | 000,000,000 | ---D | C] -- C:\Users\SpikeNSherry\AppData\Local\Coupon Companion Plugin
[2013/01/21 15:43:54 | 000,000,000 | ---D | C] -- C:\Users\SpikeNSherry\AppData\Local\Updater21804
[2013/01/21 15:43:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Coupon Companion Plugin
[2013/01/21 14:54:56 | 000,000,000 | ---D | C] -- C:\Users\SpikeNSherry\AppData\Roaming\6Wunderkinder
[2013/01/21 14:54:15 | 000,000,000 | ---D | C] -- C:\Users\SpikeNSherry\AppData\Local\Deployment
[2013/01/21 14:54:15 | 000,000,000 | ---D | C] -- C:\Users\SpikeNSherry\AppData\Local\Apps
[2013/01/21 12:36:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2013/01/21 12:35:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/01/21 12:34:50 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/01/21 12:34:50 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/01/21 12:34:49 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/01/21 12:34:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/01/21 12:31:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013/01/21 12:31:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2013/01/21 12:30:18 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/01/21 09:19:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/01/11 12:44:08 | 000,000,000 | ---D | C] -- C:\Users\SpikeNSherry\AppData\Local\{7A26176F-8E58-4C86-9CC9-6E2E08BDCF6D}
[2013/01/11 10:16:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/01/10 22:38:38 | 000,000,000 | ---D | C] -- C:\Users\SpikeNSherry\Desktop\New folder
[2013/01/10 20:19:19 | 000,000,000 | ---D | C] -- C:\Users\SpikeNSherry\AppData\Local\{E2D1EBCA-54E2-4D60-8EB8-C7C439A69DD6}
[2013/01/09 10:42:32 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/01/09 10:42:32 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013/01/09 10:42:07 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013/01/09 10:41:59 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2013/01/09 10:41:51 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs
[2013/01/09 10:41:51 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs
[2013/01/09 10:41:51 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs
[2013/01/09 10:41:51 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs
[2013/01/09 10:41:51 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs
[2013/01/09 10:41:51 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs
[2013/01/09 10:41:51 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs
[2013/01/09 10:41:51 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs
[2013/01/09 10:41:51 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs
[2013/01/09 10:41:51 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs
[2013/01/09 10:41:51 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs
[2013/01/09 10:41:51 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs
[2013/01/09 10:41:50 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2013/01/09 10:41:50 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2013/01/09 10:41:50 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
[2013/01/09 10:41:50 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll
[2013/01/09 10:41:50 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs
[2013/01/09 10:41:50 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs
[2013/01/09 10:41:50 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs
[2013/01/09 10:41:50 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs
[2013/01/09 10:41:50 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs
[2013/01/09 10:41:50 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs
[2013/01/09 10:41:50 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs
[2013/01/09 10:41:50 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs
[2013/01/09 10:41:49 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs
[2013/01/09 10:41:49 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs
[2013/01/09 10:41:49 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs
[2013/01/09 10:41:49 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs
[2013/01/09 10:41:49 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs
[2013/01/09 10:41:49 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs
[2013/01/09 10:41:49 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs
[2013/01/09 10:41:49 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs
[2013/01/09 10:40:57 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013/01/09 10:40:51 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013/01/09 10:40:50 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013/01/09 10:40:50 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013/01/09 10:40:50 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/01/09 10:40:50 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/01/09 10:40:50 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013/01/09 10:40:50 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/01/09 10:40:50 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013/01/09 10:40:49 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/01/09 10:40:49 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/01/09 10:40:49 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/01/09 10:40:49 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/01/09 10:40:49 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/09 10:40:49 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/09 10:40:49 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/09 10:40:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/09 10:40:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/09 10:40:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/01/09 10:40:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/01/09 10:40:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/01/09 10:40:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/09 10:40:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/09 10:40:48 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/01/09 10:40:48 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/01/09 10:40:48 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/01/09 10:40:48 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/09 10:40:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/01/09 10:40:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/01/09 10:40:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/09 10:40:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/01/09 10:40:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/09 10:40:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/01/09 10:40:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/01/09 10:40:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/01/09 10:40:23 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/01/27 16:58:29 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/27 16:58:29 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/27 16:50:07 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/27 16:49:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/27 16:49:31 | 334,979,071 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/27 16:43:19 | 000,580,235 | ---- | M] () -- C:\Users\SpikeNSherry\Desktop\AdwCleaner.exe
[2013/01/27 16:43:00 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\WpsUpdateTask_SpikeNSherry.job
[2013/01/27 16:39:50 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/27 16:39:20 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3033990489-3245640702-141438842-1001UA.job
[2013/01/27 16:39:20 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/27 11:24:09 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3033990489-3245640702-141438842-1001Core.job
[2013/01/23 17:02:32 | 000,002,410 | ---- | M] () -- C:\Users\SpikeNSherry\Desktop\Google Chrome.lnk
[2013/01/22 20:19:36 | 000,003,980 | ---- | M] () -- C:\Users\SpikeNSherry\Desktop\attach.zip
[2013/01/22 19:40:58 | 000,001,106 | ---- | M] () -- C:\Users\SpikeNSherry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/01/22 10:39:46 | 000,002,008 | ---- | M] () -- C:\Users\SpikeNSherry\Application Data\Microsoft\Internet Explorer\Quick Launch\SeaMonkey.lnk
[2013/01/21 15:43:58 | 000,000,952 | ---- | M] () -- C:\Users\SpikeNSherry\Desktop\Install Wunderlist.lnk
[2013/01/21 12:35:17 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/01/19 16:30:05 | 000,779,724 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/19 16:30:05 | 000,660,520 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/19 16:30:05 | 000,121,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/15 09:49:45 | 000,002,057 | ---- | M] () -- C:\Users\Public\Desktop\Lightroom 4.3 64-bit.lnk
[2013/01/14 14:46:11 | 000,000,360 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSpikeNSherry.job
[2013/01/11 10:16:57 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/01/10 21:24:01 | 000,043,008 | ---- | M] () -- C:\Users\SpikeNSherry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/01/10 17:26:14 | 016,262,499 | ---- | M] () -- C:\Users\SpikeNSherry\Desktop\2013-01-10 17 26 14.AVI
[2013/01/10 03:35:53 | 005,700,720 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/10 03:34:40 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSPIKENSHERRY-HP$.job
[2013/01/10 03:15:31 | 000,773,448 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/01/09 10:49:56 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/01/09 10:49:55 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/01/27 16:43:18 | 000,580,235 | ---- | C] () -- C:\Users\SpikeNSherry\Desktop\AdwCleaner.exe
[2013/01/22 20:19:36 | 000,003,980 | ---- | C] () -- C:\Users\SpikeNSherry\Desktop\attach.zip
[2013/01/22 19:40:58 | 000,001,106 | ---- | C] () -- C:\Users\SpikeNSherry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/01/21 15:43:58 | 000,000,952 | ---- | C] () -- C:\Users\SpikeNSherry\Desktop\Install Wunderlist.lnk
[2013/01/21 12:35:17 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/01/15 09:49:45 | 000,002,077 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 4.3 64-bit.lnk
[2013/01/15 09:49:45 | 000,002,057 | ---- | C] () -- C:\Users\Public\Desktop\Lightroom 4.3 64-bit.lnk
[2013/01/10 17:26:14 | 016,262,499 | ---- | C] () -- C:\Users\SpikeNSherry\Desktop\2013-01-10 17 26 14.AVI
[2012/01/30 14:22:32 | 000,000,606 | ---- | C] () -- C:\Windows\ULM.INI
[2011/11/13 11:17:06 | 000,044,544 | ---- | C] () -- C:\Windows\SysWow64\gif89.dll
[2011/11/13 11:16:05 | 000,000,531 | ---- | C] () -- C:\Windows\SIERRA.INI
[2011/10/09 10:11:40 | 000,043,008 | ---- | C] () -- C:\Users\SpikeNSherry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/28 14:22:49 | 000,009,136 | ---- | C] () -- C:\Windows\SysWow64\INETWH16.DLL
[2011/08/11 23:19:31 | 000,000,074 | ---- | C] () -- C:\Windows\MPLAYER.INI
[2011/08/11 23:18:02 | 000,338,944 | ---- | C] () -- C:\Windows\SysWow64\lffpx7.dll
[2011/08/11 23:18:02 | 000,122,880 | ---- | C] () -- C:\Windows\SysWow64\LFKODAK.DLL
[2011/08/11 23:02:23 | 000,000,126 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2011/05/27 17:29:49 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/05/27 17:26:01 | 000,002,110 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/03/09 21:59:14 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/03/03 23:04:58 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2011/02/11 12:15:43 | 000,773,448 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
========== ZeroAccess Check ==========
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013/01/11 10:16:57 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2013/01/11 10:16:57 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2013/01/21 14:54:56 | 000,000,000 | ---D | M] -- C:\Users\SpikeNSherry\AppData\Roaming\6Wunderkinder
[2011/10/04 15:20:08 | 000,000,000 | ---D | M] -- C:\Users\SpikeNSherry\AppData\Roaming\Anthropics
[2012/12/12 20:43:13 | 000,000,000 | ---D | M] -- C:\Users\SpikeNSherry\AppData\Roaming\AVG2013
[2011/08/14 08:29:51 | 000,000,000 | ---D | M] -- C:\Users\SpikeNSherry\AppData\Roaming\Blio
[2011/10/26 15:59:31 | 000,000,000 | ---D | M] -- C:\Users\SpikeNSherry\AppData\Roaming\Catalina Marketing Corp
[2012/03/26 21:15:58 | 000,000,000 | ---D | M] -- C:\Users\SpikeNSherry\AppData\Roaming\CheckPoint
[2011/10/09 10:11:23 | 000,000,000 | ---D | M] -- C:\Users\SpikeNSherry\AppData\Roaming\Flip Video
[2012/09/15 15:39:39 | 000,000,000 | ---D | M] -- C:\Users\SpikeNSherry\AppData\Roaming\Foxit Software
[2012/09/26 16:56:10 | 000,000,000 | ---D | M] -- C:\Users\SpikeNSherry\AppData\Roaming\IrfanView
[2012/09/15 15:39:55 | 000,000,000 | ---D | M] -- C:\Users\SpikeNSherry\AppData\Roaming\Kingsoft
[2012/06/24 20:56:51 | 000,000,000 | ---D | M] -- C:\Users\SpikeNSherry\AppData\Roaming\Leadertech
[2011/08/13 14:44:10 | 000,000,000 | ---D | M] -- C:\Users\SpikeNSherry\AppData\Roaming\OpenOffice.org
[2012/03/16 08:15:25 | 000,000,000 | ---D | M] -- C:\Users\SpikeNSherry\AppData\Roaming\OverDrive
[2011/10/21 11:21:44 | 000,000,000 | ---D | M] -- C:\Users\SpikeNSherry\AppData\Roaming\SoftGrid Client
[2012/10/25 20:07:53 | 000,000,000 | ---D | M] -- C:\Users\SpikeNSherry\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/08/12 16:04:50 | 000,000,000 | ---D | M] -- C:\Users\SpikeNSherry\AppData\Roaming\StatTrak Address Manager BE
[2011/08/11 21:58:29 | 000,000,000 | ---D | M] -- C:\Users\SpikeNSherry\AppData\Roaming\Thunderbird
[2011/08/11 17:04:22 | 000,000,000 | ---D | M] -- C:\Users\SpikeNSherry\AppData\Roaming\TP
[2012/12/12 20:21:34 | 000,000,000 | ---D | M] -- C:\Users\SpikeNSherry\AppData\Roaming\TuneUp Software
[2012/03/12 09:46:12 | 000,000,000 | ---D | M] -- C:\Users\SpikeNSherry\AppData\Roaming\Visan
[2011/10/21 08:40:56 | 000,000,000 | ---D | M] -- C:\Users\SpikeNSherry\AppData\Roaming\WinBatch
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 180 bytes -> C:\ProgramData\Temp:3EFB0FE0
< End of report >
newsgroupie
2013-01-27, 23:24
*************************************
*************************************
OTL Extras logfile created on: 1/27/2013 4:56:35 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\SpikeNSherry\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
5.75 Gb Total Physical Memory | 3.37 Gb Available Physical Memory | 58.55% Memory free
11.50 Gb Paging File | 8.84 Gb Available in Paging File | 76.89% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 920.27 Gb Total Space | 710.19 Gb Free Space | 77.17% Space Free | Partition Type: NTFS
Drive D: | 11.15 Gb Total Space | 1.36 Gb Free Space | 12.22% Space Free | Partition Type: NTFS
Drive J: | 1863.01 Gb Total Space | 1340.82 Gb Free Space | 71.97% Space Free | Partition Type: NTFS
