Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

bootable device not found & google redirect

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

bootable device not found & google redirect

Unread postby machiavelli2 » January 29th, 2014, 7:38 am

Dear supporters,

I have acer aspire one s3-391 with windows 7
recently my google chrome would redirect few of the web sites that I visited, e.g. I would write nytimes.com and then it would write static.facebok... and the chrome would freeze.
tonight the computer restarted and gave me the "no bootable device found", I couldn't turn it off with the power button..and after pressing a tiny push button on the back which show a symol of a battery coming out->then it restarted and loged into windows.
immediately I backed up everything
I uninstalled chrome and reinstalled and I don't get the redirection probloem now
Another symptom that I should add is that it takes longer times for my computer to turn on after I shut it down
I'm most worried about the fact that I almost couldn't reboot my laptop.
What can I do to solve the problem?
Should I create a bootable usb? any prevention measures that I can perform to lessen that disaster if it really crashes?
Thank you,
M.

here is the attach.txt:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 7/15/2013 2:27:11 AM
System Uptime: 1/27/2014 9:04:25 PM (0 hours ago)
.
Motherboard: Acer | | Hummingbird2
Processor: Intel(R) Core(TM) i7-3517U CPU @ 1.90GHz | U3E1 | 1896/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 96 GiB total, 20.57 GiB free.
D: is Removable
E: is FIXED (FAT32) - 466 GiB total, 300.608 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
clear.fi SDK- Movie 2
clear.fi SDK - MVP 2
64 Bit HP CIO Components Installer
6500_E709_eDocs
6500_E709_Help
6500_E709a
Acer Backup Manager
Acer Crystal Eye Webcam
Acer Docs
Acer ePower Management
Acer eRecovery Management
Acer Games
Acer Instant Update Service
Acer Registration
Acer ScreenSaver
Acer Theft Shield
Acer Updater
Acer VCM
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader XI (11.0.06)
Agatha Christie - Death on the Nile
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Bluetooth Suite (64)
AX88772B Windows 7 Drivers
Babylon
Backup Manager V3
Bejeweled 3
Bing Bar
Bonjour
bpd_scan
BPDSoftware
BPDSoftware_Ini
Browser Repair Tool 1.0.39
BufferChm
CamStudio 2.7.2
Chronicles of Albian
Chuzzle Deluxe
clear.fi Media
clear.fi Photo
Cradle of Rome 2
CyberLink MediaEspresso
D3DX10
Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition
Destinations
DeviceDiscovery
DocMgr
DocProc
Dolby Home Theater v4
Dora's World Adventure
Dropbox
eBay Worldwide
EndNote X7
ETDWare PS/2-X64 10.6.9.8_WHQL
Evernote v. 4.5.2
FATE
Fax
Final Drive: Nitro
Fooz Kids
Fooz Kids Platform
Galerie de photos Windows Live
Galería fotográfica de Windows Live
Google Chrome
Google Update Helper
Governor of Poker 2 Premium Edition
GPBaseService2
HP Customer Participation Program 14.0
HP Document Manager 2.0
HP Imaging Device Functions 14.0
HP Officejet 6500 E709 Series
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Update
HPDiagnosticAlert
HPProductAssistant
HPSSupply
IBM SPSS Statistics 21
iCloud
Identity Card
Intel(R) Manageability Engine Firmware Recovery Agent
Intel(R) Management Engine Components
Intel(R) OpenCL CPU Runtime
Intel(R) Processor Graphics
Intel(R) Rapid Start Technology
Intel(R) Rapid Storage Technology
