1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Script error

Discussion in 'Virus & Other Malware Removal' started by paloftin, Feb 15, 2014.

Thread Status:
Not open for further replies.
Advertisement
  1. paloftin

    paloftin Thread Starter

    Joined:
    Feb 15, 2014
    Messages:
    19
    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft® Windows Vista™ Home Basic, Service Pack 2, 32 bit
    Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz, x64 Family 15 Model 6 Stepping 5
    Processor Count: 2
    RAM: 2036 Mb
    Graphics Card: Intel(R) 82945G Express Chipset Family, 256 Mb
    Hard Drives: C: Total - 8579 MB, Free - 6900 MB; D: Total - 144043 MB, Free - 71803 MB;
    Motherboard: Intel Corporation, D945GCCRG1
    Antivirus: Microsoft Security Essentials, Updated and Enabled

    Every time I start up me computer I get this same error message: Script error; Line 1, Char 1, Error syntax error, code o, url http://adadvisor.net/adscores/g.js?sid=9276253823

    What can be done?
     
  2. Sponsor

  3. valis

    valis Moderator

    Joined:
    Sep 24, 2004
    Messages:
    72,640
    sounds like you got infected....how long has this been going on? May move to malware, we'll see yet.

    and welcome to TSG. :)
     
  4. paloftin

    paloftin Thread Starter

    Joined:
    Feb 15, 2014
    Messages:
    19
    Thanks! About a month and I have ran Malwarebytes Anti-malware a number of times and nothing changed.
     
  5. valis

    valis Moderator

    Joined:
    Sep 24, 2004
    Messages:
    72,640
    let's do this:

    Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

    • Double click on AdwCleaner.exe to run the tool.
    • Vista/Windows 7/8 users right-click and select Run As Administrator
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • When it's done you'll see: Pending: Uncheck any elements you don't want removed.
    • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
    • Look over the log especially under Files/Folders for any program you want to save.
    • If there's a program you want to save, just uncheck it from AdwCleaner.
    • If you're not sure, post the log for review.
    • If you're ready to clean it all up.....click the Clean button.
    • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
    • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
    • To restore an item that has been deleted (if necessary):
    • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

    this is a pretty lightweight, non-invasive tool.....depending on what it shows, we'll go from there or move to malware. Mind you, it will require a reboot.

    thanks,

    v
     
  6. paloftin

    paloftin Thread Starter

    Joined:
    Feb 15, 2014
    Messages:
    19
    # AdwCleaner v3.018 - Report created 15/02/2014 at 20:58:18
    # Updated 28/01/2014 by Xplode
    # Operating System : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)
    # Username : paulloftin - PAULLOFTIN-PC
    # Running from : D:\Users\paulloftin\Downloads\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****

    Service Deleted : CltMngSvc

    ***** [ Files / Folders ] *****

    Folder Deleted : D:\ProgramData\Ask
    Folder Deleted : D:\ProgramData\Babylon
    Folder Deleted : D:\ProgramData\GameTap Web Player
    Folder Deleted : D:\ProgramData\ParetoLogic
    Folder Deleted : D:\ProgramData\SoftSafe
    Folder Deleted : D:\ProgramData\SpeedMaxPc
    Folder Deleted : D:\ProgramData\SpeedyPC Software
    Folder Deleted : D:\ProgramData\Uniblue\DriverScanner
    Folder Deleted : D:\Program Files\BrowseToSave
    Folder Deleted : D:\Program Files\Free Offers from Freeze.com
    Folder Deleted : D:\Program Files\Search Toolbar
    Folder Deleted : D:\Program Files\Searchprotect
    Folder Deleted : D:\Program Files\WinZip Registry Optimizer
    Folder Deleted : D:\Program Files\Common Files\Software Update Utility
    Folder Deleted : D:\Program Files\Common Files\spigot
    Folder Deleted : D:\Windows\system32\Searchprotect
    Folder Deleted : D:\Users\paulloftin\AppData\Local\apn
    Folder Deleted : D:\Users\paulloftin\AppData\Local\Conduit
    Folder Deleted : D:\Users\paulloftin\AppData\Local\iac
    Folder Deleted : D:\Users\paulloftin\AppData\Local\PackageAware
    Folder Deleted : D:\Users\paulloftin\AppData\Local\Searchprotect
    Folder Deleted : D:\Users\paulloftin\AppData\Local\visi_coupon
    Folder Deleted : D:\Users\paulloftin\AppData\Local\Zynga
    Folder Deleted : D:\Users\PAULLO~1\AppData\Local\Temp\AirInstaller
    Folder Deleted : D:\Users\paulloftin\AppData\LocalLow\BabylonToolbar
    Folder Deleted : D:\Users\paulloftin\AppData\LocalLow\Conduit
    Folder Deleted : D:\Users\paulloftin\AppData\Roaming\DriverCure
    Folder Deleted : D:\Users\paulloftin\AppData\Roaming\NCdownloader
    Folder Deleted : D:\Users\paulloftin\AppData\Roaming\ParetoLogic
    Folder Deleted : D:\Users\paulloftin\AppData\Roaming\pccustubinstaller
    Folder Deleted : D:\Users\paulloftin\AppData\Roaming\SpeedMaxPc
    Folder Deleted : D:\Users\paulloftin\AppData\Roaming\SpeedyPC Software
    Folder Deleted : D:\Users\paulloftin\Documents\smart pc cleaner
    Folder Deleted : D:\Users\paulloftin\AppData\Roaming\Mozilla\Firefox\Profiles\ii34x9sc.default\Smartbar
    Folder Deleted : D:\Users\paulloftin\AppData\Roaming\Mozilla\Firefox\Profiles\ii34x9sc.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    Folder Deleted : D:\Users\paulloftin\AppData\Roaming\Mozilla\Firefox\Profiles\1wzryyw7.default\Extensions\[email protected]
    Folder Deleted : D:\Users\paulloftin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam
    File Deleted : D:\Users\paulloftin\AppData\Roaming\Mozilla\Firefox\Profiles\1wzryyw7.default\Extensions\[email protected]
    File Deleted : D:\Users\paulloftin\AppData\Roaming\Mozilla\Firefox\Profiles\ii34x9sc.default\searchplugins\Askcom.xml
    File Deleted : D:\Users\paulloftin\AppData\Roaming\Mozilla\Firefox\Profiles\ii34x9sc.default\searchplugins\my-web-search.xml
    File Deleted : D:\Users\paulloftin\AppData\Roaming\Mozilla\Firefox\Profiles\1wzryyw7.default\user.js
    File Deleted : D:\Users\paulloftin\AppData\Roaming\Mozilla\Firefox\Profiles\ii34x9sc.default\user.js
    File Deleted : D:\Users\paulloftin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www1.delta-search.com_0.localstorage
    File Deleted : D:\Users\paulloftin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www1.delta-search.com_0.localstorage-journal

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
    Key Deleted : HKCU\Software\Google\Chrome\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam
    Key Deleted : HKCU\Toolbar
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
    Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
    Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060231.IEToolbar
    Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060231.IEToolbar.1
    Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060231.IEToolbar.3
    Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060231.JSOptionsImpl
    Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060231.JSOptionsImpl.1
    Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100685.FCTB000100685Pos
    Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100685.FCTB000100685Pos.1
    Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100685.IEToolbar
    Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100685.IEToolbar.1
    Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100685.JSOptionsImpl
    Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100685.JSOptionsImpl.1
    Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Updater]
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2F4D7835-42B0-4BA7-9587-1B01393F78EE}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
    Key Deleted : HKCU\Software\APN PIP
    Key Deleted : HKCU\Software\BringMeSports_1c
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\distromatic
    Key Deleted : HKCU\Software\ParetoLogic
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKCU\Software\SpeedMaxPC
    Key Deleted : HKCU\Software\SpeedyPC Software
    Key Deleted : HKCU\Software\wecarereminder
    Key Deleted : HKCU\Software\wscontb
    Key Deleted : HKCU\Software\YahooPartnerToolbar
    Key Deleted : HKCU\Software\Zugo
    Key Deleted : HKCU\Software\AppDataLow\Software\BringMeSports_1c
    Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
    Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
    Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
    Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
    Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar
    Key Deleted : HKLM\Software\BringMeSports_1c
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\Software\Freeze.com
    Key Deleted : HKLM\Software\InstallIQ
    Key Deleted : HKLM\Software\ParetoLogic
    Key Deleted : HKLM\Software\PIP
    Key Deleted : HKLM\Software\SearchProtect
    Key Deleted : HKLM\Software\SpeedMaxPC
    Key Deleted : HKLM\Software\SpeedyPC Software
    Key Deleted : HKLM\Software\SProtector
    Key Deleted : HKLM\Software\Tarma Installer
    Key Deleted : HKLM\Software\Uniblue\DriverScanner
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\OptimizerPro
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF

    ***** [ Browsers ] *****

    -\\ Internet Explorer v9.0.8112.16533

    Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

    -\\ Mozilla Firefox v

    [ File : D:\Users\paulloftin\AppData\Roaming\Mozilla\Firefox\Profiles\1wzryyw7.default\prefs.js ]


    [ File : D:\Users\paulloftin\AppData\Roaming\Mozilla\Firefox\Profiles\ii34x9sc.default\prefs.js ]