Computer Name: SPIKENSHERRY-HP | User Name: SpikeNSherry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3033990489-3245640702-141438842-1001\SOFTWARE\Classes\<extension>]
.html [@ = SeaMonkeyHTML] -- C:\Program Files (x86)\SeaMonkey\seamonkey.exe (mozilla.org)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01261E28-118A-4FA6-ACC4-4192DAD0C7A0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0A041594-5F13-483D-B428-8C14ECD41037}" = lport=138 | protocol=17 | dir=in | app=system |
"{12081702-F93B-47E5-891F-4FEE193B8CC7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2465A2EF-73D3-447D-B33A-3745041AEC74}" = rport=137 | protocol=17 | dir=out | app=system |
"{251D3321-4745-4674-8D1D-B1D99A1DB39D}" = lport=445 | protocol=6 | dir=in | app=system |
"{25C384F4-3B38-40FA-96C0-BB1721CBB051}" = lport=139 | protocol=6 | dir=in | app=system |
"{37C03FE8-F858-4A93-8DD8-4C11CC390491}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{39D3DBD0-03E5-4E75-8F4D-74DE0242B4AC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{449ACE54-E6A9-4F81-B19A-5F01146B61AA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{506F084D-F29D-46ED-B9FD-8459D678AFAD}" = lport=24727 | protocol=6 | dir=in | name=flipshareserver |
"{572CC0B6-F6FE-4158-9598-1F8CEAE3E7AD}" = lport=137 | protocol=17 | dir=in | app=system |
"{68F80862-D638-45BC-B506-A15CDAD42BC9}" = lport=10243 | protocol=6 | dir=in | app=system |
"{7267E0C9-ADAF-497F-BE06-AA876D25A2C0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7400E459-B127-4B8D-B737-E922C690916A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{78C738BB-EB6E-46B7-ACCD-26B6FFC7DA0A}" = rport=138 | protocol=17 | dir=out | app=system |
"{8E00FFAA-7739-4646-8183-61A6F818BA7D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A3351D23-83E9-411B-B48E-08C510E8FB71}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AE1D4019-6D7C-40E5-BFFE-0E07CBBE8CDB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B192C510-ECDC-4111-B841-E81B091D6F96}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B3285455-7F0F-4710-89A2-0485D7C14B80}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{B5CB6B39-5214-4530-B13B-E482E157C2D8}" = rport=139 | protocol=6 | dir=out | app=system |
"{CB68DC7E-69E1-4C06-A050-87913CD891E3}" = rport=445 | protocol=6 | dir=out | app=system |
"{CFE9864A-5204-4370-9D7F-661FAA2EB9F5}" = lport=24726 | protocol=6 | dir=in | name=flipshareserver |
"{DE9442E4-90DE-47C6-8803-A6CD2C465F09}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{E7D76440-776A-485F-A40A-0EB91D751623}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E8324D60-1FA4-450E-BB8E-E416C92D55CE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{ED28E794-B1E1-45D3-8418-A727A46C5EEA}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{FC84263A-1209-4D38-AEE8-7D9D563852FB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00783FCE-5430-46FA-B46B-4B1654C0C861}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{02EE9A7A-5BE3-4093-900A-2A4E26114107}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{0EAE7DE0-C66E-45C0-9687-C2C57A406092}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{0FFCD2F5-DCCA-44A0-9682-0F4250B0E930}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{15C5E93A-8A64-484D-A6A1-C5E07A23918D}" = protocol=6 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
"{18421239-EFC4-47FD-943B-43010E7846AC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1BDC206A-2F2E-4482-BCCC-167A2147FBEC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1E662313-53F8-4317-AC7D-6B194FDB77B9}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2B0C29FD-F9DE-4C99-8E4D-84DCC1EC6279}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2B90848F-FBE0-47CA-BB35-46A67A88FC61}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2E7504FD-0A00-4856-A3FE-8F6DCC40AD06}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{2FA7F4D2-5D8A-47CB-A8B9-9C1DE5813DD1}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{303935DF-BE04-4CCA-82CC-147A9C59BADE}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{30AE6967-31BD-4DDE-94C3-C3662B6D2507}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{48D9EEC1-43E3-4D37-B0F5-A65E842F1F03}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{580BADBA-C013-4663-B4A6-C4941E26ED79}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{5909CA19-3E8A-4D8A-9D2F-1B9339F78493}" = protocol=17 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
"{5B620378-FF0B-488E-B726-5DA509C0E904}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{6540F685-1A70-4F5C-886B-CA18F07D7E00}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{66B04AA5-AC28-43B1-AC7B-BD3557C47E05}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{6772E732-37AA-4312-9A23-401DBCD4B414}" = protocol=6 | dir=out | app=system |
"{695C0ED9-CB4A-4061-8990-502A343771EC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6E333FDB-FB0D-4F4D-A4FC-DEC6B012682E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6E8E330C-74D1-416E-8DC5-5BAD8262EF93}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{8978CB2A-7850-44F6-A8E9-869C31595589}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\remote graphics receiver\rgreceiver.exe |
"{8E89A8F6-FA50-40DA-8481-9891B6C073CC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{909D6DCB-9787-4690-B92C-AC1B6638E023}" = protocol=17 | dir=out | app=c:\program files (x86)\hewlett-packard\hp linkup\hp linkup viewer.exe |
"{90EA58BC-86D9-4AD0-8A97-A3202BC71C33}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{93167E71-9A7B-42CF-B41F-376C2C38C888}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{9469E0C2-A50A-455A-91CF-5BDF2A262C0E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9859E492-FC8F-4C4F-BB9D-EDAA28D812AF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9C9E82B6-7A88-40DE-B406-EF87F26F984F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9F97BE1F-B377-4FD8-803F-5F5EC9016ED9}" = protocol=6 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe |
"{A123DEB2-716F-48AB-B189-6933FC68237E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AB12FA20-DC6A-4B2D-825B-D66212F6A3E4}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{ABCE90F3-6DCB-46E3-BE8E-74621517E65C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B1DF029B-E90C-416D-9E23-0764B861FA7B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{BA8E497B-2844-411F-8FBF-3A0463675B1D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{BCB2BF82-0327-44EA-A8D8-8E28F3145C67}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{BE774C02-598F-4C7F-98E8-0475ED44B60E}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{C5B968E3-F969-447C-8F61-7A7DEB8073CE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C8D96F19-D595-4C06-BC8B-C0023DADA092}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{CA068C7F-4435-438F-BE0D-5BEFFAC71F9E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CC58904D-2FAA-406C-8B16-C175BBF8E665}" = protocol=17 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe |
"{D43FEAB8-2E33-4971-9BCB-9878F8F451FE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D476880C-463B-44D3-8F26-06FACF019186}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{D4D70601-093B-4A14-8034-5E80890AD6F0}" = protocol=6 | dir=out | app=c:\program files (x86)\hewlett-packard\remote graphics receiver\rgreceiver.exe |
"{E634887B-2CC3-41B7-BF94-390A76472B70}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{EF5D5A59-C987-470C-8775-F1B5BB951EB8}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\hp linkup\hp linkup viewer.exe |
"{F5B01BA2-A9C8-45B1-9D5D-C2EC4A591C19}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{28D77718-AB40-E3B0-E8B3-FC116733A8EC}" = AMD Fuel
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{502275B0-3DA3-44D8-8702-066525CAAE98}" = AVG 2013
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5F146AD2-9F9B-5284-CD9D-40C881E3ACEC}" = ATI Problem Report Wizard
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8E9405C3-4A81-A757-1670-56B202B46F3C}" = ATI Catalyst Install Manager
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A94AABAE-52F0-48C4-9F94-A4CA4B423576}" = Adobe Photoshop Lightroom 3.2 64-bit
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B9D80BD8-C6F4-467C-9717-0ABA9684DA29}" = AVG 2013
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{BFAB7835-55A2-41CD-AE66-F673BCA4E49F}" = AVG 2013
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{D759947B-8C5A-4480-B0DB-FC391F061C85}" = Adobe Photoshop Lightroom 4.3 64-bit
"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EC68FF2E-B3B9-5FE3-7CEA-EB9F11E35C80}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2013
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{075A7877-02CA-4B15-8534-1211712A8E79}" = ZoneAlarm Firewall
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player
"{0EF1A184-EF65-C37A-4A0B-C612EE8A93D2}" = Catalyst Control Center InstallProxy
"{10900ADA-A280-4fd4-ADC6-FC290B758283}" = BreezeBrowser Pro
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
"{16FC3056-90C0-4757-8A68-64D8DA846ADA}" = Remote Graphics Receiver
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BD9E24B-DB16-491C-8092-F158664BB9F6}" = ZoneAlarm Security
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{210A03F5-B2ED-4947-B27E-516F50CBB292}" = HP Setup
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 37
"{27DB7300-9E75-FE1C-E2D0-0D22BB6175E0}" = CCC Help Danish
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{30C57796-858D-AA2B-85E4-AE805D68DC4D}" = CCC Help Korean
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{39C45959-76CF-A998-48BE-B49468D6C22F}" = CCC Help Thai
"{3A73C1A2-67B0-FFA3-50DC-A20F1108C08C}" = CCC Help Greek
"{3C61B7BD-981C-DFCF-C77D-F852A7D08DD9}" = CCC Help Spanish
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{465210C4-595A-BD80-44E8-E0457D9D8432}" = Zinio Reader 4
"{47E3E895-A798-433E-C440-A4805A5FDA10}" = CCC Help English
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51071D66-D034-4239-94E0-723FCA10B6FE}" = OpenOffice.org 3.4
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5FE545A1-D215-4216-9189-E7B39C9D1CC1}" = Quicken 2011
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{67E88DA1-E3B7-AED7-AF6C-5D5FB7BC47CB}" = CCC Help Finnish
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.1.0
"{7041C0CA-92D9-5E56-0CAD-552A3250652D}" = CCC Help French
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72E5C6B2-59C3-694C-27B7-21C910F24428}" = CCC Help Norwegian
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{75882478-B0CA-CF91-01D2-91FFB8EC0FAA}" = HydraVision
"{76341DEA-A1BC-F84F-58CD-1D0FAFDD2301}" = Catalyst Control Center Localization All
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}" = HP Support Information
"{81E970B6-6615-82B4-AC79-26EFB0749E3E}" = CCC Help Hungarian
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86C1A488-24AD-42F0-BCEF-FDB11FC2BEFA}" = NetZero For Riverdeep
"{86FAA380-5CB7-4D55-029B-32AD650CB142}" = CCC Help Italian
"{87156DCA-AF4C-5F12-94A7-BCB5D9E92E13}" = CCC Help German
"{87F17692-2C1A-429C-9A77-7DB1E16F6EF9}" = Catalyst Control Center - Branding
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D1F8068-D0AD-B84C-AD8A-3E97A98BCCB1}" = CCC Help Swedish
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{90D3946F-869E-5B31-1590-7669700FB37B}" = CCC Help Turkish
"{912CED74-88D3-4C5B-ACB0-132318649765}" = PressReader
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}" = Blio
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{97C658D2-61FB-027F-0D76-E9CDC84AFEC7}" = FlipShare
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{BB760C1D-98F4-4E38-8CC4-3B67329AA981}" = HP MediaSmart/TouchSmart Netflix
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C1AD9241-3ADD-483F-914D-071F3E50855A}" = HP LinkUp
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C5A75273-F01A-4E87-B64F-66F7163C99CA}" = CCC Help Japanese
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8E3F3C9-AC0C-43A2-1AB7-D2D83EF68211}" = CCC Help Portuguese
"{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}" = HP Support Assistant
"{CB491E58-DE63-17A9-1992-78DF639A88D5}" = CCC Help Russian
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D647F06F-2908-487E-9CDA-DE52148CBF49}" = OverDrive Media Console
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DC5FF599-AFB0-EF94-5786-C49B138B106B}" = CCC Help Chinese Traditional
"{DD6905D5-6B2A-1088-FDB2-77E4FBD7BB9D}" = CCC Help Chinese Standard
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E23FC608-7808-6573-FBC3-47F3F78F07E8}" = CCC Help Czech
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4693F7C-22CB-65B1-1865-0C8865E1F5EC}" = Image Finder
"{E4BB2289-65F7-28A8-D0D5-26CB389EC688}" = CCC Help Polish
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E92418A7-C81C-9917-E322-ABEC0E689BB9}" = AMD VISION Engine Control Center
"{E95130D6-49DA-418C-BEB3-0F4E75F04A15}" = Calendar Creator
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F44C5224-EACA-EED8-143D-7240B2FE9322}" = CCC Help Dutch
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Coupon Companion Plugin" = Coupon Companion Plugin
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"ERUNT_is1" = ERUNT 1.1j
"Family Tree Maker" = Family Tree Maker 8.0
"Foxit Reader_is1" = Foxit Office Suite
"FTP Commander" = FTP Commander
"ImageFinderV1.0" = Image Finder
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"Kingsoft Office" = Kingsoft Office 2012 (8.1.0.3032)
"Kobo" = Kobo
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"MasterCook 5: Deluxe Edition" = MasterCook 5: Deluxe Edition
"Mozilla Firefox 18.0.1 (x86 en-US)" = Mozilla Firefox 18.0.1 (x86 en-US)
"Mozilla Thunderbird (5.0)" = Mozilla Thunderbird (5.0)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"PDF Complete" = PDF Complete Special Edition
"PortraitProfessional10_is1" = Portrait Professional 10.5
"PortraitProfessional10Trial_is1" = Portrait Professional 10.5 Trial
"PortraitProfessionalStudio10_is1" = Portrait Professional Studio 10.8
"RocketLife" = RocketLife
"SeaMonkey 2.15.1 (x86 en-US)" = SeaMonkey 2.15.1 (x86 en-US)
"StatTrak Address Manager Business Edition" = StatTrak Address Manager Business Edition
"Tax Forms Helper 2011_is1" = Tax Forms Helper 2011 10.0
"Ultimate Label Maker" = Ultimate Label Maker
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WONswap" = WONswap
"WT087328" = Blackhawk Striker 2
"WT087330" = Bounce Symphony
"WT087335" = Build-a-lot 2
"WT087343" = Dora's World Adventure
"WT087393" = Mah Jong Medley
"WT087394" = Penguins!
