# Solved: Script error



## paloftin (Feb 15, 2014)

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft® Windows Vista Home Basic, Service Pack 2, 32 bit
Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz, x64 Family 15 Model 6 Stepping 5
Processor Count: 2
RAM: 2036 Mb
Graphics Card: Intel(R) 82945G Express Chipset Family, 256 Mb
Hard Drives: C: Total - 8579 MB, Free - 6900 MB; D: Total - 144043 MB, Free - 71803 MB;
Motherboard: Intel Corporation, D945GCCRG1
Antivirus: Microsoft Security Essentials, Updated and Enabled

Every time I start up me computer I get this same error message: Script error; Line 1, Char 1, Error syntax error, code o, url http://adadvisor.net/adscores/g.js?sid=9276253823

What can be done?


----------



## valis (Sep 24, 2004)

sounds like you got infected....how long has this been going on? May move to malware, we'll see yet.

and welcome to TSG.


----------



## paloftin (Feb 15, 2014)

Thanks! About a month and I have ran Malwarebytes Anti-malware a number of times and nothing changed.


----------



## valis (Sep 24, 2004)

let's do this:

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.


 Double click on AdwCleaner.exe to run the tool.
 Vista/Windows 7/8 users right-click and select Run As Administrator
 Click on the Scan button.
 AdwCleaner will begin...be patient as the scan may take some time to complete.
 When it's done you'll see: Pending: Uncheck any elements you don't want removed.
 Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
 Look over the log especially under Files/Folders for any program you want to save.
 If there's a program you want to save, just uncheck it from AdwCleaner.
 If you're not sure, post the log for review.
 If you're ready to clean it all up.....click the Clean button.
 After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
 Copy and paste the contents of that logfile in your next reply.
 A copy of that logfile will also be saved in the C:\AdwCleaner folder.
 Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
 To restore an item that has been deleted (if necessary):
 Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

this is a pretty lightweight, non-invasive tool.....depending on what it shows, we'll go from there or move to malware. Mind you, it will require a reboot.

thanks,

v


----------



## paloftin (Feb 15, 2014)

# AdwCleaner v3.018 - Report created 15/02/2014 at 20:58:18
# Updated 28/01/2014 by Xplode
# Operating System : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)
# Username : paulloftin - PAULLOFTIN-PC
# Running from : D:\Users\paulloftin\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : CltMngSvc

***** [ Files / Folders ] *****

Folder Deleted : D:\ProgramData\Ask
Folder Deleted : D:\ProgramData\Babylon
Folder Deleted : D:\ProgramData\GameTap Web Player
Folder Deleted : D:\ProgramData\ParetoLogic
Folder Deleted : D:\ProgramData\SoftSafe
Folder Deleted : D:\ProgramData\SpeedMaxPc
Folder Deleted : D:\ProgramData\SpeedyPC Software
Folder Deleted : D:\ProgramData\Uniblue\DriverScanner
Folder Deleted : D:\Program Files\BrowseToSave
Folder Deleted : D:\Program Files\Free Offers from Freeze.com
Folder Deleted : D:\Program Files\Search Toolbar
Folder Deleted : D:\Program Files\Searchprotect
Folder Deleted : D:\Program Files\WinZip Registry Optimizer
Folder Deleted : D:\Program Files\Common Files\Software Update Utility
Folder Deleted : D:\Program Files\Common Files\spigot
Folder Deleted : D:\Windows\system32\Searchprotect
Folder Deleted : D:\Users\paulloftin\AppData\Local\apn
Folder Deleted : D:\Users\paulloftin\AppData\Local\Conduit
Folder Deleted : D:\Users\paulloftin\AppData\Local\iac
Folder Deleted : D:\Users\paulloftin\AppData\Local\PackageAware
Folder Deleted : D:\Users\paulloftin\AppData\Local\Searchprotect
Folder Deleted : D:\Users\paulloftin\AppData\Local\visi_coupon
Folder Deleted : D:\Users\paulloftin\AppData\Local\Zynga
Folder Deleted : D:\Users\PAULLO~1\AppData\Local\Temp\AirInstaller
Folder Deleted : D:\Users\paulloftin\AppData\LocalLow\BabylonToolbar
Folder Deleted : D:\Users\paulloftin\AppData\LocalLow\Conduit
Folder Deleted : D:\Users\paulloftin\AppData\Roaming\DriverCure
Folder Deleted : D:\Users\paulloftin\AppData\Roaming\NCdownloader
Folder Deleted : D:\Users\paulloftin\AppData\Roaming\ParetoLogic
Folder Deleted : D:\Users\paulloftin\AppData\Roaming\pccustubinstaller
Folder Deleted : D:\Users\paulloftin\AppData\Roaming\SpeedMaxPc
Folder Deleted : D:\Users\paulloftin\AppData\Roaming\SpeedyPC Software
Folder Deleted : D:\Users\paulloftin\Documents\smart pc cleaner
Folder Deleted : D:\Users\paulloftin\AppData\Roaming\Mozilla\Firefox\Profiles\ii34x9sc.default\Smartbar
Folder Deleted : D:\Users\paulloftin\AppData\Roaming\Mozilla\Firefox\Profiles\ii34x9sc.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Deleted : D:\Users\paulloftin\AppData\Roaming\Mozilla\Firefox\Profiles\1wzryyw7.default\Extensions\[email protected]
Folder Deleted : D:\Users\paulloftin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam
File Deleted : D:\Users\paulloftin\AppData\Roaming\Mozilla\Firefox\Profiles\1wzryyw7.default\Extensions\[email protected]
File Deleted : D:\Users\paulloftin\AppData\Roaming\Mozilla\Firefox\Profiles\ii34x9sc.default\searchplugins\Askcom.xml
File Deleted : D:\Users\paulloftin\AppData\Roaming\Mozilla\Firefox\Profiles\ii34x9sc.default\searchplugins\my-web-search.xml
File Deleted : D:\Users\paulloftin\AppData\Roaming\Mozilla\Firefox\Profiles\1wzryyw7.default\user.js
File Deleted : D:\Users\paulloftin\AppData\Roaming\Mozilla\Firefox\Profiles\ii34x9sc.default\user.js
File Deleted : D:\Users\paulloftin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www1.delta-search.com_0.localstorage
File Deleted : D:\Users\paulloftin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www1.delta-search.com_0.localstorage-journal

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKCU\Software\Google\Chrome\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060231.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060231.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060231.IEToolbar.3
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060231.JSOptionsImpl
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060231.JSOptionsImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100685.FCTB000100685Pos
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100685.FCTB000100685Pos.1
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100685.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100685.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100685.JSOptionsImpl
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100685.JSOptionsImpl.1
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Updater]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2F4D7835-42B0-4BA7-9587-1B01393F78EE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\BringMeSports_1c
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\distromatic
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\SpeedMaxPC
Key Deleted : HKCU\Software\SpeedyPC Software
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKCU\Software\wscontb
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\AppDataLow\Software\BringMeSports_1c
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar
Key Deleted : HKLM\Software\BringMeSports_1c
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\Software\ParetoLogic
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\SpeedMaxPC
Key Deleted : HKLM\Software\SpeedyPC Software
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKLM\Software\Uniblue\DriverScanner
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\OptimizerPro
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16533

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v

[ File : D:\Users\paulloftin\AppData\Roaming\Mozilla\Firefox\Profiles\1wzryyw7.default\prefs.js ]

[ File : D:\Users\paulloftin\AppData\Roaming\Mozilla\Firefox\Profiles\ii34x9sc.default\prefs.js ]

Line Deleted : user_pref("CT3196716.1000082.isDisplayHidden", "true");
Line Deleted : user_pref("CT3196716.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock\",\"url\":\"hxxp://feedlive.net/california.asx\"}");
Line Deleted : user_pref("CT3196716.1000234.TWC_TMP_city", "LINCOLNTON");
Line Deleted : user_pref("CT3196716.1000234.TWC_TMP_country", "US");
Line Deleted : user_pref("CT3196716.1000234.TWC_locId", "USGA0327");
Line Deleted : user_pref("CT3196716.1000234.TWC_location", "Lincolnton, GA");
Line Deleted : user_pref("CT3196716.1000234.TWC_region", "US");
Line Deleted : user_pref("CT3196716.1000234.TWC_temp_dis", "f");
Line Deleted : user_pref("CT3196716.1000234.TWC_wind_dis", "mph");
Line Deleted : user_pref("CT3196716.1000234.weatherData", "{\"icon\":\"32.png\",\"temperature\":\"34ÃƒÆ'Ã¢â‚¬Å¡Ãƒâ€šÃ‚Â°F\",\"temperature[...]
Line Deleted : user_pref("CT3196716.CBOpenMAMSettings.enc", "MA==");
Line Deleted : user_pref("CT3196716.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3196716.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3196716.FirstTime", "true");
Line Deleted : user_pref("CT3196716.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3196716.LoginRevertSettingsEnabled", false);
Line Deleted : user_pref("CT3196716.RevertSettingsEnabled", true);
Line Deleted : user_pref("CT3196716.UserID", "UN60870422703666997");
Line Deleted : user_pref("CT3196716.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3196716.cbcountry_001.enc", "VVM=");
Line Deleted : user_pref("CT3196716.cbfirsttime.enc", "RnJpIERlYyAxNCAyMDEyIDA4OjU5OjA4IEdNVC0wNTAwIChFYXN0ZXJuIFN0YW5kYXJkIFRpbWUp");
Line Deleted : user_pref("CT3196716.embeddedsData", "[{\"appId\":\"129755756826636815\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Deleted : user_pref("CT3196716.enableAlerts", "never");
Line Deleted : user_pref("CT3196716.event_data.enc", "JTVCJTVE");
Line Deleted : user_pref("CT3196716.fired_events.enc", "AA==");
Line Deleted : user_pref("CT3196716.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT3196716.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3196716.fixUrls", true);
Line Deleted : user_pref("CT3196716.installType", "Unknown");
Line Deleted : user_pref("CT3196716.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3196716.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3196716.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3196716.isNewTabEnabled", false);
Line Deleted : user_pref("CT3196716.isPerformedSmartBarTransition", "true");
Line Deleted : user_pref("CT3196716.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3196716.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3196716.key_date.enc", "MTQ=");
Line Deleted : user_pref("CT3196716.migrateAppsAndComponents", true);
Line Deleted : user_pref("CT3196716.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"about%3Aaddons\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://WiseConvert.OurToolbar.c[...]
Line Deleted : user_pref("CT3196716.price-gong.bornDate", "{\"dataType\":\"string\",\"data\":\"{\\\"Response\\\":\\\"12\\\\/14\\\\/2012 16\\\"}\"}");
Line Deleted : user_pref("CT3196716.price-gong.isManagedApp", "true");
Line Deleted : user_pref("CT3196716.search.searchAppId", "129755756826636815");
Line Deleted : user_pref("CT3196716.search.searchCount", "0");
Line Deleted : user_pref("CT3196716.searchInNewTabEnabled", "false");
Line Deleted : user_pref("CT3196716.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT3196716.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3196716.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3196716.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT3196716.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3196716\"}");
Line Deleted : user_pref("CT3196716.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://WiseConvert.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT3196716.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"WiseConvert\"}");
Line Deleted : user_pref("CT3196716.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3196716.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1355493534081");
Line Deleted : user_pref("CT3196716.serviceLayer_services_appsMetadata_lastUpdate", "1355493534026");
Line Deleted : user_pref("CT3196716.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1355493536511");
Line Deleted : user_pref("CT3196716.serviceLayer_services_login_10.13.40.15_lastUpdate", "1355493922995");
Line Deleted : user_pref("CT3196716.serviceLayer_services_menu_769c590835a76d075fe33b9a87a87786_lastUpdate", "1355493534109");
Line Deleted : user_pref("CT3196716.serviceLayer_services_menu_d32f45618f5a02bd965c56155a643855_lastUpdate", "1355493535188");
Line Deleted : user_pref("CT3196716.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1355493536667");
Line Deleted : user_pref("CT3196716.serviceLayer_services_searchAPI_lastUpdate", "1355493532833");
Line Deleted : user_pref("CT3196716.serviceLayer_services_serviceMap_lastUpdate", "1355493532252");
Line Deleted : user_pref("CT3196716.serviceLayer_services_toolbarContextMenu_lastUpdate", "1355493536777");
Line Deleted : user_pref("CT3196716.serviceLayer_services_toolbarSettings_lastUpdate", "1355493532905");
Line Deleted : user_pref("CT3196716.serviceLayer_services_translation_lastUpdate", "1355493534636");
Line Deleted : user_pref("CT3196716.serviceLayer_services_userApps_lastUpdate", "1355493544221");
Line Deleted : user_pref("CT3196716.settingsINI", true);
Line Deleted : user_pref("CT3196716.smartbar.CTID", "CT3196716");
Line Deleted : user_pref("CT3196716.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3196716.smartbar.toolbarName", "WiseConvert ");
Line Deleted : user_pref("CT3196716.toolbarBornServerTime", "14-12-2012");
Line Deleted : user_pref("CT3196716.toolbarCurrentServerTime", "14-12-2012");
Line Deleted : user_pref("CT3196716_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1355493528735,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Line Deleted : user_pref("aol_toolbar.default.search.check", false);
Line Deleted : user_pref("browser.search.order.2", "Ask.com");
Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Line Deleted : user_pref("extensions.mywebsearch.prevDefaultEngine", "Ask.com");
Line Deleted : user_pref("extensions.mywebsearch.prevSelectedEngine", "Ask.com");
Line Deleted : user_pref("extensions.toolbar.mindspark._5zMembers_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=undefined&n=77ee5eb5&p2=^AFA^xpi000^^");
Line Deleted : user_pref("extensions.toolbar.mindspark._5zMembers_.initialized", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._5zMembers_.installation.contextKey", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._5zMembers_.installation.installDate", "2012110517");
Line Deleted : user_pref("extensions.toolbar.mindspark._5zMembers_.installation.partnerId", "^AFA^xpi000^^");
Line Deleted : user_pref("extensions.toolbar.mindspark._5zMembers_.installation.partnerSubId", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._5zMembers_.installation.success", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._5zMembers_.installation.toolbarId", "undefined");
Line Deleted : user_pref("extensions.toolbar.mindspark._5zMembers_.options.defaultSearch", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._5zMembers_.options.homePageEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._5zMembers_.options.keywordEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._5zMembers_.options.tabEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._5zMembers_.searchHistory", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._5zMembers_.weather.location", "29601");
Line Deleted : user_pref("extensions.toolbar.mindspark._gcMembers_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=7A5C7F65-8DA8-4DB8-AC0F-1A5C5BF7D081&n=77ee40a3&ptnrS=XNxdm003YYus&si=CM_ynL7ppLMCFU-d4Aodrx[...]
Line Deleted : user_pref("extensions.toolbar.mindspark._gcMembers_.hp.user.defined", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._gcMembers_.initialized", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._gcMembers_.installation.contextKey", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._gcMembers_.installation.installDate", "2012102819");
Line Deleted : user_pref("extensions.toolbar.mindspark._gcMembers_.installation.partnerId", "XNxdm003YYus");
Line Deleted : user_pref("extensions.toolbar.mindspark._gcMembers_.installation.partnerSubId", "CM_ynL7ppLMCFU-d4AodrxgAkg");
Line Deleted : user_pref("extensions.toolbar.mindspark._gcMembers_.installation.success", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._gcMembers_.installation.toolbarId", "7A5C7F65-8DA8-4DB8-AC0F-1A5C5BF7D081");
Line Deleted : user_pref("extensions.toolbar.mindspark._gcMembers_.lastActivePing", "1370797854129");
Line Deleted : user_pref("extensions.toolbar.mindspark._gcMembers_.options.defaultSearch", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._gcMembers_.options.homePageEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._gcMembers_.options.keywordEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._gcMembers_.options.tabEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._gcMembers_.weather.location", "29601");
Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "[email protected]");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");

-\\ Google Chrome v32.0.1700.107

[ File : D:\Users\paulloftin\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage

*************************

AdwCleaner[R0].txt - [23250 octets] - [15/02/2014 20:50:38]
AdwCleaner[S0].txt - [23686 octets] - [15/02/2014 20:58:18]

########## EOF - D:\AdwCleaner\AdwCleaner[S0].txt - [23747 octets] ##########


----------



## valis (Sep 24, 2004)

yeah......we're going to move this one to malware...

thanks, and be patient....that is by far and away the busiest section of our site. If you don't have a response by Monday AM, type 'bump' in the quick reply ,and I'll see if I can flag someone down at that point in time.

thanks again, 

v


----------



## valis (Sep 24, 2004)

as an aside, did that script error occur on this boot?


----------



## valis (Sep 24, 2004)

also, if you could read and follow the instructions at http://forums.techguy.org/virus-other-malware-removal/943214-everyone-must-read-before-posting.html that would greatly assist the malware expert who will be assisting.

thanks,

v


----------



## askey127 (Dec 22, 2006)

Hi Paloftin,
There is probably more to do on there.
You can follow up with these instructions as a replacement for the standard first post instruction, and we'll se if we can clean up any leftovers..
---------------------------------------------
*Download the OTL Scanner*
Please download *OTL.exe* by OldTimer and save it to your desktop.
---------------------------------------------
*Run a Scan with OTL*

For Vista, right click the icon and choose "Run as administrator". 
Check the boxes labeled :
*Scan All Users*
*LOP check*
*Purity check*
*Extra Registry > Use SafeList *

Make sure all other windows are closed to let it run uninterrupted.
Click on the *Run Scan* button at the top left hand corner. Do not change any settings unless otherwise told to do so.
When the scan starts, OTL may appear to be frozen while it runs. Please be patient.
When the scan completes, it will open two notepad windows. *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL. (desktop)
*OTL.txt* will be open on your desktop, and* Extras.txt* will be minimized in your taskbar. 
The *Extras.txt* file will only appear as a running Notepad document the very first time you run OTL.
Please copy *(Edit->Select All, Edit->Copy)* the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.
---------------------------------------------------
So,* In Your Replies*, we will be looking for the following :
The contents of:
OTL.txt
Extras.txt
Please feel free to use separate replies.
askey127


----------



## paloftin (Feb 15, 2014)

OTL logfile created on: 2/17/2014 18:14:10 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Users\paulloftin\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.58 Gb Available Physical Memory | 28.98% Memory free
4.22 Gb Paging File | 2.17 Gb Available in Paging File | 51.50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files
Drive C: | 8.38 Gb Total Space | 6.74 Gb Free Space | 80.43% Space Free | Partition Type: NTFS
Drive D: | 140.67 Gb Total Space | 69.93 Gb Free Space | 49.72% Space Free | Partition Type: NTFS