    Line Deleted : user_pref("CT3196716.1000082.isDisplayHidden", "true");
    Line Deleted : user_pref("CT3196716.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock\",\"url\":\"hxxp://feedlive.net/california.asx\"}");
    Line Deleted : user_pref("CT3196716.1000234.TWC_TMP_city", "LINCOLNTON");
    Line Deleted : user_pref("CT3196716.1000234.TWC_TMP_country", "US");
    Line Deleted : user_pref("CT3196716.1000234.TWC_locId", "USGA0327");
    Line Deleted : user_pref("CT3196716.1000234.TWC_location", "Lincolnton, GA");
    Line Deleted : user_pref("CT3196716.1000234.TWC_region", "US");
    Line Deleted : user_pref("CT3196716.1000234.TWC_temp_dis", "f");
    Line Deleted : user_pref("CT3196716.1000234.TWC_wind_dis", "mph");
    Line Deleted : user_pref("CT3196716.1000234.weatherData", "{\"icon\":\"32.png\",\"temperature\":\"34°F\",\"temperature[...]
    Line Deleted : user_pref("CT3196716.CBOpenMAMSettings.enc", "MA==");
    Line Deleted : user_pref("CT3196716.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Line Deleted : user_pref("CT3196716.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Line Deleted : user_pref("CT3196716.FirstTime", "true");
    Line Deleted : user_pref("CT3196716.FirstTimeFF3", "true");
    Line Deleted : user_pref("CT3196716.LoginRevertSettingsEnabled", false);
    Line Deleted : user_pref("CT3196716.RevertSettingsEnabled", true);
    Line Deleted : user_pref("CT3196716.UserID", "UN60870422703666997");
    Line Deleted : user_pref("CT3196716.addressBarTakeOverEnabledInHidden", "true");
    Line Deleted : user_pref("CT3196716.cbcountry_001.enc", "VVM=");
    Line Deleted : user_pref("CT3196716.cbfirsttime.enc", "RnJpIERlYyAxNCAyMDEyIDA4OjU5OjA4IEdNVC0wNTAwIChFYXN0ZXJuIFN0YW5kYXJkIFRpbWUp");
    Line Deleted : user_pref("CT3196716.embeddedsData", "[{\"appId\":\"129755756826636815\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
    Line Deleted : user_pref("CT3196716.enableAlerts", "never");
    Line Deleted : user_pref("CT3196716.event_data.enc", "JTVCJTVE");
    Line Deleted : user_pref("CT3196716.fired_events.enc", "AA==");
    Line Deleted : user_pref("CT3196716.firstTimeDialogOpened", "true");
    Line Deleted : user_pref("CT3196716.fixPageNotFoundErrorInHidden", "true");
    Line Deleted : user_pref("CT3196716.fixUrls", true);
    Line Deleted : user_pref("CT3196716.installType", "Unknown");
    Line Deleted : user_pref("CT3196716.isCheckedStartAsHidden", true);
    Line Deleted : user_pref("CT3196716.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Line Deleted : user_pref("CT3196716.isFirstTimeToolbarLoading", "false");
    Line Deleted : user_pref("CT3196716.isNewTabEnabled", false);
    Line Deleted : user_pref("CT3196716.isPerformedSmartBarTransition", "true");
    Line Deleted : user_pref("CT3196716.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
    Line Deleted : user_pref("CT3196716.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
    Line Deleted : user_pref("CT3196716.key_date.enc", "MTQ=");
    Line Deleted : user_pref("CT3196716.migrateAppsAndComponents", true);
    Line Deleted : user_pref("CT3196716.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"about%3Aaddons\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://WiseConvert.OurToolbar.c[...]
    Line Deleted : user_pref("CT3196716.price-gong.bornDate", "{\"dataType\":\"string\",\"data\":\"{\\\"Response\\\":\\\"12\\\\/14\\\\/2012 16\\\"}\"}");
    Line Deleted : user_pref("CT3196716.price-gong.isManagedApp", "true");
    Line Deleted : user_pref("CT3196716.search.searchAppId", "129755756826636815");
    Line Deleted : user_pref("CT3196716.search.searchCount", "0");
    Line Deleted : user_pref("CT3196716.searchInNewTabEnabled", "false");
    Line Deleted : user_pref("CT3196716.searchInNewTabEnabledInHidden", "true");
    Line Deleted : user_pref("CT3196716.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Line Deleted : user_pref("CT3196716.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
    Line Deleted : user_pref("CT3196716.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
    Line Deleted : user_pref("CT3196716.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3196716\"}");
    Line Deleted : user_pref("CT3196716.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://WiseConvert.OurToolbar.com//xpi\"}");
    Line Deleted : user_pref("CT3196716.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"WiseConvert\"}");
    Line Deleted : user_pref("CT3196716.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Line Deleted : user_pref("CT3196716.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1355493534081");
    Line Deleted : user_pref("CT3196716.serviceLayer_services_appsMetadata_lastUpdate", "1355493534026");
    Line Deleted : user_pref("CT3196716.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1355493536511");
    Line Deleted : user_pref("CT3196716.serviceLayer_services_login_10.13.40.15_lastUpdate", "1355493922995");
    Line Deleted : user_pref("CT3196716.serviceLayer_services_menu_769c590835a76d075fe33b9a87a87786_lastUpdate", "1355493534109");
    Line Deleted : user_pref("CT3196716.serviceLayer_services_menu_d32f45618f5a02bd965c56155a643855_lastUpdate", "1355493535188");
    Line Deleted : user_pref("CT3196716.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1355493536667");
    Line Deleted : user_pref("CT3196716.serviceLayer_services_searchAPI_lastUpdate", "1355493532833");
    Line Deleted : user_pref("CT3196716.serviceLayer_services_serviceMap_lastUpdate", "1355493532252");
    Line Deleted : user_pref("CT3196716.serviceLayer_services_toolbarContextMenu_lastUpdate", "1355493536777");
    Line Deleted : user_pref("CT3196716.serviceLayer_services_toolbarSettings_lastUpdate", "1355493532905");
    Line Deleted : user_pref("CT3196716.serviceLayer_services_translation_lastUpdate", "1355493534636");
    Line Deleted : user_pref("CT3196716.serviceLayer_services_userApps_lastUpdate", "1355493544221");
    Line Deleted : user_pref("CT3196716.settingsINI", true);
    Line Deleted : user_pref("CT3196716.smartbar.CTID", "CT3196716");
    Line Deleted : user_pref("CT3196716.smartbar.Uninstall", "0");
    Line Deleted : user_pref("CT3196716.smartbar.toolbarName", "WiseConvert ");
    Line Deleted : user_pref("CT3196716.toolbarBornServerTime", "14-12-2012");
    Line Deleted : user_pref("CT3196716.toolbarCurrentServerTime", "14-12-2012");
    Line Deleted : user_pref("CT3196716_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1355493528735,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
    Line Deleted : user_pref("aol_toolbar.default.homepage.check", false);
    Line Deleted : user_pref("aol_toolbar.default.search.check", false);
    Line Deleted : user_pref("browser.search.order.2", "Ask.com");
    Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
    Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
    Line Deleted : user_pref("extensions.mywebsearch.prevDefaultEngine", "Ask.com");
    Line Deleted : user_pref("extensions.mywebsearch.prevSelectedEngine", "Ask.com");
    Line Deleted : user_pref("extensions.toolbar.mindspark._5zMembers_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=undefined&n=77ee5eb5&p2=^AFA^xpi000^^");
    Line Deleted : user_pref("extensions.toolbar.mindspark._5zMembers_.initialized", true);
    Line Deleted : user_pref("extensions.toolbar.mindspark._5zMembers_.installation.contextKey", "");
    Line Deleted : user_pref("extensions.toolbar.mindspark._5zMembers_.installation.installDate", "2012110517");
    Line Deleted : user_pref("extensions.toolbar.mindspark._5zMembers_.installation.partnerId", "^AFA^xpi000^^");
    Line Deleted : user_pref("extensions.toolbar.mindspark._5zMembers_.installation.partnerSubId", "");
    Line Deleted : user_pref("extensions.toolbar.mindspark._5zMembers_.installation.success", false);
    Line Deleted : user_pref("extensions.toolbar.mindspark._5zMembers_.installation.toolbarId", "undefined");
    Line Deleted : user_pref("extensions.toolbar.mindspark._5zMembers_.options.defaultSearch", false);
    Line Deleted : user_pref("extensions.toolbar.mindspark._5zMembers_.options.homePageEnabled", false);
    Line Deleted : user_pref("extensions.toolbar.mindspark._5zMembers_.options.keywordEnabled", false);
    Line Deleted : user_pref("extensions.toolbar.mindspark._5zMembers_.options.tabEnabled", false);
    Line Deleted : user_pref("extensions.toolbar.mindspark._5zMembers_.searchHistory", "");
    Line Deleted : user_pref("extensions.toolbar.mindspark._5zMembers_.weather.location", "29601");
    Line Deleted : user_pref("extensions.toolbar.mindspark._gcMembers_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=7A5C7F65-8DA8-4DB8-AC0F-1A5C5BF7D081&n=77ee40a3&ptnrS=XNxdm003YYus&si=CM_ynL7ppLMCFU-d4Aodrx[...]
    Line Deleted : user_pref("extensions.toolbar.mindspark._gcMembers_.hp.user.defined", true);
    Line Deleted : user_pref("extensions.toolbar.mindspark._gcMembers_.initialized", true);
    Line Deleted : user_pref("extensions.toolbar.mindspark._gcMembers_.installation.contextKey", "");
    Line Deleted : user_pref("extensions.toolbar.mindspark._gcMembers_.installation.installDate", "2012102819");
    Line Deleted : user_pref("extensions.toolbar.mindspark._gcMembers_.installation.partnerId", "XNxdm003YYus");
    Line Deleted : user_pref("extensions.toolbar.mindspark._gcMembers_.installation.partnerSubId", "CM_ynL7ppLMCFU-d4AodrxgAkg");
    Line Deleted : user_pref("extensions.toolbar.mindspark._gcMembers_.installation.success", true);
    Line Deleted : user_pref("extensions.toolbar.mindspark._gcMembers_.installation.toolbarId", "7A5C7F65-8DA8-4DB8-AC0F-1A5C5BF7D081");
    Line Deleted : user_pref("extensions.toolbar.mindspark._gcMembers_.lastActivePing", "1370797854129");
    Line Deleted : user_pref("extensions.toolbar.mindspark._gcMembers_.options.defaultSearch", false);
    Line Deleted : user_pref("extensions.toolbar.mindspark._gcMembers_.options.homePageEnabled", false);
    Line Deleted : user_pref("extensions.toolbar.mindspark._gcMembers_.options.keywordEnabled", false);
    Line Deleted : user_pref("extensions.toolbar.mindspark._gcMembers_.options.tabEnabled", false);
    Line Deleted : user_pref("extensions.toolbar.mindspark._gcMembers_.weather.location", "29601");
    Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "[email protected]");
    Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
    Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
    Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
    Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
    Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
    Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
    Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
    Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");

    -\\ Google Chrome v32.0.1700.107

    [ File : D:\Users\paulloftin\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    Deleted : homepage

    *************************

    AdwCleaner[R0].txt - [23250 octets] - [15/02/2014 20:50:38]
    AdwCleaner[S0].txt - [23686 octets] - [15/02/2014 20:58:18]

    ########## EOF - D:\AdwCleaner\AdwCleaner[S0].txt - [23747 octets] ##########
     
  7. valis

    valis Moderator

    Joined:
    Sep 24, 2004
    Messages:
    72,640
    yeah......we're going to move this one to malware...:)

    thanks, and be patient....that is by far and away the busiest section of our site. If you don't have a response by Monday AM, type 'bump' in the quick reply ,and I'll see if I can flag someone down at that point in time.

    thanks again,

    v
     
  8. valis

    valis Moderator

    Joined:
    Sep 24, 2004
    Messages:
    72,640
    as an aside, did that script error occur on this boot?
     