"WT087395" = Poker Superstars III
"WT087396" = Polar Bowler
"WT087397" = Polar Golfer
"WT087415" = Wheel of Fortune 2
"WT087536" = Diner Dash 2 Restaurant Rescue
"WT089307" = Virtual Villagers 4 - The Tree of Life
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089359" = Cake Mania
"WT089362" = Agatha Christie - Peril at End House
"WT089453" = Bejeweled 2 Deluxe
"WT089454" = Chuzzle Deluxe
"WT089455" = Zuma Deluxe
"WT089457" = Slingo Supreme
"WT089458" = Plants vs. Zombies - Game of the Year
"WT089470" = FATE - The Traitor Soul
"WT089484" = Namco All-Stars PAC-MAN
"WT089496" = Mystery P.I. - Stolen in San Francisco
"WT089498" = Bejeweled 3
"Xenu's Link Sleuth" = Xenu's Link Sleuth
"ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1" = Zinio Reader 4
"ZoneAlarm Free Firewall" = ZoneAlarm Free Firewall
"ZoneAlarm Security Toolbar" = ZoneAlarm Security Toolbar
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3033990489-3245640702-141438842-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"HuluDesktop" = Hulu Desktop
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 1/22/2013 7:23:11 PM | Computer Name = SpikeNSherry-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 1/22/2013 7:23:11 PM | Computer Name = SpikeNSherry-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7005
Error - 1/22/2013 7:23:11 PM | Computer Name = SpikeNSherry-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7005
Error - 1/26/2013 2:25:50 PM | Computer Name = SpikeNSherry-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 1/26/2013 2:25:51 PM | Computer Name = SpikeNSherry-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1046
Error - 1/26/2013 2:25:51 PM | Computer Name = SpikeNSherry-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1046
Error - 1/26/2013 2:25:52 PM | Computer Name = SpikeNSherry-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 1/26/2013 2:25:52 PM | Computer Name = SpikeNSherry-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2278
Error - 1/26/2013 2:25:52 PM | Computer Name = SpikeNSherry-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2278
Error - 1/27/2013 5:50:38 PM | Computer Name = SpikeNSherry-HP | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 1/25/2013 1:33:18 AM | Computer Name = SpikeNSherry-HP | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
the following error: %%109
Error - 1/25/2013 1:33:18 AM | Computer Name = SpikeNSherry-HP | Source = DCOM | ID = 10005
Description =
Error - 1/25/2013 10:29:20 AM | Computer Name = SpikeNSherry-HP | Source = Service Control Manager | ID = 7034
Description = The Google Update Service (gupdate) service terminated unexpectedly.
It has done this 2 time(s).
Error - 1/25/2013 10:29:50 AM | Computer Name = SpikeNSherry-HP | Source = DCOM | ID = 10010
Description =
Error - 1/27/2013 4:10:09 AM | Computer Name = SpikeNSherry-HP | Source = DCOM | ID = 10010
Description =
Error - 1/27/2013 12:24:08 PM | Computer Name = SpikeNSherry-HP | Source = DCOM | ID = 10005
Description =
Error - 1/27/2013 12:24:08 PM | Computer Name = SpikeNSherry-HP | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
the following error: %%109
Error - 1/27/2013 5:49:52 PM | Computer Name = SpikeNSherry-HP | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5
Error - 1/27/2013 5:50:18 PM | Computer Name = SpikeNSherry-HP | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5
Error - 1/27/2013 5:50:55 PM | Computer Name = SpikeNSherry-HP | Source = Service Control Manager | ID = 7000
Description = The AODDriver4.0 service failed to start due to the following error:
%%2
< End of report >
Hi,
Did you install Coupon Companion ? It contains Adware
Open OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:processes
killallprocesses
:OTL
PRC - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
PRC - C:\Program Files (x86)\ERUNT\ERUNT.EXE ()
MOD - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
MOD - C:\Program Files (x86)\ERUNT\ERUNT.EXE ()
O2 - BHO: (no name) - {300BEC06-B743-4D19-86B9-11DC711D7FFB} - No CLSID value found.
[2013/01/22 19:42:08 | 000,000,000 | ---D | C] -- C:\Windows\ERUNTBackups
[2013/01/22 19:40:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2013/01/22 19:40:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
:Services
:Reg
:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]
Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces
newsgroupie
2013-01-28, 01:12
Hi,
I'm not familiar with Coupon Companion, and not aware of having installed it.
All processes killed
========== PROCESSES ==========
========== OTL ==========
No active process named Program Files was found!
No active process named Program Files was found!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{300BEC06-B743-4D19-86B9-11DC711D7FFB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{300BEC06-B743-4D19-86B9-11DC711D7FFB}\ not found.
C:\Windows\ERUNTBackups\ERDNT\1-22-2013\Users\00000002 folder moved successfully.
C:\Windows\ERUNTBackups\ERDNT\1-22-2013\Users\00000001 folder moved successfully.
C:\Windows\ERUNTBackups\ERDNT\1-22-2013\Users folder moved successfully.
C:\Windows\ERUNTBackups\ERDNT\1-22-2013 folder moved successfully.
C:\Windows\ERUNTBackups\ERDNT folder moved successfully.
C:\Windows\ERUNTBackups folder moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT folder moved successfully.
C:\Program Files (x86)\ERUNT folder moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\SpikeNSherry\Downloads\cmd.bat deleted successfully.
C:\Users\SpikeNSherry\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
User: SpikeNSherry
->Temp folder emptied: 1081199161 bytes
->Temporary Internet Files folder emptied: 569953295 bytes
->Java cache emptied: 5018968 bytes
->FireFox cache emptied: 1093509537 bytes
->Google Chrome cache emptied: 17613899 bytes
->Flash cache emptied: 252874 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 107552 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 434160065 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 80545 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67563 bytes
RecycleBin emptied: 8565948464 bytes
Total Files Cleaned = 11,223.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 01272013_181208
Files\Folders moved on Reboot...
C:\Users\SpikeNSherry\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\SpikeNSherry\AppData\Local\Temp\~DF8B7961958D0650AA.TMP moved successfully.
File\Folder C:\Windows\temp\ZLT06eb5.TMP not found!
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Go ahead and rescan with OTL and post the new log , there wont be an extras log this time so dont go crazy looking for it
newsgroupie
2013-01-28, 01:44
Go ahead and rescan with OTL and post the new log , there wont be an extras log this time so dont go crazy looking for it
lol. Thanks for the warning! Here's the log:
OTL logfile created on: 1/27/2013 7:26:53 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\SpikeNSherry\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
5.75 Gb Total Physical Memory | 3.78 Gb Available Physical Memory | 65.82% Memory free
11.50 Gb Paging File | 9.25 Gb Available in Paging File | 80.42% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 920.27 Gb Total Space | 715.78 Gb Free Space | 77.78% Space Free | Partition Type: NTFS
Drive D: | 11.15 Gb Total Space | 1.36 Gb Free Space | 12.22% Space Free | Partition Type: NTFS
Drive J: | 1863.01 Gb Total Space | 1346.42 Gb Free Space | 72.27% Space Free | Partition Type: NTFS
Computer Name: SPIKENSHERRY-HP | User Name: SpikeNSherry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\SpikeNSherry\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\SeaMonkey\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\SeaMonkey\seamonkey.exe (mozilla.org)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE (Microsoft Corporation.)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe ()
PRC - C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)
PRC - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Roxio)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
========== Modules (No Company Name) ==========
MOD - C:\Program Files (x86)\SeaMonkey\mozjs.dll ()
MOD - C:\Program Files (x86)\SeaMonkey\nsldap32v60.dll ()
MOD - C:\Program Files (x86)\SeaMonkey\nsldappr32v60.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
========== Services (SafeList) ==========
SRV:[b]64bit: - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (vsmon) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE (Microsoft Corporation.)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (FlipShare Service) -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe ()
SRV - (FlipShareServer) -- C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe ()
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (pdfcDispatcher) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (RoxioNow Service) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Roxio)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (AODDriver4.0) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys File not found
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (ISWKL) -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (Vsdatant) -- C:\Windows\SysNative\drivers\vsdatant.sys (Check Point Software Technologies LTD)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (BVRPMPR5a64) -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS (Avanquest Software)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie64.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{E343A018-E46E-484A-B5B4-58F3CA6BB2DC}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKLM\..\SearchScopes\{E343A018-E46E-484A-B5B4-58F3CA6BB2DC}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3033990489-3245640702-141438842-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKU\S-1-5-21-3033990489-3245640702-141438842-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.zonealarm.com/?Source=Homepage&oemCode=ZLN23312474718756-1001&toolbarId=base&affiliateId=1025&Lan=en&utid=e6f87e27000000000000d0df9a1b4281
IE - HKU\S-1-5-21-3033990489-3245640702-141438842-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3033990489-3245640702-141438842-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-3033990489-3245640702-141438842-1001\..\SearchScopes\{247CB95E-3FD3-408A-829C-59D48BE79891}: "URL" = http://search.zonealarm.com/search?Source=Browser&oemCode=ZLN23312474718756-1001&toolbarId=base&affiliateId=1025&Lan=en&utid=e6f87e27000000000000d0df9a1b4281&q={searchTerms}&r=962
IE - HKU\S-1-5-21-3033990489-3245640702-141438842-1001\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE - HKU\S-1-5-21-3033990489-3245640702-141438842-1001\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-3033990489-3245640702-141438842-1001\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKU\S-1-5-21-3033990489-3245640702-141438842-1001\..\SearchScopes\{E343A018-E46E-484A-B5B4-58F3CA6BB2DC}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKU\S-1-5-21-3033990489-3245640702-141438842-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3033990489-3245640702-141438842-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Search By ZoneAlarm"
FF - prefs.js..browser.startup.homepage: "http://search.zonealarm.com/?Source=Homepage&oemCode=ZLN23312474718756-1001&toolbarId=base&affiliateId=1025&Lan=en&utid=e6f87e27000000000000d0df9a1b4281"
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40zonealarm.com:1.6.0
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.6
FF - prefs.js..extensions.enabledAddons: extension21804%40extension21804.com:0.87.11
FF - prefs.js..extensions.enabledAddons: plugin%40selectionlinks.com:1.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..keyword.URL: "http://search.zonealarm.com/search?Source=Browser&oemCode=ZLN23312474718756-1001&toolbarId=base&affiliateId=1025&Lan=en&utid=e6f87e27000000000000d0df9a1b4281&q={searchTerms}"
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@ei.CouponAlert_2p.com/Plugin: C:\Program Files (x86)\CouponAlert_2pEI\Installr\1.bin\NP2pEISB.dll (CouponAlert)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@photoproduct.rocketlife.com/RocketLife App Viewer v0.9;version=0.9: C:\ProgramData\Visan\Reseller2\npRLViewer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\SpikeNSherry\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\SpikeNSherry\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2012/12/12 22:38:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2012/12/12 22:38:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/21 09:19:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/21 09:19:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/01/21 12:31:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013/01/21 12:31:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.15.1\extensions\\Components: C:\Program Files (x86)\SeaMonkey\components [2013/01/22 10:39:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.15.1\extensions\\Plugins: C:\Program Files (x86)\SeaMonkey\plugins [2013/01/21 12:31:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/21 09:19:50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/21 09:19:46 | 000,000,000 | ---D | M]
[2011/08/11 17:23:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Extensions
[2013/01/22 00:28:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions
[2013/01/21 15:43:52 | 000,000,000 | ---D | M] ("Coupon Companion Plugin") -- C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions\extension21804@extension21804.com
[2012/12/12 22:38:34 | 000,000,000 | ---D | M] (zonealarm.com) -- C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions\ffxtlbr@zonealarm.com
[2013/01/21 15:43:44 | 000,000,000 | ---D | M] (SelectionLinks) -- C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions\plugin@selectionlinks.com
[2013/01/21 15:43:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions\extension21804@extension21804.com\chrome
[2013/01/21 15:43:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions\extension21804@extension21804.com\defaults
[2013/01/21 15:43:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions\extension21804@extension21804.com\locale
[2013/01/21 15:43:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions\extension21804@extension21804.com\skin
[2013/01/21 15:43:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions\extension21804@extension21804.com\chrome\content\extensionCode
[2012/09/20 08:05:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\SeaMonkey\Profiles\6sht0boo.default\extensions
[2012/09/20 08:05:33 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\SeaMonkey\Profiles\6sht0boo.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2012/09/05 20:30:57 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\SeaMonkey\Profiles\6sht0boo.default\extensions\inspector@mozilla.org
[2013/01/22 00:28:22 | 000,266,840 | ---- | M] () (No name found) -- C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013/01/21 09:19:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/01/21 09:19:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/01/21 09:19:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/01/21 09:19:50 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/01/03 18:11:01 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2012/06/20 11:56:43 | 000,091,584 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2012/06/20 11:56:44 | 000,091,584 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/11/03 11:17:22 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/11/03 11:17:22 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com/
CHR - Extension: No name found = C:\Users\SpikeNSherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: No name found = C:\Users\SpikeNSherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: No name found = C:\Users\SpikeNSherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\jneaojaoiajhnemidnjhoempalnidbhj\1.21.11_0\crossrider
CHR - Extension: No name found = C:\Users\SpikeNSherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\jneaojaoiajhnemidnjhoempalnidbhj\1.21.11_0\
CHR - Extension: No name found = C:\Users\SpikeNSherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: No name found = C:\Users\SpikeNSherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