Computer Name: PAULLOFTIN-PC | User Name: paulloftin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/17 18:13:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Users\paulloftin\Downloads\OTL.exe
PRC - [2014/02/05 20:28:56 | 000,491,112 | ---- | M] (Updater) -- D:\ProgramData\Updater\updater.exe
PRC - [2014/02/05 20:28:56 | 000,435,816 | ---- | M] (WatchDog) -- D:\ProgramData\RHelpers\IeHelper\IeHelper.exe
PRC - [2014/02/05 20:28:56 | 000,435,816 | ---- | M] (WatchDog) -- D:\ProgramData\RHelpers\FirefoxHelper\FirefoxHelper.exe
PRC - [2014/02/05 20:28:56 | 000,435,816 | ---- | M] (WatchDog) -- D:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe
PRC - [2014/01/14 20:07:04 | 000,045,568 | ---- | M] (Parallel Lines Development, LLC) -- D:\ProgramData\InternetUpdater\InternetUpdaterService.exe
PRC - [2013/12/18 13:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- D:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/12/18 13:38:37 | 000,309,328 | ---- | M] (Google Inc.) -- D:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2013/12/16 19:34:22 | 000,247,968 | ---- | M] (Microsoft Corporation.) -- D:\Program Files\Microsoft\BingBar\7.3.124.0\SeaPort.EXE
PRC - [2013/10/23 15:01:10 | 000,280,288 | ---- | M] (Microsoft Corporation) -- d:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) -- d:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/10/23 14:55:28 | 000,948,440 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/09/17 16:07:40 | 006,401,160 | ---- | M] (Microsoft Corporation) -- D:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2858302-v2-x86.exe
PRC - [2013/09/11 05:50:02 | 000,078,992 | ---- | M] (Microsoft Corporation) -- d:\ff21fd70a6b70d14aa81929f556dc763\Setup.exe
PRC - [2013/08/14 15:19:24 | 000,039,056 | ---- | M] () -- D:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013/06/05 12:40:50 | 000,173,192 | ---- | M] (Microsoft Corp.) -- D:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe
PRC - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 13:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/01/05 14:29:28 | 000,274,168 | ---- | M] () -- D:\Program Files\What's my computer doing\WhatsMyComputerDoing.exe
PRC - [2012/02/23 15:57:36 | 000,563,104 | ---- | M] (Affinegy, Inc.) -- D:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2012/02/23 15:57:34 | 001,885,088 | ---- | M] (Affinegy, Inc.) -- D:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
PRC - [2011/10/05 12:31:46 | 001,652,736 | R--- | M] (AWS Convergence Technologies, Inc.) -- D:\Program Files\AWS\WeatherBug\Weather.exe
PRC - [2010/07/29 02:37:18 | 000,237,568 | ---- | M] (Alcor Micro Corp.) -- D:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
PRC - [2010/05/04 11:07:22 | 000,503,080 | ---- | M] (Nero AG) -- D:\Program Files\Nero\Update\NASvc.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- D:\Windows\explorer.exe
PRC - [2008/01/19 02:33:37 | 000,397,312 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Windows Mail\WinMail.exe
PRC - [2006/12/04 16:27:00 | 000,303,104 | ---- | M] (FUJIFILM Corporation) -- D:\Program Files\FinePixViewer\QuickDCF2.exe

========== Modules (No Company Name) ==========

MOD - [2014/01/20 13:17:04 | 000,073,544 | ---- | M] () -- D:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/01/20 13:16:38 | 001,044,808 | ---- | M] () -- D:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/01/05 14:29:28 | 000,274,168 | ---- | M] () -- D:\Program Files\What's my computer doing\WhatsMyComputerDoing.exe
MOD - [2010/08/22 20:01:36 | 007,187,456 | ---- | M] () -- D:\Program Files\Belkin\Router Setup and Monitor\QtGui4.dll
MOD - [2010/08/22 20:01:08 | 000,325,632 | ---- | M] () -- D:\Program Files\Belkin\Router Setup and Monitor\QtXml4.dll
MOD - [2010/08/22 20:01:06 | 001,954,304 | ---- | M] () -- D:\Program Files\Belkin\Router Setup and Monitor\QtCore4.dll
MOD - [2010/08/22 20:01:06 | 000,847,360 | ---- | M] () -- D:\Program Files\Belkin\Router Setup and Monitor\QtNetwork4.dll
MOD - [2010/08/22 19:32:34 | 000,119,808 | ---- | M] () -- D:\Program Files\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
MOD - [2006/11/10 16:32:00 | 000,081,920 | ---- | M] () -- D:\Program Files\FinePixViewer\wia_register_event.dll
MOD - [1999/01/31 09:52:02 | 000,192,512 | ---- | M] () -- D:\Program Files\What's my computer doing\QHTM.dll

========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (ACDaemon)
SRV - [2014/01/29 09:10:53 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- D:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/01/14 20:07:04 | 000,045,568 | ---- | M] (Parallel Lines Development, LLC) [Auto | Running] -- D:\ProgramData\InternetUpdater\InternetUpdaterService.exe -- (InternetUpdater)
SRV - [2013/12/18 13:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- D:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/12/16 19:34:22 | 000,247,968 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- D:\Program Files\Microsoft\BingBar\7.3.124.0\SeaPort.EXE -- (BBUpdate)
SRV - [2013/12/16 19:34:22 | 000,193,696 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- D:\Program Files\Microsoft\BingBar\7.3.124.0\BBSvc.EXE -- (BBSvc)
SRV - [2013/10/23 15:01:10 | 000,280,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- d:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- d:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/08/14 15:19:24 | 000,039,056 | ---- | M] () [Auto | Running] -- D:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/06/05 12:40:50 | 000,173,192 | ---- | M] (Microsoft Corp.) [Auto | Running] -- D:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe -- (BingDesktopUpdate)
SRV - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/02/23 15:57:36 | 000,563,104 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- D:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2011/06/13 21:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2010/05/04 11:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- D:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- D:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- D:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - File not found [Kernel | System | Running] -- d:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A532DF57-CE79-48A4-85A0-983272E58157}\MpKslef007208.sys -- (MpKslef007208)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\fixustor.sys -- (FIXUSTOR)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\bdvedisk.sys -- (BDVEDISK)
DRV - [2014/01/21 20:09:34 | 000,014,528 | ---- | M] (Glarysoft Ltd) [Kernel | Boot | Running] -- D:\Windows\System32\drivers\BootDefragDriver.sys -- (BootDefragDriver)
DRV - [2014/01/01 12:05:50 | 000,013,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\Windows\System32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2013/09/27 09:53:06 | 000,104,768 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- D:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2013/04/04 13:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- D:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/09/20 04:11:58 | 000,226,080 | ---- | M] (GFI Software) [Kernel | System | Running] -- D:\Windows\System32\drivers\SbFw.sys -- (SbFw)
DRV - [2012/09/20 04:11:58 | 000,094,496 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- D:\Windows\System32\drivers\sbhips.sys -- (sbhips)
DRV - [2012/09/20 04:11:58 | 000,075,552 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- D:\Windows\System32\drivers\sbwtis.sys -- (sbwtis)
DRV - [2012/09/12 19:19:34 | 000,095,488 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- D:\Windows\System32\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV - [2012/09/12 19:19:34 | 000,095,488 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- D:\Windows\System32\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV - [2011/03/15 00:11:10 | 000,010,112 | ---- | M] (support.com, Inc) [Kernel | On_Demand | Stopped] -- D:\Windows\System32\drivers\ssmirrdr.sys -- (ssmirrdr)
DRV - [2007/06/29 09:11:02 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- D:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/20 03:28:38 | 000,267,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- D:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2005/12/12 17:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- D:\Windows\System32\drivers\PS2.sys -- (Ps2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=EIE9HP&PC=UP68
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=EIE9HP&PC=UP68
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=EIE9HP&PC=UP68
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/default.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{3857290D-6438-4DA7-9062-AEDEE3FA622C}: "URL" = http://www.google.com/search?q={sea...ng?}&oe={outputEncoding?}&rlz=1I7ADRA_enUS380
IE - HKCU\..\SearchScopes\{D1628EAF-DB76-431C-A737-33BB8825C82E}: "URL" = http://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
IE - HKCU\..\SearchScopes\{FBF6D5D4-56D5-4A90-A38A-BB3D717BA1B8}: "URL" = http://search.microsoft.com/results.aspx?mkt=en-US&setlang=en-US&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://search.yahoo.com?type=114576&fr=spigot-yhp-ff"
FF - prefs.js..browser.startup.homepage: "http://search.yahoo.com?type=114576&fr=spigot-yhp-ff"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=114576&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=114576"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.update: false
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: D:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: D:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: d:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: D:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: D:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: D:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: D:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: D:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: d:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.91: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: d:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: D:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: D:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: D:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: d:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: D:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: D:\Program Files\Roblox\Versions\version-7cb7ff22d9334da0\\NPRobloxProxy.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: D:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/12/24 21:33:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: D:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/08/02 14:40:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: D:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/10/19 19:50:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: D:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/12/06 07:13:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: D:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/12/06 07:13:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: D:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/10/19 19:50:21 | 000,000,000 | ---D | M]

[2010/09/12 18:58:53 | 000,000,000 | ---D | M] (No name found) -- D:\Users\paulloftin\AppData\Roaming\Mozilla\Extensions
[2014/02/15 20:58:32 | 000,000,000 | ---D | M] (No name found) -- D:\Users\paulloftin\AppData\Roaming\Mozilla\Firefox\Profiles\1wzryyw7.default\extensions
[2010/12/08 21:59:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- D:\Users\paulloftin\AppData\Roaming\Mozilla\Firefox\Profiles\1wzryyw7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013/07/07 15:58:21 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- D:\Users\paulloftin\AppData\Roaming\Mozilla\Firefox\Profiles\1wzryyw7.default\extensions\[email protected](251).com
[2014/02/15 20:58:30 | 000,000,000 | ---D | M] (No name found) -- D:\Users\paulloftin\AppData\Roaming\Mozilla\Firefox\Profiles\ii34x9sc.default\extensions
[2013/07/07 15:58:21 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- D:\Users\paulloftin\AppData\Roaming\Mozilla\Firefox\Profiles\ii34x9sc.default\extensions\[email protected](252).com
[2014/02/14 19:05:51 | 000,000,000 | ---D | M] (Spy Guard) -- D:\Users\paulloftin\AppData\Roaming\Mozilla\Firefox\Profiles\ii34x9sc.default\extensions\[email protected]
[2013/05/25 20:04:43 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files\Mozilla Firefox\browser\extensions
[2013/05/25 20:04:43 | 000,000,000 | ---D | M] (Default) -- D:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{googlemniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{googleageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www1.delta-search.com/?babsr...737DE5565&affID=119351&tt=070813_wt4&tsp=4970
CHR - Extension: little owl = D:\Users\paulloftin\AppData\Local\Google\Chrome\User Data\Default\Extensions\alopfckdopopebdogneaajhpajfbkane\1.0_0\
CHR - Extension: Google Docs = D:\Users\paulloftin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = D:\Users\paulloftin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = D:\Users\paulloftin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = D:\Users\paulloftin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: RealDownloader = D:\Users\paulloftin\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.3_0\
CHR - Extension: Spy Guard = D:\Users\paulloftin\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.6.61_0\
CHR - Extension: Google Wallet = D:\Users\paulloftin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = D:\Users\paulloftin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - D:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKLM..\Run: [AmIcoSinglun] D:\Program Files\AmIcoSingLun\AmIcoSinglun.exe (Alcor Micro Corp.)
O4 - HKLM..\Run: [APSDaemon] D:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BingDesktop] D:\Program Files\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.)
O4 - HKLM..\Run: [InstaLAN] D:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [MSC] d:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroLauncher] D:\Program Files\Nero\SyncUP\NeroLauncher.exe ()
O4 - HKLM..\Run: [Updater] D:\ProgramData\Updater\updater.exe (Updater)
O4 - HKCU..\Run: [Updater] D:\ProgramData\Updater\updater.exe (Updater)
O4 - HKCU..\Run: [Weather] D:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - D:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{388DFADF-8A53-4E8F-939A-BA92E3DD12E1}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (D:\Windows\system32\userinit.exe) - D:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: D:\Users\paulloftin\AppData\Local\Microsoft\BingDesktop\themes\2014-02-16.jpg
O24 - Desktop BackupWallPaper: D:\Users\paulloftin\AppData\Local\Microsoft\BingDesktop\themes\2014-02-16.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (BootDefrag.exe)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/02/15 22:15:28 | 000,000,000 | ---D | C] -- D:\Users\paulloftin\Desktop\Computer Fixes
[2014/02/15 20:50:27 | 000,000,000 | ---D | C] -- D:\AdwCleaner
[2014/02/15 12:59:18 | 000,000,000 | ---D | C] -- D:\ProgramData\PC Drivers HeadQuarters
[2014/02/14 19:21:19 | 000,000,000 | ---D | C] -- D:\ProgramData\InternetUpdater
[2014/02/14 19:09:51 | 000,000,000 | ---D | C] -- D:\Users\paulloftin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser
[2014/02/14 19:09:51 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser
[2014/02/14 19:07:19 | 000,000,000 | ---D | C] -- D:\Users\paulloftin\AppData\Local\Browser
[2014/02/14 19:05:56 | 000,000,000 | ---D | C] -- D:\ProgramData\RHelpers
[2014/02/14 19:05:53 | 000,000,000 | ---D | C] -- D:\ProgramData\Updater
[2014/02/14 19:05:33 | 000,000,000 | ---D | C] -- D:\ProgramData\SpyGuard
[2014/02/12 18:14:57 | 002,382,848 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mshtml.tlb
[2014/02/12 18:14:52 | 000,176,640 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieui.dll
[2014/02/12 18:14:52 | 000,065,536 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jsproxy.dll
[2014/02/12 18:14:49 | 000,607,744 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msfeeds.dll
[2014/02/12 18:14:49 | 000,142,848 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieUnatt.exe
[2014/02/12 18:14:37 | 001,806,848 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jscript9.dll
[2014/02/12 18:14:37 | 000,231,936 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\url.dll
[2014/02/12 18:14:17 | 001,427,968 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\inetcpl.cpl
[2014/02/12 09:32:54 | 000,000,000 | ---D | C] -- D:\Program Files\Microsoft Security Client
[2014/02/09 20:41:20 | 000,000,000 | ---D | C] -- D:\Users\paulloftin\Documents\Sunday's Monday 2014
[2014/02/08 16:55:39 | 000,000,000 | ---D | C] -- D:\Program Files\Microsoft ActiveSync
[2014/02/08 16:52:57 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\DESIGNER
[2014/01/30 18:33:40 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/01/26 09:20:33 | 000,000,000 | ---D | C] -- D:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2014/01/21 17:15:18 | 000,264,616 | ---- | C] (Oracle Corporation) -- D:\Windows\System32\javaws.exe
[2014/01/21 17:14:57 | 000,175,016 | ---- | C] (Oracle Corporation) -- D:\Windows\System32\javaw.exe
[2014/01/21 17:14:57 | 000,174,504 | ---- | C] (Oracle Corporation) -- D:\Windows\System32\java.exe
[2014/01/21 17:14:57 | 000,094,632 | ---- | C] (Oracle Corporation) -- D:\Windows\System32\WindowsAccessBridge.dll
[2014/01/21 17:14:57 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/07/28 03:14:18 | 000,708,168 | ---- | C] (MindSpark) -- D:\Program Files\gcUninstall WeatherBlink.dll
[2012/11/25 14:48:33 | 019,096,640 | ---- | C] (Intel ) -- D:\Users\paulloftin\144047_283_PROWin32.exe
[2012/11/25 14:47:32 | 013,384,592 | ---- | C] (Microsoft Corporation) -- D:\Users\paulloftin\144047_280_IPx86_1033_6.31.258.0.exe
[2010/07/17 13:25:04 | 002,734,688 | ---- | C] (Conduit Ltd.) -- D:\Program Files\tbZyng.dll
[1 D:\Windows\*.tmp files -> D:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/02/17 18:32:13 | 000,699,736 | ---- | M] () -- D:\Windows\System32\perfh009.dat
[2014/02/17 18:32:11 | 000,142,966 | ---- | M] () -- D:\Windows\System32\perfc009.dat
[2014/02/17 18:10:21 | 000,000,830 | ---- | M] () -- D:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/17 17:51:15 | 000,003,680 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/17 17:51:15 | 000,003,680 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/17 17:43:01 | 000,000,886 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/17 17:30:33 | 000,000,430 | ---- | M] () -- D:\Windows\tasks\PC Utility Kit.job
[2014/02/17 00:59:59 | 000,000,372 | ---- | M] () -- D:\Windows\tasks\Regwork.job
[2014/02/16 19:54:36 | 000,000,882 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/16 19:51:48 | 000,000,356 | ---- | M] () -- D:\Windows\tasks\SoftwareUpdateGU4.job
[2014/02/16 19:51:23 | 000,000,095 | ---- | M] () -- D:\Users\paulloftin\.accessibility.properties
[2014/02/16 19:51:16 | 000,000,330 | ---- | M] () -- D:\Windows\tasks\GlaryInitialize 4.job
[2014/02/16 19:51:15 | 000,000,342 | ---- | M] () -- D:\Windows\tasks\RegistryBooster.job
[2014/02/16 19:50:50 | 000,459,560 | ---- | M] () -- D:\Windows\System32\FNTCACHE.DAT
[2014/02/16 19:50:30 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2014/02/14 19:09:51 | 000,001,943 | ---- | M] () -- D:\Users\paulloftin\Application Data\Microsoft\Internet Explorer\Quick Launch\Browser.lnk
[2014/02/12 09:34:07 | 000,001,945 | ---- | M] () -- D:\Windows\epplauncher.mif
[2014/02/11 20:20:45 | 000,000,426 | ---- | M] () -- D:\AVScanner.ini
[2014/02/11 18:25:24 | 000,001,955 | ---- | M] () -- D:\Users\paulloftin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/02/11 18:25:24 | 000,001,931 | ---- | M] () -- D:\Users\Public\Desktop\Google Chrome.lnk
[2014/02/09 09:55:42 | 208,367,271 | ---- | M] () -- D:\Windows\MEMORY.DMP
[2014/02/08 10:32:00 | 000,002,763 | ---- | M] () -- D:\ProgramData\connector.swf
[2014/02/05 03:56:17 | 001,806,848 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\jscript9.dll
[2014/02/05 03:49:56 | 001,427,968 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\inetcpl.cpl
[2014/02/05 03:49:14 | 000,231,936 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\url.dll
[2014/02/05 03:48:56 | 000,065,536 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\jsproxy.dll
[2014/02/05 03:48:40 | 000,142,848 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\ieUnatt.exe
[2014/02/05 03:47:57 | 000,607,744 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\msfeeds.dll
[2014/02/05 03:47:16 | 002,382,848 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\mshtml.tlb
[2014/02/05 03:46:50 | 000,176,640 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\ieui.dll
[2014/01/29 09:10:52 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- D:\Windows\System32\FlashPlayerApp.exe
[2014/01/29 09:10:51 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- D:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/01/26 17:14:03 | 000,000,837 | ---- | M] () -- D:\Users\Public\Desktop\Glary Utilities 4.lnk
[2014/01/26 09:24:05 | 000,001,624 | ---- | M] () -- D:\Users\Public\Desktop\iTunes.lnk
[2014/01/21 20:16:44 | 000,101,664 | ---- | M] (Glarysoft Ltd) -- D:\Windows\System32\BootDefrag.exe
[2014/01/21 20:09:34 | 000,014,528 | ---- | M] (Glarysoft Ltd) -- D:\Windows\System32\drivers\BootDefragDriver.sys
[2014/01/19 02:32:23 | 000,231,584 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\MpSigStub.exe
[1 D:\Windows\*.tmp files -> D:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/02/14 19:09:51 | 000,001,943 | ---- | C] () -- D:\Users\paulloftin\Application Data\Microsoft\Internet Explorer\Quick Launch\Browser.lnk
[2014/02/12 09:33:21 | 000,001,786 | ---- | C] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2014/02/12 09:06:12 | 000,000,426 | ---- | C] () -- D:\AVScanner.ini
[2014/02/09 09:55:42 | 208,367,271 | ---- | C] () -- D:\Windows\MEMORY.DMP
[2014/02/08 10:20:55 | 000,002,763 | ---- | C] () -- D:\ProgramData\connector.swf
[2014/01/30 18:33:40 | 000,001,955 | ---- | C] () -- D:\Users\paulloftin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/01/30 18:33:40 | 000,001,931 | ---- | C] () -- D:\Users\Public\Desktop\Google Chrome.lnk
[2014/01/01 12:05:50 | 000,013,464 | ---- | C] () -- D:\Windows\System32\drivers\SWDUMon.sys
[2013/07/28 13:40:27 | 000,022,816 | ---- | C] () -- D:\Windows\System32\RegBootDefrag.exe
[2013/07/28 03:14:18 | 000,186,752 | ---- | C] () -- D:\Program Files\gcres.dll
[2013/06/09 19:34:55 | 000,000,095 | ---- | C] () -- D:\Users\paulloftin\.accessibility.properties
[2013/01/04 12:54:17 | 000,000,632 | RHS- | C] () -- D:\Users\paulloftin\ntuser.pol
[2012/12/02 09:43:00 | 000,332,665 | ---- | C] () -- D:\Windows\System32\drivers\RTAIODAT.DAT
[2012/12/02 09:41:22 | 000,200,704 | ---- | C] () -- D:\Windows\System32\UMonit.exe
[2012/12/02 09:41:22 | 000,167,936 | ---- | C] () -- D:\Windows\System32\ustor.dll
[2012/12/01 09:09:21 | 034,666,488 | ---- | C] () -- D:\Users\paulloftin\144047_1485_OJ6000.zip.part
[2012/11/25 14:48:38 | 016,653,844 | ---- | C] () -- D:\Users\paulloftin\144047_1611_-PS.zip
[2012/11/25 14:48:26 | 103,843,528 | ---- | C] () -- D:\Users\paulloftin\144047_54_Vista_Win7_Win8_R270.zip
[2012/11/25 14:47:53 | 083,655,085 | ---- | C] () -- D:\Users\paulloftin\144047_1485_OJ6000.zip
[2012/11/25 14:47:29 | 002,988,988 | ---- | C] () -- D:\Users\paulloftin\144047_1_intel_inf_9.3.0.1020.zip
[2012/11/25 14:47:28 | 000,492,307 | ---- | C] () -- D:\Users\paulloftin\144047_2190_Intel_1.zip
[2012/10/16 13:32:40 | 000,202,805 | ---- | C] () -- D:\ProgramData\1350412008.bdinstall.bin
[2012/10/15 17:48:22 | 000,371,732 | ---- | C] () -- D:\ProgramData\1350340918.bdinstall.bin
[2012/10/15 17:41:57 | 000,077,237 | ---- | C] () -- D:\ProgramData\1350340915.bdinstall.bin
[2012/09/29 08:55:55 | 000,439,719 | ---- | C] () -- D:\ProgramData\1348926680.bdinstall.bin
[2012/09/29 08:38:43 | 000,153,935 | ---- | C] () -- D:\ProgramData\1348925661.bdinstall.bin
[2012/01/22 18:00:38 | 000,239,360 | ---- | C] () -- D:\ProgramData\1327272371.bdinstall.bin
[2011/11/24 17:40:06 | 002,424,375 | ---- | C] () -- D:\Users\paulloftin\Grandchildren 11 2011.jpg
[2011/08/19 10:50:43 | 000,000,349 | ---- | C] () -- D:\Users\paulloftin\AppData\Roaming\com.w3i.FlipToast_state.xml
[2011/07/06 18:40:22 | 025,051,136 | ---- | C] () -- D:\Users\paulloftin\COMPONENTS
[2011/04/21 14:21:46 | 000,012,535 | ---- | C] () -- D:\Users\paulloftin\WLMContacts.csv
[2011/04/16 22:16:36 | 014,421,146 | ---- | C] () -- D:\Users\paulloftin\Good afternoon 1.rtf
[2011/04/12 18:43:25 | 001,066,177 | ---- | C] () -- D:\Users\paulloftin\Haley G.JPG
[2011/04/05 19:50:57 | 000,122,880 | ---- | C] () -- D:\Users\paulloftin\Publication2.pub
[2011/03/21 16:43:57 | 000,000,098 | ---- | C] () -- D:\Users\paulloftin\AppData\Local\fusioncache.dat
[2010/11/21 16:15:46 | 000,006,000 | ---- | C] () -- D:\Users\paulloftin\AppData\Local\d3d9caps.dat
[2010/09/26 16:09:44 | 034,103,296 | ---- | C] () -- D:\Users\paulloftin\SOFTWARE
[2010/08/12 15:55:39 | 001,467,350 | ---- | C] () -- D:\Users\paulloftin\DSCF0274.jpg
[2010/08/01 07:49:02 | 000,001,522 | ---- | C] () -- D:\Users\paulloftin\AppData\Roaming\wklnhst.dat
[2010/07/17 13:25:04 | 000,153,088 | ---- | C] () -- D:\Program Files\UNWISE.EXE
[2010/06/24 19:46:37 | 000,083,968 | ---- | C] () -- D:\Users\paulloftin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/28 12:40:15 | 000,017,089 | ---- | C] () -- D:\Users\paulloftin\AppData\Roaming\UserTile.png