Intel(R) Turbo Boost Technology Monitor 2.5
Intel(R) USB 3.0 eXtensible Host Controller Driver
Intel® Trusted Connect Service Client
iTunes
Jewel Match 3
Jewel Quest Mysteries: The Seventh Gate Collector's Edition
Junk Mail filter update
Launch Manager
MarketResearch
Mesh Runtime
Microsoft .NET Framework 4.5.1
Microsoft Access MUI (English) 2013
Microsoft Access Setup Metadata MUI (English) 2013
Microsoft DCF MUI (English) 2013
Microsoft Excel MUI (English) 2013
Microsoft Groove MUI (English) 2013
Microsoft InfoPath MUI (English) 2013
Microsoft Lync MUI (English) 2013
Microsoft Office 32-bit Components 2013
Microsoft Office OSM MUI (English) 2013
Microsoft Office OSM UX MUI (English) 2013
Microsoft Office Professional Plus 2013
Microsoft Office Proofing (English) 2013
Microsoft Office Proofing Tools 2013 - English
Microsoft Office Proofing Tools 2013 - Español
Microsoft Office Shared 32-bit MUI (English) 2013
Microsoft Office Shared MUI (English) 2013
Microsoft Office Shared Setup Metadata MUI (English) 2013
Microsoft OneNote MUI (English) 2013
Microsoft Outlook MUI (English) 2013
Microsoft Outlook Personal Folders Backup
Microsoft PowerPoint MUI (English) 2013
Microsoft Publisher MUI (English) 2013
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Word MUI (English) 2013
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyWinLocker
MyWinLocker 4
MyWinLocker Suite
Network64
newsXpresso
NOOK for PC
Norton Internet Security
Norton Online Backup
OCR Software by I.R.I.S. 14.0
Outils de vérification linguistique 2013 de Microsoft Office - Français
Penguins!
Plants vs. Zombies - Game of the Year
Polar Bowler
Polar Golfer
ProductContext
Qualcomm Atheros WiFi Driver Installation
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
ResearchSoft Direct Export Helper
Scan
Security Update for Microsoft Excel 2013 (KB2827238) 64-Bit Edition
Security Update for Microsoft Lync 2013 (KB2850057) 64-Bit Edition
Security Update for Microsoft Office 2013 (KB2768005) 64-Bit Edition
Security Update for Microsoft Office 2013 (KB2810009) 64-Bit Edition
Security Update for Microsoft Office 2013 (KB2850064) 64-Bit Edition
Security Update for Microsoft Word 2013 (KB2827224) 64-Bit Edition
Security Update for Microsoft Word 2013 (KB2863834) 64-Bit Edition
Shop for HP Supplies
Shredder
Skype™ 6.6
Sleep Memory Optimizer
Smart Timer
SmartWebPrinting
SolutionCenter
Status
Toolbox
Torchlight
TrayApp
Update for Microsoft Access 2013 (KB2768008) 64-Bit Edition
Update for Microsoft Access 2013 (KB2827233) 64-Bit Edition
Update for Microsoft InfoPath 2013 (KB2837648) 64-Bit Edition
Update for Microsoft Lync 2013 (KB2817678) 64-Bit Edition
Update for Microsoft Office 2013 (KB2726954) 64-Bit Edition
Update for Microsoft Office 2013 (KB2726996) 64-Bit Edition
Update for Microsoft Office 2013 (KB2738038) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760224) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760242) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760267) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760539) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760553) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760610) 64-Bit Edition
Update for Microsoft Office 2013 (KB2767845) 64-Bit Edition
Update for Microsoft Office 2013 (KB2768016) 64-Bit Edition
Update for Microsoft Office 2013 (KB2817314) 64-Bit Edition
Update for Microsoft Office 2013 (KB2817316) 64-Bit Edition