CHR - Extension: No name found = C:\Users\SpikeNSherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppcjiigginhdhihbdlejjoekeemjaiml\1.1_0\
O1 HOSTS File: ([2013/01/27 18:12:10 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Coupon Companion Plugin) - {11111111-1111-1111-1111-110211181104} - C:\Program Files (x86)\Coupon Companion Plugin\Coupon Companion Plugin.dll (215 Apps)
O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\bh\zonealarm.dll (Montera Technologeis LTD)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\S-1-5-21-3033990489-3245640702-141438842-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3033990489-3245640702-141438842-1001..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-3033990489-3245640702-141438842-1001..\Run: [Wunderlist] C:\Users\SpikeNSherry\AppData\Local\Apps\2.0\HB26BHGH.X03\NTCOPY6P.KR8\wund..tion_45ec1bcecca77a53_0002.0000_d3bc77299ece31af\Wunderlist.exe (6 Wunderkinder GmbH)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\SpikeNSherry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\_OTL\MovedFiles\01272013_181208\C_Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\SpikeNSherry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF2B6F78-8F95-4ADD-84FA-D61E266A4D78}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\gopher - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/01/27 18:12:08 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/22 02:20:11 | 000,000,000 | ---D | C] -- C:\Users\SpikeNSherry\AppData\Roaming\Malwarebytes
[2013/01/22 02:19:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/22 02:19:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/01/22 02:19:43 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/01/22 02:19:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/01/22 02:19:08 | 000,000,000 | ---D | C] -- C:\Users\SpikeNSherry\AppData\Local\Programs
[2013/01/21 15:44:11 | 000,000,000 | ---D | C] -- C:\Users\SpikeNSherry\AppData\Local\Coupon Companion Plugin
[2013/01/21 15:43:54 | 000,000,000 | ---D | C] -- C:\Users\SpikeNSherry\AppData\Local\Updater21804
[2013/01/21 15:43:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Coupon Companion Plugin
[2013/01/21 14:54:56 | 000,000,000 | ---D | C] -- C:\Users\SpikeNSherry\AppData\Roaming\6Wunderkinder
[2013/01/21 14:54:15 | 000,000,000 | ---D | C] -- C:\Users\SpikeNSherry\AppData\Local\Deployment
[2013/01/21 14:54:15 | 000,000,000 | ---D | C] -- C:\Users\SpikeNSherry\AppData\Local\Apps
[2013/01/21 12:36:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2013/01/21 12:35:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/01/21 12:34:50 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/01/21 12:34:50 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/01/21 12:34:49 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/01/21 12:34:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/01/21 12:31:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013/01/21 12:31:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2013/01/21 12:30:18 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/01/21 09:19:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/01/11 12:44:08 | 000,000,000 | ---D | C] -- C:\Users\SpikeNSherry\AppData\Local\{7A26176F-8E58-4C86-9CC9-6E2E08BDCF6D}
[2013/01/11 10:16:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/01/10 22:38:38 | 000,000,000 | ---D | C] -- C:\Users\SpikeNSherry\Desktop\New folder
[2013/01/10 20:19:19 | 000,000,000 | ---D | C] -- C:\Users\SpikeNSherry\AppData\Local\{E2D1EBCA-54E2-4D60-8EB8-C7C439A69DD6}
[2013/01/09 10:42:32 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/01/09 10:42:32 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013/01/09 10:42:07 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013/01/09 10:41:59 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2013/01/09 10:41:51 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs
[2013/01/09 10:41:51 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs
[2013/01/09 10:41:51 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs
[2013/01/09 10:41:51 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs
[2013/01/09 10:41:51 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs
[2013/01/09 10:41:51 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs
[2013/01/09 10:41:51 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs
[2013/01/09 10:41:51 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs
[2013/01/09 10:41:51 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs
[2013/01/09 10:41:51 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs
[2013/01/09 10:41:51 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs
[2013/01/09 10:41:51 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs
[2013/01/09 10:41:50 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2013/01/09 10:41:50 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2013/01/09 10:41:50 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
[2013/01/09 10:41:50 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll
[2013/01/09 10:41:50 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs
[2013/01/09 10:41:50 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs
[2013/01/09 10:41:50 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs
[2013/01/09 10:41:50 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs
[2013/01/09 10:41:50 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs
[2013/01/09 10:41:50 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs
[2013/01/09 10:41:50 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs
[2013/01/09 10:41:50 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs
[2013/01/09 10:41:49 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs
[2013/01/09 10:41:49 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs
[2013/01/09 10:41:49 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs
[2013/01/09 10:41:49 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs
[2013/01/09 10:41:49 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs
[2013/01/09 10:41:49 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs
[2013/01/09 10:41:49 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs
[2013/01/09 10:41:49 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs
[2013/01/09 10:40:57 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013/01/09 10:40:51 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013/01/09 10:40:50 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013/01/09 10:40:50 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013/01/09 10:40:50 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/01/09 10:40:50 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/01/09 10:40:50 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013/01/09 10:40:50 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/01/09 10:40:50 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013/01/09 10:40:49 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/01/09 10:40:49 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/01/09 10:40:49 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/01/09 10:40:49 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/01/09 10:40:49 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/09 10:40:49 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/09 10:40:49 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/09 10:40:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/09 10:40:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/09 10:40:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/01/09 10:40:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/01/09 10:40:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/01/09 10:40:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/09 10:40:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/09 10:40:48 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/01/09 10:40:48 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/01/09 10:40:48 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/01/09 10:40:48 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/09 10:40:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/01/09 10:40:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/01/09 10:40:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/09 10:40:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/01/09 10:40:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/09 10:40:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/01/09 10:40:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/01/09 10:40:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/01/09 10:40:23 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/01/27 19:07:14 | 000,001,392 | ---- | M] () -- C:\Users\SpikeNSherry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/01/27 19:06:21 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/27 18:59:49 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/27 18:59:49 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/27 18:52:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/27 18:51:58 | 334,979,071 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/27 18:49:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/27 18:43:00 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\WpsUpdateTask_SpikeNSherry.job
[2013/01/27 18:39:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/27 18:34:00 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3033990489-3245640702-141438842-1001UA.job
[2013/01/27 18:12:10 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/01/27 16:43:19 | 000,580,235 | ---- | M] () -- C:\Users\SpikeNSherry\Desktop\AdwCleaner.exe
[2013/01/27 11:24:09 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3033990489-3245640702-141438842-1001Core.job
[2013/01/23 17:02:32 | 000,002,410 | ---- | M] () -- C:\Users\SpikeNSherry\Desktop\Google Chrome.lnk
[2013/01/22 20:19:36 | 000,003,980 | ---- | M] () -- C:\Users\SpikeNSherry\Desktop\attach.zip
[2013/01/22 10:39:46 | 000,002,008 | ---- | M] () -- C:\Users\SpikeNSherry\Application Data\Microsoft\Internet Explorer\Quick Launch\SeaMonkey.lnk
[2013/01/21 15:43:58 | 000,000,952 | ---- | M] () -- C:\Users\SpikeNSherry\Desktop\Install Wunderlist.lnk
[2013/01/21 12:35:17 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/01/19 16:30:05 | 000,779,724 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/19 16:30:05 | 000,660,520 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/19 16:30:05 | 000,121,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/15 09:49:45 | 000,002,057 | ---- | M] () -- C:\Users\Public\Desktop\Lightroom 4.3 64-bit.lnk
[2013/01/14 14:46:11 | 000,000,360 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSpikeNSherry.job
[2013/01/11 10:16:57 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/01/10 21:24:01 | 000,043,008 | ---- | M] () -- C:\Users\SpikeNSherry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/01/10 17:26:14 | 016,262,499 | ---- | M] () -- C:\Users\SpikeNSherry\Desktop\2013-01-10 17 26 14.AVI
[2013/01/10 03:35:53 | 005,700,720 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/10 03:34:40 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSPIKENSHERRY-HP$.job
[2013/01/10 03:15:31 | 000,773,448 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/01/09 10:49:56 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/01/09 10:49:55 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/01/27 16:43:18 | 000,580,235 | ---- | C] () -- C:\Users\SpikeNSherry\Desktop\AdwCleaner.exe
[2013/01/22 20:19:36 | 000,003,980 | ---- | C] () -- C:\Users\SpikeNSherry\Desktop\attach.zip
[2013/01/22 19:40:58 | 000,001,392 | ---- | C] () -- C:\Users\SpikeNSherry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/01/21 15:43:58 | 000,000,952 | ---- | C] () -- C:\Users\SpikeNSherry\Desktop\Install Wunderlist.lnk
[2013/01/21 12:35:17 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/01/15 09:49:45 | 000,002,077 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 4.3 64-bit.lnk
[2013/01/15 09:49:45 | 000,002,057 | ---- | C] () -- C:\Users\Public\Desktop\Lightroom 4.3 64-bit.lnk
[2013/01/10 17:26:14 | 016,262,499 | ---- | C] () -- C:\Users\SpikeNSherry\Desktop\2013-01-10 17 26 14.AVI
[2012/01/30 14:22:32 | 000,000,606 | ---- | C] () -- C:\Windows\ULM.INI
[2011/11/13 11:17:06 | 000,044,544 | ---- | C] () -- C:\Windows\SysWow64\gif89.dll
[2011/11/13 11:16:05 | 000,000,531 | ---- | C] () -- C:\Windows\SIERRA.INI
[2011/10/09 10:11:40 | 000,043,008 | ---- | C] () -- C:\Users\SpikeNSherry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/28 14:22:49 | 000,009,136 | ---- | C] () -- C:\Windows\SysWow64\INETWH16.DLL
[2011/08/11 23:19:31 | 000,000,074 | ---- | C] () -- C:\Windows\MPLAYER.INI
[2011/08/11 23:18:02 | 000,338,944 | ---- | C] () -- C:\Windows\SysWow64\lffpx7.dll
[2011/08/11 23:18:02 | 000,122,880 | ---- | C] () -- C:\Windows\SysWow64\LFKODAK.DLL
[2011/08/11 23:02:23 | 000,000,126 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2011/05/27 17:29:49 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/05/27 17:26:01 | 000,002,110 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/03/09 21:59:14 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/03/03 23:04:58 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2011/02/11 12:15:43 | 000,773,448 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
========== ZeroAccess Check ==========
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013/01/11 10:16:57 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2013/01/11 10:16:57 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2013/01/21 14:54:56 | 000,000,000 | ---D | M] -- C:\Users\SpikeNSherry\AppData\Roaming\6Wunderkinder
[2011/10/04 15:20:08 | 000,000,000 | ---D | M] -- C:\Users\SpikeNSherry\AppData\Roaming\Anthropics
[2012/12/12 20:43:13 | 000,000,000 | ---D | M] -- C:\Users\SpikeNSherry\AppData\Roaming\AVG2013
[2011/08/14 08:29:51 | 000,000,000 | ---D | M] -- C:\Users\SpikeNSherry\AppData\Roaming\Blio
[2011/10/26 15:59:31 | 000,000,000 | ---D | M] -- C:\Users\SpikeNSherry\AppData\Roaming\Catalina Marketing Corp
[2012/03/26 21:15:58 | 000,000,000 | ---D | M] -- C:\Users\SpikeNSherry\AppData\Roaming\CheckPoint
[2011/10/09 10:11:23 | 000,000,000 | ---D | M] -- C:\Users\SpikeNSherry\AppData\Roaming\Flip Video
[2012/09/15 15:39:39 | 000,000,000 | ---D | M] -- C:\Users\SpikeNSherry\AppData\Roaming\Foxit Software
[2012/09/26 16:56:10 | 000,000,000 | ---D | M] -- C:\Users\SpikeNSherry\AppData\Roaming\IrfanView
[2012/09/15 15:39:55 | 000,000,000 | ---D | M] -- C:\Users\SpikeNSherry\AppData\Roaming\Kingsoft
[2012/06/24 20:56:51 | 000,000,000 | ---D | M] -- C:\Users\SpikeNSherry\AppData\Roaming\Leadertech
[2011/08/13 14:44:10 | 000,000,000 | ---D | M] -- C:\Users\SpikeNSherry\AppData\Roaming\OpenOffice.org
[2012/03/16 08:15:25 | 000,000,000 | ---D | M] -- C:\Users\SpikeNSherry\AppData\Roaming\OverDrive
[2011/10/21 11:21:44 | 000,000,000 | ---D | M] -- C:\Users\SpikeNSherry\AppData\Roaming\SoftGrid Client
[2012/10/25 20:07:53 | 000,000,000 | ---D | M] -- C:\Users\SpikeNSherry\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/08/12 16:04:50 | 000,000,000 | ---D | M] -- C:\Users\SpikeNSherry\AppData\Roaming\StatTrak Address Manager BE
[2011/08/11 21:58:29 | 000,000,000 | ---D | M] -- C:\Users\SpikeNSherry\AppData\Roaming\Thunderbird
[2011/08/11 17:04:22 | 000,000,000 | ---D | M] -- C:\Users\SpikeNSherry\AppData\Roaming\TP
[2012/12/12 20:21:34 | 000,000,000 | ---D | M] -- C:\Users\SpikeNSherry\AppData\Roaming\TuneUp Software
[2012/03/12 09:46:12 | 000,000,000 | ---D | M] -- C:\Users\SpikeNSherry\AppData\Roaming\Visan
[2011/10/21 08:40:56 | 000,000,000 | ---D | M] -- C:\Users\SpikeNSherry\AppData\Roaming\WinBatch
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 180 bytes -> C:\ProgramData\Temp:3EFB0FE0
< End of report >
Before we go any further, your Java is out of date and there is a serious exploit related to it so its important that we update it
Go to your Control Panel and click on the Java Icon ( looks like a little coffee cup ) click on About and you should have Version 7 Update 11, if not proceed with the instructions.