========== ZeroAccess Check ==========

[2006/11/02 07:51:16 | 000,000,227 | RHS- | M] () -- D:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> D:\ProgramData\TEMP:7BA6D322
@Alternate Data Stream - 193 bytes -> D:\ProgramData\TEMPFC5A2B2
@Alternate Data Stream - 147 bytes -> D:\ProgramData\TEMP:8DA0EB21
@Alternate Data Stream - 140 bytes -> D:\ProgramData\TEMP:ECF54A0E
@Alternate Data Stream - 135 bytes -> D:\ProgramData\TEMP:895C5142
@Alternate Data Stream - 128 bytes -> D:\ProgramData\TEMP:73C78BAA
@Alternate Data Stream - 126 bytes -> D:\ProgramData\TEMP:A082A539
@Alternate Data Stream - 123 bytes -> D:\ProgramData\TEMP:9547F1DB
@Alternate Data Stream - 123 bytes -> D:\ProgramData\TEMP:05A9EC70
@Alternate Data Stream - 122 bytes -> D:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 108 bytes -> D:\ProgramData\TEMP:7DC6E295
< End of report >


----------



## paloftin (Feb 15, 2014)

OTL Extras logfile created on: 2/17/2014 18:14:10 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Users\paulloftin\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.58 Gb Available Physical Memory | 28.98% Memory free
4.22 Gb Paging File | 2.17 Gb Available in Paging File | 51.50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files
Drive C: | 8.38 Gb Total Space | 6.74 Gb Free Space | 80.43% Space Free | Partition Type: NTFS
Drive D: | 140.67 Gb Total Space | 69.93 Gb Free Space | 49.72% Space Free | Partition Type: NTFS

Computer Name: PAULLOFTIN-PC | User Name: paulloftin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- D:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- D:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- D:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromiumHTM.KCSXFUUW2PKYLKCSHE3YE3UDX4] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "D:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "D:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FinePix] -- "D:\Program Files\FinePixViewer\FinePixViewer.exe" "%1" (FUJIFILM Corporation.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1317372938-93457200-3788176729-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03045531-C6D0-4B76-BF19-11199B2DC4C5}" = lport=9701 | protocol=6 | dir=in | name=syncup_tcp_9701 | 
"{0593B845-7DC3-4324-A422-9BB6EB0C22A5}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{1519B59D-27E9-4C32-B05E-CBBED8EEF9FF}" = lport=138 | protocol=17 | dir=in | app=system | 
"{29E6C263-202C-4901-B16C-4AEFCF2025E8}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{2B6130FA-3FC4-40BE-B6C0-EB1BBB314D5C}" = lport=9700 | protocol=17 | dir=in | name=syncup_udp_9700 | 
"{35CE5B03-BB5F-4BB1-B313-9C4497792D2F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4333DBDA-5C5F-4CB5-8F75-446FA530185E}" = rport=445 | protocol=6 | dir=out | app=system | 
"{442DBF55-BF6A-4959-8D6B-DA2F1EF9C9A0}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{44B135B9-5797-478E-8491-C4EF73DBE841}" = rport=137 | protocol=17 | dir=out | app=system | 
"{59860791-6F53-4ACC-94D5-C5ABF721EF52}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=d:\windows\system32\svchost.exe | 
"{5CBA6847-E610-4DCA-A287-3A3AC12A6CCA}" = rport=1723 | protocol=6 | dir=out | app=system | 
"{5DF7F506-C9A3-4498-9567-A7C88BDF2C68}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=d:\windows\system32\svchost.exe | 
"{62F64CEA-42F1-4AEF-A911-934A71E2BCC3}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{6923ECB2-0A39-4635-A752-0D69DD043806}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6C2DA459-2B33-4384-9EA7-43F9FE7AAD2A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{6C878B3F-6EF0-4134-8203-85766383FC66}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{7E7F4E65-05A4-4A7F-9692-8212860C1297}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{8A92C705-87BE-4302-87F3-35FD9EAB0F34}" = lport=1701 | protocol=17 | dir=in | app=system | 
"{93711544-D1C7-4F57-B1C3-BFD9EA88B124}" = lport=139 | protocol=6 | dir=in | app=system | 
"{94DB7D00-B916-4864-B9FF-07E8499026D4}" = rport=1701 | protocol=17 | dir=out | app=system | 
"{A1BB9CDE-70AA-4F23-BAB8-5463CA3F9BB8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=d:\windows\system32\svchost.exe | 
"{A77EE6F1-DB78-49ED-94FC-027B1AF8109A}" = rport=138 | protocol=17 | dir=out | app=system | 
"{A891A80D-4995-4549-9649-CAA358076FC5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A9FCE3C4-DB63-4CB7-96B3-C559760F79A9}" = rport=139 | protocol=6 | dir=out | app=system | 
"{B55C776B-360A-489D-9EC8-CA470E18C5C7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B72114BC-B83D-4418-A57B-AA260ECA9DE2}" = lport=137 | protocol=17 | dir=in | app=system | 
"{B9F09F33-C90B-4F8E-808C-3D7F4F410E3C}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=d:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | 
"{C1DDA053-3E5E-4BBB-A86D-D18CA769339C}" = lport=1723 | protocol=6 | dir=in | app=system | 
"{CA11C732-F5F0-4C04-A176-A1D37BCA4827}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D333B75F-1F3D-45B0-8CC3-4B0DBFF8AC50}" = lport=445 | protocol=6 | dir=in | app=system | 
"{DC6E7C2A-DA1D-4DF6-8426-C58EEC3D3088}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{F88AC92D-168A-4327-AA39-D5369FE5B4A4}" = lport=9702 | protocol=6 | dir=in | name=syncup_tcp_9702 | 
"{FAC75B91-8108-4B04-8769-A807D13D84BC}" = lport=9700 | protocol=6 | dir=in | name=syncup_tcp_9700 | 
"{FEDBDD27-D68A-457A-BBAA-E010BE8D06E2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09484409-318A-4A35-818C-2B52B5829D80}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{0B194614-2CC1-4551-B00E-7BCE88A48A50}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0B2D87ED-B7E2-437B-90F3-2D868E99A4BC}" = dir=in | app=d:\program files\windows live\mesh\moe.exe | 
"{18B8AE13-DE45-4D78-A1CA-47477C8944FA}" = protocol=17 | dir=in | app=d:\users\paulloftin\appdata\local\temp\7zs44f6\hpdiagnosticcoreui.exe | 
"{1E6A49F6-23B9-4C75-9401-29469CC0456E}" = dir=in | app=d:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{27EBCEF3-BE23-43AE-87C0-3536C673DC96}" = protocol=58 | dir=in | [email protected],-28545 | 
"{30DF9E8A-0954-4738-8830-DA6060356D9F}" = dir=in | app=d:\program files\hp\digital imaging\bin\hpqste08.exe | 
"{379026C9-6BC1-45E6-AE1F-5A32884C6EA1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4207218E-8B6F-4D89-A10A-7F8CBED3F520}" = protocol=6 | dir=in | app=d:\program files\belkin\router setup and monitor\belkinsetup.exe | 
"{49E58DDE-D52E-4899-ACA1-DC42C21F743B}" = dir=in | app=d:\program files\hp\digital imaging\bin\hposid01.exe | 
"{56A68E6C-0C5D-4D50-B922-9E39E1AC8540}" = protocol=6 | dir=out | svc=upnphost | app=d:\windows\system32\svchost.exe | 
"{5F6203EA-6BBE-4746-B9B9-A1A577A4BF0D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{61646EEC-E3A1-4381-B2FD-F8FF1D315928}" = protocol=1 | dir=in | [email protected],-28543 | 
"{6A04D81F-5A0F-4493-B0A4-AC01F02F5508}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6C51D884-6E77-42C7-9A60-16813C024A9D}" = dir=in | app=d:\program files\hp\digital imaging\bin\hpqusgh.exe | 
"{6F932FEB-0C4F-40C6-B838-35403DB72C3A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{70DA997C-932F-415B-A625-DD743BA0148B}" = dir=in | app=d:\program files\hp\digital imaging\bin\hpqusgm.exe | 
"{7BF85FF7-A6D2-4FC4-A0E6-1045DCE4595F}" = dir=in | app=d:\program files\hp\digital imaging\bin\hpqgpc01.exe | 
"{800585DB-66FD-4924-A5ED-F634FC83B0BB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{80B6778B-EE19-4820-9F07-B0D786453D30}" = protocol=17 | dir=in | app=d:\program files\bonjour\mdnsresponder.exe | 
"{811656A5-A581-4BFD-9391-14EF632E15CE}" = dir=in | app=d:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{88B5CD71-B7AD-436E-8A0F-8362B68E403D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8B9F16A4-1862-415C-8FB6-E071A3A6D350}" = protocol=6 | dir=out | app=system | 
"{8FA193B7-48BA-4FEB-9F1F-AD2D54230F1E}" = dir=in | app=d:\program files\belkin\router setup and monitor\belkinsetup.exe | 
"{9A393438-23D6-431B-A40E-257A7F1EC1CF}" = protocol=1 | dir=out | [email protected],-28544 | 
"{A407AC64-1FA6-46F5-A79E-F7FADFDB2E8C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A5A775C2-C15D-4B84-879F-FE854507DCFF}" = dir=in | app=d:\program files\hp\digital imaging\bin\hpfccopy.exe | 
"{A7F2A3FF-1477-4A40-B40B-35481C7A6C86}" = protocol=17 | dir=in | app=d:\program files\belkin\router setup and monitor\belkinsetup.exe | 
"{ABFEB7AF-F5C1-45C8-BF98-05080DC43FB0}" = protocol=17 | dir=in | app=d:\program files\bonjour\mdnsresponder.exe | 
"{AD3EBF47-45E7-44ED-97C1-91DC143CC2A4}" = protocol=6 | dir=in | app=d:\users\paulloftin\appdata\local\temp\7zs44f6\hpdiagnosticcoreui.exe | 
"{AFE5F023-5041-4CFB-BDDE-14D1F5B2D7E7}" = dir=in | app=d:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{B1B36CCB-198F-4386-80F0-C072EB293052}" = protocol=6 | dir=in | app=d:\program files\bonjour\mdnsresponder.exe | 
"{B227B975-200D-47F7-9DAB-99DFB366EB55}" = dir=in | app=d:\program files\hp\hp software update\hpwucli.exe | 
"{B3B55687-75FA-4EE4-9F9C-E2898FC76E61}" = dir=in | app=d:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{B4CD20EE-A0E0-40D6-BEE4-94C55F9F05D3}" = dir=in | app=d:\program files\itunes\itunes.exe | 
"{B885C849-18DA-4F85-BFD9-1DAE26E8C7E3}" = protocol=6 | dir=in | app=d:\program files\bonjour\mdnsresponder.exe | 
"{B89A1AF1-68D4-4BB5-B52B-5DF304C45A00}" = dir=in | app=d:\users\paulloftin\appdata\local\microsoft\skydrive\skydrive.exe | 
"{BA19C2C5-589B-419F-A120-3755F4EA992F}" = dir=in | app=d:\program files\hp\digital imaging\{14bc6853-a74e-4874-b50d-679889d1544d}\setup\hpznui01.exe | 
"{BE419434-A888-47DE-B2F6-8AA74EEC1DA0}" = protocol=17 | dir=in | app=d:\program files\belkin\router setup and monitor\belkinsetup.exe | 
"{BF58EE73-62FE-4A44-9667-922C98534A01}" = protocol=6 | dir=out | app=system | 
"{C23740C1-8FDF-4A73-9EF6-A7A745D82E6F}" = protocol=6 | dir=out | app=d:\windows\system32\wudfhost.exe | 
"{D2B0DE02-D74D-468B-B102-C94DA148A38C}" = dir=in | app=d:\program files\hp\digital imaging\bin\hpqtra08.exe | 
"{D345B45E-898A-4F17-BB90-1A13BA2E3752}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D356F950-B833-4561-9242-9942B6651060}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E0803304-5511-4576-9C92-77275F68BEE5}" = protocol=58 | dir=out | [email protected],-28546 | 
"{E8CB62C7-9B23-46A5-B2B6-5014D9237242}" = dir=in | app=d:\program files\windows live\contacts\wlcomm.exe | 
"{EED7AC77-FEB2-40D8-9490-2DE88C13F929}" = protocol=6 | dir=in | app=d:\program files\belkin\router setup and monitor\belkinsetup.exe | 
"{EF232055-3890-4514-BE05-377027106DC2}" = dir=in | app=d:\program files\hp\digital imaging\bin\hpoews01.exe | 
"{FAD16133-3F84-4C0E-9C76-E114612AA5E1}" = dir=in | app=d:\program files\hp\digital imaging\bin\hpiscnapp.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CD47142-BA4F-46B0-AA92-2675864928B8}" = Microsoft Security Client
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{10E3A6DD-84D8-4D8A-BB11-5E5314BCA7FD}" = Apple Mobile Device Support
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{166FCF01-AC98-4288-A01C-90BEB808C059}" = Sony RAW Driver
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.5.3
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 51
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}" = WeatherBug
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = ROBLOX Player
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F702F22-A623-4B6A-41BD-420700558223}_is1" = What's my computer doing 1.xx
"{40F06490-8C14-43AA-99D3-EEEFDBAC3CFC}" = SyncUP
"{42BBA4CC-EFB6-4653-A2CC-F305D4B399C3}" = PS_AIO_07_D110_SW_Min
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{55C4B9E9-39C8-4BD6-9BCF-41BE40393A5F}" = D110
"{563FE39E-B4D7-4DC0-B443-97313128AEC0}" = Hallmark Card Studio Special Edition
"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{616445AF-BBCF-41C1-A4D6-8CFF171C182D}" = iTunes
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D2EFF3B-B191-4B1F-8ABF-C4A8028DB8CF}" = Alcor Micro USB Card Reader
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7196E6BD-4B65-43F9-9D30-73A8E58D0E84}" = Avery Wizard 4.0
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7AAA00C4-26E6-4EC0-8069-955B0A9D6009}" = Intel(R) Network Connections 15.2.89.0
"{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}" = Bing Desktop
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{8777089A-4CF4-44BA-910B-9A4580669DED}" = Hallmark Card Studio Express
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B157EE4-0BAB-4CCE-B92C-5844AB6E20F1}" = HP Smart Print 1.1.5.0
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D78030A-64D6-4F9D-8D8A-ED2A7DED70BB}" = SyncUP Help (CHM)
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E1CB0F1-67BF-4052-AA23-FA22E94804C1}" = InstallIQ Updater
"{8E4B1BE8-DCF3-4B90-A726-B28107442623}" = SolutionCenter
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{959B7F35-2819-40C5-A0CD-3C53B5FCC935}" = Genesys USB Mass Storage Device
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A421348C-43DF-46F8-8024-7ABC9F92A682}" = HP Printer Quality Research Study
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A760067A-C07E-1033-0000-A764AC000008}" = Avery Template
"{A760067A-C07E-1033-0000-A764AC000010}" = Avery Template
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.9)
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{B92C2C6C-F70E-497B-88A7-1FEF9888272B}" = Adobe AIR
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BBFB2E59-B0DB-42C8-8F4D-CF4E85471667}" = Toolbox
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}" = RealDownloader
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D54E3D9F-FEB8-4D2D-A138-B69A5C80080B}" = Updater
"{D92C9CCE-E5F0-4125-977A-0590F3225B74}" = SyncUP
"{DB9BF6DA-8030-4A21-9FF4-8856A7556FCF}" = CWA Reminder by We-Care.com v4.1.22.3
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E15BC10F-04AA-0AFD-A6C9-476730195F8B}" = Adobe Download Assistant
"{E3B3AB03-8ABC-46CF-8CA9-DB5581E1F368}" = FinePix Studio
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F80BD4BC-06B8-488E-A62E-C4755013DD71}" = Network
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FC279721-37A6-4777-AFD8-7A56681EBA14}" = Expert PDF 7 Reader
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF6DD716-7B10-4269-9F19-FFB07AC4CD95}" = Bing Bar
"7-zip" = 7-zip v9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Belkin Setup and Router Monitor_is1" = Belkin Setup and Router Monitor
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Dora Saves the Snow Princess" = Dora Saves the Snow Princess
"DriverFinder" = DriverFinder
"EPSON Printer and Utilities" = EPSON Printer Software
"Free Window Registry Repair" = Free Window Registry Repair
"Glary Registry Repair_is1" = Glary Registry Repair 3.3.0.852
"Glary Utilities 4" = Glary Utilities 4.5
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Photo Creations" = HP Photo Creations
"InstallShield_{6D2EFF3B-B191-4B1F-8ABF-C4A8028DB8CF}" = Alcor Micro USB Card Reader
"InternetUpdater" = Internet Updater
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"MyFinePix Studio_is1" = FUJIFILM MyFinePix Studio 4.2
"PROSetDX" = Intel(R) Network Connections 15.2.89.0
"RealPlayer 16.0" = RealPlayer
"SpyGuard" = Spy Guard
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Browser" = Browser
"SkyDriveSetup.exe" = Microsoft SkyDrive