Update for Microsoft Office 2013 (KB2817490) 64-Bit Edition
Update for Microsoft Office 2013 (KB2817626) 64-Bit Edition
Update for Microsoft Office 2013 (KB2826004) 64-Bit Edition
Update for Microsoft Office 2013 (KB2827225) 64-Bit Edition
Update for Microsoft Office 2013 (KB2827227) 64-Bit Edition
Update for Microsoft Office 2013 (KB2827230) 64-Bit Edition
Update for Microsoft Office 2013 (KB2827239) 64-Bit Edition
Update for Microsoft Office 2013 (KB2837626) 64-Bit Edition
Update for Microsoft Office 2013 (KB2837637) 64-Bit Edition
Update for Microsoft Office 2013 (KB2837638) 64-Bit Edition
Update for Microsoft Office 2013 (KB2837655) 64-Bit Edition
Update for Microsoft Office 2013 (KB2850066) 64-Bit Edition
Update for Microsoft OneNote 2013 (KB2850063) 64-Bit Edition
Update for Microsoft Outlook 2013 (KB2850061) 64-Bit Edition
Update for Microsoft PowerPoint 2013 (KB2767850) 64-Bit Edition
Update for Microsoft Project 2013 (KB2727085) 64-Bit Edition
Update for Microsoft Publisher 2013 (KB2837635) 64-Bit Edition
Update for Microsoft SkyDrive Pro (KB2817495) 64-Bit Edition
Update for Microsoft SkyDrive Pro (KB2837652) 64-Bit Edition
Update for Microsoft Visio 2013 (KB2817306) 64-Bit Edition
Update for Microsoft Visio Viewer 2013 (KB2768338) 64-Bit Edition
Update for Microsoft Word 2013 (KB2837647) 64-Bit Edition
Update Installer for WildTangent Games App
Virtual Villagers 5 - New Believers
WebReg
Welcome Center
WildTangent Games App (Acer Games)
Winamp
Winamp Detector Plug-in
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live Galeria de Fotos
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR archiver
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
1/27/2014 9:05:18 PM, Error: Microsoft-Windows-Eventlog [23] - The event logging service encountered an error (res=1117) while initializing logging resources for channel Microsoft-Windows-Application-Experience/Program-Inventory.
1/27/2014 9:04:37 PM, Error: Service Control Manager [7000] - The McAfee SiteAdvisor Service service failed to start due to the following error: The system cannot find the file specified.
1/27/2014 9:02:24 PM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
1/27/2014 6:40:29 PM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
1/27/2014 6:32:51 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
1/24/2014 10:32:15 AM, Error: Microsoft-Windows-Eventlog [23] - The event logging service encountered an error (res=121) while initializing logging resources for channel Microsoft-Windows-Application-Experience/Program-Inventory.
1/23/2014 12:24:51 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 IDSVia64
1/23/2014 12:24:47 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000074 (0x0000000000000002, 0xfffff8800320d9e0, 0x0000000000000002, 0xffffffffc000014d). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012314-5522-01.
1/21/2014 12:19:12 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 172.16.10.80 with the system having network hardware address F0-D1-A9-BA-28-01. Network operations on this system may be disrupted as a result.
1/21/2014 12:10:46 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 172.16.10.52 with the system having network hardware address 00-1C-B3-FF-53-67. Network operations on this system may be disrupted as a result.
1/21/2014 11:29:04 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR4.
.
==== End Of File ===========================