Go to the update Tab and update it
Important, during the upgrade UNCHECK ASK TOOL BAR. ( you do not need or want this )
Then go to your Add Remove Programs (WIN XP) or Programs and Features (Vista / Win 7) in the Control Panel and uninstall all previous versions.
You can verify the installation Here (http://www.java.com/en/download/help/testvm.xml)
Open OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:processes
killallprocesses
:OTL
FF - prefs.js..extensions.enabledAddons: plugin%40selectionlinks.com:1.5
[2013/01/21 15:43:44 | 000,000,000 | ---D | M] (SelectionLinks) -- C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions\plugin@selectionlinks.com
[2013/01/21 15:43:52 | 000,000,000 | ---D | M] ("Coupon Companion Plugin") -- C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions\extension21804@extension21804.com
[2013/01/21 15:43:52 | 000,000,000 | ---D | M] ("Coupon Companion Plugin") -- C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions\extension21804@extension21804.com
[2013/01/21 15:43:44 | 000,000,000 | ---D | M] (SelectionLinks) -- C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions\plugin@selectionlinks.com
[2013/01/21 15:43:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions\extension21804@extension21804.com\chrome
[2013/01/21 15:43:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions\extension21804@extension21804.com\defaults
[2013/01/21 15:43:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions\extension21804@extension21804.com\locale
[2013/01/21 15:43:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions\extension21804@extension21804.com\skin
[2013/01/21 15:43:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions\extension21804@extension21804.com\chrome\content\extensionCode
[2012/09/20 08:05:33 | 000,000,000 | ---D | M] (No name found) --
[2013/01/21 15:44:11 | 000,000,000 | ---D | C] -- C:\Users\SpikeNSherry\AppData\Local\Coupon Companion Plugin
[2013/01/21 15:43:54 | 000,000,000 | ---D | C] -- C:\Users\SpikeNSherry\AppData\Local\Updater21804
[2013/01/21 15:43:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Coupon Companion Plugin
:Services
:Reg
:Files
ipconfig /flushdns /c
:Commands
[purity]
[CLEARALLRESTOREPOINTS]
[emptytemp]
[start explorer]
[Reboot]
Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces
Also post a new OTL log and lets see if we missed anything.
How is your system behaving now ?
newsgroupie
2013-01-28, 03:26
Java: installed and verified. v6 uninstalled. Interestingly, when I ran the Java console, it said it was last updated at 11:42 this a.m.
The problem persists. Ads appear between my posts and next to all my photos in fb when using Firefox. (SeaMonkey is fine and has been.)
Here's the scan:
OTL logfile created on: 1/27/2013 8:42:43 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\SpikeNSherry\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
5.75 Gb Total Physical Memory | 4.23 Gb Available Physical Memory | 73.53% Memory free
11.50 Gb Paging File | 8.95 Gb Available in Paging File | 77.88% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 920.27 Gb Total Space | 720.75 Gb Free Space | 78.32% Space Free | Partition Type: NTFS
Drive D: | 11.15 Gb Total Space | 1.36 Gb Free Space | 12.22% Space Free | Partition Type: NTFS
Drive J: | 1863.01 Gb Total Space | 1346.42 Gb Free Space | 72.27% Space Free | Partition Type: NTFS
Computer Name: SPIKENSHERRY-HP | User Name: SpikeNSherry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\SpikeNSherry\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\SeaMonkey\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\SeaMonkey\seamonkey.exe (mozilla.org)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE (Microsoft Corporation.)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe ()
PRC - C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)
PRC - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Roxio)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
========== Modules (No Company Name) ==========
MOD - C:\Program Files (x86)\Java\jre7\bin\jp2native.dll ()
MOD - C:\Program Files (x86)\SeaMonkey\mozjs.dll ()
MOD - C:\Program Files (x86)\SeaMonkey\nsldap32v60.dll ()
MOD - C:\Program Files (x86)\SeaMonkey\nsldappr32v60.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
========== Services (SafeList) ==========
SRV:[b]64bit: - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (vsmon) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE (Microsoft Corporation.)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (FlipShare Service) -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe ()
SRV - (FlipShareServer) -- C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe ()
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (pdfcDispatcher) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (RoxioNow Service) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Roxio)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (AODDriver4.0) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys File not found
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (ISWKL) -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (Vsdatant) -- C:\Windows\SysNative\drivers\vsdatant.sys (Check Point Software Technologies LTD)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (BVRPMPR5a64) -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS (Avanquest Software)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie64.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (All) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{E343A018-E46E-484A-B5B4-58F3CA6BB2DC}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKLM\..\SearchScopes\{E343A018-E46E-484A-B5B4-58F3CA6BB2DC}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3033990489-3245640702-141438842-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKU\S-1-5-21-3033990489-3245640702-141438842-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-3033990489-3245640702-141438842-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-3033990489-3245640702-141438842-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.zonealarm.com/?Source=Homepage&oemCode=ZLN23312474718756-1001&toolbarId=base&affiliateId=1025&Lan=en&utid=e6f87e27000000000000d0df9a1b4281
IE - HKU\S-1-5-21-3033990489-3245640702-141438842-1001\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-3033990489-3245640702-141438842-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3033990489-3245640702-141438842-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-3033990489-3245640702-141438842-1001\..\SearchScopes\{247CB95E-3FD3-408A-829C-59D48BE79891}: "URL" = http://search.zonealarm.com/search?Source=Browser&oemCode=ZLN23312474718756-1001&toolbarId=base&affiliateId=1025&Lan=en&utid=e6f87e27000000000000d0df9a1b4281&q={searchTerms}&r=962
IE - HKU\S-1-5-21-3033990489-3245640702-141438842-1001\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE - HKU\S-1-5-21-3033990489-3245640702-141438842-1001\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-3033990489-3245640702-141438842-1001\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKU\S-1-5-21-3033990489-3245640702-141438842-1001\..\SearchScopes\{E343A018-E46E-484A-B5B4-58F3CA6BB2DC}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKU\S-1-5-21-3033990489-3245640702-141438842-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3033990489-3245640702-141438842-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Search By ZoneAlarm"
FF - prefs.js..browser.startup.homepage: "http://search.zonealarm.com/?Source=Homepage&oemCode=ZLN23312474718756-1001&toolbarId=base&affiliateId=1025&Lan=en&utid=e6f87e27000000000000d0df9a1b4281"
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40zonealarm.com:1.6.0
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.6
FF - prefs.js..extensions.enabledAddons: extension21804%40extension21804.com:0.87.11
FF - prefs.js..extensions.enabledAddons: plugin%40selectionlinks.com:1.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..keyword.URL: "http://search.zonealarm.com/search?Source=Browser&oemCode=ZLN23312474718756-1001&toolbarId=base&affiliateId=1025&Lan=en&utid=e6f87e27000000000000d0df9a1b4281&q={searchTerms}"
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@ei.CouponAlert_2p.com/Plugin: C:\Program Files (x86)\CouponAlert_2pEI\Installr\1.bin\NP2pEISB.dll (CouponAlert)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@photoproduct.rocketlife.com/RocketLife App Viewer v0.9;version=0.9: C:\ProgramData\Visan\Reseller2\npRLViewer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\SpikeNSherry\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\SpikeNSherry\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2012/12/12 22:38:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2012/12/12 22:38:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/21 09:19:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/21 09:19:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/01/21 12:31:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013/01/21 12:31:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.15.1\extensions\\Components: C:\Program Files (x86)\SeaMonkey\components [2013/01/22 10:39:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.15.1\extensions\\Plugins: C:\Program Files (x86)\SeaMonkey\plugins [2013/01/21 12:31:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/21 09:19:50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/21 09:19:46 | 000,000,000 | ---D | M]
[2011/08/11 17:23:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Extensions
[2013/01/22 00:28:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions
[2013/01/21 15:43:52 | 000,000,000 | ---D | M] ("Coupon Companion Plugin") -- C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions\extension21804@extension21804.com
[2012/12/12 22:38:34 | 000,000,000 | ---D | M] (zonealarm.com) -- C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions\ffxtlbr@zonealarm.com
[2013/01/21 15:43:44 | 000,000,000 | ---D | M] (SelectionLinks) -- C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions\plugin@selectionlinks.com
[2013/01/21 15:43:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions\extension21804@extension21804.com\chrome
[2013/01/21 15:43:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions\extension21804@extension21804.com\defaults
[2013/01/21 15:43:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions\extension21804@extension21804.com\locale
[2013/01/21 15:43:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions\extension21804@extension21804.com\skin
[2013/01/21 15:43:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions\extension21804@extension21804.com\chrome\content\extensionCode
[2012/09/20 08:05:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\SeaMonkey\Profiles\6sht0boo.default\extensions
[2012/09/20 08:05:33 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\SeaMonkey\Profiles\6sht0boo.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2012/09/05 20:30:57 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\SeaMonkey\Profiles\6sht0boo.default\extensions\inspector@mozilla.org
[2013/01/22 00:28:22 | 000,266,840 | ---- | M] () (No name found) -- C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013/01/21 09:19:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/01/21 09:19:50 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/01/21 09:19:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/01/27 20:34:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/01/21 09:19:50 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/01/03 18:11:01 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2012/06/20 11:56:43 | 000,091,584 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2012/06/20 11:56:44 | 000,091,584 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/06/04 13:27:26 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll
[2012/06/04 13:27:26 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll
[2012/06/04 13:27:26 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll
[2012/06/04 13:27:26 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll
[2012/06/04 13:27:26 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll
[2012/06/04 13:27:26 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll
[2012/06/04 13:27:26 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll
[2012/11/03 11:17:22 | 000,001,607 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom.xml
[2012/11/03 11:17:22 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/01/10 20:59:57 | 000,001,453 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay.xml
[2013/01/10 20:59:57 | 000,002,669 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2012/11/03 11:17:22 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2012/11/03 11:17:22 | 000,001,391 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia.xml
[2012/11/03 11:17:22 | 000,001,309 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo.xml
========== Chrome ==========
CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com/
CHR - Extension: No name found = C:\Users\SpikeNSherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: No name found = C:\Users\SpikeNSherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: No name found = C:\Users\SpikeNSherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\jneaojaoiajhnemidnjhoempalnidbhj\1.21.11_0\crossrider
CHR - Extension: No name found = C:\Users\SpikeNSherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\jneaojaoiajhnemidnjhoempalnidbhj\1.21.11_0\
CHR - Extension: No name found = C:\Users\SpikeNSherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: No name found = C:\Users\SpikeNSherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
CHR - Extension: No name found = C:\Users\SpikeNSherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppcjiigginhdhihbdlejjoekeemjaiml\1.1_0\
O1 HOSTS File: ([2013/01/27 18:12:10 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Coupon Companion Plugin) - {11111111-1111-1111-1111-110211181104} - C:\Program Files (x86)\Coupon Companion Plugin\Coupon Companion Plugin.dll (215 Apps)