  9. valis

    valis Moderator

    Joined:
    Sep 24, 2004
    Messages:
    72,640
  10. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,593
    Hi Paloftin,
    There is probably more to do on there.
    You can follow up with these instructions as a replacement for the standard first post instruction, and we'll se if we can clean up any leftovers..
    ---------------------------------------------
    Download the OTL Scanner
    Please download OTL.exe by OldTimer and save it to your desktop.
    ---------------------------------------------
    Run a Scan with OTL
    • For Vista, right click the icon and choose "Run as administrator".
    • Check the boxes labeled :
      • Scan All Users
      • LOP check
      • Purity check
      • Extra Registry > Use SafeList
    • Make sure all other windows are closed to let it run uninterrupted.
    • Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so.
      When the scan starts, OTL may appear to be frozen while it runs. Please be patient.
    When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. (desktop)
    OTL.txt will be open on your desktop, and Extras.txt will be minimized in your taskbar.
    The Extras.txt file will only appear as a running Notepad document the very first time you run OTL.
    Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.
    ---------------------------------------------------
    So, In Your Replies, we will be looking for the following :
    The contents of:
    • OTL.txt
    • Extras.txt
    Please feel free to use separate replies.
    askey127
     
  11. paloftin

    paloftin Thread Starter

    Joined:
    Feb 15, 2014
    Messages:
    19
    OTL logfile created on: 2/17/2014 18:14:10 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = D:\Users\paulloftin\Downloads
    Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.99 Gb Total Physical Memory | 0.58 Gb Available Physical Memory | 28.98% Memory free
    4.22 Gb Paging File | 2.17 Gb Available in Paging File | 51.50% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files
    Drive C: | 8.38 Gb Total Space | 6.74 Gb Free Space | 80.43% Space Free | Partition Type: NTFS
    Drive D: | 140.67 Gb Total Space | 69.93 Gb Free Space | 49.72% Space Free | Partition Type: NTFS

    Computer Name: PAULLOFTIN-PC | User Name: paulloftin | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2014/02/17 18:13:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Users\paulloftin\Downloads\OTL.exe
    PRC - [2014/02/05 20:28:56 | 000,491,112 | ---- | M] (Updater) -- D:\ProgramData\Updater\updater.exe
    PRC - [2014/02/05 20:28:56 | 000,435,816 | ---- | M] (WatchDog) -- D:\ProgramData\RHelpers\IeHelper\IeHelper.exe
    PRC - [2014/02/05 20:28:56 | 000,435,816 | ---- | M] (WatchDog) -- D:\ProgramData\RHelpers\FirefoxHelper\FirefoxHelper.exe
    PRC - [2014/02/05 20:28:56 | 000,435,816 | ---- | M] (WatchDog) -- D:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe
    PRC - [2014/01/14 20:07:04 | 000,045,568 | ---- | M] (Parallel Lines Development, LLC) -- D:\ProgramData\InternetUpdater\InternetUpdaterService.exe
    PRC - [2013/12/18 13:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- D:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2013/12/18 13:38:37 | 000,309,328 | ---- | M] (Google Inc.) -- D:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
    PRC - [2013/12/16 19:34:22 | 000,247,968 | ---- | M] (Microsoft Corporation.) -- D:\Program Files\Microsoft\BingBar\7.3.124.0\SeaPort.EXE
    PRC - [2013/10/23 15:01:10 | 000,280,288 | ---- | M] (Microsoft Corporation) -- d:\Program Files\Microsoft Security Client\NisSrv.exe
    PRC - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) -- d:\Program Files\Microsoft Security Client\MsMpEng.exe
    PRC - [2013/10/23 14:55:28 | 000,948,440 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft Security Client\msseces.exe
    PRC - [2013/09/17 16:07:40 | 006,401,160 | ---- | M] (Microsoft Corporation) -- D:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2858302-v2-x86.exe
    PRC - [2013/09/11 05:50:02 | 000,078,992 | ---- | M] (Microsoft Corporation) -- d:\ff21fd70a6b70d14aa81929f556dc763\Setup.exe
    PRC - [2013/08/14 15:19:24 | 000,039,056 | ---- | M] () -- D:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
    PRC - [2013/06/05 12:40:50 | 000,173,192 | ---- | M] (Microsoft Corp.) -- D:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe
    PRC - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2013/04/04 13:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    PRC - [2013/01/05 14:29:28 | 000,274,168 | ---- | M] () -- D:\Program Files\What's my computer doing\WhatsMyComputerDoing.exe
    PRC - [2012/02/23 15:57:36 | 000,563,104 | ---- | M] (Affinegy, Inc.) -- D:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
    PRC - [2012/02/23 15:57:34 | 001,885,088 | ---- | M] (Affinegy, Inc.) -- D:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
    PRC - [2011/10/05 12:31:46 | 001,652,736 | R--- | M] (AWS Convergence Technologies, Inc.) -- D:\Program Files\AWS\WeatherBug\Weather.exe
    PRC - [2010/07/29 02:37:18 | 000,237,568 | ---- | M] (Alcor Micro Corp.) -- D:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
    PRC - [2010/05/04 11:07:22 | 000,503,080 | ---- | M] (Nero AG) -- D:\Program Files\Nero\Update\NASvc.exe
    PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- D:\Windows\explorer.exe
    PRC - [2008/01/19 02:33:37 | 000,397,312 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Windows Mail\WinMail.exe
    PRC - [2006/12/04 16:27:00 | 000,303,104 | ---- | M] (FUJIFILM Corporation) -- D:\Program Files\FinePixViewer\QuickDCF2.exe


    ========== Modules (No Company Name) ==========

    MOD - [2014/01/20 13:17:04 | 000,073,544 | ---- | M] () -- D:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2014/01/20 13:16:38 | 001,044,808 | ---- | M] () -- D:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2013/01/05 14:29:28 | 000,274,168 | ---- | M] () -- D:\Program Files\What's my computer doing\WhatsMyComputerDoing.exe
    MOD - [2010/08/22 20:01:36 | 007,187,456 | ---- | M] () -- D:\Program Files\Belkin\Router Setup and Monitor\QtGui4.dll
    MOD - [2010/08/22 20:01:08 | 000,325,632 | ---- | M] () -- D:\Program Files\Belkin\Router Setup and Monitor\QtXml4.dll
    MOD - [2010/08/22 20:01:06 | 001,954,304 | ---- | M] () -- D:\Program Files\Belkin\Router Setup and Monitor\QtCore4.dll
    MOD - [2010/08/22 20:01:06 | 000,847,360 | ---- | M] () -- D:\Program Files\Belkin\Router Setup and Monitor\QtNetwork4.dll
    MOD - [2010/08/22 19:32:34 | 000,119,808 | ---- | M] () -- D:\Program Files\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
    MOD - [2006/11/10 16:32:00 | 000,081,920 | ---- | M] () -- D:\Program Files\FinePixViewer\wia_register_event.dll
    MOD - [1999/01/31 09:52:02 | 000,192,512 | ---- | M] () -- D:\Program Files\What's my computer doing\QHTM.dll


    ========== Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- -- (ACDaemon)
    SRV - [2014/01/29 09:10:53 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- D:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2014/01/14 20:07:04 | 000,045,568 | ---- | M] (Parallel Lines Development, LLC) [Auto | Running] -- D:\ProgramData\InternetUpdater\InternetUpdaterService.exe -- (InternetUpdater)
    SRV - [2013/12/18 13:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- D:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2013/12/16 19:34:22 | 000,247,968 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- D:\Program Files\Microsoft\BingBar\7.3.124.0\SeaPort.EXE -- (BBUpdate)
    SRV - [2013/12/16 19:34:22 | 000,193,696 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- D:\Program Files\Microsoft\BingBar\7.3.124.0\BBSvc.EXE -- (BBSvc)
    SRV - [2013/10/23 15:01:10 | 000,280,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- d:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- d:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV - [2013/08/14 15:19:24 | 000,039,056 | ---- | M] () [Auto | Running] -- D:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
    SRV - [2013/06/05 12:40:50 | 000,173,192 | ---- | M] (Microsoft Corp.) [Auto | Running] -- D:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe -- (BingDesktopUpdate)
    SRV - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2012/02/23 15:57:36 | 000,563,104 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- D:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
    SRV - [2011/06/13 21:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
    SRV - [2010/05/04 11:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- D:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
    SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- D:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
    SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- D:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | Boot | Stopped] -- System32\Drivers\PxHelp20.sys -- (PxHelp20)
    DRV - File not found [Kernel | System | Running] -- d:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A532DF57-CE79-48A4-85A0-983272E58157}\MpKslef007208.sys -- (MpKslef007208)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\fixustor.sys -- (FIXUSTOR)
    DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\bdvedisk.sys -- (BDVEDISK)
    DRV - [2014/01/21 20:09:34 | 000,014,528 | ---- | M] (Glarysoft Ltd) [Kernel | Boot | Running] -- D:\Windows\System32\drivers\BootDefragDriver.sys -- (BootDefragDriver)
    DRV - [2014/01/01 12:05:50 | 000,013,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\Windows\System32\drivers\SWDUMon.sys -- (SWDUMon)
    DRV - [2013/09/27 09:53:06 | 000,104,768 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- D:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV - [2013/04/04 13:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- D:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2012/09/20 04:11:58 | 000,226,080 | ---- | M] (GFI Software) [Kernel | System | Running] -- D:\Windows\System32\drivers\SbFw.sys -- (SbFw)
    DRV - [2012/09/20 04:11:58 | 000,094,496 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- D:\Windows\System32\drivers\sbhips.sys -- (sbhips)
    DRV - [2012/09/20 04:11:58 | 000,075,552 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- D:\Windows\System32\drivers\sbwtis.sys -- (sbwtis)
    DRV - [2012/09/12 19:19:34 | 000,095,488 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- D:\Windows\System32\drivers\SbFwIm.sys -- (SBFWIMCLMP)
    DRV - [2012/09/12 19:19:34 | 000,095,488 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- D:\Windows\System32\drivers\SbFwIm.sys -- (SBFWIMCL)
    DRV - [2011/03/15 00:11:10 | 000,010,112 | ---- | M] (support.com, Inc) [Kernel | On_Demand | Stopped] -- D:\Windows\System32\drivers\ssmirrdr.sys -- (ssmirrdr)
    DRV - [2007/06/29 09:11:02 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- D:\Windows\System32\drivers\XAudio.sys -- (XAudio)
    DRV - [2007/06/20 03:28:38 | 000,267,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- D:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
    DRV - [2005/12/12 17:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- D:\Windows\System32\drivers\PS2.sys -- (Ps2)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=EIE9HP&PC=UP68
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Value error.
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=EIE9HP&PC=UP68
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=EIE9HP&PC=UP68
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/default.aspx
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKCU\..\SearchScopes\{3857290D-6438-4DA7-9062-AEDEE3FA622C}: "URL" = http://www.google.com/search?q={sea...ng?}&oe={outputEncoding?}&rlz=1I7ADRA_enUS380
    IE - HKCU\..\SearchScopes\{D1628EAF-DB76-431C-A737-33BB8825C82E}: "URL" = http://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
    IE - HKCU\..\SearchScopes\{FBF6D5D4-56D5-4A90-A38A-BB3D717BA1B8}: "URL" = http://search.microsoft.com/results.aspx?mkt=en-US&setlang=en-US&q={searchTerms}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://search.yahoo.com?type=114576&fr=spigot-yhp-ff"
    FF - prefs.js..browser.startup.homepage: "http://search.yahoo.com?type=114576&fr=spigot-yhp-ff"
    FF - prefs.js..browser.search.defaultenginename: "Yahoo"
    FF - prefs.js..browser.search.selectedEngine: "Yahoo"
    FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=114576&p="
    FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=114576"
    FF - prefs.js..browser.search.update: false
    FF - prefs.js..browser.search.update: false
    FF - prefs.js..browser.search.update: false
    FF - prefs.js..browser.search.update: false
    FF - prefs.js..browser.search.update: false
    FF - prefs.js..browser.search.update: false
    FF - prefs.js..browser.search.update: false
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: D:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: D:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: d:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: D:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: D:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: D:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: D:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: D:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: d:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.91: File not found
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: d:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: D:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: D:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: D:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: d:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: D:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: D:\Program Files\Roblox\Versions\version-7cb7ff22d9334da0\\NPRobloxProxy.dll ()