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2/16/2014 20:53:27 | Computer Name = paulloftin-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "D:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe".
Dependent
Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" 
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 2/16/2014 20:56:07 | Computer Name = paulloftin-PC | Source = Windows Search Service | ID = 3028
Description =

Error - 2/16/2014 20:56:07 | Computer Name = paulloftin-PC | Source = Windows Search Service | ID = 3058
Description =

Error - 2/16/2014 22:14:36 | Computer Name = paulloftin-PC | Source = MatSvc | ID = 262147
Description = The MATS service encountered a web service failure. hr=0x801901F7

Error - 2/16/2014 22:19:46 | Computer Name = paulloftin-PC | Source = MatSvc | ID = 262147
Description = The MATS service encountered a web service failure. hr=0x801901F7

Error - 2/17/2014 03:13:48 | Computer Name = paulloftin-PC | Source = MatSvc | ID = 262147
Description = The MATS service encountered a web service failure. hr=0x801901F7

Error - 2/17/2014 03:18:47 | Computer Name = paulloftin-PC | Source = MatSvc | ID = 262147
Description = The MATS service encountered a web service failure. hr=0x801901F7

Error - 2/17/2014 08:17:49 | Computer Name = paulloftin-PC | Source = MatSvc | ID = 262147
Description = The MATS service encountered a web service failure. hr=0x801901F7

Error - 2/17/2014 08:22:48 | Computer Name = paulloftin-PC | Source = MatSvc | ID = 262147
Description = The MATS service encountered a web service failure. hr=0x801901F7

Error - 2/17/2014 13:20:43 | Computer Name = paulloftin-PC | Source = MatSvc | ID = 262147
Description = The MATS service encountered a web service failure. hr=0x801901F7

Error - 2/17/2014 13:25:43 | Computer Name = paulloftin-PC | Source = MatSvc | ID = 262147
Description = The MATS service encountered a web service failure. hr=0x801901F7

Error - 2/17/2014 17:36:44 | Computer Name = paulloftin-PC | Source = MatSvc | ID = 262147
Description = The MATS service encountered a web service failure. hr=0x801901F7

Error - 2/17/2014 17:41:43 | Computer Name = paulloftin-PC | Source = MatSvc | ID = 262147
Description = The MATS service encountered a web service failure. hr=0x801901F7

[ System Events ]
Error - 2/16/2014 20:42:56 | Computer Name = paulloftin-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.165.4165.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM
Current
Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x8007043c Error
description: This service cannot be started in Safe Mode

Error - 2/16/2014 20:49:13 | Computer Name = paulloftin-PC | Source = DCOM | ID = 10010
Description =

Error - 2/16/2014 20:53:39 | Computer Name = paulloftin-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 2/16/2014 20:53:42 | Computer Name = paulloftin-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 2/16/2014 20:53:48 | Computer Name = paulloftin-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 2/16/2014 20:56:10 | Computer Name = paulloftin-PC | Source = Service Control Manager | ID = 7024
Description =

Error - 2/16/2014 20:56:10 | Computer Name = paulloftin-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 2/16/2014 20:56:39 | Computer Name = paulloftin-PC | Source = DCOM | ID = 10010
Description =

Error - 2/17/2014 14:10:38 | Computer Name = paulloftin-PC | Source = Microsoft Antimalware | ID = 1119
Description = %%860 has encountered a critical error when taking action on malware
or other potentially unwanted software. For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=Exploit:Java/CVE-2010-0840&threatid=2147643366
Name:
Exploit:Java/CVE-2010-0840 ID: 2147643366 Severity: Severe Category: Exploit Path: 
containerfile:_D:\Users\paulloftin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\6f4ac418-4837c4fc;file:_D:\Users\paulloftin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\6f4ac418-4837c4fc->datas/SquarePants.class
Detection
Origin: %%845 Detection Type: %%822 Detection Source: %%818 User: NT AUTHORITY\SYSTEM
Process
Name: D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe Action: %%809 Action Status:
No additional actions required Error Code: 0x8007065e Error description: Data of
this type is not supported. Signature Version: AV: 1.165.4200.0, AS: 1.165.4200.0,
NIS: 109.107.0.0 Engine Version: AM: 1.1.10201.0, NIS: 2.1.10003.0

Error - 2/17/2014 14:10:38 | Computer Name = paulloftin-PC | Source = Microsoft Antimalware | ID = 1119
Description = %%860 has encountered a critical error when taking action on malware
or other potentially unwanted software. For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Java/Toniper&threatid=2147678505
Name:
TrojanDownloader:Java/Toniper ID: 2147678505 Severity: Severe Category: Trojan Downloader
Path:
containerfile:_D:\Users\paulloftin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\6f4ac418-4837c4fc;file:_D:\Users\paulloftin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\6f4ac418-4837c4fc->datas/wall.class;file:_D:\Users\paulloftin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\6f4ac418-4837c4fc->datas/Zom.class;file:_D:\Users\paulloftin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\6f4ac418-4837c4fc->datas/Zonkeys.class
Detection
Origin: %%845 Detection Type: %%822 Detection Source: %%820 User: NT AUTHORITY\SYSTEM
Process
Name: Unknown Action: %%809 Action Status: No additional actions required Error Code:
0x8007065e Error description: Data of this type is not supported. Signature Version:
AV: 1.165.4200.0, AS: 1.165.4200.0, NIS: 109.107.0.0 Engine Version: AM: 1.1.10201.0,
NIS: 2.1.10003.0

< End of report >


----------



## paloftin (Feb 15, 2014)

The script error was resolved however my computer is still doing some strange things. Run fast, the slow, the fast, then freeze, all random. Sometimes a program will open and other times it will not. When typing a document it will simply stop in the middle of a word and not let me do anything for a while and then on its own it will start back up. I don't know what is going on with it. I appreciate your time in this matter, thank you.


----------



## askey127 (Dec 22, 2006)

paloftin.
Quite a bit to do here at first. Just take one step at a time.
You should stay away from any Registry helpers/boosters/optimizers, etc. The risk of system damage far outweighs any possible benefits.
------------------------------------------------
*Remove Programs Using Control Panel*
From *Start, Control Panel*, click on *Uninstall a program* under the Programs heading.
Right click each Entry, as follows, one by one, if it exists, choose *Uninstall/Change*, and give permission to Continue:
*
InstallIQ Updater
Adobe Reader X (10.1.9)
Coupon Printer for Windows
Free Window Registry Repair
Glary Registry Repair
Internet Updater
Spy Guard
* 
Take extra care in answering questions posed by any Uninstaller.
-----------------------------------------------------------
* REBOOT (RESTART) Your Machine*

--------------------------------------------------------
*Download and Install the newest version of Adobe Reader* for reading pdf files
There are security vulnerabilities in earlier versions of both Reader and Acrobat Pro. All versions numbered lower than 11.0.06 are vulnerable.
Go *HERE* to download the Installer *AdbeRdr11006_en_US.exe* .
Save the file to your desktop and run it to install the latest version of Adobe Reader. 
*Always be careful to UNCHECK any offer for toolbars, helpers or other "partner" Free programs*
After the new Reader is installed, Open Adobe Reader XI, as it is called, and OK the license.
Click on* Edit* and select *Preferences*. 
On the Left, click on the *Javascript* category and *Uncheck Enable Acrobat Javascript*.
Click on the *Security (Enhanced)* category 
*Uncheck Automatically trust sites from my Win OS security zones*, and under Protected View, click on *Files from potentially unsafe locations*.
Click on the *Trust Manager* category and *Uncheck Allow opening of non-PDF file attachments with external applications*.
Click the *OK* button
When it asks if you are sure you want to make changes to Advanced Security Preferences, answer *Yes*.
When it finishes, you can remove the Installer from your desktop.
----------------------------------------------
*Perform a Custom Fix with OTL*
*Run OTL* (Right click and choose "Run as administrator" in Vista/Win7)

In the *Custom Scans/Fixes* box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):

```
:Commands
[CREATERESTOREPOINT]

:OTL
FF - prefs.js..browser.startup.homepage: "http://search.yahoo.com?type=114576&fr=spigot-yhp-ff"
FF - prefs.js..browser.startup.homepage: "http://search.yahoo.com?type=114576&fr=spigot-yhp-ff"
[2013/07/07 15:58:21 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- D:\Users\paulloftin\AppData\Roaming\Mozilla\Firefox\Profiles\1wzryyw7.defau lt\extensions\[email protected](251).com
[2013/07/07 15:58:21 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- D:\Users\paulloftin\AppData\Roaming\Mozilla\Firefox\Profiles\ii34x9sc.defau lt\extensions\[email protected](252).com
[2014/02/14 19:05:51 | 000,000,000 | ---D | M] (Spy Guard) -- D:\Users\paulloftin\AppData\Roaming\Mozilla\Firefox\Profiles\ii34x9sc.defau lt\extensions\[email protected]
CHR - homepage: http://www1.delta-search.com/?babsrc...3_wt4&tsp=4970
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKLM..\Run: [Updater] D:\ProgramData\Updater\updater.exe (Updater)
O4 - HKCU..\Run: [Updater] D:\ProgramData\Updater\updater.exe (Updater)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No CLSID value found.
[2014/02/14 19:05:33 | 000,000,000 | ---D | C] -- D:\ProgramData\SpyGuard
[2010/07/17 13:25:04 | 002,734,688 | ---- | C] (Conduit Ltd.) -- D:\Program Files\tbZyng.dll

:Files
D:\ProgramData\Updater
ipconfig /flushdns /c

:Commands
[PURITY]
[emptyjava]
[emptyflash] 
[EMPTYTEMP]
```

Then click the *Run Fix* button at the top.
Let the program run unhindered, and click to allow the Reboot when it is done.
When the computer Reboots, and you start your usual account, a Notepad text file will appear.
Copy the contents of that file and post it in your next reply. 
That is the *FIX log* file. It will also be available and named by timestamp here: *C:\_OTL\Moved Files\mmddyyyy_hhmmss.log*
----------------------------------------------
After posting the Resulting log, *Please Rescan* as follows:
Open OTL again and click the *Quick Scan* button. Post the new log it produces, *OTL.txt*, in a separate reply.
---------------------------------------------------
So,* In Your Replies*, we will be looking for the following :
The contents of:
The FIX log from OTL
Fresh version of OTL.txt from the Quick Scan.
Please feel free to use separate replies.

askey127


----------



## paloftin (Feb 15, 2014)

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Prefs.js: "http://search.yahoo.com?type=114576&fr=spigot-yhp-ff" removed from browser.startup.homepage
Prefs.js: "http://search.yahoo.com?type=114576&fr=spigot-yhp-ff" removed from browser.startup.homepage
Folder D:\Users\paulloftin\AppData\Roaming\Mozilla\Firefox\Profiles\1wzryyw7.defau lt\extensions\[email protected](251).com\ not found.
Folder D:\Users\paulloftin\AppData\Roaming\Mozilla\Firefox\Profiles\ii34x9sc.defau lt\extensions\[email protected](252).com\ not found.
Folder D:\Users\paulloftin\AppData\Roaming\Mozilla\Firefox\Profiles\ii34x9sc.defau lt\extensions\[email protected]\ not found.
Use Chrome's Settings page to change the HomePage.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Updater deleted successfully.
D:\ProgramData\Updater\updater.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Updater deleted successfully.
File D:\ProgramData\Updater\updater.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}\ deleted successfully.
D:\ProgramData\SpyGuard folder moved successfully.
D:\Program Files\tbZyng.dll moved successfully.
========== FILES ==========
D:\ProgramData\Updater folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
D:\Users\paulloftin\Desktop\cmd.bat deleted successfully.
D:\Users\paulloftin\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: paulloftin
->Java cache emptied: 12136869 bytes

User: Public

Total Java Files Cleaned = 12.00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 57472 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: paulloftin
->Flash cache emptied: 66738 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: paulloftin
->Temp folder emptied: 279067 bytes
->Temporary Internet Files folder emptied: 169825502 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 76166593 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2207627846 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 13701 bytes

Total Files Cleaned = 2,340.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 02182014_091058
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...


----------



## valis (Sep 24, 2004)

I'm going to go ahead an mark this as unsolved as there is still work occurring.

thanks, 

v


----------



## paloftin (Feb 15, 2014)

OTL logfile created on: 2/18/2014 09:38:51 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Users\paulloftin\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.94 Gb Available Physical Memory | 47.26% Memory free
4.22 Gb Paging File | 2.94 Gb Available in Paging File | 69.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files
Drive C: | 8.38 Gb Total Space | 6.74 Gb Free Space | 80.43% Space Free | Partition Type: NTFS
Drive D: | 140.67 Gb Total Space | 73.35 Gb Free Space | 52.14% Space Free | Partition Type: NTFS

Computer Name: PAULLOFTIN-PC | User Name: paulloftin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/18 08:51:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Users\paulloftin\Desktop\OTL.exe
PRC - [2014/01/14 20:07:04 | 000,045,568 | ---- | M] (Parallel Lines Development, LLC) -- D:\ProgramData\InternetUpdater\InternetUpdaterService.exe
PRC - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- D:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/12/18 13:38:37 | 000,309,328 | ---- | M] (Google Inc.) -- D:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2013/12/16 19:34:22 | 000,193,696 | ---- | M] (Microsoft Corporation.) -- D:\Program Files\Microsoft\BingBar\7.3.124.0\BBSvc.EXE
PRC - [2013/10/23 15:01:10 | 000,280,288 | ---- | M] (Microsoft Corporation) -- d:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) -- d:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/10/23 14:55:28 | 000,948,440 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/08/14 15:19:24 | 000,039,056 | ---- | M] () -- D:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013/06/05 12:40:50 | 000,173,192 | ---- | M] (Microsoft Corp.) -- D:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe
PRC - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 13:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/01/05 14:29:28 | 000,274,168 | ---- | M] () -- D:\Program Files\What's my computer doing\WhatsMyComputerDoing.exe
PRC - [2012/02/23 15:57:36 | 000,563,104 | ---- | M] (Affinegy, Inc.) -- D:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2012/02/23 15:57:34 | 001,885,088 | ---- | M] (Affinegy, Inc.) -- D:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
PRC - [2011/10/05 12:31:46 | 001,652,736 | R--- | M] (AWS Convergence Technologies, Inc.) -- D:\Program Files\AWS\WeatherBug\Weather.exe
PRC - [2010/07/29 02:37:18 | 000,237,568 | ---- | M] (Alcor Micro Corp.) -- D:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
PRC - [2010/05/04 11:07:22 | 000,503,080 | ---- | M] (Nero AG) -- D:\Program Files\Nero\Update\NASvc.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- D:\Windows\explorer.exe
PRC - [2008/01/19 02:33:37 | 000,397,312 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Windows Mail\WinMail.exe
PRC - [2006/12/04 16:27:00 | 000,303,104 | ---- | M] (FUJIFILM Corporation) -- D:\Program Files\FinePixViewer\QuickDCF2.exe

========== Modules (No Company Name) ==========

MOD - [2014/01/20 13:17:04 | 000,073,544 | ---- | M] () -- D:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/01/20 13:16:38 | 001,044,808 | ---- | M] () -- D:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/01/05 14:29:28 | 000,274,168 | ---- | M] () -- D:\Program Files\What's my computer doing\WhatsMyComputerDoing.exe
MOD - [2010/08/22 20:01:36 | 007,187,456 | ---- | M] () -- D:\Program Files\Belkin\Router Setup and Monitor\QtGui4.dll
MOD - [2010/08/22 20:01:08 | 000,325,632 | ---- | M] () -- D:\Program Files\Belkin\Router Setup and Monitor\QtXml4.dll
MOD - [2010/08/22 20:01:06 | 001,954,304 | ---- | M] () -- D:\Program Files\Belkin\Router Setup and Monitor\QtCore4.dll
MOD - [2010/08/22 20:01:06 | 000,847,360 | ---- | M] () -- D:\Program Files\Belkin\Router Setup and Monitor\QtNetwork4.dll
MOD - [2010/08/22 19:32:34 | 000,119,808 | ---- | M] () -- D:\Program Files\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
MOD - [2006/11/10 16:32:00 | 000,081,920 | ---- | M] () -- D:\Program Files\FinePixViewer\wia_register_event.dll
MOD - [1999/01/31 09:52:02 | 000,192,512 | ---- | M] () -- D:\Program Files\What's my computer doing\QHTM.dll

========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (ACDaemon)
SRV - [2014/01/29 09:10:53 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- D:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/01/14 20:07:04 | 000,045,568 | ---- | M] (Parallel Lines Development, LLC) [Auto | Running] -- D:\ProgramData\InternetUpdater\InternetUpdaterService.exe -- (InternetUpdater)
SRV - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- D:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/12/16 19:34:22 | 000,247,968 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- D:\Program Files\Microsoft\BingBar\7.3.124.0\SeaPort.EXE -- (BBUpdate)
SRV - [2013/12/16 19:34:22 | 000,193,696 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- D:\Program Files\Microsoft\BingBar\7.3.124.0\BBSvc.EXE -- (BBSvc)
SRV - [2013/10/23 15:01:10 | 000,280,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- d:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- d:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/08/14 15:19:24 | 000,039,056 | ---- | M] () [Auto | Running] -- D:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/06/05 12:40:50 | 000,173,192 | ---- | M] (Microsoft Corp.) [Auto | Running] -- D:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe -- (BingDesktopUpdate)
SRV - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/02/23 15:57:36 | 000,563,104 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- D:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2011/06/13 21:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2010/05/04 11:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- D:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- D:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- D:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\fixustor.sys -- (FIXUSTOR)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\bdvedisk.sys -- (BDVEDISK)
DRV - [2014/01/21 20:09:34 | 000,014,528 | ---- | M] (Glarysoft Ltd) [Kernel | Boot | Running] -- D:\Windows\System32\drivers\BootDefragDriver.sys -- (BootDefragDriver)
DRV - [2014/01/01 12:05:50 | 000,013,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\Windows\System32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2013/09/27 09:53:06 | 000,104,768 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- D:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2013/04/04 13:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- D:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/09/20 04:11:58 | 000,226,080 | ---- | M] (GFI Software) [Kernel | System | Running] -- D:\Windows\System32\drivers\SbFw.sys -- (SbFw)
DRV - [2012/09/20 04:11:58 | 000,094,496 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- D:\Windows\System32\drivers\sbhips.sys -- (sbhips)
DRV - [2012/09/20 04:11:58 | 000,075,552 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- D:\Windows\System32\drivers\sbwtis.sys -- (sbwtis)
DRV - [2012/09/12 19:19:34 | 000,095,488 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- D:\Windows\System32\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV - [2012/09/12 19:19:34 | 000,095,488 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- D:\Windows\System32\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV - [2011/03/15 00:11:10 | 000,010,112 | ---- | M] (support.com, Inc) [Kernel | On_Demand | Stopped] -- D:\Windows\System32\drivers\ssmirrdr.sys -- (ssmirrdr)
DRV - [2007/06/29 09:11:02 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- D:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/20 03:28:38 | 000,267,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- D:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2005/12/12 17:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- D:\Windows\System32\drivers\PS2.sys -- (Ps2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=EIE9HP&PC=UP68
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=EIE9HP&PC=UP68
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=EIE9HP&PC=UP68
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/default.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{3857290D-6438-4DA7-9062-AEDEE3FA622C}: "URL" = http://www.google.com/search?q={sea...ng?}&oe={outputEncoding?}&rlz=1I7ADRA_enUS380
IE - HKCU\..\SearchScopes\{D1628EAF-DB76-431C-A737-33BB8825C82E}: "URL" = http://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
IE - HKCU\..\SearchScopes\{FBF6D5D4-56D5-4A90-A38A-BB3D717BA1B8}: "URL" = http://search.microsoft.com/results.aspx?mkt=en-US&setlang=en-US&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://search.yahoo.com?type=114576&fr=spigot-yhp-ff"
FF - prefs.js..browser.startup.homepage: "http://search.yahoo.com?type=114576&fr=spigot-yhp-ff"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=114576&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=114576"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.update: false
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: D:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: D:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: d:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: D:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: D:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: D:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: D:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: D:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: d:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.91: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: d:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: D:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: D:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: D:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: d:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: D:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: D:\Program Files\Roblox\Versions\version-7cb7ff22d9334da0\\NPRobloxProxy.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: D:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/12/24 21:33:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: D:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/08/02 14:40:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: D:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/10/19 19:50:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: D:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/12/06 07:13:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: D:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/12/06 07:13:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: D:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/10/19 19:50:21 | 000,000,000 | ---D | M]