here is the DDS:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428
Run by eransadot at 21:31:49 on 2014-01-27
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3934.1675 [GMT -5:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files (x86)\Launch Manager\LMutilps32.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Sleep Memory Optimizer\FFSService.exe
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Windows\SysWOW64\irstrtsv.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Windows\system32\igfxext.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Windows\System32\StikyNot.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\eransadot\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Users\eransadot\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Dolby PCEE4\pcee4.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Babylon\Babylon-Pro\BabylonHelper64.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Cyberlink\MediaEspresso\DeviceDetector\DeviceDetector.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Acer\Acer Theft Shield\USecuAppClient.exe
C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\EgisTec IPS\PMMUpdate.exe
C:\Program Files\EgisTec IPS\EgisUpdate.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uLocal Page = about:blank
uWindow Title = Microsoft Internet Explorer
uSearch Bar = Preserve
mStart Page = about:blank
mLocal Page = about:blank
mWindow Title = Microsoft Internet Explorer
mDefault_Page_URL = about:blank
mWinlogon: Userinit = C:\Windows\System32\userinit.exe
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\ips\ipsbho.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coieplg.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [SkyDrive] "C:\Users\eransadot\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [Dolby Home Theater v4] "C:\Dolby PCEE4\pcee4.exe" -autostart
mRun: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [Babylon Client] C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe -AutoStart
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
StartupFolder: C:\Users\ERANSA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\eransadot\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\eransadot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ACERVC~1.LNK - C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105
IE: Translate this web page with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{DCC87A4C-21F1-4A71-B78F-43A2D9265166} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{DCC87A4C-21F1-4A71-B78F-43A2D9265166}\14E64627F696461405 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{DCC87A4C-21F1-4A71-B78F-43A2D9265166}\160716E64627F69646 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{DCC87A4C-21F1-4A71-B78F-43A2D9265166}\566756E6477657563747 : DHCPNameServer = 8.8.8.8 208.67.222.222 66.28.0.30
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coieplg.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coieplg.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4
x64-Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [InstantUpdate] C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuDaemon.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-7-15 16152]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1501000.012\symds64.sys [2014-1-11 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1501000.012\symefa64.sys [2014-1-11 1147480]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\BASHDefs\20140121.001\BHDrvx64.sys [2014-1-22 1526488]
R1 ccSet_NIS;NIS Settings Manager;C:\Windows\System32\drivers\NISx64\1501000.012\ccsetx64.sys [2014-1-11 162392]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\IPSDefs\20140127.001\IDSviA64.sys [2014-1-27 521944]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2013-7-15 22648]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2013-7-15 20520]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2013-7-15 62776]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1501000.012\ironx64.sys [2014-1-11 264280]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1501000.012\symnets.sys [2014-1-11 590936]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2012-3-8 107648]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-5-12 249648]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2013-7-15 355920]
R2 ePowerSvc;ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2013-7-15 871296]
R2 FFSOpzSvc;Sleep memory optimizer;C:\Program Files\Sleep Memory Optimizer\FFSService.exe [2013-7-15 141192]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2012-2-29 28264]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-3 628448]
R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2013-7-15 127320]
R2 irstrtsv;Intel(R) Rapid Start Technology Service;C:\Windows\SysWOW64\irstrtsv.exe [2013-7-15 192856]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2013-7-15 162648]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2012-4-12 255376]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\nis.exe [2014-1-11 275696]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2012-1-5 256536]
R2 RS_Service;Raw Socket Service;C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [2013-7-15 260640]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2012-1-20 16128]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-7-15 362840]
R2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe [2013-7-15 72864]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2012-3-8 30848]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-1-23 137648]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2013-7-15 239400]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-7-15 331264]