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: D:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/12/24 21:33:59 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: D:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/08/02 14:40:45 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: D:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/10/19 19:50:21 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: D:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/12/06 07:13:10 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: D:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/12/06 07:13:10 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: D:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/10/19 19:50:21 | 000,000,000 | ---D | M]

    [2010/09/12 18:58:53 | 000,000,000 | ---D | M] (No name found) -- D:\Users\paulloftin\AppData\Roaming\Mozilla\Extensions
    [2014/02/15 20:58:32 | 000,000,000 | ---D | M] (No name found) -- D:\Users\paulloftin\AppData\Roaming\Mozilla\Firefox\Profiles\1wzryyw7.default\extensions
    [2010/12/08 21:59:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- D:\Users\paulloftin\AppData\Roaming\Mozilla\Firefox\Profiles\1wzryyw7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2013/07/07 15:58:21 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- D:\Users\paulloftin\AppData\Roaming\Mozilla\Firefox\Profiles\1wzryyw7.default\extensions\[email protected](251).com
    [2014/02/15 20:58:30 | 000,000,000 | ---D | M] (No name found) -- D:\Users\paulloftin\AppData\Roaming\Mozilla\Firefox\Profiles\ii34x9sc.default\extensions
    [2013/07/07 15:58:21 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- D:\Users\paulloftin\AppData\Roaming\Mozilla\Firefox\Profiles\ii34x9sc.default\extensions\[email protected](252).com
    [2014/02/14 19:05:51 | 000,000,000 | ---D | M] (Spy Guard) -- D:\Users\paulloftin\AppData\Roaming\Mozilla\Firefox\Profiles\ii34x9sc.default\extensions\[email protected]
    [2013/05/25 20:04:43 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files\Mozilla Firefox\browser\extensions
    [2013/05/25 20:04:43 | 000,000,000 | ---D | M] (Default) -- D:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:eek:mniboxStartMarginParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
    CHR - homepage: http://www1.delta-search.com/?babsr...737DE5565&affID=119351&tt=070813_wt4&tsp=4970
    CHR - Extension: little owl = D:\Users\paulloftin\AppData\Local\Google\Chrome\User Data\Default\Extensions\alopfckdopopebdogneaajhpajfbkane\1.0_0\
    CHR - Extension: Google Docs = D:\Users\paulloftin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
    CHR - Extension: Google Drive = D:\Users\paulloftin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: YouTube = D:\Users\paulloftin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: Google Search = D:\Users\paulloftin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: RealDownloader = D:\Users\paulloftin\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.3_0\
    CHR - Extension: Spy Guard = D:\Users\paulloftin\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.6.61_0\
    CHR - Extension: Google Wallet = D:\Users\paulloftin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
    CHR - Extension: Gmail = D:\Users\paulloftin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