[2010/09/12 18:58:53 | 000,000,000 | ---D | M] (No name found) -- D:\Users\paulloftin\AppData\Roaming\Mozilla\Extensions
[2014/02/15 20:58:32 | 000,000,000 | ---D | M] (No name found) -- D:\Users\paulloftin\AppData\Roaming\Mozilla\Firefox\Profiles\1wzryyw7.default\extensions
[2010/12/08 21:59:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- D:\Users\paulloftin\AppData\Roaming\Mozilla\Firefox\Profiles\1wzryyw7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013/07/07 15:58:21 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- D:\Users\paulloftin\AppData\Roaming\Mozilla\Firefox\Profiles\1wzryyw7.default\extensions\[email protected](251).com
[2014/02/18 08:35:02 | 000,000,000 | ---D | M] (No name found) -- D:\Users\paulloftin\AppData\Roaming\Mozilla\Firefox\Profiles\ii34x9sc.default\extensions
[2013/07/07 15:58:21 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- D:\Users\paulloftin\AppData\Roaming\Mozilla\Firefox\Profiles\ii34x9sc.default\extensions\[email protected](252).com
[2014/02/18 08:35:02 | 000,000,000 | ---D | M] (Better Experience) -- D:\Users\paulloftin\AppData\Roaming\Mozilla\Firefox\Profiles\ii34x9sc.default\extensions\[email protected]
[2013/05/25 20:04:43 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files\Mozilla Firefox\browser\extensions
[2013/05/25 20:04:43 | 000,000,000 | ---D | M] (Default) -- D:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: http://www1.delta-search.com/?babsr...737DE5565&affID=119351&tt=070813_wt4&tsp=4970
CHR - Extension: No name found = D:\Users\paulloftin\AppData\Local\Google\Chrome\User Data\Default\Extensions\alopfckdopopebdogneaajhpajfbkane\1.0_0\
CHR - Extension: No name found = D:\Users\paulloftin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: No name found = D:\Users\paulloftin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = D:\Users\paulloftin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = D:\Users\paulloftin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = D:\Users\paulloftin\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.3_0\
CHR - Extension: No name found = D:\Users\paulloftin\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.6.61_0\
CHR - Extension: No name found = D:\Users\paulloftin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: No name found = D:\Users\paulloftin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Better Experience) - {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - D:\ProgramData\BetterExperience\IE\common.dll (Better Experience)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - D:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
O4 - HKLM..\Run: [AmIcoSinglun] D:\Program Files\AmIcoSingLun\AmIcoSinglun.exe (Alcor Micro Corp.)
O4 - HKLM..\Run: [APSDaemon] D:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BingDesktop] D:\Program Files\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.)
O4 - HKLM..\Run: [InstaLAN] D:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [MSC] d:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroLauncher] D:\Program Files\Nero\SyncUP\NeroLauncher.exe ()
O4 - HKCU..\Run: [Weather] D:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - D:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{388DFADF-8A53-4E8F-939A-BA92E3DD12E1}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (D:\Windows\system32\userinit.exe) - D:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: D:\Users\paulloftin\AppData\Local\Microsoft\BingDesktop\themes\2014-02-18.jpg
O24 - Desktop BackupWallPaper: D:\Users\paulloftin\AppData\Local\Microsoft\BingDesktop\themes\2014-02-18.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (BootDefrag.exe)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/02/18 09:10:58 | 000,000,000 | ---D | C] -- D:\_OTL
[2014/02/18 08:52:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- D:\Users\paulloftin\Desktop\OTL.exe
[2014/02/18 08:34:43 | 000,000,000 | ---D | C] -- D:\ProgramData\BetterExperience
[2014/02/18 08:19:48 | 000,000,000 | ---D | C] -- D:\ProgramData\InternetUpdater
[2014/02/15 22:15:28 | 000,000,000 | ---D | C] -- D:\Users\paulloftin\Desktop\Computer Fixes
[2014/02/15 20:50:27 | 000,000,000 | ---D | C] -- D:\AdwCleaner
[2014/02/15 12:59:18 | 000,000,000 | ---D | C] -- D:\ProgramData\PC Drivers HeadQuarters
[2014/02/14 19:09:51 | 000,000,000 | ---D | C] -- D:\Users\paulloftin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser
[2014/02/14 19:09:51 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser
[2014/02/14 19:07:19 | 000,000,000 | ---D | C] -- D:\Users\paulloftin\AppData\Local\Browser
[2014/02/14 19:05:56 | 000,000,000 | ---D | C] -- D:\ProgramData\RHelpers
[2014/02/12 09:32:54 | 000,000,000 | ---D | C] -- D:\Program Files\Microsoft Security Client
[2014/02/09 20:41:20 | 000,000,000 | ---D | C] -- D:\Users\paulloftin\Documents\Sunday's Monday 2014
[2014/02/08 16:55:39 | 000,000,000 | ---D | C] -- D:\Program Files\Microsoft ActiveSync
[2014/02/08 16:52:57 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\DESIGNER
[2014/01/30 18:33:40 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/01/26 09:20:33 | 000,000,000 | ---D | C] -- D:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2014/01/21 17:14:57 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/07/28 03:14:18 | 000,708,168 | ---- | C] (MindSpark) -- D:\Program Files\gcUninstall WeatherBlink.dll
[2012/11/25 14:48:33 | 019,096,640 | ---- | C] (Intel ) -- D:\Users\paulloftin\144047_283_PROWin32.exe
[2012/11/25 14:47:32 | 013,384,592 | ---- | C] (Microsoft Corporation) -- D:\Users\paulloftin\144047_280_IPx86_1033_6.31.258.0.exe

========== Files - Modified Within 30 Days ==========

[2014/02/18 09:43:01 | 000,000,886 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/18 09:36:39 | 000,003,680 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/18 09:36:34 | 000,003,680 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/18 09:33:39 | 000,000,882 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/18 09:32:12 | 000,000,356 | ---- | M] () -- D:\Windows\tasks\SoftwareUpdateGU4.job
[2014/02/18 09:31:19 | 000,000,342 | ---- | M] () -- D:\Windows\tasks\RegistryBooster.job
[2014/02/18 09:31:19 | 000,000,330 | ---- | M] () -- D:\Windows\tasks\GlaryInitialize 4.job
[2014/02/18 09:31:19 | 000,000,095 | ---- | M] () -- D:\Users\paulloftin\.accessibility.properties
[2014/02/18 09:30:33 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2014/02/18 09:10:38 | 000,000,830 | ---- | M] () -- D:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/18 08:51:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Users\paulloftin\Desktop\OTL.exe
[2014/02/18 08:45:38 | 000,001,941 | ---- | M] () -- D:\Users\paulloftin\Desktop\Browser.lnk
[2014/02/18 08:33:31 | 000,001,852 | ---- | M] () -- D:\Users\Public\Desktop\Adobe Reader XI.lnk
[2014/02/17 19:06:04 | 000,699,736 | ---- | M] () -- D:\Windows\System32\perfh009.dat
[2014/02/17 19:06:00 | 000,142,966 | ---- | M] () -- D:\Windows\System32\perfc009.dat
[2014/02/17 17:30:33 | 000,000,430 | ---- | M] () -- D:\Windows\tasks\PC Utility Kit.job
[2014/02/17 00:59:59 | 000,000,372 | ---- | M] () -- D:\Windows\tasks\Regwork.job
[2014/02/16 19:50:50 | 000,459,560 | ---- | M] () -- D:\Windows\System32\FNTCACHE.DAT
[2014/02/14 19:09:51 | 000,001,943 | ---- | M] () -- D:\Users\paulloftin\Application Data\Microsoft\Internet Explorer\Quick Launch\Browser.lnk
[2014/02/12 09:34:07 | 000,001,945 | ---- | M] () -- D:\Windows\epplauncher.mif
[2014/02/11 20:20:45 | 000,000,426 | ---- | M] () -- D:\AVScanner.ini
[2014/02/11 18:25:24 | 000,001,955 | ---- | M] () -- D:\Users\paulloftin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/02/11 18:25:24 | 000,001,931 | ---- | M] () -- D:\Users\Public\Desktop\Google Chrome.lnk
[2014/02/09 09:55:42 | 208,367,271 | ---- | M] () -- D:\Windows\MEMORY.DMP
[2014/02/08 10:32:00 | 000,002,763 | ---- | M] () -- D:\ProgramData\connector.swf
[2014/01/26 17:14:03 | 000,000,837 | ---- | M] () -- D:\Users\Public\Desktop\Glary Utilities 4.lnk
[2014/01/26 09:24:05 | 000,001,624 | ---- | M] () -- D:\Users\Public\Desktop\iTunes.lnk
[2014/01/21 20:16:44 | 000,101,664 | ---- | M] (Glarysoft Ltd) -- D:\Windows\System32\BootDefrag.exe
[2014/01/21 20:09:34 | 000,014,528 | ---- | M] (Glarysoft Ltd) -- D:\Windows\System32\drivers\BootDefragDriver.sys

========== Files Created - No Company Name ==========

[2014/02/18 08:45:38 | 000,001,941 | ---- | C] () -- D:\Users\paulloftin\Desktop\Browser.lnk
[2014/02/18 08:33:31 | 000,001,852 | ---- | C] () -- D:\Users\Public\Desktop\Adobe Reader XI.lnk
[2014/02/18 08:33:27 | 000,001,804 | ---- | C] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2014/02/14 19:09:51 | 000,001,943 | ---- | C] () -- D:\Users\paulloftin\Application Data\Microsoft\Internet Explorer\Quick Launch\Browser.lnk
[2014/02/12 09:33:21 | 000,001,786 | ---- | C] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2014/02/12 09:06:12 | 000,000,426 | ---- | C] () -- D:\AVScanner.ini
[2014/02/09 09:55:42 | 208,367,271 | ---- | C] () -- D:\Windows\MEMORY.DMP
[2014/02/08 10:20:55 | 000,002,763 | ---- | C] () -- D:\ProgramData\connector.swf
[2014/01/30 18:33:40 | 000,001,955 | ---- | C] () -- D:\Users\paulloftin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/01/30 18:33:40 | 000,001,931 | ---- | C] () -- D:\Users\Public\Desktop\Google Chrome.lnk
[2014/01/01 12:05:50 | 000,013,464 | ---- | C] () -- D:\Windows\System32\drivers\SWDUMon.sys
[2013/07/28 13:40:27 | 000,022,816 | ---- | C] () -- D:\Windows\System32\RegBootDefrag.exe
[2013/07/28 03:14:18 | 000,186,752 | ---- | C] () -- D:\Program Files\gcres.dll
[2013/06/09 19:34:55 | 000,000,095 | ---- | C] () -- D:\Users\paulloftin\.accessibility.properties
[2013/01/04 12:54:17 | 000,000,632 | RHS- | C] () -- D:\Users\paulloftin\ntuser.pol
[2012/12/02 09:43:00 | 000,332,665 | ---- | C] () -- D:\Windows\System32\drivers\RTAIODAT.DAT
[2012/12/02 09:41:22 | 000,200,704 | ---- | C] () -- D:\Windows\System32\UMonit.exe
[2012/12/02 09:41:22 | 000,167,936 | ---- | C] () -- D:\Windows\System32\ustor.dll
[2012/12/01 09:09:21 | 034,666,488 | ---- | C] () -- D:\Users\paulloftin\144047_1485_OJ6000.zip.part
[2012/11/25 14:48:38 | 016,653,844 | ---- | C] () -- D:\Users\paulloftin\144047_1611_-PS.zip
[2012/11/25 14:48:26 | 103,843,528 | ---- | C] () -- D:\Users\paulloftin\144047_54_Vista_Win7_Win8_R270.zip
[2012/11/25 14:47:53 | 083,655,085 | ---- | C] () -- D:\Users\paulloftin\144047_1485_OJ6000.zip
[2012/11/25 14:47:29 | 002,988,988 | ---- | C] () -- D:\Users\paulloftin\144047_1_intel_inf_9.3.0.1020.zip
[2012/11/25 14:47:28 | 000,492,307 | ---- | C] () -- D:\Users\paulloftin\144047_2190_Intel_1.zip
[2012/10/16 13:32:40 | 000,202,805 | ---- | C] () -- D:\ProgramData\1350412008.bdinstall.bin
[2012/10/15 17:48:22 | 000,371,732 | ---- | C] () -- D:\ProgramData\1350340918.bdinstall.bin
[2012/10/15 17:41:57 | 000,077,237 | ---- | C] () -- D:\ProgramData\1350340915.bdinstall.bin
[2012/09/29 08:55:55 | 000,439,719 | ---- | C] () -- D:\ProgramData\1348926680.bdinstall.bin
[2012/09/29 08:38:43 | 000,153,935 | ---- | C] () -- D:\ProgramData\1348925661.bdinstall.bin
[2012/01/22 18:00:38 | 000,239,360 | ---- | C] () -- D:\ProgramData\1327272371.bdinstall.bin
[2011/11/24 17:40:06 | 002,424,375 | ---- | C] () -- D:\Users\paulloftin\Grandchildren 11 2011.jpg
[2011/08/19 10:50:43 | 000,000,349 | ---- | C] () -- D:\Users\paulloftin\AppData\Roaming\com.w3i.FlipToast_state.xml
[2011/07/06 18:40:22 | 025,051,136 | ---- | C] () -- D:\Users\paulloftin\COMPONENTS
[2011/04/21 14:21:46 | 000,012,535 | ---- | C] () -- D:\Users\paulloftin\WLMContacts.csv
[2011/04/16 22:16:36 | 014,421,146 | ---- | C] () -- D:\Users\paulloftin\Good afternoon 1.rtf
[2011/04/12 18:43:25 | 001,066,177 | ---- | C] () -- D:\Users\paulloftin\Haley G.JPG
[2011/04/05 19:50:57 | 000,122,880 | ---- | C] () -- D:\Users\paulloftin\Publication2.pub
[2011/03/21 16:43:57 | 000,000,098 | ---- | C] () -- D:\Users\paulloftin\AppData\Local\fusioncache.dat
[2010/11/21 16:15:46 | 000,006,000 | ---- | C] () -- D:\Users\paulloftin\AppData\Local\d3d9caps.dat
[2010/09/26 16:09:44 | 034,103,296 | ---- | C] () -- D:\Users\paulloftin\SOFTWARE
[2010/08/12 15:55:39 | 001,467,350 | ---- | C] () -- D:\Users\paulloftin\DSCF0274.jpg
[2010/08/01 07:49:02 | 000,001,522 | ---- | C] () -- D:\Users\paulloftin\AppData\Roaming\wklnhst.dat
[2010/07/17 13:25:04 | 000,153,088 | ---- | C] () -- D:\Program Files\UNWISE.EXE
[2010/06/24 19:46:37 | 000,083,968 | ---- | C] () -- D:\Users\paulloftin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/28 12:40:15 | 000,017,089 | ---- | C] () -- D:\Users\paulloftin\AppData\Roaming\UserTile.png

========== ZeroAccess Check ==========

[2006/11/02 07:51:16 | 000,000,227 | RHS- | M] () -- D:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/08/19 10:51:04 | 000,000,000 | ---D | M] -- D:\Users\paulloftin\AppData\Roaming\.minecraft
[2011/11/27 18:28:52 | 000,000,000 | ---D | M] -- D:\Users\paulloftin\AppData\Roaming\3v
[2011/09/18 19:38:55 | 000,000,000 | ---D | M] -- D:\Users\paulloftin\AppData\Roaming\Avery
[2012/11/12 05:06:02 | 000,000,000 | ---D | M] -- D:\Users\paulloftin\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2010/07/07 19:25:02 | 000,000,000 | ---D | M] -- D:\Users\paulloftin\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2014/02/12 20:39:15 | 000,000,000 | ---D | M] -- D:\Users\paulloftin\AppData\Roaming\DiskDefrag
[2012/11/25 14:29:35 | 000,000,000 | ---D | M] -- D:\Users\paulloftin\AppData\Roaming\DriverFinder
[2010/07/07 18:40:12 | 000,000,000 | ---D | M] -- D:\Users\paulloftin\AppData\Roaming\EPSON
[2011/12/24 20:54:14 | 000,000,000 | ---D | M] -- D:\Users\paulloftin\AppData\Roaming\FixCleaner
[2013/01/27 09:07:19 | 000,000,000 | ---D | M] -- D:\Users\paulloftin\AppData\Roaming\FUJIFILM
[2012/10/01 16:39:23 | 000,000,000 | ---D | M] -- D:\Users\paulloftin\AppData\Roaming\Garmin
[2014/02/18 08:01:11 | 000,000,000 | ---D | M] -- D:\Users\paulloftin\AppData\Roaming\GlarySoft
[2012/07/05 09:40:29 | 000,000,000 | ---D | M] -- D:\Users\paulloftin\AppData\Roaming\Go PDF Reader
[2013/07/28 03:20:06 | 000,000,000 | ---D | M] -- D:\Users\paulloftin\AppData\Roaming\IObit
[2014/01/03 09:47:07 | 000,000,000 | ---D | M] -- D:\Users\paulloftin\AppData\Roaming\Nico Mak Computing
[2012/10/17 20:09:25 | 000,000,000 | ---D | M] -- D:\Users\paulloftin\AppData\Roaming\OpswatLogs
[2011/10/26 16:04:34 | 000,000,000 | ---D | M] -- D:\Users\paulloftin\AppData\Roaming\PC Cleaners
[2012/07/10 17:46:06 | 000,000,000 | ---D | M] -- D:\Users\paulloftin\AppData\Roaming\PC Utility Kit
[2013/06/05 19:31:43 | 000,000,000 | ---D | M] -- D:\Users\paulloftin\AppData\Roaming\PDAppFlex
[2011/08/23 06:16:49 | 000,000,000 | ---D | M] -- D:\Users\paulloftin\AppData\Roaming\PDF Software
[2012/10/16 09:51:41 | 000,000,000 | ---D | M] -- D:\Users\paulloftin\AppData\Roaming\QuickScan
[2011/02/08 05:17:20 | 000,000,000 | ---D | M] -- D:\Users\paulloftin\AppData\Roaming\SmartDraw
[2010/09/16 16:59:21 | 000,000,000 | ---D | M] -- D:\Users\paulloftin\AppData\Roaming\SmartPCTools
[2013/07/02 15:03:08 | 000,000,000 | ---D | M] -- D:\Users\paulloftin\AppData\Roaming\SolidDocuments
[2012/10/16 10:18:54 | 000,000,000 | ---D | M] -- D:\Users\paulloftin\AppData\Roaming\supportdotcom
[2013/11/05 08:12:25 | 000,000,000 | ---D | M] -- D:\Users\paulloftin\AppData\Roaming\TeamViewer
[2010/08/01 07:49:04 | 000,000,000 | ---D | M] -- D:\Users\paulloftin\AppData\Roaming\Template
[2011/03/21 16:44:01 | 000,000,000 | ---D | M] -- D:\Users\paulloftin\AppData\Roaming\TracPipe Specifier for Windows
[2011/11/27 19:26:50 | 000,000,000 | ---D | M] -- D:\Users\paulloftin\AppData\Roaming\Uniblue
[2013/06/28 20:08:16 | 000,000,000 | ---D | M] -- D:\Users\paulloftin\AppData\Roaming\WeatherBug
[2011/11/23 19:00:04 | 000,000,000 | ---D | M] -- D:\Users\paulloftin\AppData\Roaming\WhiteSmoke