O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\bh\zonealarm.dll (Montera Technologeis LTD)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\S-1-5-21-3033990489-3245640702-141438842-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HP Software Update] c:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3033990489-3245640702-141438842-1001..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-3033990489-3245640702-141438842-1001..\Run: [Google Update] C:\Users\SpikeNSherry\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\S-1-5-21-3033990489-3245640702-141438842-1001..\Run: [Wunderlist] C:\Users\SpikeNSherry\AppData\Local\Apps\2.0\HB26BHGH.X03\NTCOPY6P.KR8\wund..tion_45ec1bcecca77a53_0002.0000_d3bc77299ece31af\Wunderlist.exe (6 Wunderkinder GmbH)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\SpikeNSherry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\_OTL\MovedFiles\01272013_181208\C_Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\SpikeNSherry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 10.11.2)
O16 - DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 1.7.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 1.7.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF2B6F78-8F95-4ADD-84FA-D61E266A4D78}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\gopher - No CLSID value found
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
newsgroupie
2013-01-28, 03:27
[CLEARALLRESTOREPOINTS]
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2013/01/27 20:36:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/01/27 20:35:50 | 000,261,024 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/01/27 20:35:39 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/01/27 20:35:38 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/01/27 20:35:38 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/01/27 18:12:08 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/22 02:20:11 | 000,000,000 | ---D | C] -- C:\Users\SpikeNSherry\AppData\Roaming\Malwarebytes
[2013/01/22 02:19:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/22 02:19:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/01/22 02:19:43 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/01/22 02:19:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/01/22 02:19:08 | 000,000,000 | ---D | C] -- C:\Users\SpikeNSherry\AppData\Local\Programs
[2013/01/21 15:44:11 | 000,000,000 | ---D | C] -- C:\Users\SpikeNSherry\AppData\Local\Coupon Companion Plugin
[2013/01/21 15:43:54 | 000,000,000 | ---D | C] -- C:\Users\SpikeNSherry\AppData\Local\Updater21804
[2013/01/21 15:43:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Coupon Companion Plugin
[2013/01/21 14:54:56 | 000,000,000 | ---D | C] -- C:\Users\SpikeNSherry\AppData\Roaming\6Wunderkinder
[2013/01/21 14:54:15 | 000,000,000 | ---D | C] -- C:\Users\SpikeNSherry\AppData\Local\Deployment
[2013/01/21 14:54:15 | 000,000,000 | ---D | C] -- C:\Users\SpikeNSherry\AppData\Local\Apps
[2013/01/21 12:36:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2013/01/21 12:35:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/01/21 12:34:50 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/01/21 12:34:50 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/01/21 12:34:49 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/01/21 12:34:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/01/21 12:31:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013/01/21 12:31:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2013/01/21 09:19:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/01/11 12:44:08 | 000,000,000 | ---D | C] -- C:\Users\SpikeNSherry\AppData\Local\{7A26176F-8E58-4C86-9CC9-6E2E08BDCF6D}
[2013/01/11 10:16:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/01/10 22:38:38 | 000,000,000 | ---D | C] -- C:\Users\SpikeNSherry\Desktop\New folder
[2013/01/10 20:19:19 | 000,000,000 | ---D | C] -- C:\Users\SpikeNSherry\AppData\Local\{E2D1EBCA-54E2-4D60-8EB8-C7C439A69DD6}
[2013/01/09 10:42:32 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/01/09 10:42:32 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013/01/09 10:42:07 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013/01/09 10:41:59 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2013/01/09 10:41:51 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs
[2013/01/09 10:41:51 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs
[2013/01/09 10:41:51 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs
[2013/01/09 10:41:51 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs
[2013/01/09 10:41:51 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs
[2013/01/09 10:41:51 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs
[2013/01/09 10:41:51 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs
[2013/01/09 10:41:51 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs
[2013/01/09 10:41:51 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs
[2013/01/09 10:41:51 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs
[2013/01/09 10:41:51 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs
[2013/01/09 10:41:51 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs
[2013/01/09 10:41:50 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2013/01/09 10:41:50 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2013/01/09 10:41:50 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
[2013/01/09 10:41:50 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll
[2013/01/09 10:41:50 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs
[2013/01/09 10:41:50 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs
[2013/01/09 10:41:50 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs
[2013/01/09 10:41:50 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs
[2013/01/09 10:41:50 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs
[2013/01/09 10:41:50 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs
[2013/01/09 10:41:50 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs
[2013/01/09 10:41:50 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs
[2013/01/09 10:41:49 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs
[2013/01/09 10:41:49 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs
[2013/01/09 10:41:49 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs
[2013/01/09 10:41:49 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs
[2013/01/09 10:41:49 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs
[2013/01/09 10:41:49 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs
[2013/01/09 10:41:49 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs
[2013/01/09 10:41:49 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs
[2013/01/09 10:40:57 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013/01/09 10:40:51 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013/01/09 10:40:50 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013/01/09 10:40:50 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013/01/09 10:40:50 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/01/09 10:40:50 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/01/09 10:40:50 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013/01/09 10:40:50 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/01/09 10:40:50 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013/01/09 10:40:49 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/01/09 10:40:49 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/01/09 10:40:49 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/01/09 10:40:49 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/01/09 10:40:49 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/09 10:40:49 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/09 10:40:49 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/09 10:40:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/09 10:40:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/09 10:40:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/01/09 10:40:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/01/09 10:40:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/01/09 10:40:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/09 10:40:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/09 10:40:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/09 10:40:48 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/01/09 10:40:48 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/01/09 10:40:48 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/01/09 10:40:48 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/09 10:40:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/01/09 10:40:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/01/09 10:40:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/09 10:40:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/01/09 10:40:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/09 10:40:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/01/09 10:40:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/01/09 10:40:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/01/09 10:40:23 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/01/27 20:43:00 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\WpsUpdateTask_SpikeNSherry.job
[2013/01/27 20:39:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/27 20:35:22 | 000,859,552 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll
[2013/01/27 20:35:22 | 000,780,192 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013/01/27 20:35:22 | 000,261,024 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/01/27 20:35:22 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/01/27 20:35:22 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/01/27 20:35:22 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/01/27 20:34:00 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3033990489-3245640702-141438842-1001UA.job
[2013/01/27 20:31:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/27 19:49:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/27 19:07:14 | 000,001,392 | ---- | M] () -- C:\Users\SpikeNSherry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/01/27 19:06:21 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/27 18:59:49 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/27 18:59:49 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/27 18:51:58 | 334,979,071 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/27 18:12:10 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/01/27 16:43:19 | 000,580,235 | ---- | M] () -- C:\Users\SpikeNSherry\Desktop\AdwCleaner.exe
[2013/01/27 11:24:09 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3033990489-3245640702-141438842-1001Core.job
[2013/01/23 17:02:32 | 000,002,410 | ---- | M] () -- C:\Users\SpikeNSherry\Desktop\Google Chrome.lnk
[2013/01/22 20:19:36 | 000,003,980 | ---- | M] () -- C:\Users\SpikeNSherry\Desktop\attach.zip
[2013/01/22 10:39:46 | 000,002,008 | ---- | M] () -- C:\Users\SpikeNSherry\Application Data\Microsoft\Internet Explorer\Quick Launch\SeaMonkey.lnk
[2013/01/21 15:43:58 | 000,000,952 | ---- | M] () -- C:\Users\SpikeNSherry\Desktop\Install Wunderlist.lnk
[2013/01/21 12:35:17 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/01/19 16:30:05 | 000,779,724 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/19 16:30:05 | 000,660,520 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/19 16:30:05 | 000,121,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/15 09:49:45 | 000,002,057 | ---- | M] () -- C:\Users\Public\Desktop\Lightroom 4.3 64-bit.lnk
[2013/01/14 14:46:11 | 000,000,360 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSpikeNSherry.job
[2013/01/11 10:16:57 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/01/10 21:24:01 | 000,043,008 | ---- | M] () -- C:\Users\SpikeNSherry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/01/10 17:26:14 | 016,262,499 | ---- | M] () -- C:\Users\SpikeNSherry\Desktop\2013-01-10 17 26 14.AVI
[2013/01/10 03:35:53 | 005,700,720 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/10 03:34:40 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSPIKENSHERRY-HP$.job
[2013/01/10 03:15:31 | 000,773,448 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/01/09 10:49:56 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/01/09 10:49:55 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/01/27 16:43:18 | 000,580,235 | ---- | C] () -- C:\Users\SpikeNSherry\Desktop\AdwCleaner.exe
[2013/01/22 20:19:36 | 000,003,980 | ---- | C] () -- C:\Users\SpikeNSherry\Desktop\attach.zip
[2013/01/22 19:40:58 | 000,001,392 | ---- | C] () -- C:\Users\SpikeNSherry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/01/21 15:43:58 | 000,000,952 | ---- | C] () -- C:\Users\SpikeNSherry\Desktop\Install Wunderlist.lnk
[2013/01/21 12:35:17 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/01/15 09:49:45 | 000,002,077 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 4.3 64-bit.lnk
[2013/01/15 09:49:45 | 000,002,057 | ---- | C] () -- C:\Users\Public\Desktop\Lightroom 4.3 64-bit.lnk
[2013/01/10 17:26:14 | 016,262,499 | ---- | C] () -- C:\Users\SpikeNSherry\Desktop\2013-01-10 17 26 14.AVI
[2012/01/30 14:22:32 | 000,000,606 | ---- | C] () -- C:\Windows\ULM.INI
[2011/11/13 11:17:06 | 000,044,544 | ---- | C] () -- C:\Windows\SysWow64\gif89.dll
[2011/11/13 11:16:05 | 000,000,531 | ---- | C] () -- C:\Windows\SIERRA.INI
[2011/10/09 10:11:40 | 000,043,008 | ---- | C] () -- C:\Users\SpikeNSherry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/28 14:22:49 | 000,009,136 | ---- | C] () -- C:\Windows\SysWow64\INETWH16.DLL
[2011/08/11 23:19:31 | 000,000,074 | ---- | C] () -- C:\Windows\MPLAYER.INI
[2011/08/11 23:18:02 | 000,338,944 | ---- | C] () -- C:\Windows\SysWow64\lffpx7.dll
[2011/08/11 23:18:02 | 000,122,880 | ---- | C] () -- C:\Windows\SysWow64\LFKODAK.DLL
[2011/08/11 23:02:23 | 000,000,126 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2011/05/27 17:29:49 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/05/27 17:26:01 | 000,002,110 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/03/09 21:59:14 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/03/03 23:04:58 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2011/02/11 12:15:43 | 000,773,448 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
========== ZeroAccess Check ==========
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013/01/11 10:16:57 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2013/01/11 10:16:57 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2013/01/21 14:54:56 | 000,000,000 | ---D | M] -- C:\Users\SpikeNSherry\AppData\Roaming\6Wunderkinder
[2011/10/04 15:20:08 | 000,000,000 | ---D | M] -- C:\Users\SpikeNSherry\AppData\Roaming\Anthropics
[2012/12/12 20:43:13 | 000,000,000 | ---D | M] -- C:\Users\SpikeNSherry\AppData\Roaming\AVG2013