    O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - D:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
    O4 - HKLM..\Run: [AmIcoSinglun] D:\Program Files\AmIcoSingLun\AmIcoSinglun.exe (Alcor Micro Corp.)
    O4 - HKLM..\Run: [APSDaemon] D:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [BingDesktop] D:\Program Files\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.)
    O4 - HKLM..\Run: [InstaLAN] D:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
    O4 - HKLM..\Run: [MSC] d:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [NeroLauncher] D:\Program Files\Nero\SyncUP\NeroLauncher.exe ()
    O4 - HKLM..\Run: [Updater] D:\ProgramData\Updater\updater.exe (Updater)
    O4 - HKCU..\Run: [Updater] D:\ProgramData\Updater\updater.exe (Updater)
    O4 - HKCU..\Run: [Weather] D:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - D:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control)
    O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Value error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{388DFADF-8A53-4E8F-939A-BA92E3DD12E1}: DhcpNameServer = 192.168.2.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (D:\Windows\system32\userinit.exe) - D:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
    O24 - Desktop WallPaper: D:\Users\paulloftin\AppData\Local\Microsoft\BingDesktop\themes\2014-02-16.jpg
    O24 - Desktop BackupWallPaper: D:\Users\paulloftin\AppData\Local\Microsoft\BingDesktop\themes\2014-02-16.jpg
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (BootDefrag.exe)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2014/02/15 22:15:28 | 000,000,000 | ---D | C] -- D:\Users\paulloftin\Desktop\Computer Fixes
    [2014/02/15 20:50:27 | 000,000,000 | ---D | C] -- D:\AdwCleaner
    [2014/02/15 12:59:18 | 000,000,000 | ---D | C] -- D:\ProgramData\PC Drivers HeadQuarters
    [2014/02/14 19:21:19 | 000,000,000 | ---D | C] -- D:\ProgramData\InternetUpdater
    [2014/02/14 19:09:51 | 000,000,000 | ---D | C] -- D:\Users\paulloftin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser
    [2014/02/14 19:09:51 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser
    [2014/02/14 19:07:19 | 000,000,000 | ---D | C] -- D:\Users\paulloftin\AppData\Local\Browser
    [2014/02/14 19:05:56 | 000,000,000 | ---D | C] -- D:\ProgramData\RHelpers
    [2014/02/14 19:05:53 | 000,000,000 | ---D | C] -- D:\ProgramData\Updater
    [2014/02/14 19:05:33 | 000,000,000 | ---D | C] -- D:\ProgramData\SpyGuard
    [2014/02/12 18:14:57 | 002,382,848 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mshtml.tlb
    [2014/02/12 18:14:52 | 000,176,640 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieui.dll
    [2014/02/12 18:14:52 | 000,065,536 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jsproxy.dll
    [2014/02/12 18:14:49 | 000,607,744 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msfeeds.dll
    [2014/02/12 18:14:49 | 000,142,848 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieUnatt.exe
    [2014/02/12 18:14:37 | 001,806,848 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jscript9.dll
    [2014/02/12 18:14:37 | 000,231,936 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\url.dll
    [2014/02/12 18:14:17 | 001,427,968 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\inetcpl.cpl
    [2014/02/12 09:32:54 | 000,000,000 | ---D | C] -- D:\Program Files\Microsoft Security Client
    [2014/02/09 20:41:20 | 000,000,000 | ---D | C] -- D:\Users\paulloftin\Documents\Sunday's Monday 2014
    [2014/02/08 16:55:39 | 000,000,000 | ---D | C] -- D:\Program Files\Microsoft ActiveSync
    [2014/02/08 16:52:57 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\DESIGNER
    [2014/01/30 18:33:40 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    [2014/01/26 09:20:33 | 000,000,000 | ---D | C] -- D:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
    [2014/01/21 17:15:18 | 000,264,616 | ---- | C] (Oracle Corporation) -- D:\Windows\System32\javaws.exe
    [2014/01/21 17:14:57 | 000,175,016 | ---- | C] (Oracle Corporation) -- D:\Windows\System32\javaw.exe
    [2014/01/21 17:14:57 | 000,174,504 | ---- | C] (Oracle Corporation) -- D:\Windows\System32\java.exe
    [2014/01/21 17:14:57 | 000,094,632 | ---- | C] (Oracle Corporation) -- D:\Windows\System32\WindowsAccessBridge.dll
    [2014/01/21 17:14:57 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    [2013/07/28 03:14:18 | 000,708,168 | ---- | C] (MindSpark) -- D:\Program Files\gcUninstall WeatherBlink.dll
    [2012/11/25 14:48:33 | 019,096,640 | ---- | C] (Intel ) -- D:\Users\paulloftin\144047_283_PROWin32.exe
    [2012/11/25 14:47:32 | 013,384,592 | ---- | C] (Microsoft Corporation) -- D:\Users\paulloftin\144047_280_IPx86_1033_6.31.258.0.exe
    [2010/07/17 13:25:04 | 002,734,688 | ---- | C] (Conduit Ltd.) -- D:\Program Files\tbZyng.dll
    [1 D:\Windows\*.tmp files -> D:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2014/02/17 18:32:13 | 000,699,736 | ---- | M] () -- D:\Windows\System32\perfh009.dat
    [2014/02/17 18:32:11 | 000,142,966 | ---- | M] () -- D:\Windows\System32\perfc009.dat
    [2014/02/17 18:10:21 | 000,000,830 | ---- | M] () -- D:\Windows\tasks\Adobe Flash Player Updater.job
    [2014/02/17 17:51:15 | 000,003,680 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2014/02/17 17:51:15 | 000,003,680 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2014/02/17 17:43:01 | 000,000,886 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2014/02/17 17:30:33 | 000,000,430 | ---- | M] () -- D:\Windows\tasks\PC Utility Kit.job
    [2014/02/17 00:59:59 | 000,000,372 | ---- | M] () -- D:\Windows\tasks\Regwork.job
    [2014/02/16 19:54:36 | 000,000,882 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2014/02/16 19:51:48 | 000,000,356 | ---- | M] () -- D:\Windows\tasks\SoftwareUpdateGU4.job
    [2014/02/16 19:51:23 | 000,000,095 | ---- | M] () -- D:\Users\paulloftin\.accessibility.properties
    [2014/02/16 19:51:16 | 000,000,330 | ---- | M] () -- D:\Windows\tasks\GlaryInitialize 4.job
    [2014/02/16 19:51:15 | 000,000,342 | ---- | M] () -- D:\Windows\tasks\RegistryBooster.job
    [2014/02/16 19:50:50 | 000,459,560 | ---- | M] () -- D:\Windows\System32\FNTCACHE.DAT
    [2014/02/16 19:50:30 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
    [2014/02/14 19:09:51 | 000,001,943 | ---- | M] () -- D:\Users\paulloftin\Application Data\Microsoft\Internet Explorer\Quick Launch\Browser.lnk
    [2014/02/12 09:34:07 | 000,001,945 | ---- | M] () -- D:\Windows\epplauncher.mif
    [2014/02/11 20:20:45 | 000,000,426 | ---- | M] () -- D:\AVScanner.ini
    [2014/02/11 18:25:24 | 000,001,955 | ---- | M] () -- D:\Users\paulloftin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2014/02/11 18:25:24 | 000,001,931 | ---- | M] () -- D:\Users\Public\Desktop\Google Chrome.lnk
    [2014/02/09 09:55:42 | 208,367,271 | ---- | M] () -- D:\Windows\MEMORY.DMP
    [2014/02/08 10:32:00 | 000,002,763 | ---- | M] () -- D:\ProgramData\connector.swf
    [2014/02/05 03:56:17 | 001,806,848 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\jscript9.dll
    [2014/02/05 03:49:56 | 001,427,968 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\inetcpl.cpl
    [2014/02/05 03:49:14 | 000,231,936 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\url.dll
    [2014/02/05 03:48:56 | 000,065,536 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\jsproxy.dll
    [2014/02/05 03:48:40 | 000,142,848 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\ieUnatt.exe
    [2014/02/05 03:47:57 | 000,607,744 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\msfeeds.dll
    [2014/02/05 03:47:16 | 002,382,848 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\mshtml.tlb
    [2014/02/05 03:46:50 | 000,176,640 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\ieui.dll
    [2014/01/29 09:10:52 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- D:\Windows\System32\FlashPlayerApp.exe
    [2014/01/29 09:10:51 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- D:\Windows\System32\FlashPlayerCPLApp.cpl
    [2014/01/26 17:14:03 | 000,000,837 | ---- | M] () -- D:\Users\Public\Desktop\Glary Utilities 4.lnk
    [2014/01/26 09:24:05 | 000,001,624 | ---- | M] () -- D:\Users\Public\Desktop\iTunes.lnk
    [2014/01/21 20:16:44 | 000,101,664 | ---- | M] (Glarysoft Ltd) -- D:\Windows\System32\BootDefrag.exe
    [2014/01/21 20:09:34 | 000,014,528 | ---- | M] (Glarysoft Ltd) -- D:\Windows\System32\drivers\BootDefragDriver.sys
    [2014/01/19 02:32:23 | 000,231,584 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\MpSigStub.exe
    [1 D:\Windows\*.tmp files -> D:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2014/02/14 19:09:51 | 000,001,943 | ---- | C] () -- D:\Users\paulloftin\Application Data\Microsoft\Internet Explorer\Quick Launch\Browser.lnk
    [2014/02/12 09:33:21 | 000,001,786 | ---- | C] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2014/02/12 09:06:12 | 000,000,426 | ---- | C] () -- D:\AVScanner.ini
    [2014/02/09 09:55:42 | 208,367,271 | ---- | C] () -- D:\Windows\MEMORY.DMP
    [2014/02/08 10:20:55 | 000,002,763 | ---- | C] () -- D:\ProgramData\connector.swf
    [2014/01/30 18:33:40 | 000,001,955 | ---- | C] () -- D:\Users\paulloftin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2014/01/30 18:33:40 | 000,001,931 | ---- | C] () -- D:\Users\Public\Desktop\Google Chrome.lnk
    [2014/01/01 12:05:50 | 000,013,464 | ---- | C] () -- D:\Windows\System32\drivers\SWDUMon.sys
    [2013/07/28 13:40:27 | 000,022,816 | ---- | C] () -- D:\Windows\System32\RegBootDefrag.exe
    [2013/07/28 03:14:18 | 000,186,752 | ---- | C] () -- D:\Program Files\gcres.dll
    [2013/06/09 19:34:55 | 000,000,095 | ---- | C] () -- D:\Users\paulloftin\.accessibility.properties
    [2013/01/04 12:54:17 | 000,000,632 | RHS- | C] () -- D:\Users\paulloftin\ntuser.pol
    [2012/12/02 09:43:00 | 000,332,665 | ---- | C] () -- D:\Windows\System32\drivers\RTAIODAT.DAT
    [2012/12/02 09:41:22 | 000,200,704 | ---- | C] () -- D:\Windows\System32\UMonit.exe
    [2012/12/02 09:41:22 | 000,167,936 | ---- | C] () -- D:\Windows\System32\ustor.dll
    [2012/12/01 09:09:21 | 034,666,488 | ---- | C] () -- D:\Users\paulloftin\144047_1485_OJ6000.zip.part
    [2012/11/25 14:48:38 | 016,653,844 | ---- | C] () -- D:\Users\paulloftin\144047_1611_-PS.zip
    [2012/11/25 14:48:26 | 103,843,528 | ---- | C] () -- D:\Users\paulloftin\144047_54_Vista_Win7_Win8_R270.zip
    [2012/11/25 14:47:53 | 083,655,085 | ---- | C] () -- D:\Users\paulloftin\144047_1485_OJ6000.zip
    [2012/11/25 14:47:29 | 002,988,988 | ---- | C] () -- D:\Users\paulloftin\144047_1_intel_inf_9.3.0.1020.zip
    [2012/11/25 14:47:28 | 000,492,307 | ---- | C] () -- D:\Users\paulloftin\144047_2190_Intel_1.zip
    [2012/10/16 13:32:40 | 000,202,805 | ---- | C] () -- D:\ProgramData\1350412008.bdinstall.bin
    [2012/10/15 17:48:22 | 000,371,732 | ---- | C] () -- D:\ProgramData\1350340918.bdinstall.bin
    [2012/10/15 17:41:57 | 000,077,237 | ---- | C] () -- D:\ProgramData\1350340915.bdinstall.bin
    [2012/09/29 08:55:55 | 000,439,719 | ---- | C] () -- D:\ProgramData\1348926680.bdinstall.bin
    [2012/09/29 08:38:43 | 000,153,935 | ---- | C] () -- D:\ProgramData\1348925661.bdinstall.bin
    [2012/01/22 18:00:38 | 000,239,360 | ---- | C] () -- D:\ProgramData\1327272371.bdinstall.bin
    [2011/11/24 17:40:06 | 002,424,375 | ---- | C] () -- D:\Users\paulloftin\Grandchildren 11 2011.jpg
    [2011/08/19 10:50:43 | 000,000,349 | ---- | C] () -- D:\Users\paulloftin\AppData\Roaming\com.w3i.FlipToast_state.xml
    [2011/07/06 18:40:22 | 025,051,136 | ---- | C] () -- D:\Users\paulloftin\COMPONENTS
    [2011/04/21 14:21:46 | 000,012,535 | ---- | C] () -- D:\Users\paulloftin\WLMContacts.csv
    [2011/04/16 22:16:36 | 014,421,146 | ---- | C] () -- D:\Users\paulloftin\Good afternoon 1.rtf
    [2011/04/12 18:43:25 | 001,066,177 | ---- | C] () -- D:\Users\paulloftin\Haley G.JPG
    [2011/04/05 19:50:57 | 000,122,880 | ---- | C] () -- D:\Users\paulloftin\Publication2.pub
    [2011/03/21 16:43:57 | 000,000,098 | ---- | C] () -- D:\Users\paulloftin\AppData\Local\fusioncache.dat
    [2010/11/21 16:15:46 | 000,006,000 | ---- | C] () -- D:\Users\paulloftin\AppData\Local\d3d9caps.dat
    [2010/09/26 16:09:44 | 034,103,296 | ---- | C] () -- D:\Users\paulloftin\SOFTWARE
    [2010/08/12 15:55:39 | 001,467,350 | ---- | C] () -- D:\Users\paulloftin\DSCF0274.jpg
    [2010/08/01 07:49:02 | 000,001,522 | ---- | C] () -- D:\Users\paulloftin\AppData\Roaming\wklnhst.dat
    [2010/07/17 13:25:04 | 000,153,088 | ---- | C] () -- D:\Program Files\UNWISE.EXE
    [2010/06/24 19:46:37 | 000,083,968 | ---- | C] () -- D:\Users\paulloftin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/05/28 12:40:15 | 000,017,089 | ---- | C] () -- D:\Users\paulloftin\AppData\Roaming\UserTile.png

    ========== ZeroAccess Check ==========

    [2006/11/02 07:51:16 | 000,000,227 | RHS- | M] () -- D:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 99 bytes -> D:\ProgramData\TEMP:7BA6D322
    @Alternate Data Stream - 193 bytes -> D:\ProgramData\TEMP:DFC5A2B2
    @Alternate Data Stream - 147 bytes -> D:\ProgramData\TEMP:8DA0EB21
    @Alternate Data Stream - 140 bytes -> D:\ProgramData\TEMP:ECF54A0E
    @Alternate Data Stream - 135 bytes -> D:\ProgramData\TEMP:895C5142
    @Alternate Data Stream - 128 bytes -> D:\ProgramData\TEMP:73C78BAA
    @Alternate Data Stream - 126 bytes -> D:\ProgramData\TEMP:A082A539
    @Alternate Data Stream - 123 bytes -> D:\ProgramData\TEMP:9547F1DB
    @Alternate Data Stream - 123 bytes -> D:\ProgramData\TEMP:05A9EC70
    @Alternate Data Stream - 122 bytes -> D:\ProgramData\TEMP:A8ADE5D8
    @Alternate Data Stream - 108 bytes -> D:\ProgramData\TEMP:7DC6E295
    < End of report >
     