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> D:\ProgramData\TEMP:7BA6D322
@Alternate Data Stream - 193 bytes -> D:\ProgramData\TEMPFC5A2B2
@Alternate Data Stream - 147 bytes -> D:\ProgramData\TEMP:8DA0EB21
@Alternate Data Stream - 140 bytes -> D:\ProgramData\TEMP:ECF54A0E
@Alternate Data Stream - 135 bytes -> D:\ProgramData\TEMP:895C5142
@Alternate Data Stream - 128 bytes -> D:\ProgramData\TEMP:73C78BAA
@Alternate Data Stream - 126 bytes -> D:\ProgramData\TEMP:A082A539
@Alternate Data Stream - 123 bytes -> D:\ProgramData\TEMP:9547F1DB
@Alternate Data Stream - 123 bytes -> D:\ProgramData\TEMP:05A9EC70
@Alternate Data Stream - 122 bytes -> D:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 108 bytes -> D:\ProgramData\TEMP:7DC6E295
< End of report >


----------



## askey127 (Dec 22, 2006)

paloftin,
Be aware that Weatherbug is adware, and also has been known to install the MySearch Toolbar (adware/search redirects).
I wouldn't allow it personally, but it's your call.
-----------------------------------------
*Check hard Drive for Errors*
Open *Notepad*... then *copy* and *paste* the following line *into Notepad*:
(Notepad is in *Start, Programs, Accessories*)

```
cmd  /c  chkdsk  c:  |find  /v  "percent"  >> "%userprofile%\desktop\checkhd.txt"
```
*Now Save* the *NotePad* file like this: 
Click on *File* from the top menu bar.
Select *Save As*, use Filename: *testhd.bat* and Save As Type: *All Files*.
Choose *Desktop* as the location
Click *Save*.
Right click on *testhd.bat* on your desktop and select *Run As Administrator* to run it. OK the UAC. 
A Command Prompt box will pop up, then close after a couple minutes.
Please post the contents of the *checkhd.txt* file from your desktop.
If the file is very long, just copy and paste the LAST 20 or 30 lines into your reply.
----------------------------------------------
*Perform a Custom Fix with OTL*
*Run OTL* (Right click and choose "Run as administrator" in Vista/Win7)

In the *Custom Scans/Fixes* box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):

```
:Commands
[CREATERESTOREPOINT]

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
FF - prefs.js..browser.startup.homepage: "http://search.yahoo.com?type=114576&fr=spigot-yhp-ff"
FF - prefs.js..browser.startup.homepage: "http://search.yahoo.com?type=114576&fr=spigot-yhp-ff"
[2013/07/07 15:58:21 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- D:\Users\paulloftin\AppData\Roaming\Mozilla\Firefox\Profiles\1wzryyw7.defau lt\extensions\[email protected](251).com
[2013/07/07 15:58:21 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- D:\Users\paulloftin\AppData\Roaming\Mozilla\Firefox\Profiles\ii34x9sc.defau lt\extensions\[email protected](252).com
CHR - homepage: http://www1.delta-search.com/?babsrc...3_wt4&tsp=4970
O2 - BHO: (Better Experience) - {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - D:\ProgramData\BetterExperience\IE\common.dll (Better Experience)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
[2014/02/18 09:31:19 | 000,000,342 | ---- | M] () -- D:\Windows\tasks\RegistryBooster.job
[2013/07/28 03:20:06 | 000,000,000 | ---D | M] -- D:\Users\paulloftin\AppData\Roaming\IObit
[2011/10/26 16:04:34 | 000,000,000 | ---D | M] -- D:\Users\paulloftin\AppData\Roaming\PC Cleaners
[2011/11/27 19:26:50 | 000,000,000 | ---D | M] -- D:\Users\paulloftin\AppData\Roaming\Uniblue
[2011/11/23 19:00:04 | 000,000,000 | ---D | M] -- D:\Users\paulloftin\AppData\Roaming\WhiteSmoke
@Alternate Data Stream - 99 bytes -> D:\ProgramData\TEMP:7BA6D322
@Alternate Data Stream - 193 bytes -> D:\ProgramData\TEMPFC5A2B2
@Alternate Data Stream - 147 bytes -> D:\ProgramData\TEMP:8DA0EB21
@Alternate Data Stream - 140 bytes -> D:\ProgramData\TEMP:ECF54A0E
@Alternate Data Stream - 135 bytes -> D:\ProgramData\TEMP:895C5142
@Alternate Data Stream - 128 bytes -> D:\ProgramData\TEMP:73C78BAA
@Alternate Data Stream - 126 bytes -> D:\ProgramData\TEMP:A082A539
@Alternate Data Stream - 123 bytes -> D:\ProgramData\TEMP:9547F1DB
@Alternate Data Stream - 123 bytes -> D:\ProgramData\TEMP:05A9EC70
@Alternate Data Stream - 122 bytes -> D:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 108 bytes -> D:\ProgramData\TEMP:7DC6E295

:Files
ipconfig /flushdns /c

:Commands
[emptyjava]
[emptyflash] 
[EMPTYTEMP]
```

Then click the *Run Fix* button at the top.
Let the program run unhindered, and click to allow the Reboot when it is done.
When the computer Reboots, and you start your usual account, a Notepad text file will appear.
Copy the contents of that file and post it in your next reply. 
That is the *FIX log* file. It will also be available and named by timestamp here: *C:\_OTL\Moved Files\mmddyyyy_hhmmss.log*
----------------------------------------------
After posting the Resulting log, *Please Rescan* as follows:
Open OTL again and click the *Quick Scan* button. Post the new log it produces, *OTL.txt*, in a separate reply.
---------------------------------------------------
So,* In Your Replies*, we will be looking for the following :
The contents of:
The log from CHKDSK (Checkhd.txt)
The FIX log from OTL
Fresh version of OTL.txt from the Quick Scan.
Please feel free to use separate replies.

askey127


----------



## paloftin (Feb 15, 2014)

The type of the file system is NTFS.
WARNING! F parameter not specified.
Running CHKDSK in read-only mode.
CHKDSK is verifying files (stage 1 of 3)...
File verification completed.
0 large file records processed. 
0 bad file records processed. 
0 EA records processed. 
0 reparse records processed. 
CHKDSK is verifying indexes (stage 2 of 3)...
Index verification completed.
0 unindexed files processed. 
CHKDSK is verifying security descriptors (stage 3 of 3)...
Security descriptor verification completed.
83 data files processed. 
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
Windows has checked the file system and found no problems.
8785919 KB total disk space.
1937656 KB in 935 files.
480 KB in 84 indexes.
0 KB in bad sectors.
51923 KB in use by the system.
45984 KB occupied by the log file.
6795860 KB available on disk.
4096 bytes in each allocation unit.
2196479 total allocation units on disk.
1698965 allocation units available on disk.
The type of the file system is NTFS.
WARNING! F parameter not specified.
Running CHKDSK in read-only mode.
CHKDSK is verifying files (stage 1 of 3)...
File verification completed.
0 large file records processed. 
0 bad file records processed. 
0 EA records processed. 
0 reparse records processed. 
CHKDSK is verifying indexes (stage 2 of 3)...
Index verification completed.
0 unindexed files processed. 
CHKDSK is verifying security descriptors (stage 3 of 3)...
Security descriptor verification completed.
83 data files processed. 
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
Windows has checked the file system and found no problems.
8785919 KB total disk space.
1945656 KB in 935 files.
480 KB in 84 indexes.
0 KB in bad sectors.
51923 KB in use by the system.
45984 KB occupied by the log file.
6787860 KB available on disk.
4096 bytes in each allocation unit.
2196479 total allocation units on disk.
1696965 allocation units available on disk.
The type of the file system is NTFS.
WARNING! F parameter not specified.
Running CHKDSK in read-only mode.
CHKDSK is verifying files (stage 1 of 3)...
File verification completed.
0 large file records processed. 
0 bad file records processed. 
0 EA records processed. 
0 reparse records processed. 
CHKDSK is verifying indexes (stage 2 of 3)...
Index verification completed.
0 unindexed files processed. 
CHKDSK is verifying security descriptors (stage 3 of 3)...
Security descriptor verification completed.
83 data files processed. 
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
Windows has checked the file system and found no problems.
8785919 KB total disk space.
1947368 KB in 935 files.
480 KB in 84 indexes.
0 KB in bad sectors.
51923 KB in use by the system.
45984 KB occupied by the log file.
6786148 KB available on disk.
4096 bytes in each allocation unit.
2196479 total allocation units on disk.
1696537 allocation units available on disk.
The type of the file system is NTFS.
The type of the file system is NTFS.
WARNING! F parameter not specified.
Running CHKDSK in read-only mode.
CHKDSK is verifying files (stage 1 of 3)...
File verification completed.
0 large file records processed. 
0 bad file records processed. 
0 EA records processed. 
0 reparse records processed. 
CHKDSK is verifying indexes (stage 2 of 3)...
Index verification completed.
0 unindexed files processed. 
CHKDSK is verifying security descriptors (stage 3 of 3)...
Security descriptor verification completed.
83 data files processed. 
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
Windows has checked the file system and found no problems.
8785919 KB total disk space.
1960024 KB in 936 files.
480 KB in 84 indexes.
0 KB in bad sectors.
51923 KB in use by the system.
45984 KB occupied by the log file.
6773492 KB available on disk.
4096 bytes in each allocation unit.
2196479 total allocation units on disk.
1693373 allocation units available on disk.
The type of the file system is NTFS.
WARNING! F parameter not specified.
Running CHKDSK in read-only mode.
CHKDSK is verifying files (stage 1 of 3)...
File verification completed.
0 large file records processed. 
0 bad file records processed. 
0 EA records processed. 
0 reparse records processed. 
CHKDSK is verifying indexes (stage 2 of 3)...
Index verification completed.
0 unindexed files processed. 
CHKDSK is verifying security descriptors (stage 3 of 3)...
Security descriptor verification completed.
83 data files processed. 
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
Windows has checked the file system and found no problems.
8785919 KB total disk space.
1944296 KB in 935 files.
480 KB in 84 indexes.
0 KB in bad sectors.
51923 KB in use by the system.
45984 KB occupied by the log file.
6789220 KB available on disk.
4096 bytes in each allocation unit.
2196479 total allocation units on disk.
1697305 allocation units available on disk.
The type of the file system is NTFS.
WARNING! F parameter not specified.
Running CHKDSK in read-only mode.
CHKDSK is verifying files (stage 1 of 3)...
File verification completed.
0 large file records processed. 
0 bad file records processed. 
0 EA records processed. 
0 reparse records processed. 
CHKDSK is verifying indexes (stage 2 of 3)...
Index verification completed.
0 unindexed files processed. 
CHKDSK is verifying security descriptors (stage 3 of 3)...
Security descriptor verification completed.
83 data files processed. 
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
Windows has checked the file system and found no problems.
8785919 KB total disk space.
1940088 KB in 935 files.
480 KB in 84 indexes.
0 KB in bad sectors.
51923 KB in use by the system.
45984 KB occupied by the log file.
6793428 KB available on disk.
4096 bytes in each allocation unit.
2196479 total allocation units on disk.
1698357 allocation units available on disk.
The type of the file system is NTFS.
WARNING! F parameter not specified.
Running CHKDSK in read-only mode.
CHKDSK is verifying files (stage 1 of 3)...
File verification completed.
0 large file records processed. 
0 bad file records processed. 
0 EA records processed. 
0 reparse records processed. 
CHKDSK is verifying indexes (stage 2 of 3)...
Index verification completed.
0 unindexed files processed. 
CHKDSK is verifying security descriptors (stage 3 of 3)...
Security descriptor verification completed.
83 data files processed. 
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
Windows has checked the file system and found no problems.
8785919 KB total disk space.
1935032 KB in 935 files.
480 KB in 84 indexes.
0 KB in bad sectors.
51923 KB in use by the system.
45984 KB occupied by the log file.
6798484 KB available on disk.
4096 bytes in each allocation unit.
2196479 total allocation units on disk.
1699621 allocation units available on disk.
The type of the file system is NTFS.
WARNING! F parameter not specified.
Running CHKDSK in read-only mode.
CHKDSK is verifying files (stage 1 of 3)...
File verification completed.
0 large file records processed. 
0 bad file records processed. 
0 EA records processed. 
0 reparse records processed. 
CHKDSK is verifying indexes (stage 2 of 3)...
Index verification completed.
0 unindexed files processed. 
CHKDSK is verifying security descriptors (stage 3 of 3)...
Security descriptor verification completed.
83 data files processed. 
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
Windows has checked the file system and found no problems.
8785919 KB total disk space.
1907208 KB in 934 files.
480 KB in 84 indexes.
0 KB in bad sectors.
51923 KB in use by the system.
45984 KB occupied by the log file.
6826308 KB available on disk.
4096 bytes in each allocation unit.
2196479 total allocation units on disk.
1706577 allocation units available on disk.
The type of the file system is NTFS.
The type of the file system is NTFS.
WARNING! F parameter not specified.
Running CHKDSK in read-only mode.
CHKDSK is verifying files (stage 1 of 3)...
File verification completed.
0 large file records processed. 
0 bad file records processed. 
0 EA records processed. 
0 reparse records processed. 
CHKDSK is verifying indexes (stage 2 of 3)...
Index verification completed.
0 unindexed files processed. 
CHKDSK is verifying security descriptors (stage 3 of 3)...
Security descriptor verification completed.
83 data files processed. 
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
Windows has checked the file system and found no problems.
8785919 KB total disk space.
1922984 KB in 935 files.
480 KB in 84 indexes.
0 KB in bad sectors.
51923 KB in use by the system.
45984 KB occupied by the log file.
6810532 KB available on disk.
4096 bytes in each allocation unit.
2196479 total allocation units on disk.
1702633 allocation units available on disk.
The type of the file system is NTFS.
WARNING! F parameter not specified.
Running CHKDSK in read-only mode.
CHKDSK is verifying files (stage 1 of 3)...
File verification completed.
0 large file records processed. 
0 bad file records processed. 
0 EA records processed. 
0 reparse records processed. 
CHKDSK is verifying indexes (stage 2 of 3)...
Index verification completed.
0 unindexed files processed. 
CHKDSK is verifying security descriptors (stage 3 of 3)...
Security descriptor verification completed.
83 data files processed. 
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
Windows has checked the file system and found no problems.
8785919 KB total disk space.
1950776 KB in 936 files.
480 KB in 84 indexes.
0 KB in bad sectors.
51923 KB in use by the system.
45984 KB occupied by the log file.
6782740 KB available on disk.
4096 bytes in each allocation unit.
2196479 total allocation units on disk.
1695685 allocation units available on disk.
The type of the file system is NTFS.
WARNING! F parameter not specified.
Running CHKDSK in read-only mode.
CHKDSK is verifying files (stage 1 of 3)...
File verification completed.
0 large file records processed. 
0 bad file records processed. 
0 EA records processed. 
0 reparse records processed. 
CHKDSK is verifying indexes (stage 2 of 3)...
Index verification completed.
0 unindexed files processed. 
CHKDSK is verifying security descriptors (stage 3 of 3)...
Security descriptor verification completed.
83 data files processed. 
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.


----------



## paloftin (Feb 15, 2014)

Windows has checked the file system and found no problems.
8785919 KB total disk space.
1892296 KB in 934 files.
480 KB in 84 indexes.
0 KB in bad sectors.
51923 KB in use by the system.
45984 KB occupied by the log file.
6841220 KB available on disk.
4096 bytes in each allocation unit.
2196479 total allocation units on disk.
1710305 allocation units available on disk.
The type of the file system is NTFS.
WARNING! F parameter not specified.
Running CHKDSK in read-only mode.
CHKDSK is verifying files (stage 1 of 3)...
File verification completed.
0 large file records processed. 
0 bad file records processed. 
0 EA records processed. 
0 reparse records processed. 
CHKDSK is verifying indexes (stage 2 of 3)...
Index verification completed.
0 unindexed files processed. 
CHKDSK is verifying security descriptors (stage 3 of 3)...
Security descriptor verification completed.
83 data files processed. 
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
Windows has checked the file system and found no problems.
8785919 KB total disk space.
1848712 KB in 932 files.
480 KB in 84 indexes.
0 KB in bad sectors.
51923 KB in use by the system.
45984 KB occupied by the log file.
6884804 KB available on disk.
4096 bytes in each allocation unit.
2196479 total allocation units on disk.
1721201 allocation units available on disk.


----------



## paloftin (Feb 15, 2014)

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Prefs.js: "http://search.yahoo.com?type=114576&fr=spigot-yhp-ff" removed from browser.startup.homepage
Prefs.js: "http://search.yahoo.com?type=114576&fr=spigot-yhp-ff" removed from browser.startup.homepage
Folder D:\Users\paulloftin\AppData\Roaming\Mozilla\Firefox\Profiles\1wzryyw7.defau lt\extensions\[email protected](251).com\ not found.
Folder D:\Users\paulloftin\AppData\Roaming\Mozilla\Firefox\Profiles\ii34x9sc.defau lt\extensions\[email protected](252).com\ not found.
Use Chrome's Settings page to change the HomePage.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44ed99e2-16a6-4b89-80d6-5b21cf42e78b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44ed99e2-16a6-4b89-80d6-5b21cf42e78b}\ not found.
File D:\ProgramData\BetterExperience\IE\common.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\control panel\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\restrictions\ not found.
File D:\Windows\tasks\RegistryBooster.job not found.
Folder D:\Users\paulloftin\AppData\Roaming\IObit\ not found.
Folder D:\Users\paulloftin\AppData\Roaming\PC Cleaners\ not found.
Folder D:\Users\paulloftin\AppData\Roaming\Uniblue\ not found.
Folder D:\Users\paulloftin\AppData\Roaming\WhiteSmoke\ not found.
Unable to delete ADS D:\ProgramData\TEMP:7BA6D322 .
Unable to delete ADS D:\ProgramData\TEMPFC5A2B2 .
Unable to delete ADS D:\ProgramData\TEMP:8DA0EB21 .
Unable to delete ADS D:\ProgramData\TEMP:ECF54A0E .
Unable to delete ADS D:\ProgramData\TEMP:895C5142 .
Unable to delete ADS D:\ProgramData\TEMP:73C78BAA .
Unable to delete ADS D:\ProgramData\TEMP:A082A539 .
Unable to delete ADS D:\ProgramData\TEMP:9547F1DB .
Unable to delete ADS D:\ProgramData\TEMP:05A9EC70 .
Unable to delete ADS D:\ProgramData\TEMP:A8ADE5D8 .
Unable to delete ADS D:\ProgramData\TEMP:7DC6E295 .
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
D:\Users\paulloftin\Desktop\cmd.bat deleted successfully.
D:\Users\paulloftin\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: paulloftin
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: paulloftin
->Flash cache emptied: 581 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: paulloftin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 5956787 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 130165546 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 130.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 02182014_204211
Files\Folders moved on Reboot...
D:\Users\paulloftin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
D:\Users\paulloftin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W77VYOTI\default[1].htm moved successfully.
D:\Users\paulloftin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W77VYOTI\flextag[1].htm moved successfully.
D:\Users\paulloftin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W77VYOTI\GFXHasherAjaxIFrame_e8u3OtQonFhEjc0Yi_3RCA2[1].htm moved successfully.
D:\Users\paulloftin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W77VYOTI\Messenger[1].htm moved successfully.
D:\Users\paulloftin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W77VYOTI\outlook[1].htm moved successfully.
D:\Users\paulloftin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W77VYOTI\tracking-iframe-outlook[1].htm moved successfully.
D:\Users\paulloftin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W77VYOTI\xmlProxy[1].htm moved successfully.
D:\Users\paulloftin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T2UVQ5BV\RteFrameResources[1].htm moved successfully.
D:\Users\paulloftin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T2UVQ5BV\xmlProxy[1].htm moved successfully.
D:\Users\paulloftin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYUOYJRK\AjaxHistoryFrame[1].htm moved successfully.
D:\Users\paulloftin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYUOYJRK\light[1].eot moved successfully.
D:\Users\paulloftin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYUOYJRK\regular[1].eot moved successfully.
D:\Users\paulloftin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYUOYJRK\resourcespreload[1].htm moved successfully.
D:\Users\paulloftin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYUOYJRK\tracking-iframe-outlook[1].htm moved successfully.
D:\Users\paulloftin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYUOYJRK\xmlProxy[1].htm moved successfully.
D:\Users\paulloftin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NBVIQ50K\GFXHasherVerification[1].htm moved successfully.
D:\Users\paulloftin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NBVIQ50K\semibold[1].eot moved successfully.
D:\Users\paulloftin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NBVIQ50K\swe-iframe[1].htm moved successfully.
D:\Users\paulloftin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NBVIQ50K\xmlProxy[1].htm moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...