R3 irstrtdv;Intel(R) Rapid Start Technology Driver;C:\Windows\System32\drivers\irstrtdv.sys [2013-7-15 26504]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-7-15 356120]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-7-15 788760]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe --> c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2012-3-8 36480]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-6-7 191752]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2012-3-8 340096]
S3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\System32\drivers\btath_avdt.sys [2012-3-8 111232]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2012-3-8 168064]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2012-3-8 68736]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2012-3-8 281472]
S3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2012-3-8 551552]
S3 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-6-21 173424]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-13 111616]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-10-1 178824]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-7-15 19456]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUVStor.sys [2012-4-12 314472]
S3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2013-6-20 42184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-11-13 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-7-15 30208]
S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.5;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2012-1-20 149504]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 USecuAppSvc;Acer Theft Shield Service;C:\Program Files\Acer\Acer Theft Shield\USecuAppSvc.exe [2012-11-12 345744]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-7-15 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .vbs: VBSFile=C:\Windows\SysWow64\WScript.exe "%1" %*
FileExt: .js: jsfile=C:\Windows\SysWow64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2014-01-28 00:00:08 -------- d-----w- C:\Program Files (x86)\Anvisoft
2014-01-27 02:11:39 -------- d-----w- C:\Users\eransadot\AppData\Local\NPE
2014-01-27 00:36:39 -------- d-----w- C:\Users\eransadot\AppData\Local\Deployment
2014-01-27 00:36:39 -------- d-----w- C:\Users\eransadot\AppData\Local\Apps
2014-01-23 12:35:58 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2014-01-23 12:35:50 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-23 12:35:50 -------- d-----w- C:\Program Files\iTunes
2014-01-23 12:35:50 -------- d-----w- C:\Program Files\iPod
2014-01-23 12:35:50 -------- d-----w- C:\Program Files (x86)\iTunes
2014-01-23 02:09:42 30208 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPDBC.DLL
2014-01-23 02:09:42 100352 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPPBC.DLL
2014-01-23 02:09:36 389120 ----a-w- C:\Windows\System32\CNMLMBC.DLL
2014-01-23 02:09:35 363520 ----a-w- C:\Windows\System32\CNC_BCL.dll
2014-01-23 02:09:35 287744 ----a-w- C:\Windows\System32\CNC_BCC.dll
2014-01-23 02:09:35 17920 ----a-w- C:\Windows\System32\CNHMCA6.dll
2014-01-23 02:09:35 106496 ----a-w- C:\Windows\System32\CNC_BCI.dll
2014-01-15 17:12:27 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2014-01-15 17:12:27 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2014-01-15 17:12:27 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2014-01-15 17:12:27 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2014-01-15 17:12:27 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2014-01-15 17:12:27 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2014-01-15 17:12:27 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2014-01-15 17:12:25 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
2014-01-15 17:12:25 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-01-11 22:42:49 858200 ----a-w- C:\Windows\System32\drivers\NISx64\1501000.012\srtsp64.sys
2014-01-11 22:42:49 590936 ----a-w- C:\Windows\System32\drivers\NISx64\1501000.012\symnets.sys
2014-01-11 22:42:49 493656 ----a-r- C:\Windows\System32\drivers\NISx64\1501000.012\symds64.sys
2014-01-11 22:42:49 36952 ----a-r- C:\Windows\System32\drivers\NISx64\1501000.012\srtspx64.sys
2014-01-11 22:42:49 264280 ----a-r- C:\Windows\System32\drivers\NISx64\1501000.012\ironx64.sys
2014-01-11 22:42:49 23568 ----a-r- C:\Windows\System32\drivers\NISx64\1501000.012\symelam.sys
2014-01-11 22:42:49 162392 ----a-w- C:\Windows\System32\drivers\NISx64\1501000.012\ccsetx64.sys
2014-01-11 22:42:49 1147480 ----a-w- C:\Windows\System32\drivers\NISx64\1501000.012\symefa64.sys
2014-01-11 22:42:45 -------- d-----w- C:\Windows\System32\drivers\NISx64\1501000.012
2014-01-11 22:31:50 177752 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2014-01-11 22:31:50 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2014-01-11 22:31:12 -------- d-----w- C:\Windows\System32\drivers\NISx64
2014-01-11 22:31:10 -------- d-----w- C:\Program Files (x86)\Norton Internet Security
2014-01-11 22:22:36 -------- d-----w- C:\ProgramData\PCSettings
2014-01-10 11:46:01 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{86A25D7B-8474-4AAF-9CFE-67ABE6289B2B}\mpengine.dll
2014-01-08 19:39:35 -------- d-----w- C:\Program Files\Common Files\ResearchSoft
2014-01-08 19:39:22 -------- d-----w- C:\Program Files (x86)\EndNote X7
2014-01-08 19:38:48 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2014-01-07 11:39:07 -------- d-----w- C:\Users\eransadot\AppData\Local\Doc
2014-01-07 11:38:47 -------- d-----w- C:\Users\eransadot\AppData\Local\ClearfiMedia
2014-01-07 11:37:45 -------- d-----w- C:\Users\eransadot\AppData\Local\ClearfiPhoto
2014-01-07 11:36:43 -------- d-----w- C:\Users\eransadot\AppData\Local\AcerCloud
2014-01-07 11:35:20 -------- d-----w- C:\Users\eransadot\AppData\Local\clear.fi
2014-01-07 11:35:19 -------- d-----w- C:\Users\eransadot\AppData\Local\Acer
.
==================== Find3M ====================
.
2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-11-19 08:33:38 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-10-30 02:32:01 335360 ----a-w- C:\Windows\System32\msieftp.dll
machiavelli2
Member+
 