  12. paloftin

    paloftin Thread Starter

    Joined:
    Feb 15, 2014
    Messages:
    19
    OTL Extras logfile created on: 2/17/2014 18:14:10 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = D:\Users\paulloftin\Downloads
    Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.99 Gb Total Physical Memory | 0.58 Gb Available Physical Memory | 28.98% Memory free
    4.22 Gb Paging File | 2.17 Gb Available in Paging File | 51.50% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files
    Drive C: | 8.38 Gb Total Space | 6.74 Gb Free Space | 80.43% Space Free | Partition Type: NTFS
    Drive D: | 140.67 Gb Total Space | 69.93 Gb Free Space | 49.72% Space Free | Partition Type: NTFS

    Computer Name: PAULLOFTIN-PC | User Name: paulloftin | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- D:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- D:\Windows\winhlp32.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] -- D:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = ChromiumHTM.KCSXFUUW2PKYLKCSHE3YE3UDX4] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    http [open] -- "D:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    https [open] -- "D:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [FinePix] -- "D:\Program Files\FinePixViewer\FinePixViewer.exe" "%1" (FUJIFILM Corporation.)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1317372938-93457200-3788176729-1000]
    "EnableNotifications" = 0
    "EnableNotificationsRef" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{03045531-C6D0-4B76-BF19-11199B2DC4C5}" = lport=9701 | protocol=6 | dir=in | name=syncup_tcp_9701 |
    "{0593B845-7DC3-4324-A422-9BB6EB0C22A5}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{1519B59D-27E9-4C32-B05E-CBBED8EEF9FF}" = lport=138 | protocol=17 | dir=in | app=system |
    "{29E6C263-202C-4901-B16C-4AEFCF2025E8}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{2B6130FA-3FC4-40BE-B6C0-EB1BBB314D5C}" = lport=9700 | protocol=17 | dir=in | name=syncup_udp_9700 |
    "{35CE5B03-BB5F-4BB1-B313-9C4497792D2F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4333DBDA-5C5F-4CB5-8F75-446FA530185E}" = rport=445 | protocol=6 | dir=out | app=system |
    "{442DBF55-BF6A-4959-8D6B-DA2F1EF9C9A0}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{44B135B9-5797-478E-8491-C4EF73DBE841}" = rport=137 | protocol=17 | dir=out | app=system |
    "{59860791-6F53-4ACC-94D5-C5ABF721EF52}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=d:\windows\system32\svchost.exe |
    "{5CBA6847-E610-4DCA-A287-3A3AC12A6CCA}" = rport=1723 | protocol=6 | dir=out | app=system |
    "{5DF7F506-C9A3-4498-9567-A7C88BDF2C68}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=d:\windows\system32\svchost.exe |
    "{62F64CEA-42F1-4AEF-A911-934A71E2BCC3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{6923ECB2-0A39-4635-A752-0D69DD043806}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{6C2DA459-2B33-4384-9EA7-43F9FE7AAD2A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{6C878B3F-6EF0-4134-8203-85766383FC66}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
    "{7E7F4E65-05A4-4A7F-9692-8212860C1297}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{8A92C705-87BE-4302-87F3-35FD9EAB0F34}" = lport=1701 | protocol=17 | dir=in | app=system |
    "{93711544-D1C7-4F57-B1C3-BFD9EA88B124}" = lport=139 | protocol=6 | dir=in | app=system |
    "{94DB7D00-B916-4864-B9FF-07E8499026D4}" = rport=1701 | protocol=17 | dir=out | app=system |
    "{A1BB9CDE-70AA-4F23-BAB8-5463CA3F9BB8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=d:\windows\system32\svchost.exe |
    "{A77EE6F1-DB78-49ED-94FC-027B1AF8109A}" = rport=138 | protocol=17 | dir=out | app=system |
    "{A891A80D-4995-4549-9649-CAA358076FC5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{A9FCE3C4-DB63-4CB7-96B3-C559760F79A9}" = rport=139 | protocol=6 | dir=out | app=system |
    "{B55C776B-360A-489D-9EC8-CA470E18C5C7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{B72114BC-B83D-4418-A57B-AA260ECA9DE2}" = lport=137 | protocol=17 | dir=in | app=system |
    "{B9F09F33-C90B-4F8E-808C-3D7F4F410E3C}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=d:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
    "{C1DDA053-3E5E-4BBB-A86D-D18CA769339C}" = lport=1723 | protocol=6 | dir=in | app=system |
    "{CA11C732-F5F0-4C04-A176-A1D37BCA4827}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{D333B75F-1F3D-45B0-8CC3-4B0DBFF8AC50}" = lport=445 | protocol=6 | dir=in | app=system |
    "{DC6E7C2A-DA1D-4DF6-8426-C58EEC3D3088}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{F88AC92D-168A-4327-AA39-D5369FE5B4A4}" = lport=9702 | protocol=6 | dir=in | name=syncup_tcp_9702 |
    "{FAC75B91-8108-4B04-8769-A807D13D84BC}" = lport=9700 | protocol=6 | dir=in | name=syncup_tcp_9700 |
    "{FEDBDD27-D68A-457A-BBAA-E010BE8D06E2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{09484409-318A-4A35-818C-2B52B5829D80}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{0B194614-2CC1-4551-B00E-7BCE88A48A50}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{0B2D87ED-B7E2-437B-90F3-2D868E99A4BC}" = dir=in | app=d:\program files\windows live\mesh\moe.exe |
    "{18B8AE13-DE45-4D78-A1CA-47477C8944FA}" = protocol=17 | dir=in | app=d:\users\paulloftin\appdata\local\temp\7zs44f6\hpdiagnosticcoreui.exe |
    "{1E6A49F6-23B9-4C75-9401-29469CC0456E}" = dir=in | app=d:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
    "{27EBCEF3-BE23-43AE-87C0-3536C673DC96}" = protocol=58 | dir=in | [email protected],-28545 |
    "{30DF9E8A-0954-4738-8830-DA6060356D9F}" = dir=in | app=d:\program files\hp\digital imaging\bin\hpqste08.exe |
    "{379026C9-6BC1-45E6-AE1F-5A32884C6EA1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{4207218E-8B6F-4D89-A10A-7F8CBED3F520}" = protocol=6 | dir=in | app=d:\program files\belkin\router setup and monitor\belkinsetup.exe |
    "{49E58DDE-D52E-4899-ACA1-DC42C21F743B}" = dir=in | app=d:\program files\hp\digital imaging\bin\hposid01.exe |
    "{56A68E6C-0C5D-4D50-B922-9E39E1AC8540}" = protocol=6 | dir=out | svc=upnphost | app=d:\windows\system32\svchost.exe |
    "{5F6203EA-6BBE-4746-B9B9-A1A577A4BF0D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{61646EEC-E3A1-4381-B2FD-F8FF1D315928}" = protocol=1 | dir=in | [email protected],-28543 |
    "{6A04D81F-5A0F-4493-B0A4-AC01F02F5508}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{6C51D884-6E77-42C7-9A60-16813C024A9D}" = dir=in | app=d:\program files\hp\digital imaging\bin\hpqusgh.exe |
    "{6F932FEB-0C4F-40C6-B838-35403DB72C3A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{70DA997C-932F-415B-A625-DD743BA0148B}" = dir=in | app=d:\program files\hp\digital imaging\bin\hpqusgm.exe |
    "{7BF85FF7-A6D2-4FC4-A0E6-1045DCE4595F}" = dir=in | app=d:\program files\hp\digital imaging\bin\hpqgpc01.exe |
    "{800585DB-66FD-4924-A5ED-F634FC83B0BB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{80B6778B-EE19-4820-9F07-B0D786453D30}" = protocol=17 | dir=in | app=d:\program files\bonjour\mdnsresponder.exe |
    "{811656A5-A581-4BFD-9391-14EF632E15CE}" = dir=in | app=d:\program files\hp\digital imaging\bin\hpqkygrp.exe |
    "{88B5CD71-B7AD-436E-8A0F-8362B68E403D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{8B9F16A4-1862-415C-8FB6-E071A3A6D350}" = protocol=6 | dir=out | app=system |
    "{8FA193B7-48BA-4FEB-9F1F-AD2D54230F1E}" = dir=in | app=d:\program files\belkin\router setup and monitor\belkinsetup.exe |
    "{9A393438-23D6-431B-A40E-257A7F1EC1CF}" = protocol=1 | dir=out | [email protected],-28544 |
    "{A407AC64-1FA6-46F5-A79E-F7FADFDB2E8C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{A5A775C2-C15D-4B84-879F-FE854507DCFF}" = dir=in | app=d:\program files\hp\digital imaging\bin\hpfccopy.exe |
    "{A7F2A3FF-1477-4A40-B40B-35481C7A6C86}" = protocol=17 | dir=in | app=d:\program files\belkin\router setup and monitor\belkinsetup.exe |
    "{ABFEB7AF-F5C1-45C8-BF98-05080DC43FB0}" = protocol=17 | dir=in | app=d:\program files\bonjour\mdnsresponder.exe |
    "{AD3EBF47-45E7-44ED-97C1-91DC143CC2A4}" = protocol=6 | dir=in | app=d:\users\paulloftin\appdata\local\temp\7zs44f6\hpdiagnosticcoreui.exe |
    "{AFE5F023-5041-4CFB-BDDE-14D1F5B2D7E7}" = dir=in | app=d:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
    "{B1B36CCB-198F-4386-80F0-C072EB293052}" = protocol=6 | dir=in | app=d:\program files\bonjour\mdnsresponder.exe |
    "{B227B975-200D-47F7-9DAB-99DFB366EB55}" = dir=in | app=d:\program files\hp\hp software update\hpwucli.exe |
    "{B3B55687-75FA-4EE4-9F9C-E2898FC76E61}" = dir=in | app=d:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
    "{B4CD20EE-A0E0-40D6-BEE4-94C55F9F05D3}" = dir=in | app=d:\program files\itunes\itunes.exe |
    "{B885C849-18DA-4F85-BFD9-1DAE26E8C7E3}" = protocol=6 | dir=in | app=d:\program files\bonjour\mdnsresponder.exe |
    "{B89A1AF1-68D4-4BB5-B52B-5DF304C45A00}" = dir=in | app=d:\users\paulloftin\appdata\local\microsoft\skydrive\skydrive.exe |
    "{BA19C2C5-589B-419F-A120-3755F4EA992F}" = dir=in | app=d:\program files\hp\digital imaging\{14bc6853-a74e-4874-b50d-679889d1544d}\setup\hpznui01.exe |
    "{BE419434-A888-47DE-B2F6-8AA74EEC1DA0}" = protocol=17 | dir=in | app=d:\program files\belkin\router setup and monitor\belkinsetup.exe |
    "{BF58EE73-62FE-4A44-9667-922C98534A01}" = protocol=6 | dir=out | app=system |
    "{C23740C1-8FDF-4A73-9EF6-A7A745D82E6F}" = protocol=6 | dir=out | app=d:\windows\system32\wudfhost.exe |
    "{D2B0DE02-D74D-468B-B102-C94DA148A38C}" = dir=in | app=d:\program files\hp\digital imaging\bin\hpqtra08.exe |
    "{D345B45E-898A-4F17-BB90-1A13BA2E3752}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{D356F950-B833-4561-9242-9942B6651060}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{E0803304-5511-4576-9C92-77275F68BEE5}" = protocol=58 | dir=out | [email protected],-28546 |
    "{E8CB62C7-9B23-46A5-B2B6-5014D9237242}" = dir=in | app=d:\program files\windows live\contacts\wlcomm.exe |
    "{EED7AC77-FEB2-40D8-9490-2DE88C13F929}" = protocol=6 | dir=in | app=d:\program files\belkin\router setup and monitor\belkinsetup.exe |
    "{EF232055-3890-4514-BE05-377027106DC2}" = dir=in | app=d:\program files\hp\digital imaging\bin\hpoews01.exe |
    "{FAD16133-3F84-4C0E-9C76-E114612AA5E1}" = dir=in | app=d:\program files\hp\digital imaging\bin\hpiscnapp.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
    "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0CD47142-BA4F-46B0-AA92-2675864928B8}" = Microsoft Security Client
    "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
    "{10E3A6DD-84D8-4D8A-BB11-5E5314BCA7FD}" = Apple Mobile Device Support
    "{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
    "{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
    "{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{166FCF01-AC98-4288-A01C-90BEB808C059}" = Sony RAW Driver
    "{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback
    "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
    "{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.5.3
    "{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 51
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}" = WeatherBug
    "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
    "{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{373B1718-8CC5-4567-8EE2-9033AD08A680}" = ROBLOX Player
    "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3F702F22-A623-4B6A-41BD-420700558223}_is1" = What's my computer doing 1.xx
    "{40F06490-8C14-43AA-99D3-EEEFDBAC3CFC}" = SyncUP
    "{42BBA4CC-EFB6-4653-A2CC-F305D4B399C3}" = PS_AIO_07_D110_SW_Min
    "{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
    "{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
    "{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
    "{55C4B9E9-39C8-4BD6-9BCF-41BE40393A5F}" = D110
    "{563FE39E-B4D7-4DC0-B443-97313128AEC0}" = Hallmark Card Studio Special Edition
    "{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{616445AF-BBCF-41C1-A4D6-8CFF171C182D}" = iTunes
    "{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
    "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6D2EFF3B-B191-4B1F-8ABF-C4A8028DB8CF}" = Alcor Micro USB Card Reader
    "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7196E6BD-4B65-43F9-9D30-73A8E58D0E84}" = Avery Wizard 4.0
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7AAA00C4-26E6-4EC0-8069-955B0A9D6009}" = Intel(R) Network Connections 15.2.89.0
    "{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}" = Bing Desktop
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
    "{8777089A-4CF4-44BA-910B-9A4580669DED}" = Hallmark Card Studio Express
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8B157EE4-0BAB-4CCE-B92C-5844AB6E20F1}" = HP Smart Print 1.1.5.0
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8D78030A-64D6-4F9D-8D8A-ED2A7DED70BB}" = SyncUP Help (CHM)
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8E1CB0F1-67BF-4052-AA23-FA22E94804C1}" = InstallIQ Updater
    "{8E4B1BE8-DCF3-4B90-A726-B28107442623}" = SolutionCenter
    "{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
    "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
    "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{959B7F35-2819-40C5-A0CD-3C53B5FCC935}" = Genesys USB Mass Storage Device
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A421348C-43DF-46F8-8024-7ABC9F92A682}" = HP Printer Quality Research Study
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A760067A-C07E-1033-0000-A764AC000008}" = Avery Template
    "{A760067A-C07E-1033-0000-A764AC000010}" = Avery Template
    "{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
    "{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}" = Apple Application Support
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.9)
    "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
    "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
    "{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
    "{B92C2C6C-F70E-497B-88A7-1FEF9888272B}" = Adobe AIR
    "{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
    "{BBFB2E59-B0DB-42C8-8F4D-CF4E85471667}" = Toolbox
    "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
    "{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}" = RealDownloader
    "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
    "{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D54E3D9F-FEB8-4D2D-A138-B69A5C80080B}" = Updater
    "{D92C9CCE-E5F0-4125-977A-0590F3225B74}" = SyncUP
    "{DB9BF6DA-8030-4A21-9FF4-8856A7556FCF}" = CWA Reminder by We-Care.com v4.1.22.3
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E15BC10F-04AA-0AFD-A6C9-476730195F8B}" = Adobe Download Assistant
    "{E3B3AB03-8ABC-46CF-8CA9-DB5581E1F368}" = FinePix Studio
    "{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
    "{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
    "{F80BD4BC-06B8-488E-A62E-C4755013DD71}" = Network
    "{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
    "{FC279721-37A6-4777-AFD8-7A56681EBA14}" = Expert PDF 7 Reader
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FF6DD716-7B10-4269-9F19-FFB07AC4CD95}" = Bing Bar
    "7-zip" = 7-zip v9.20
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
    "Belkin Setup and Router Monitor_is1" = Belkin Setup and Router Monitor
    "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
    "Dora Saves the Snow Princess" = Dora Saves the Snow Princess
    "DriverFinder" = DriverFinder
    "EPSON Printer and Utilities" = EPSON Printer Software
    "Free Window Registry Repair" = Free Window Registry Repair
    "Glary Registry Repair_is1" = Glary Registry Repair 3.3.0.852
    "Glary Utilities 4" = Glary Utilities 4.5
    "Google Chrome" = Google Chrome
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "HP Photo Creations" = HP Photo Creations
    "InstallShield_{6D2EFF3B-B191-4B1F-8ABF-C4A8028DB8CF}" = Alcor Micro USB Card Reader
    "InternetUpdater" = Internet Updater
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft Security Client" = Microsoft Security Essentials
    "MyFinePix Studio_is1" = FUJIFILM MyFinePix Studio 4.2
    "PROSetDX" = Intel(R) Network Connections 15.2.89.0
    "RealPlayer 16.0" = RealPlayer
    "SpyGuard" = Spy Guard
    "WinLiveSuite" = Windows Live Essentials
    "Yahoo! Software Update" = Yahoo! Software Update