----------



## paloftin (Feb 15, 2014)

OTL logfile created on: 2/18/2014 21:10:25 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Users\paulloftin\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.59 Gb Available Physical Memory | 29.68% Memory free
4.22 Gb Paging File | 2.59 Gb Available in Paging File | 61.34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files
Drive C: | 8.38 Gb Total Space | 6.82 Gb Free Space | 81.44% Space Free | Partition Type: NTFS
Drive D: | 140.67 Gb Total Space | 73.38 Gb Free Space | 52.17% Space Free | Partition Type: NTFS

Computer Name: PAULLOFTIN-PC | User Name: paulloftin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/18 08:51:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Users\paulloftin\Desktop\OTL.exe
PRC - [2014/01/14 20:07:04 | 000,045,568 | ---- | M] (Parallel Lines Development, LLC) -- D:\ProgramData\InternetUpdater\InternetUpdaterService.exe
PRC - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- D:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/12/18 13:38:37 | 000,309,328 | ---- | M] (Google Inc.) -- D:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2013/12/16 19:34:22 | 000,193,696 | ---- | M] (Microsoft Corporation.) -- D:\Program Files\Microsoft\BingBar\7.3.124.0\BBSvc.EXE
PRC - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) -- d:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/10/23 14:55:28 | 000,948,440 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/08/14 15:19:24 | 000,039,056 | ---- | M] () -- D:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013/06/05 12:40:52 | 002,249,352 | ---- | M] (Microsoft Corp.) -- D:\Program Files\Microsoft\BingDesktop\BingDesktop.exe
PRC - [2013/06/05 12:40:50 | 000,349,832 | ---- | M] (Microsoft Corp.) -- D:\Program Files\Microsoft\BingDesktop\BDRuntimeHost.exe
PRC - [2013/06/05 12:40:50 | 000,206,984 | ---- | M] (Microsoft Corp.) -- D:\Program Files\Microsoft\BingDesktop\BDExtHost.exe
PRC - [2013/06/05 12:40:50 | 000,173,192 | ---- | M] (Microsoft Corp.) -- D:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe
PRC - [2013/06/05 12:40:50 | 000,153,224 | ---- | M] (Microsoft Corp.) -- D:\Program Files\Microsoft\BingDesktop\BDAppHost.exe
PRC - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 13:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/01/05 14:29:28 | 000,274,168 | ---- | M] () -- D:\Program Files\What's my computer doing\WhatsMyComputerDoing.exe
PRC - [2012/02/23 15:57:36 | 000,563,104 | ---- | M] (Affinegy, Inc.) -- D:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2012/02/23 15:57:34 | 001,885,088 | ---- | M] (Affinegy, Inc.) -- D:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
PRC - [2010/07/29 02:37:18 | 000,237,568 | ---- | M] (Alcor Micro Corp.) -- D:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
PRC - [2010/05/04 11:07:22 | 000,503,080 | ---- | M] (Nero AG) -- D:\Program Files\Nero\Update\NASvc.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- D:\Windows\explorer.exe
PRC - [2006/12/04 16:27:00 | 000,303,104 | ---- | M] (FUJIFILM Corporation) -- D:\Program Files\FinePixViewer\QuickDCF2.exe

========== Modules (No Company Name) ==========

MOD - [2014/01/20 13:17:04 | 000,073,544 | ---- | M] () -- D:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/01/20 13:16:38 | 001,044,808 | ---- | M] () -- D:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/01/05 14:29:28 | 000,274,168 | ---- | M] () -- D:\Program Files\What's my computer doing\WhatsMyComputerDoing.exe
MOD - [2010/08/22 20:01:36 | 007,187,456 | ---- | M] () -- D:\Program Files\Belkin\Router Setup and Monitor\QtGui4.dll
MOD - [2010/08/22 20:01:08 | 000,325,632 | ---- | M] () -- D:\Program Files\Belkin\Router Setup and Monitor\QtXml4.dll
MOD - [2010/08/22 20:01:06 | 001,954,304 | ---- | M] () -- D:\Program Files\Belkin\Router Setup and Monitor\QtCore4.dll
MOD - [2010/08/22 20:01:06 | 000,847,360 | ---- | M] () -- D:\Program Files\Belkin\Router Setup and Monitor\QtNetwork4.dll
MOD - [2010/08/22 19:32:34 | 000,119,808 | ---- | M] () -- D:\Program Files\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
MOD - [2006/11/10 16:32:00 | 000,081,920 | ---- | M] () -- D:\Program Files\FinePixViewer\wia_register_event.dll
MOD - [1999/01/31 09:52:02 | 000,192,512 | ---- | M] () -- D:\Program Files\What's my computer doing\QHTM.dll

========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (ACDaemon)
SRV - [2014/01/29 09:10:53 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- D:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/01/14 20:07:04 | 000,045,568 | ---- | M] (Parallel Lines Development, LLC) [Auto | Running] -- D:\ProgramData\InternetUpdater\InternetUpdaterService.exe -- (InternetUpdater)
SRV - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- D:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/12/16 19:34:22 | 000,247,968 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- D:\Program Files\Microsoft\BingBar\7.3.124.0\SeaPort.EXE -- (BBUpdate)
SRV - [2013/12/16 19:34:22 | 000,193,696 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- D:\Program Files\Microsoft\BingBar\7.3.124.0\BBSvc.EXE -- (BBSvc)
SRV - [2013/10/23 15:01:10 | 000,280,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- d:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- d:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/08/14 15:19:24 | 000,039,056 | ---- | M] () [Auto | Running] -- D:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/06/05 12:40:50 | 000,173,192 | ---- | M] (Microsoft Corp.) [Auto | Running] -- D:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe -- (BingDesktopUpdate)
SRV - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/02/23 15:57:36 | 000,563,104 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- D:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2011/06/13 21:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2010/05/04 11:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- D:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- D:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- D:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\fixustor.sys -- (FIXUSTOR)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\bdvedisk.sys -- (BDVEDISK)
DRV - [2014/01/21 20:09:34 | 000,014,528 | ---- | M] (Glarysoft Ltd) [Kernel | Boot | Running] -- D:\Windows\System32\drivers\BootDefragDriver.sys -- (BootDefragDriver)
DRV - [2014/01/01 12:05:50 | 000,013,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\Windows\System32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2013/09/27 09:53:06 | 000,104,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2013/04/04 13:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- D:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/09/20 04:11:58 | 000,226,080 | ---- | M] (GFI Software) [Kernel | System | Running] -- D:\Windows\System32\drivers\SbFw.sys -- (SbFw)
DRV - [2012/09/20 04:11:58 | 000,094,496 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- D:\Windows\System32\drivers\sbhips.sys -- (sbhips)
DRV - [2012/09/20 04:11:58 | 000,075,552 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- D:\Windows\System32\drivers\sbwtis.sys -- (sbwtis)
DRV - [2012/09/12 19:19:34 | 000,095,488 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- D:\Windows\System32\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV - [2012/09/12 19:19:34 | 000,095,488 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- D:\Windows\System32\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV - [2011/03/15 00:11:10 | 000,010,112 | ---- | M] (support.com, Inc) [Kernel | On_Demand | Stopped] -- D:\Windows\System32\drivers\ssmirrdr.sys -- (ssmirrdr)
DRV - [2007/06/29 09:11:02 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- D:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/20 03:28:38 | 000,267,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- D:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2005/12/12 17:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- D:\Windows\System32\drivers\PS2.sys -- (Ps2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=EIE9HP&PC=UP68
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=EIE9HP&PC=UP68
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=EIE9HP&PC=UP68
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/default.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{3857290D-6438-4DA7-9062-AEDEE3FA622C}: "URL" = http://www.google.com/search?q={sea...ng?}&oe={outputEncoding?}&rlz=1I7ADRA_enUS380
IE - HKCU\..\SearchScopes\{D1628EAF-DB76-431C-A737-33BB8825C82E}: "URL" = http://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
IE - HKCU\..\SearchScopes\{FBF6D5D4-56D5-4A90-A38A-BB3D717BA1B8}: "URL" = http://search.microsoft.com/results.aspx?mkt=en-US&setlang=en-US&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://search.yahoo.com?type=114576&fr=spigot-yhp-ff"
FF - prefs.js..browser.startup.homepage: "http://search.yahoo.com?type=114576&fr=spigot-yhp-ff"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=114576&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=114576"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.update: false
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: D:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: D:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: d:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: D:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: D:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: D:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: D:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: D:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: d:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.91: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: d:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: D:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: D:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: D:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: d:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: D:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: D:\Program Files\Roblox\Versions\version-7cb7ff22d9334da0\\NPRobloxProxy.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: D:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/12/24 21:33:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: D:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/08/02 14:40:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: D:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/10/19 19:50:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: D:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/12/06 07:13:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: D:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/12/06 07:13:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: D:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/10/19 19:50:21 | 000,000,000 | ---D | M]

[2010/09/12 18:58:53 | 000,000,000 | ---D | M] (No name found) -- D:\Users\paulloftin\AppData\Roaming\Mozilla\Extensions
[2014/02/15 20:58:32 | 000,000,000 | ---D | M] (No name found) -- D:\Users\paulloftin\AppData\Roaming\Mozilla\Firefox\Profiles\1wzryyw7.default\extensions
[2010/12/08 21:59:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- D:\Users\paulloftin\AppData\Roaming\Mozilla\Firefox\Profiles\1wzryyw7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013/07/07 15:58:21 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- D:\Users\paulloftin\AppData\Roaming\Mozilla\Firefox\Profiles\1wzryyw7.default\extensions\[email protected](251).com
[2014/02/18 08:35:02 | 000,000,000 | ---D | M] (No name found) -- D:\Users\paulloftin\AppData\Roaming\Mozilla\Firefox\Profiles\ii34x9sc.default\extensions
[2013/07/07 15:58:21 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- D:\Users\paulloftin\AppData\Roaming\Mozilla\Firefox\Profiles\ii34x9sc.default\extensions\[email protected](252).com
[2014/02/18 08:35:02 | 000,000,000 | ---D | M] (Better Experience) -- D:\Users\paulloftin\AppData\Roaming\Mozilla\Firefox\Profiles\ii34x9sc.default\extensions\[email protected]
[2013/05/25 20:04:43 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files\Mozilla Firefox\browser\extensions
[2013/05/25 20:04:43 | 000,000,000 | ---D | M] (Default) -- D:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: http://www1.delta-search.com/?babsr...737DE5565&affID=119351&tt=070813_wt4&tsp=4970
CHR - Extension: No name found = D:\Users\paulloftin\AppData\Local\Google\Chrome\User Data\Default\Extensions\alopfckdopopebdogneaajhpajfbkane\1.0_0\
CHR - Extension: No name found = D:\Users\paulloftin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: No name found = D:\Users\paulloftin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = D:\Users\paulloftin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = D:\Users\paulloftin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = D:\Users\paulloftin\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.3_0\
CHR - Extension: No name found = D:\Users\paulloftin\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.6.61_0\
CHR - Extension: No name found = D:\Users\paulloftin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: No name found = D:\Users\paulloftin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - D:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
O4 - HKLM..\Run: [AmIcoSinglun] D:\Program Files\AmIcoSingLun\AmIcoSinglun.exe (Alcor Micro Corp.)
O4 - HKLM..\Run: [APSDaemon] D:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BingDesktop] D:\Program Files\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.)
O4 - HKLM..\Run: [InstaLAN] D:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [MSC] d:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroLauncher] D:\Program Files\Nero\SyncUP\NeroLauncher.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - D:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{388DFADF-8A53-4E8F-939A-BA92E3DD12E1}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (D:\Windows\system32\userinit.exe) - D:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: D:\Users\paulloftin\AppData\Local\Microsoft\BingDesktop\themes\2014-02-18.jpg
O24 - Desktop BackupWallPaper: D:\Users\paulloftin\AppData\Local\Microsoft\BingDesktop\themes\2014-02-18.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (BootDefrag.exe)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/02/18 09:10:58 | 000,000,000 | ---D | C] -- D:\_OTL
[2014/02/18 08:52:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- D:\Users\paulloftin\Desktop\OTL.exe
[2014/02/18 08:34:43 | 000,000,000 | ---D | C] -- D:\ProgramData\BetterExperience
[2014/02/18 08:19:48 | 000,000,000 | ---D | C] -- D:\ProgramData\InternetUpdater
[2014/02/15 22:15:28 | 000,000,000 | ---D | C] -- D:\Users\paulloftin\Desktop\Computer Fixes
[2014/02/15 20:50:27 | 000,000,000 | ---D | C] -- D:\AdwCleaner
[2014/02/15 12:59:18 | 000,000,000 | ---D | C] -- D:\ProgramData\PC Drivers HeadQuarters
[2014/02/14 19:09:51 | 000,000,000 | ---D | C] -- D:\Users\paulloftin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser
[2014/02/14 19:09:51 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser
[2014/02/14 19:07:19 | 000,000,000 | ---D | C] -- D:\Users\paulloftin\AppData\Local\Browser
[2014/02/14 19:05:56 | 000,000,000 | ---D | C] -- D:\ProgramData\RHelpers
[2014/02/12 09:32:54 | 000,000,000 | ---D | C] -- D:\Program Files\Microsoft Security Client
[2014/02/09 20:41:20 | 000,000,000 | ---D | C] -- D:\Users\paulloftin\Documents\Sunday's Monday 2014
[2014/02/08 16:55:39 | 000,000,000 | ---D | C] -- D:\Program Files\Microsoft ActiveSync
[2014/02/08 16:52:57 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\DESIGNER
[2014/01/30 18:33:40 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/01/26 09:20:33 | 000,000,000 | ---D | C] -- D:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2014/01/21 17:14:57 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/07/28 03:14:18 | 000,708,168 | ---- | C] (MindSpark) -- D:\Program Files\gcUninstall WeatherBlink.dll
[2012/11/25 14:48:33 | 019,096,640 | ---- | C] (Intel ) -- D:\Users\paulloftin\144047_283_PROWin32.exe
[2012/11/25 14:47:32 | 013,384,592 | ---- | C] (Microsoft Corporation) -- D:\Users\paulloftin\144047_280_IPx86_1033_6.31.258.0.exe

========== Files - Modified Within 30 Days ==========

[2014/02/18 21:10:16 | 000,000,830 | ---- | M] () -- D:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/18 21:03:02 | 000,003,680 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/18 21:03:01 | 000,003,680 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/18 21:02:42 | 000,000,356 | ---- | M] () -- D:\Windows\tasks\SoftwareUpdateGU4.job
[2014/02/18 21:02:09 | 000,000,882 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/18 21:02:01 | 000,000,330 | ---- | M] () -- D:\Windows\tasks\GlaryInitialize 4.job
[2014/02/18 21:02:00 | 000,000,095 | ---- | M] () -- D:\Users\paulloftin\.accessibility.properties
[2014/02/18 21:01:27 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2014/02/18 20:43:09 | 000,000,886 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/18 18:58:36 | 000,699,736 | ---- | M] () -- D:\Windows\System32\perfh009.dat
[2014/02/18 18:58:35 | 000,142,966 | ---- | M] () -- D:\Windows\System32\perfc009.dat
[2014/02/18 17:49:27 | 000,000,081 | ---- | M] () -- D:\Users\paulloftin\Desktop\testhd.bat
[2014/02/18 08:51:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Users\paulloftin\Desktop\OTL.exe
[2014/02/18 08:45:38 | 000,001,941 | ---- | M] () -- D:\Users\paulloftin\Desktop\Browser.lnk
[2014/02/18 08:33:31 | 000,001,852 | ---- | M] () -- D:\Users\Public\Desktop\Adobe Reader XI.lnk
[2014/02/17 17:30:33 | 000,000,430 | ---- | M] () -- D:\Windows\tasks\PC Utility Kit.job
[2014/02/17 00:59:59 | 000,000,372 | ---- | M] () -- D:\Windows\tasks\Regwork.job
[2014/02/16 19:50:50 | 000,459,560 | ---- | M] () -- D:\Windows\System32\FNTCACHE.DAT
[2014/02/14 19:09:51 | 000,001,943 | ---- | M] () -- D:\Users\paulloftin\Application Data\Microsoft\Internet Explorer\Quick Launch\Browser.lnk
[2014/02/12 09:34:07 | 000,001,945 | ---- | M] () -- D:\Windows\epplauncher.mif
[2014/02/11 20:20:45 | 000,000,426 | ---- | M] () -- D:\AVScanner.ini
[2014/02/11 18:25:24 | 000,001,955 | ---- | M] () -- D:\Users\paulloftin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/02/11 18:25:24 | 000,001,931 | ---- | M] () -- D:\Users\Public\Desktop\Google Chrome.lnk
[2014/02/09 09:55:42 | 208,367,271 | ---- | M] () -- D:\Windows\MEMORY.DMP
[2014/02/08 10:32:00 | 000,002,763 | ---- | M] () -- D:\ProgramData\connector.swf
[2014/01/26 17:14:03 | 000,000,837 | ---- | M] () -- D:\Users\Public\Desktop\Glary Utilities 4.lnk
[2014/01/26 09:24:05 | 000,001,624 | ---- | M] () -- D:\Users\Public\Desktop\iTunes.lnk
[2014/01/21 20:16:44 | 000,101,664 | ---- | M] (Glarysoft Ltd) -- D:\Windows\System32\BootDefrag.exe
[2014/01/21 20:09:34 | 000,014,528 | ---- | M] (Glarysoft Ltd) -- D:\Windows\System32\drivers\BootDefragDriver.sys