Posts: 21
Joined: January 26th, 2014, 11:25 pm
Advertisement
Register to Remove

Re: bootable device not found & google redirect

Unread postby Gary R » January 31st, 2014, 2:19 am

Looking over your logs, back soon.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21870
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: bootable device not found & google redirect

Unread postby Gary R » January 31st, 2014, 2:27 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the "Infected? Virus, malware, adware, ransomware, oh my!" forum and wait for help.


Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Hi machiavelli2

I'm Gary R,

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

As an added safety precaution, before we start removing anything, I'd like you to make a backup of your Registry, which we can restore to if necessary.

Please click on THIS link, and follow the instructions for installing TCRB and creating a backup of your Registry.

Please observe these rules while we work:
  • Do not edit your logs in any way whatsoever.
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
  • As you're using Windows 7, it will be necessary to right click all tools we use and select ----> Run as Administrator

It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


Your logs show definite indications of infection, and we can remove them, whether that will resolve all your computer issues is impossible to say at this point.

Before we start to remove your infection I need you to run some additional scans for me.

First ...

Please download AdwCleaner and save it to your desktop.

  • Double click AdwCleaner.exe to run it.
  • Click Scan.
  • A logfile will automatically open after the scan has finished.
  • Close the adwCleaner window, click ok to the prompt.
  • Please post the contents of that logfile with your next reply.
  • You can also find the logfile at C:\AdwCleaner[R1].txt.

DO NOT ATTEMPT TO CLEAN ANYTHING WITH ADWCLEANER AT THIS POINT

Next ...

  • Download FRST64 to your Desktop.
  • Double click Frst64.exe to launch it.
  • FRST will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press the Scan button.
    • When finished scanning 2 logs will open on your Desktop, FRST.txt and Addition.txt
    • Please post them in your next reply.

Finally ...

Please download SystemLook from the link below and save it to your Desktop.

For 64 bit Systems

  • Double-click SystemLook.exe to run it.
  • Copy and paste the contents of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    *babylon*
    *conduit*
    
    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    *babylon*
    *conduit*
    
    :Regfind
    Fun4IM
    Bandoo
    Searchnu
    Searchqu
    iLivid
    whitesmoke
    datamngr
    kelkoopartners
    trolltech
    babylon
    conduit
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan.
  • Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Summary of the logs I need from you in your next post:
  • AdwCleaner[R1].txt
  • FRST.txt
  • Addition.txt
  • SystemLook.txt


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21870
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: bootable device not found & google redirect

Unread postby machiavelli2 » January 31st, 2014, 7:52 am

# AdwCleaner v3.018 - Report created 31/01/2014 at 06:48:54
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : eransadot - ERANSADOT-PC
# Running from : C:\Users\eransadot\Downloads\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found C:\Program Files (x86)\Babylon
Folder Found C:\Program Files\Babylon
Folder Found C:\ProgramData\Babylon
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Babylon
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Babylon
Folder Found C:\Users\eransadot\AppData\Local\Babylon
Folder Found C:\Users\eransadot\AppData\Roaming\Babylon
Folder Found C:\Users\eransadot\AppData\Roaming\OpenCandy

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\anchorfree
Key Found : HKCU\Software\Babylon
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon
Key Found : HKCU\Software\Microsoft\Office\Powerpoint\Addins\babylonofficeaddin.officeaddin
Key Found : HKCU\Software\Microsoft\Office\Word\Addins\babylonofficeaddin.officeaddin
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : [x64] HKCU\Software\anchorfree
Key Found : [x64] HKCU\Software\Babylon
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\.bdc
Key Found : HKLM\SOFTWARE\Classes\.bgl
Key Found : HKLM\SOFTWARE\Classes\.bof
Key Found : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\BabylonIEPI.DLL
Key Found : HKLM\SOFTWARE\Classes\BabyDict
Key Found : HKLM\SOFTWARE\Classes\BabyGloss
Key Found : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho
Key Found : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho.1
Key Found : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin
Key Found : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin.1
Key Found : HKLM\SOFTWARE\Classes\BabyOptFile
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6AC0BB10-C922-45E2-857D-2A368FE749E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A1489C85-4F6F-48C4-AC9E-18B63AF4703E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{F310F027-15CB-4A7F-B10D-3A4AFB5013A5}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Babylon.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Babylon
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{64B00DAC-870D-4E6A-8D34-3A6E3E427A30}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Babylon Client]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [ocr@babylon.com]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Google Chrome v32.0.1700.102