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Browser" = Browser
    "SkyDriveSetup.exe" = Microsoft SkyDrive

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 2/16/2014 20:53:27 | Computer Name = paulloftin-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "D:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe".
    Dependent
    Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 2/16/2014 20:56:07 | Computer Name = paulloftin-PC | Source = Windows Search Service | ID = 3028
    Description =

    Error - 2/16/2014 20:56:07 | Computer Name = paulloftin-PC | Source = Windows Search Service | ID = 3058
    Description =

    Error - 2/16/2014 22:14:36 | Computer Name = paulloftin-PC | Source = MatSvc | ID = 262147
    Description = The MATS service encountered a web service failure. hr=0x801901F7

    Error - 2/16/2014 22:19:46 | Computer Name = paulloftin-PC | Source = MatSvc | ID = 262147
    Description = The MATS service encountered a web service failure. hr=0x801901F7

    Error - 2/17/2014 03:13:48 | Computer Name = paulloftin-PC | Source = MatSvc | ID = 262147
    Description = The MATS service encountered a web service failure. hr=0x801901F7

    Error - 2/17/2014 03:18:47 | Computer Name = paulloftin-PC | Source = MatSvc | ID = 262147
    Description = The MATS service encountered a web service failure. hr=0x801901F7

    Error - 2/17/2014 08:17:49 | Computer Name = paulloftin-PC | Source = MatSvc | ID = 262147
    Description = The MATS service encountered a web service failure. hr=0x801901F7

    Error - 2/17/2014 08:22:48 | Computer Name = paulloftin-PC | Source = MatSvc | ID = 262147
    Description = The MATS service encountered a web service failure. hr=0x801901F7

    Error - 2/17/2014 13:20:43 | Computer Name = paulloftin-PC | Source = MatSvc | ID = 262147
    Description = The MATS service encountered a web service failure. hr=0x801901F7

    Error - 2/17/2014 13:25:43 | Computer Name = paulloftin-PC | Source = MatSvc | ID = 262147
    Description = The MATS service encountered a web service failure. hr=0x801901F7

    Error - 2/17/2014 17:36:44 | Computer Name = paulloftin-PC | Source = MatSvc | ID = 262147
    Description = The MATS service encountered a web service failure. hr=0x801901F7

    Error - 2/17/2014 17:41:43 | Computer Name = paulloftin-PC | Source = MatSvc | ID = 262147
    Description = The MATS service encountered a web service failure. hr=0x801901F7

    [ System Events ]
    Error - 2/16/2014 20:42:56 | Computer Name = paulloftin-PC | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 1.165.4165.0 Update Source: %%859 Update Stage:
    %%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM
    Current
    Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x8007043c Error
    description: This service cannot be started in Safe Mode

    Error - 2/16/2014 20:49:13 | Computer Name = paulloftin-PC | Source = DCOM | ID = 10010
    Description =

    Error - 2/16/2014 20:53:39 | Computer Name = paulloftin-PC | Source = Service Control Manager | ID = 7022
    Description =

    Error - 2/16/2014 20:53:42 | Computer Name = paulloftin-PC | Source = Service Control Manager | ID = 7022
    Description =

    Error - 2/16/2014 20:53:48 | Computer Name = paulloftin-PC | Source = Service Control Manager | ID = 7026
    Description =