========== Files Created - No Company Name ==========

[2014/02/18 17:33:07 | 000,000,081 | ---- | C] () -- D:\Users\paulloftin\Desktop\testhd.bat
[2014/02/18 08:45:38 | 000,001,941 | ---- | C] () -- D:\Users\paulloftin\Desktop\Browser.lnk
[2014/02/18 08:33:31 | 000,001,852 | ---- | C] () -- D:\Users\Public\Desktop\Adobe Reader XI.lnk
[2014/02/18 08:33:27 | 000,001,804 | ---- | C] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2014/02/14 19:09:51 | 000,001,943 | ---- | C] () -- D:\Users\paulloftin\Application Data\Microsoft\Internet Explorer\Quick Launch\Browser.lnk
[2014/02/12 09:33:21 | 000,001,786 | ---- | C] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2014/02/12 09:06:12 | 000,000,426 | ---- | C] () -- D:\AVScanner.ini
[2014/02/09 09:55:42 | 208,367,271 | ---- | C] () -- D:\Windows\MEMORY.DMP
[2014/02/08 10:20:55 | 000,002,763 | ---- | C] () -- D:\ProgramData\connector.swf
[2014/01/30 18:33:40 | 000,001,955 | ---- | C] () -- D:\Users\paulloftin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/01/30 18:33:40 | 000,001,931 | ---- | C] () -- D:\Users\Public\Desktop\Google Chrome.lnk
[2014/01/01 12:05:50 | 000,013,464 | ---- | C] () -- D:\Windows\System32\drivers\SWDUMon.sys
[2013/07/28 13:40:27 | 000,022,816 | ---- | C] () -- D:\Windows\System32\RegBootDefrag.exe
[2013/07/28 03:14:18 | 000,186,752 | ---- | C] () -- D:\Program Files\gcres.dll
[2013/06/09 19:34:55 | 000,000,095 | ---- | C] () -- D:\Users\paulloftin\.accessibility.properties
[2013/01/04 12:54:17 | 000,000,632 | RHS- | C] () -- D:\Users\paulloftin\ntuser.pol
[2012/12/02 09:43:00 | 000,332,665 | ---- | C] () -- D:\Windows\System32\drivers\RTAIODAT.DAT
[2012/12/02 09:41:22 | 000,200,704 | ---- | C] () -- D:\Windows\System32\UMonit.exe
[2012/12/02 09:41:22 | 000,167,936 | ---- | C] () -- D:\Windows\System32\ustor.dll
[2012/12/01 09:09:21 | 034,666,488 | ---- | C] () -- D:\Users\paulloftin\144047_1485_OJ6000.zip.part
[2012/11/25 14:48:38 | 016,653,844 | ---- | C] () -- D:\Users\paulloftin\144047_1611_-PS.zip
[2012/11/25 14:48:26 | 103,843,528 | ---- | C] () -- D:\Users\paulloftin\144047_54_Vista_Win7_Win8_R270.zip
[2012/11/25 14:47:53 | 083,655,085 | ---- | C] () -- D:\Users\paulloftin\144047_1485_OJ6000.zip
[2012/11/25 14:47:29 | 002,988,988 | ---- | C] () -- D:\Users\paulloftin\144047_1_intel_inf_9.3.0.1020.zip
[2012/11/25 14:47:28 | 000,492,307 | ---- | C] () -- D:\Users\paulloftin\144047_2190_Intel_1.zip
[2012/10/16 13:32:40 | 000,202,805 | ---- | C] () -- D:\ProgramData\1350412008.bdinstall.bin
[2012/10/15 17:48:22 | 000,371,732 | ---- | C] () -- D:\ProgramData\1350340918.bdinstall.bin
[2012/10/15 17:41:57 | 000,077,237 | ---- | C] () -- D:\ProgramData\1350340915.bdinstall.bin
[2012/09/29 08:55:55 | 000,439,719 | ---- | C] () -- D:\ProgramData\1348926680.bdinstall.bin
[2012/09/29 08:38:43 | 000,153,935 | ---- | C] () -- D:\ProgramData\1348925661.bdinstall.bin
[2012/01/22 18:00:38 | 000,239,360 | ---- | C] () -- D:\ProgramData\1327272371.bdinstall.bin
[2011/11/24 17:40:06 | 002,424,375 | ---- | C] () -- D:\Users\paulloftin\Grandchildren 11 2011.jpg
[2011/08/19 10:50:43 | 000,000,349 | ---- | C] () -- D:\Users\paulloftin\AppData\Roaming\com.w3i.FlipToast_state.xml
[2011/07/06 18:40:22 | 025,051,136 | ---- | C] () -- D:\Users\paulloftin\COMPONENTS
[2011/04/21 14:21:46 | 000,012,535 | ---- | C] () -- D:\Users\paulloftin\WLMContacts.csv
[2011/04/16 22:16:36 | 014,421,146 | ---- | C] () -- D:\Users\paulloftin\Good afternoon 1.rtf
[2011/04/12 18:43:25 | 001,066,177 | ---- | C] () -- D:\Users\paulloftin\Haley G.JPG
[2011/04/05 19:50:57 | 000,122,880 | ---- | C] () -- D:\Users\paulloftin\Publication2.pub
[2011/03/21 16:43:57 | 000,000,098 | ---- | C] () -- D:\Users\paulloftin\AppData\Local\fusioncache.dat
[2010/11/21 16:15:46 | 000,006,000 | ---- | C] () -- D:\Users\paulloftin\AppData\Local\d3d9caps.dat
[2010/09/26 16:09:44 | 034,103,296 | ---- | C] () -- D:\Users\paulloftin\SOFTWARE
[2010/08/12 15:55:39 | 001,467,350 | ---- | C] () -- D:\Users\paulloftin\DSCF0274.jpg
[2010/08/01 07:49:02 | 000,001,522 | ---- | C] () -- D:\Users\paulloftin\AppData\Roaming\wklnhst.dat
[2010/07/17 13:25:04 | 000,153,088 | ---- | C] () -- D:\Program Files\UNWISE.EXE
[2010/06/24 19:46:37 | 000,083,968 | ---- | C] () -- D:\Users\paulloftin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/28 12:40:15 | 000,017,089 | ---- | C] () -- D:\Users\paulloftin\AppData\Roaming\UserTile.png

========== ZeroAccess Check ==========

[2006/11/02 07:51:16 | 000,000,227 | RHS- | M] () -- D:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/08/19 10:51:04 | 000,000,000 | ---D | M] -- D:\Users\paulloftin\AppData\Roaming\.minecraft
[2011/11/27 18:28:52 | 000,000,000 | ---D | M] -- D:\Users\paulloftin\AppData\Roaming\3v
[2011/09/18 19:38:55 | 000,000,000 | ---D | M] -- D:\Users\paulloftin\AppData\Roaming\Avery
[2012/11/12 05:06:02 | 000,000,000 | ---D | M] -- D:\Users\paulloftin\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2010/07/07 19:25:02 | 000,000,000 | ---D | M] -- D:\Users\paulloftin\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2014/02/12 20:39:15 | 000,000,000 | ---D | M] -- D:\Users\paulloftin\AppData\Roaming\DiskDefrag
[2012/11/25 14:29:35 | 000,000,000 | ---D | M] -- D:\Users\paulloftin\AppData\Roaming\DriverFinder
[2010/07/07 18:40:12 | 000,000,000 | ---D | M] -- D:\Users\paulloftin\AppData\Roaming\EPSON
[2011/12/24 20:54:14 | 000,000,000 | ---D | M] -- D:\Users\paulloftin\AppData\Roaming\FixCleaner
[2013/01/27 09:07:19 | 000,000,000 | ---D | M] -- D:\Users\paulloftin\AppData\Roaming\FUJIFILM
[2012/10/01 16:39:23 | 000,000,000 | ---D | M] -- D:\Users\paulloftin\AppData\Roaming\Garmin
[2014/02/18 08:01:11 | 000,000,000 | ---D | M] -- D:\Users\paulloftin\AppData\Roaming\GlarySoft
[2012/07/05 09:40:29 | 000,000,000 | ---D | M] -- D:\Users\paulloftin\AppData\Roaming\Go PDF Reader
[2014/01/03 09:47:07 | 000,000,000 | ---D | M] -- D:\Users\paulloftin\AppData\Roaming\Nico Mak Computing
[2012/10/17 20:09:25 | 000,000,000 | ---D | M] -- D:\Users\paulloftin\AppData\Roaming\OpswatLogs
[2012/07/10 17:46:06 | 000,000,000 | ---D | M] -- D:\Users\paulloftin\AppData\Roaming\PC Utility Kit
[2013/06/05 19:31:43 | 000,000,000 | ---D | M] -- D:\Users\paulloftin\AppData\Roaming\PDAppFlex
[2011/08/23 06:16:49 | 000,000,000 | ---D | M] -- D:\Users\paulloftin\AppData\Roaming\PDF Software
[2012/10/16 09:51:41 | 000,000,000 | ---D | M] -- D:\Users\paulloftin\AppData\Roaming\QuickScan
[2011/02/08 05:17:20 | 000,000,000 | ---D | M] -- D:\Users\paulloftin\AppData\Roaming\SmartDraw
[2010/09/16 16:59:21 | 000,000,000 | ---D | M] -- D:\Users\paulloftin\AppData\Roaming\SmartPCTools
[2013/07/02 15:03:08 | 000,000,000 | ---D | M] -- D:\Users\paulloftin\AppData\Roaming\SolidDocuments
[2012/10/16 10:18:54 | 000,000,000 | ---D | M] -- D:\Users\paulloftin\AppData\Roaming\supportdotcom
[2013/11/05 08:12:25 | 000,000,000 | ---D | M] -- D:\Users\paulloftin\AppData\Roaming\TeamViewer
[2010/08/01 07:49:04 | 000,000,000 | ---D | M] -- D:\Users\paulloftin\AppData\Roaming\Template
[2011/03/21 16:44:01 | 000,000,000 | ---D | M] -- D:\Users\paulloftin\AppData\Roaming\TracPipe Specifier for Windows

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 193 bytes -> D:\ProgramData\TEMPFC5A2B2
< End of report >


----------



## askey127 (Dec 22, 2006)

paloftin,
-------------------------------------------------------------
*Change Chrome Home Page*
You need to move your Home page in Chrome to get off *delta-search.com*'
They will produce redirects and deliver unwanted adware.
There are instructions here if you need: https://support.google.com/chrome/answer/95314?hl=en
----------------------------------------------
*Perform a Custom Fix with OTL*
*Run OTL* (Right click and choose "Run as administrator" in Vista/Win7)

In the *Custom Scans/Fixes* box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):

```
:Commands
[CREATERESTOREPOINT]

:processes
killallprocesses

:OTL
FF - prefs.js..browser.startup.homepage: "http://search.yahoo.com?type=114576&fr=spigot-yhp-ff"
FF - prefs.js..browser.startup.homepage: "http://search.yahoo.com?type=114576&fr=spigot-yhp-ff"
[2013/07/07 15:58:21 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- D:\Users\paulloftin\AppData\Roaming\Mozilla\Firefox\Profiles\1wzryyw7.defau lt\extensions\[email protected](251).com
[2013/07/07 15:58:21 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- D:\Users\paulloftin\AppData\Roaming\Mozilla\Firefox\Profiles\ii34x9sc.defau lt\extensions\[email protected](252).com
@Alternate Data Stream - 193 bytes -> D:\ProgramData\TEMPFC5A2B2
:Files
ipconfig /flushdns /c

:Commands
[emptyjava]
[emptyflash] 
[EMPTYTEMP]
```

Then click the *Run Fix* button at the top.
Let the program run unhindered, and click to allow the Reboot when it is done.
When the computer Reboots, and you start your usual account, a Notepad text file will appear.
You can ignore the file this time
-----------------------------------------
*Check D: Drive for Errors*
Important - Delete the files *checkhd.txt* and *testhd.bat* from your desktop.
We need to make new ones to look at the *D: drive* part of the system.

Open *Notepad*... then *copy* and *paste* the following line *into Notepad*:
(Notepad is in *Start, Programs, Accessories*)

```
cmd  /c  chkdsk  d:  |find  /v  "percent"  >> "%userprofile%\desktop\checkhd.txt"
```
*Now Save* the *NotePad* file like this: 
Click on *File* from the top menu bar.
Select *Save As*, use Filename: *testhd.bat* and Save As Type: *All Files*.
Choose *Desktop* as the location
Click *Save*.
Right click on *testhd.bat* on your desktop and select *Run As Administrator* to run it. OK the UAC. 
A Command Prompt box will pop up, then close after a couple minutes.
Please post the contents of the *checkhd.txt* file from your desktop.
If the file is very long, just copy and paste the LAST 20 or 30 lines into your reply.

So we will be looking for the report from the D: drive part of the file system.
askey127


----------



## paloftin (Feb 15, 2014)

Right click on *testhd.bat* on your desktop and select *Run As Administrator* to run it. OK the UAC. 
A Command Prompt box will pop up, then close after a couple minutes.
The command prompt has no UAC to ok neither did the others but they scanned. The command prompt pops up and simply sits there blinking, I allowed it to blink for for 1 1/2 hours and it did nothing. It is not running as the others didi. What can I try?


----------



## askey127 (Dec 22, 2006)

Go ahead and right click testhd.bat and choose Edit
Double check that the line is correct, with no typo errors. You can copy/paste the line from here.
It should work if we get it right.
.


----------



## paloftin (Feb 15, 2014)

This is what I copy and paste; 
cmd /c chkdsk d: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt" 
and this is what shows up when I run adminestrater; 
D:\Users\paulloftin\Desktop>cmd /c chkdsk d: | find /v "percent" 1>>"D:\Users
\paulloftin\desktop\checkhd.txt"
Is it suppose to change like that? Because nothing is happening just like before.


----------



## askey127 (Dec 22, 2006)

That digit *1* after the word *percent* is not supposed to be there.
If you can delete that numeral 1 and run it, hopefully it will work.


----------



## paloftin (Feb 15, 2014)

Sorry! I have tried everything that I know to remove that 1. All total I have spent 7 hours trying this and that and have had no positive results. I'm lost and the machine is no better.


----------



## askey127 (Dec 22, 2006)

If you click Start > Programs, does Command Prompt show up as one of the choices?
If it does, right click it and choose "run as administrator", and see if you get the black command box.
If that works, type *chkdsk D:* and hit <Enter>
At the end of the report, Tell me what it reports for how many *kB in bad sectors*

Failing at that, click Start, type *diskmgmt.msc* into the box and hit <Enter>
Does it report the D: drive as healthy?

Tell me what you see. Don't spend hours on it.


----------



## paloftin (Feb 15, 2014)

0 kb in bad sectors. I tried to send you the report but it will not let me.


----------



## paloftin (Feb 15, 2014)

It reads that both the C & D are healthy. (C 8.38 GB NTFS Healthy (Primary Partition) & (D 140.67 GB NTFS Healthy (System, Boot, Page File, Active, Crash Dump, Primary Partition)


----------



## askey127 (Dec 22, 2006)

paloftin,
We will get it.
-----------------------------------------------
Please download *MiniToolBox* and run it.

Double click *MiniToolBox.exe* to launch the program.
Checkmark the following boxes in the list:
List Installed Programs
Click *Go* to start the scan.
When finished a log *Result.txt* will open.
*Please post it in your next reply.*

askey127


----------



## paloftin (Feb 15, 2014)

MiniToolBox by Farbar Version: 23-01-2014
Ran by paulloftin (administrator) on 25-02-2014 at 18:59:14
Running from "D:\Users\paulloftin\Downloads"
Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************
=========================== Installed Programs ============================
32 Bit HP CIO Components Installer (Version: 7.1.8)
7-zip v9.20 (Version: v9.20)
Acrobat.com (Version: 2.3.0.0)
Adobe AIR (Version: 4.0.0.1390)
Adobe Download Assistant (Version: 1.2.6)
Adobe Flash Player 13 ActiveX (Version: 13.0.0.130)
Adobe Reader XI (11.0.06) (Version: 11.0.06)
Alcor Micro USB Card Reader (Version: 1.13.17.36725)
Apple Application Support (Version: 3.0)
Apple Mobile Device Support (Version: 7.1.0.32)
Apple Software Update (Version: 2.1.3.127)
Avery Template (Version: 2.0.0.0)
Avery Wizard 4.0 (Version: 4.0.103)
Belkin Setup and Router Monitor
Better Experience (Version: 2.6.61)
Bing Bar (Version: 7.3.124.0)
Bing Desktop (Version: 1.3.167.0)
Bing Rewards Client Installer (Version: 16.0.345.0)
Bonjour (Version: 3.0.0.10)
BufferChm (Version: 140.0.212.000)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
CWA Reminder by We-Care.com v4.1.22.3 (Version: 4.1.22.3)
D110 (Version: 140.0.142.000)
D3DX10 (Version: 15.4.2368.0902)
Destinations (Version: 140.0.77.000)
DeviceDiscovery (Version: 140.0.212.000)
Dora Saves the Snow Princess (Version: 32.0.0.0)
DriverFinder (Version: 2.1.0)
Enhanced Multimedia Keyboard Solution
EPSON Printer Software
Expert PDF 7 Reader (Version: 7.0.1370.0)
Feedback Tool (Version: 1.2.0)
FinePixViewer Ver.5.3 (Version: 5.3)
FUJIFILM MyFinePix Studio 4.2
Genesys USB Mass Storage Device (Version: 2.5.0.0)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4805.320)
Google Update Helper (Version: 1.3.22.5)
GPBaseService2 (Version: 140.0.211.000)
Hallmark Card Studio Express (Version: 13.0.4.3)
Hallmark Card Studio Special Edition (Version: 5.0.0.6)
HP Photo Creations (Version: 1.0.0.2024)
HP Picasso Media Center Add-In (Version: 1.0.0)
HP Printer Quality Research Study (Version: 1.00.11)
HP Smart Print 1.1.5.0 (Version: 1.1.5.0)
HP Update (Version: 5.003.001.001)
HPAppStudio (Version: 140.0.95.000)
HPDiagnosticAlert (Version: 1.00.0000)
HPPhotoGadget (Version: 140.0.524.000)
HPProductAssistant (Version: 140.0.212.000)
HPSSupply (Version: 140.0.211.000)
Intel(R) Graphics Media Accelerator Driver (Version: 8.15.10.1930)
Intel(R) Network Connections 15.2.89.0 (Version: 15.2.89.0)
iTunes (Version: 11.1.4.62)
Java 7 Update 51 (Version: 7.0.510)
Java Auto Updater (Version: 2.1.9.8)
Junk Mail filter update (Version: 15.4.3502.0922)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
MarketResearch (Version: 140.0.212.000)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Fix it Center (Version: 1.0.0100)
Microsoft Office 2000 Premium (Version: 9.00.2720)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office Outlook Connector (Version: 14.0.5118.5000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Security Client (Version: 4.4.0304.0)
Microsoft Security Essentials (Version: 4.4.304.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SkyDrive (Version: 17.0.2003.1112)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0)
Microsoft VC9 runtime libraries (Version: 2.0.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 9.7.0621)
Motorola Device Manager (Version: 2.4.5)
Motorola Device Software Update (Version: 13.09.3001)
Motorola Mobile Drivers Installation 6.3.0 (Version: 6.3.0)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
Network (Version: 140.0.212.000)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
PS_AIO_07_D110_SW_Min (Version: 140.0.142.000)
QuickTime (Version: 7.74.80.86)
QuickTransfer (Version: 140.0.98.000)
RealDownloader (Version: 1.3.3)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)
RealPlayer (Version: 16.0.3)
Realtek High Definition Audio Driver (Version: 6.0.1.6710)
RealUpgrade 1.1 (Version: 1.1.0)
ROBLOX Player
Scan (Version: 140.0.77.000)
Segoe UI (Version: 15.4.2271.0615)
SmartWebPrinting (Version: 140.0.186.000)
SolutionCenter (Version: 140.0.211.000)
Sony RAW Driver (Version: 2.0.00.08130)
Status (Version: 140.0.212.000)
swMSM (Version: 12.0.0.1)
Toolbox (Version: 140.0.424.000)
TrayApp (Version: 140.0.212.000)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (Version: 3)
Updater (Version: 2.6.61)
WebReg (Version: 140.0.212.017)
What's my computer doing 1.xx
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Yahoo! Software Update
**** End of log ****


----------



## askey127 (Dec 22, 2006)

Paloftin,
Sorry for the delay. Missed your reply somehow.
How is it running?
askey127


----------



## paloftin (Feb 15, 2014)

It still stops and sepped uo then slows down however I am not getting the error messages like before. I never did get that last one to run, it will always add that 1 and I can't out smart it.


----------



## askey127 (Dec 22, 2006)

Paloftin,
You can Uninstall any of these to see whether the machine performance improves . 
The Expert PDF Reader comes loaded with junkware. That may be the source of your problem.
Never download *anything* from CNET or Download.com
---------------------------------------------------------------
*Expert PDF 7 Reader (Version: 7.0.1370.0)
Adobe AIR (Version: 4.0.0.1390)
Adobe Download Assistant (Version: 1.2.6)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Feedback Tool (Version: 1.2.0)
Better Experience (Version: 2.6.61)
Yahoo! Software Update*

askey127


----------