[2011/08/14 08:29:51 | 000,000,000 | ---D | M] -- C:\Users\SpikeNSherry\AppData\Roaming\Blio
[2011/10/26 15:59:31 | 000,000,000 | ---D | M] -- C:\Users\SpikeNSherry\AppData\Roaming\Catalina Marketing Corp
[2012/03/26 21:15:58 | 000,000,000 | ---D | M] -- C:\Users\SpikeNSherry\AppData\Roaming\CheckPoint
[2011/10/09 10:11:23 | 000,000,000 | ---D | M] -- C:\Users\SpikeNSherry\AppData\Roaming\Flip Video
[2012/09/15 15:39:39 | 000,000,000 | ---D | M] -- C:\Users\SpikeNSherry\AppData\Roaming\Foxit Software
[2012/09/26 16:56:10 | 000,000,000 | ---D | M] -- C:\Users\SpikeNSherry\AppData\Roaming\IrfanView
[2012/09/15 15:39:55 | 000,000,000 | ---D | M] -- C:\Users\SpikeNSherry\AppData\Roaming\Kingsoft
[2012/06/24 20:56:51 | 000,000,000 | ---D | M] -- C:\Users\SpikeNSherry\AppData\Roaming\Leadertech
[2011/08/13 14:44:10 | 000,000,000 | ---D | M] -- C:\Users\SpikeNSherry\AppData\Roaming\OpenOffice.org
[2012/03/16 08:15:25 | 000,000,000 | ---D | M] -- C:\Users\SpikeNSherry\AppData\Roaming\OverDrive
[2011/10/21 11:21:44 | 000,000,000 | ---D | M] -- C:\Users\SpikeNSherry\AppData\Roaming\SoftGrid Client
[2012/10/25 20:07:53 | 000,000,000 | ---D | M] -- C:\Users\SpikeNSherry\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/08/12 16:04:50 | 000,000,000 | ---D | M] -- C:\Users\SpikeNSherry\AppData\Roaming\StatTrak Address Manager BE
[2011/08/11 21:58:29 | 000,000,000 | ---D | M] -- C:\Users\SpikeNSherry\AppData\Roaming\Thunderbird
[2011/08/11 17:04:22 | 000,000,000 | ---D | M] -- C:\Users\SpikeNSherry\AppData\Roaming\TP
[2012/12/12 20:21:34 | 000,000,000 | ---D | M] -- C:\Users\SpikeNSherry\AppData\Roaming\TuneUp Software
[2012/03/12 09:46:12 | 000,000,000 | ---D | M] -- C:\Users\SpikeNSherry\AppData\Roaming\Visan
[2011/10/21 08:40:56 | 000,000,000 | ---D | M] -- C:\Users\SpikeNSherry\AppData\Roaming\WinBatch
========== Purity Check ==========
========== Custom Scans ==========
< :processes >
[2009/07/14 00:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009/07/14 00:08:49 | 000,021,926 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/04/05 01:42:11 | 000,000,906 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012/04/05 01:42:13 | 000,000,910 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012/06/20 07:21:35 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3033990489-3245640702-141438842-1001Core.job
[2012/06/20 07:21:36 | 000,000,936 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3033990489-3245640702-141438842-1001UA.job
[2012/07/11 08:30:40 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2012/08/17 12:59:30 | 000,000,360 | ---- | C] () -- C:\Windows\Tasks\HPCeeScheduleForSpikeNSherry.job
[2012/09/15 15:40:04 | 000,000,388 | ---- | C] () -- C:\Windows\Tasks\WpsUpdateTask_SpikeNSherry.job
[2012/12/08 11:49:07 | 000,000,356 | ---- | C] () -- C:\Windows\Tasks\HPCeeScheduleForSPIKENSHERRY-HP$.job
< killallprocesses >
< >
< :OTL >
< FF - prefs.js..extensions.enabledAddons: plugin%40selectionlinks.com:1.5 >
< [2013/01/21 15:43:44 | 000,000,000 | ---D | M] (SelectionLinks) -- C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions\plugin@selectionlinks.com >
Invalid Switch: 21 15:43:44 | 000,000,000 | ---D | M] (SelectionLinks) -- C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions\plugin@selectionlinks.com
< [2013/01/21 15:43:52 | 000,000,000 | ---D | M] ("Coupon Companion Plugin") -- C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions\extension21804@extension21804.com >
< [2013/01/21 15:43:52 | 000,000,000 | ---D | M] ("Coupon Companion Plugin") -- C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions\extension21804@extension21804.com >
< [2013/01/21 15:43:44 | 000,000,000 | ---D | M] (SelectionLinks) -- C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions\plugin@selectionlinks.com >
Invalid Switch: 21 15:43:44 | 000,000,000 | ---D | M] (SelectionLinks) -- C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions\plugin@selectionlinks.com
< [2013/01/21 15:43:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions\extension21804@extension21804.com\chrome >
Invalid Switch: 21 15:43:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions\extension21804@extension21804.com\chrome
< [2013/01/21 15:43:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions\extension21804@extension21804.com\defaults >
Invalid Switch: 21 15:43:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions\extension21804@extension21804.com\defaults
< [2013/01/21 15:43:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions\extension21804@extension21804.com\locale >
Invalid Switch: 21 15:43:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions\extension21804@extension21804.com\locale
< [2013/01/21 15:43:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions\extension21804@extension21804.com\skin >
Invalid Switch: 21 15:43:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions\extension21804@extension21804.com\skin
< [2013/01/21 15:43:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions\extension21804@extension21804.com\chrome\content\extensionCode >
Invalid Switch: 21 15:43:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions\extension21804@extension21804.com\chrome\content\extensionCode
< [2012/09/20 08:05:33 | 000,000,000 | ---D | M] (No name found) -- >
Invalid Switch: 20 08:05:33 | 000,000,000 | ---D | M] (No name found) --
< [2013/01/21 15:44:11 | 000,000,000 | ---D | C] -- C:\Users\SpikeNSherry\AppData\Local\Coupon Companion Plugin >
Invalid Switch: 21 15:44:11 | 000,000,000 | ---D | C] -- C:\Users\SpikeNSherry\AppData\Local\Coupon Companion Plugin
< [2013/01/21 15:43:54 | 000,000,000 | ---D | C] -- C:\Users\SpikeNSherry\AppData\Local\Updater21804 >
Invalid Switch: 21 15:43:54 | 000,000,000 | ---D | C] -- C:\Users\SpikeNSherry\AppData\Local\Updater21804
< [2013/01/21 15:43:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Coupon Companion Plugin >
Invalid Switch: 21 15:43:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Coupon Companion Plugin
< >
< >
< :Services >
< >
< :Reg >
< >
< :Files >
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
< >
< >
< :Commands >
< [purity] >
< [emptytemp] >
< [start explorer] >
< [Reboot] >
========== Alternate Data Streams ==========
@Alternate Data Stream - 180 bytes -> C:\ProgramData\Temp:3EFB0FE0
< End of report >
Good Morning,
Have you tried IE to see if it persisted there also. You can try Opening FF and going to Tools> Add ons and look inside there and remove any that your not familiar with or are not using.
Then run this tool that will either fix FF or will not
Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1 (http://jpshortstuff.247fixes.com/GooredFix.exe)
Download Mirror #2 (http://downloads.securitycadets.com/GooredFix.exe)
Ensure all Firefox windows are closed.
To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
When prompted to run the scan, click Yes.
GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).
newsgroupie
2013-01-28, 15:56
Good morning!
IE does not seem to be infected. No ads, and no unfamiliar add-ons.
FF--I had previously removed SL from the plugins list, but it is now in the extensions list. There was no Disable or Remove button next to it so I started FF in Safe Mode (all add-ons disabled) and the FB ads disappeared. When I restarted FF in regular mode, there was a Remove button next to SL. I clicked it and it says "removed", but each time I return it has reappeared. I closed FF while running GooredFix. Here's the log:
GooredFix by jpshortstuff (03.07.10.1)
Log created at 09:42 on 28/01/2013 (SpikeNSherry)
Firefox version 18.0.1 (en-US)
========== GooredScan ==========
========== GooredLog ==========
C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [14:19 21/01/2013]
{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [14:19 21/01/2013]
{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [14:19 21/01/2013]
C:\Users\SpikeNSherry\Application Data\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions\
extension21804@extension21804.com [20:43 21/01/2013]
ffxtlbr@zonealarm.com [03:38 13/12/2012]
plugin@selectionlinks.com [20:43 21/01/2013]
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{FFB96CC1-7EB3-449D-B827-DB661701C6BB}"="C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker" [03:38 13/12/2012]
-=E.O.F=-
Lets run another fix with OTL
Open OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:processes
killallprocesses
:OTL
:Services
:Reg
:Files
C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions\plugin@selectionlinks.com
C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions\extension21804@extension21804.com
C:\Users\SpikeNSherry\AppData\Local\Coupon Companion Plugin
C:\Users\SpikeNSherry\AppData\Local\Updater21804
C:\Program Files (x86)\Coupon Companion
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces
newsgroupie
2013-01-28, 18:53
Yay! That seems to have done it. Apparently, it removed a number of my FF extensions, including the dreaded SL, and I'm not seeing any more ads!
I got the same ERUNT notice as before.
Is there any aftercare I need to perform?
Here's the OTL log:
All processes killed
========== PROCESSES ==========
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
Folder move failed. C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions\plugin@selectionlinks.com\skin scheduled to be moved on reboot.
Folder move failed. C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions\plugin@selectionlinks.com\locale\en-US scheduled to be moved on reboot.
Folder move failed. C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions\plugin@selectionlinks.com\locale scheduled to be moved on reboot.
C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions\plugin@selectionlinks.com\defaults\preferences folder moved successfully.
C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions\plugin@selectionlinks.com\defaults folder moved successfully.
C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions\plugin@selectionlinks.com\content folder moved successfully.
Folder move failed. C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions\plugin@selectionlinks.com scheduled to be moved on reboot.
Folder move failed. C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions\extension21804@extension21804.com\skin scheduled to be moved on reboot.
Folder move failed. C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions\extension21804@extension21804.com\locale\en-US scheduled to be moved on reboot.
Folder move failed. C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions\extension21804@extension21804.com\locale scheduled to be moved on reboot.
C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions\extension21804@extension21804.com\defaults\preferences folder moved successfully.
C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions\extension21804@extension21804.com\defaults folder moved successfully.
C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions\extension21804@extension21804.com\chrome\content\lib folder moved successfully.
C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions\extension21804@extension21804.com\chrome\content\extensionCode folder moved successfully.
C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions\extension21804@extension21804.com\chrome\content folder moved successfully.
Folder move failed. C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions\extension21804@extension21804.com\chrome scheduled to be moved on reboot.
Folder move failed. C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions\extension21804@extension21804.com scheduled to be moved on reboot.
C:\Users\SpikeNSherry\AppData\Local\Coupon Companion Plugin\Chrome folder moved successfully.
C:\Users\SpikeNSherry\AppData\Local\Coupon Companion Plugin folder moved successfully.
C:\Users\SpikeNSherry\AppData\Local\Updater21804 folder moved successfully.
File\Folder C:\Program Files (x86)\Coupon Companion not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
User: SpikeNSherry
->Temp folder emptied: 2722503 bytes
->Temporary Internet Files folder emptied: 11545751 bytes
->Java cache emptied: 125049 bytes
->FireFox cache emptied: 42487632 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 3007 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1319618 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 56.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 01282013_123315
Files\Folders moved on Reboot...
File\Folder C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions\plugin@selectionlinks.com\skin not found!
File\Folder C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions\plugin@selectionlinks.com\locale\en-US not found!
C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions\plugin@selectionlinks.com\locale folder moved successfully.
C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions\plugin@selectionlinks.com folder moved successfully.
File\Folder C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions\extension21804@extension21804.com\skin not found!
File\Folder C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions\extension21804@extension21804.com\locale\en-US not found!
C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions\extension21804@extension21804.com\locale folder moved successfully.
C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions\extension21804@extension21804.com\chrome folder moved successfully.
C:\Users\SpikeNSherry\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ok35j.default\extensions\extension21804@extension21804.com folder moved successfully.
C:\Users\SpikeNSherry\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\SpikeNSherry\AppData\Local\Temp\~DFB2FA78E8074F1961.TMP moved successfully.
File\Folder C:\Windows\temp\ZLT04c67.TMP not found!
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
:bigthumb:
Lets look for ERUNT, I had thought we removed it
You need the 64bit version
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)
64 Bit Version (http://jpshortstuff.247Fixes.com/SystemLook_x64.exe)
Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
:filefind
ERUNT
:folderfind
ERUNT
:Regfind
ERUNT
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
newsgroupie
2013-01-28, 19:31
ERUNT is listed in my Programs & Features. Shall I uninstall from there?
SystemLook 30.07.11 by jpshortstuff
Log created at 13:26 on 28/01/2013 by SpikeNSherry
Administrator - Elevation successful
========== filefind ==========
Searching for "ERUNT"
No files found.