    Error - 2/16/2014 20:56:10 | Computer Name = paulloftin-PC | Source = Service Control Manager | ID = 7024
    Description =

    Error - 2/16/2014 20:56:10 | Computer Name = paulloftin-PC | Source = Service Control Manager | ID = 7031
    Description =

    Error - 2/16/2014 20:56:39 | Computer Name = paulloftin-PC | Source = DCOM | ID = 10010
    Description =

    Error - 2/17/2014 14:10:38 | Computer Name = paulloftin-PC | Source = Microsoft Antimalware | ID = 1119
    Description = %%860 has encountered a critical error when taking action on malware
    or other potentially unwanted software. For more information please see the following:
    http://go.microsoft.com/fwlink/?linkid=37020&name=Exploit:Java/CVE-2010-0840&threatid=2147643366
    Name:
    Exploit:Java/CVE-2010-0840 ID: 2147643366 Severity: Severe Category: Exploit Path:
    containerfile:_D:\Users\paulloftin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\6f4ac418-4837c4fc;file:_D:\Users\paulloftin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\6f4ac418-4837c4fc->datas/SquarePants.class
    Detection
    Origin: %%845 Detection Type: %%822 Detection Source: %%818 User: NT AUTHORITY\SYSTEM
    Process
    Name: D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe Action: %%809 Action Status:
    No additional actions required Error Code: 0x8007065e Error description: Data of
    this type is not supported. Signature Version: AV: 1.165.4200.0, AS: 1.165.4200.0,
    NIS: 109.107.0.0 Engine Version: AM: 1.1.10201.0, NIS: 2.1.10003.0

    Error - 2/17/2014 14:10:38 | Computer Name = paulloftin-PC | Source = Microsoft Antimalware | ID = 1119
    Description = %%860 has encountered a critical error when taking action on malware
    or other potentially unwanted software. For more information please see the following:
    http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Java/Toniper&threatid=2147678505
    Name:
    TrojanDownloader:Java/Toniper ID: 2147678505 Severity: Severe Category: Trojan Downloader
    Path:
    containerfile:_D:\Users\paulloftin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\6f4ac418-4837c4fc;file:_D:\Users\paulloftin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\6f4ac418-4837c4fc->datas/wall.class;file:_D:\Users\paulloftin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\6f4ac418-4837c4fc->datas/Zom.class;file:_D:\Users\paulloftin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\6f4ac418-4837c4fc->datas/Zonkeys.class
    Detection
    Origin: %%845 Detection Type: %%822 Detection Source: %%820 User: NT AUTHORITY\SYSTEM
    Process
    Name: Unknown Action: %%809 Action Status: No additional actions required Error Code:
    0x8007065e Error description: Data of this type is not supported. Signature Version:
    AV: 1.165.4200.0, AS: 1.165.4200.0, NIS: 109.107.0.0 Engine Version: AM: 1.1.10201.0,
    NIS: 2.1.10003.0


    < End of report >
     
  13. paloftin

    paloftin Thread Starter

    Joined:
    Feb 15, 2014
    Messages:
    19
    The script error was resolved however my computer is still doing some strange things. Run fast, the slow, the fast, then freeze, all random. Sometimes a program will open and other times it will not. When typing a document it will simply stop in the middle of a word and not let me do anything for a while and then on its own it will start back up. I don't know what is going on with it. I appreciate your time in this matter, thank you.
     
  14. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,593
    paloftin.
    Quite a bit to do here at first. Just take one step at a time.
    You should stay away from any Registry helpers/boosters/optimizers, etc. The risk of system damage far outweighs any possible benefits.
    ------------------------------------------------
    Remove Programs Using Control Panel
    From Start, Control Panel, click on Uninstall a program under the Programs heading.
    Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue:

    InstallIQ Updater
    Adobe Reader X (10.1.9)
    Coupon Printer for Windows
    Free Window Registry Repair
    Glary Registry Repair
    Internet Updater
    Spy Guard

    Take extra care in answering questions posed by any Uninstaller.
    -----------------------------------------------------------
    REBOOT (RESTART) Your Machine

    --------------------------------------------------------
    Download and Install the newest version of Adobe Reader for reading pdf files
    There are security vulnerabilities in earlier versions of both Reader and Acrobat Pro. All versions numbered lower than 11.0.06 are vulnerable.
    Go HERE to download the Installer AdbeRdr11006_en_US.exe .
    Save the file to your desktop and run it to install the latest version of Adobe Reader.
    Always be careful to UNCHECK any offer for toolbars, helpers or other "partner" Free programs
    After the new Reader is installed, Open Adobe Reader XI, as it is called, and OK the license.
    Click on Edit and select Preferences.
    On the Left, click on the Javascript category and Uncheck Enable Acrobat Javascript.
    Click on the Security (Enhanced) category
    Uncheck Automatically trust sites from my Win OS security zones, and under Protected View, click on Files from potentially unsafe locations.
    Click on the Trust Manager category and Uncheck Allow opening of non-PDF file attachments with external applications.
    Click the OK button
    When it asks if you are sure you want to make changes to Advanced Security Preferences, answer Yes.
    When it finishes, you can remove the Installer from your desktop.
    ----------------------------------------------
    Perform a Custom Fix with OTL
    Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
    • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
      Code:
      :Commands
      [CREATERESTOREPOINT]
      
      :OTL
      FF - prefs.js..browser.startup.homepage: "http://search.yahoo.com?type=114576&fr=spigot-yhp-ff"
      FF - prefs.js..browser.startup.homepage: "http://search.yahoo.com?type=114576&fr=spigot-yhp-ff"
      [2013/07/07 15:58:21 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- D:\Users\paulloftin\AppData\Roaming\Mozilla\Firefox\Profiles\1wzryyw7.defau lt\extensions\[email protected](251).com
      [2013/07/07 15:58:21 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- D:\Users\paulloftin\AppData\Roaming\Mozilla\Firefox\Profiles\ii34x9sc.defau lt\extensions\[email protected](252).com
      [2014/02/14 19:05:51 | 000,000,000 | ---D | M] (Spy Guard) -- D:\Users\paulloftin\AppData\Roaming\Mozilla\Firefox\Profiles\ii34x9sc.defau lt\extensions\[email protected]
      CHR - homepage: http://www1.delta-search.com/?babsrc...3_wt4&tsp=4970
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
      O4 - HKLM..\Run: [Updater] D:\ProgramData\Updater\updater.exe (Updater)
      O4 - HKCU..\Run: [Updater] D:\ProgramData\Updater\updater.exe (Updater)
      O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No CLSID value found.
      [2014/02/14 19:05:33 | 000,000,000 | ---D | C] -- D:\ProgramData\SpyGuard
      [2010/07/17 13:25:04 | 002,734,688 | ---- | C] (Conduit Ltd.) -- D:\Program Files\tbZyng.dll
      
      :Files
      D:\ProgramData\Updater
      ipconfig /flushdns /c
      
      :Commands
      [PURITY]
      [emptyjava]
      [emptyflash] 
      [EMPTYTEMP]
      
    • Then click the Run Fix button at the top.
    • Let the program run unhindered, and click to allow the Reboot when it is done.
      When the computer Reboots, and you start your usual account, a Notepad text file will appear.
    • Copy the contents of that file and post it in your next reply.
      That is the FIX log file. It will also be available and named by timestamp here: C:\_OTL\Moved Files\mmddyyyy_hhmmss.log
    ----------------------------------------------
    After posting the Resulting log, Please Rescan as follows:
    Open OTL again and click the Quick Scan button. Post the new log it produces, OTL.txt, in a separate reply.
    ---------------------------------------------------
    So, In Your Replies, we will be looking for the following :
    The contents of:
    • The FIX log from OTL
    • Fresh version of OTL.txt from the Quick Scan.
    Please feel free to use separate replies.

    askey127
     
  15. paloftin

    paloftin Thread Starter

    Joined:
    Feb 15, 2014
    Messages:
    19
    All processes killed
    ========== COMMANDS ==========
    Restore point Set: OTL Restore Point
    ========== OTL ==========
    Prefs.js: "http://search.yahoo.com?type=114576&fr=spigot-yhp-ff" removed from browser.startup.homepage
    Prefs.js: "http://search.yahoo.com?type=114576&fr=spigot-yhp-ff" removed from browser.startup.homepage
    Folder D:\Users\paulloftin\AppData\Roaming\Mozilla\Firefox\Profiles\1wzryyw7.defau lt\extensions\[email protected](251).com\ not found.
    Folder D:\Users\paulloftin\AppData\Roaming\Mozilla\Firefox\Profiles\ii34x9sc.defau lt\extensions\[email protected](252).com\ not found.
    Folder D:\Users\paulloftin\AppData\Roaming\Mozilla\Firefox\Profiles\ii34x9sc.defau lt\extensions\[email protected]\ not found.
    Use Chrome's Settings page to change the HomePage.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Updater deleted successfully.
    D:\ProgramData\Updater\updater.exe moved successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Updater deleted successfully.
    File D:\ProgramData\Updater\updater.exe not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}\ deleted successfully.
    D:\ProgramData\SpyGuard folder moved successfully.
    D:\Program Files\tbZyng.dll moved successfully.
    ========== FILES ==========
    D:\ProgramData\Updater folder moved successfully.
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    D:\Users\paulloftin\Desktop\cmd.bat deleted successfully.
    D:\Users\paulloftin\Desktop\cmd.txt deleted successfully.
    ========== COMMANDS ==========

    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: paulloftin
    ->Java cache emptied: 12136869 bytes

    User: Public

    Total Java Files Cleaned = 12.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 57472 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: paulloftin
    ->Flash cache emptied: 66738 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: paulloftin
    ->Temp folder emptied: 279067 bytes
    ->Temporary Internet Files folder emptied: 169825502 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 76166593 bytes
    ->Flash cache emptied: 0 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 2207627846 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 13701 bytes

    Total Files Cleaned = 2,340.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 02182014_091058
    Files\Folders moved on Reboot...
    PendingFileRenameOperations files...
    Registry entries deleted on Reboot...
     
  16. valis

    valis Moderator

    Joined:
    Sep 24, 2004
    Messages:
    72,640
    I'm going to go ahead an mark this as unsolved as there is still work occurring.

    thanks,

    v
     
  17. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Solved Script error
  1. troy23
    Replies:
    1
    Views:
    130
  2. Wimalaya
    Replies:
    25
    Views:
    3,120
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1120016