========== folderfind ==========
Searching for "ERUNT"
C:\_OTL\MovedFiles\01272013_181208\C_Program Files (x86)\ERUNT d------ [00:40 23/01/2013]
C:\_OTL\MovedFiles\01272013_181208\C_ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT d------ [00:40 23/01/2013]
========== Regfind ==========
Searching for "ERUNT"
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\amd64_microsoft-windows-t..aceruntimeproxystub_31bf3856ad364e35_6.1.7600.16385_none_752bb27b7805f09f]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\amd64_microsoft-windows-t..ceruntime.resources_31bf3856ad364e35_6.1.7600.16385_en-us_39c8c211c8571ab2]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\amd64_microsoft-windows-t..es-workspaceruntime_31bf3856ad364e35_6.1.7601.17514_none_848b402bf3e1c3b1]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_microsoft-windows-t..aceruntimeproxystub_31bf3856ad364e35_6.1.7600.16385_none_190d16f7bfa87f69]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.1.7601.17592 (win7sp1_gdr.110408-1631)\ComponentFamilies\amd64_microsoft-windows-t..aceruntimeproxystub_31bf3856ad364e35_none_3b27e5fa6f664a28]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.1.7601.17592 (win7sp1_gdr.110408-1631)\ComponentFamilies\amd64_microsoft-windows-t..ceruntime.resources_31bf3856ad364e35_en-us_9e9605f9112461ed]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.1.7601.17592 (win7sp1_gdr.110408-1631)\ComponentFamilies\amd64_microsoft-windows-t..es-workspaceruntime_31bf3856ad364e35_none_c19e747ed3130870]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.1.7601.17592 (win7sp1_gdr.110408-1631)\ComponentFamilies\x86_microsoft-windows-t..aceruntimeproxystub_31bf3856ad364e35_none_df094a76b708d8f2]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F1DFCA6-3AAD-48E1-8406-4BC21A501D7C}\ProgID]
@="WorkspaceRuntime.Workspace.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F1DFCA6-3AAD-48E1-8406-4BC21A501D7C}\VersionIndependentProgID]
@="WorkspaceRuntime.Workspace"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{10E2414A-EC59-49D2-BC51-5ADD2C36FEBC}]
@="IProvideRuntimeContext"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{1B8D8AE1-A595-4687-A7AD-9E3828E09B79}\1.0]
@="WorkspaceRuntime 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WorkspaceRuntime.Workspace]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WorkspaceRuntime.Workspace\CurVer]
@="WorkspaceRuntime.Workspace.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WorkspaceRuntime.Workspace.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4F1DFCA6-3AAD-48E1-8406-4BC21A501D7C}\ProgID]
@="WorkspaceRuntime.Workspace.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4F1DFCA6-3AAD-48E1-8406-4BC21A501D7C}\VersionIndependentProgID]
@="WorkspaceRuntime.Workspace"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{10E2414A-EC59-49D2-BC51-5ADD2C36FEBC}]
@="IProvideRuntimeContext"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E43FD401-8715-11D1-98E7-00A0C9702442}]
@="IVbeRuntimeHost"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{1B8D8AE1-A595-4687-A7AD-9E3828E09B79}\1.0]
@="WorkspaceRuntime 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_microsoft-windows-t..aceruntimeproxystub_31bf3856ad364e35_none_3b27e5fa6f664a28]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_microsoft-windows-t..ceruntime.resources_31bf3856ad364e35_en-us_9e9605f9112461ed]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_microsoft-windows-t..es-workspaceruntime_31bf3856ad364e35_none_c19e747ed3130870]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_microsoft-windows-t..aceruntimeproxystub_31bf3856ad364e35_none_df094a76b708d8f2]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ERUNT_is1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ERUNT_is1]
"Inno Setup: App Path"="C:\Program Files (x86)\ERUNT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ERUNT_is1]
"InstallLocation"="C:\Program Files (x86)\ERUNT\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ERUNT_is1]
"Inno Setup: Icon Group"="ERUNT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ERUNT_is1]
"Inno Setup: Deselected Tasks"="eruntdesktopicon,ntregoptdesktopicon,eruntquicklaunchicon,ntregoptquicklaunchicon,installgermanlanguagefiles"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ERUNT_is1]
"DisplayName"="ERUNT 1.1j"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ERUNT_is1]
"UninstallString"=""C:\Program Files (x86)\ERUNT\unins000.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ERUNT_is1]
"QuietUninstallString"=""C:\Program Files (x86)\ERUNT\unins000.exe" /SILENT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ERUNT_is1]
"HelpLink"="http://www.larshederer.homepage.t-online.de/erunt"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ERUNT_is1]
"URLUpdateInfo"="http://www.larshederer.homepage.t-online.de/erunt"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{4F1DFCA6-3AAD-48E1-8406-4BC21A501D7C}\ProgID]
@="WorkspaceRuntime.Workspace.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{4F1DFCA6-3AAD-48E1-8406-4BC21A501D7C}\VersionIndependentProgID]
@="WorkspaceRuntime.Workspace"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{10E2414A-EC59-49D2-BC51-5ADD2C36FEBC}]
@="IProvideRuntimeContext"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{E43FD401-8715-11D1-98E7-00A0C9702442}]
@="IVbeRuntimeHost"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{1B8D8AE1-A595-4687-A7AD-9E3828E09B79}\1.0]
@="WorkspaceRuntime 1.0 Type Library"
-= EOF =-
Look in Programs and Features in the Control Panel and see if you can uninstall it. I am at work and will be back online in a few hours
newsgroupie
2013-01-28, 19:49
When I try to uninstall from Programs & Features, it says it can't find it and asks do I want to remove the name from the list?
Search Programs & Files gave me this:
"C:\_OTL\MovedFiles\01272013_181208\C_Program Files (x86)\ERUNT\AUTOBACK.EXE" %SystemRoot%\ERDNT\AutoBackup\#Date# /noconfirmdelete /noprogresswindow
That OTL entry is just a back up of what we previously removed.
See if you can follow this path and if ERUNT is in the Startup folder just delete it
Enable windows to show all files and folders
Go to Start > Control Panel > Folder Options > View and click on the radio button that allows you to see hidden files and folders
For an individual user:
C:\users\%username%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
For all users:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Let me know how it went, I currently dont have ERUNT on the computer I am on but I have had a few other posters complain about this and I am going to ask around
newsgroupie
2013-01-28, 23:59
ERUNT AutoBackup shortcut was in the individual Startup File. It pointed to "C:\_OTL\MovedFiles\01272013_181208\C_Program Files (x86)\ERUNT\AUTOBACK.EXE" %SystemRoot%\ERDNT\AutoBackup\#Date# /noconfirmdelete /noprogresswindow
There was nothing in the other startup folder.
Ok, make sure you deleted it from the ndividual Startup File
Let me ask around and see whats going on with this. Be back soon
newsgroupie
2013-01-29, 00:36
Yes, I deleted it and rebooted and no error this time so apparently it didn't run. :)
Great :bigthumb: Any other issues ?
newsgroupie
2013-01-29, 00:43
Can/should I delete the other programs we used? After that, I plan to uninstall AVG and Zone Alarm and install Comoto. Good?
Comodo, good choice, I have never been a big fan of AVG and remember back when ZoneAlarm was a good program.
Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups, any programs that where not removed you can just drag to the trash.
Malwarebytes is the free version and yours to keep and will not be removed
How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/index.php?showtopic=57817)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)
Safe Surfn
Ken
newsgroupie
2013-01-29, 02:41
Ran OTL clean up & rebooted.
Created system restore point.
Read your links. Some are on the older side--most refer to XP.
WhattheTech link is invalid.
newsgroupie
2013-01-29, 02:42
One recommended Norton or McAfee.
newsgroupie
2013-01-29, 03:37
Hmm. Scratchpad has disappeared from WebDeveloper in FF. Do I need to reinstall FF to get it back?
newsgroupie
2013-01-29, 03:49
Never mind. Found it. I think we're good now. Comodo installed. Is there anything else I need to do?
The WTT link worked for me, Operating Systems evolve so fast, I guess i need to sit down this weekend and go over my suggestions, we still have tons of people post that are still using XP.
When I got my first computer many years ago (Win 95 ) it came with McAfee and did nothing but give me headaches, I am sure they have gotten better but it left a bad taste in my mouth. Norton is a love hate relationship, you either lover or hate it, myself, have Norton Internet Security on 3 of my systems and they run with no problems whatsoever . So its your call, just remember that more than one AV is overkill and can cause problems, Microsoft recommends just one, keep it updated and run regular scans. If you wanted to go the free route I have Microsoft Security Essentials on one my systems and it runs just fine also. The same thing goes for a firewall, just one so if you go with McAfee or Norton if you keep Comodo just get the stand alone AV.
http://www.microsoft.com/en-us/download/details.aspx?id=5201
Take care,
Ken :)
newsgroupie
2013-01-29, 17:15
The WTT link worked for me,
Hm. This is what I get:
Sorry, an error occurred. If you are unsure on how to use a feature, or don't know why you got this error message, try looking through the help files for more information.
The error returned was:
Sorry, the link that brought you to this page seems to be out of date or broken.
...we still have tons of people post that are still using XP.
I loved XP.
When I got my first computer many years ago (Win 95 ) it came with McAfee and did nothing but give me headaches, I am sure they have gotten better but it left a bad taste in my mouth. Norton is a love hate relationship, you either lover or hate it, myself, have Norton Internet Security on 3 of my systems and they run with no problems whatsoever . So its your call, just remember that more than one AV is overkill and can cause problems, Microsoft recommends just one, keep it updated and run regular scans. If you wanted to go the free route I have Microsoft Security Essentials on one my systems and it runs just fine also. The same thing goes for a firewall, just one so if you go with McAfee or Norton if you keep Comodo just get the stand alone AV.
I had exactly the same experiences with McAfee & Norton! I also remember trying to get rid of McAfee and it kept coming back. I had a beast of a time getting rid of it.
Chose to try Comodo after reading this in the stickies in this forum:
http://www.matousec.com/projects/proactive-security-challenge-64/results.php The whole firewall/antivirus thing seems to be constantly evolving. I'll have to review my choices more often, not just when I get a new computer. (I update constantly, but don't think about changing.) If I'm not happy with Comodo, I'll definitely try your suggestions next.
newsgroupie
2013-01-29, 17:32
Ken, you ROCK!!! It's been a pleasure working with you. Thank you so very, very much for your patience, expertise and commitment!
:bow: .... :thanks: .... :rockon:
Thanks for the kind words :)
Allmost all vendors have a removal tool for there product, what you do , let say AVG, uninstall it via Programs and Features in the Control Panel and then run there removal tool to remove what windows did not
Here's is one site that you can download it from
http://www.bleepingcomputer.com/download/avg-remover-2012/
Another good option in lew of Programs and Features is to download the free version of Revo Uninstaller, it gives you the option to remove the reg entries as well
http://www.revouninstaller.com/revo_uninstaller_free_download.html
:) Ken
newsgroupie
2013-01-29, 18:58
Thanks for the kind words :)
No problem. Just tell me where to mail the cookies! :oreo: :)
I'm familiar with the removal tools. McAfee kept coming back and saying it had been deactivated (when you thought you had completely removed it) and "Your computer is not protected!" Each time you would shut down, it would reinstall itself. Endless popups urged you to reactivate or reinstall. We were just talking about it the other day. Others had the same experience and it put us all off of ever trying it again.
http://www.revouninstaller.com/revo_uninstaller_free_download.html
I'm definitely going to try this!
newsgroupie
2013-01-29, 21:01
Well, hello. Comodo just gave me a message that it put a program called Coupon Companion in its sandbox. Isn't that the program you initially thought suspicious? I looked under Programs and Features and there it is again, installed yesterday. How about that.
Go to Program and Features and see if you can uninstall it, or use Revo Uninstaller, then reboot, and see if Comodo picks it up again, it may be just a leftover entry, but we can check
newsgroupie
2013-01-30, 00:18
Yes, that uninstalled it and Revo doesn't list it. Interestingly, it doesn't list AVG either, although that is definitely in the programs file.
newsgroupie
2013-01-30, 00:58
Yep. Made me happy I installed Comodo, too. Thanks again! :rockon:
Your very welcome,
Take Care,
Ken :)
newsgroupie
2013-01-30, 15:31
Your very welcome,
Take Care,
Ken :)
Thank you! You too. :)
newsgroupie
2013-01-30, 15:52
Shoot. Now I can't upload pics to FB from Seamonkey. Tries to upload but just spins. Never completes. Works fine from FF. I can't find anything in Comodo that's blocking it and I never get an error message. Is it possible it's something we deleted?
We didn't remove anything related to SeaMonkey, why dont you try reinstalling the program and see if it helps
Hows it going, everything ok ?