[ File : C:\Users\eransadot\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [4364 octets] - [31/01/2014 06:48:54]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4424 octets] ##########
machiavelli2
Member+
 
Posts: 21
Joined: January 26th, 2014, 11:25 pm

Re: bootable device not found & google redirect

Unread postby machiavelli2 » January 31st, 2014, 7:55 am

FRST.TXT:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-01-2014 01
Ran by eransadot (administrator) on ERANSADOT-PC on 31-01-2014 06:54:28
Running from C:\Users\eransadot\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files\Sleep Memory Optimizer\FFSService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\nis.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Atheros) C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\nis.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Microsoft Corporation) C:\Users\eransadot\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Dropbox, Inc.) C:\Users\eransadot\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Babylon Ltd.) C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Babylon) C:\Program Files\Babylon\Babylon-Pro\BabylonHelper64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
(CyberLink) C:\Program Files (x86)\Cyberlink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Theft Shield\USecuAppClient.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12459112 2012-03-15] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-03-09] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1829768 2012-02-07] (Acer Incorporated)
HKLM\...\Run: [InstantUpdate] - C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuDaemon.exe [124520 2012-02-20] ()
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2822952 2012-02-24] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [1021056 2012-03-08] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [800896 2012-03-08] (Atheros Commnucations)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1105488 2012-03-23] (Dritek System Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [Dolby Home Theater v4] - C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [296984 2012-01-05] (NTI Corporation)
HKLM-x32\...\Run: [Babylon Client] - C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe [3590224 2013-07-16] (Babylon Ltd.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKCU\...\Run: [SkyDrive] - C:\Users\eransadot\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-12-24] (Microsoft Corporation)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-12] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-12] ()
Startup: C:\Users\eransadot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\eransadot\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\eransadot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hpqtra08.exe (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1630090B0000CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKCU - DefaultScope {0C0A35BE-6757-4957-9921-D6F08198230B} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0C0A35BE-6757-4957-9921-D6F08198230B} URL = https://www.google.com/search?q={searchTerms}
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 4.2.2.2 4.2.2.1

Chrome:
=======
CHR HomePage:
CHR Extension: (Google Docs) - C:\Users\eransadot\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-27]
CHR Extension: (Google Drive) - C:\Users\eransadot\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-27]
CHR Extension: (YouTube) - C:\Users\eransadot\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-27]
CHR Extension: (Remove Google Redirects) - C:\Users\eransadot\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccenmflbeofaceccfhhggbagkblihpoh [2014-01-27]
CHR Extension: (Google Search) - C:\Users\eransadot\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-27]
CHR Extension: (Google Wallet) - C:\Users\eransadot\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-27]
CHR Extension: (Gmail) - C:\Users\eransadot\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-27]
CHR HKLM-x32\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonChrome.crx [2013-08-19]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\Exts\Chrome.crx [2014-01-21]

==================== Services (Whitelisted) =================

R2 FFSOpzSvc; C:\Program Files\Sleep Memory Optimizer\FFSService.exe [141192 2011-09-17] (Acer Incorporated)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [127320 2012-03-16] ()
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [192856 2012-02-24] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [162648 2012-03-16] (Intel Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe [275696 2013-10-08] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256536 2012-01-05] (NTI Corporation)
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-29] (Acer Incorporated)
S3 USecuAppSvc; C:\Program Files\Acer\Acer Theft Shield\USecuAppSvc.exe [345744 2012-11-12] (Acer Incorporated)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe [72864 2012-02-19] (Atheros)
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [x]

==================== Drivers (Whitelisted) ====================

R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\BASHDefs\20140121.001\BHDrvx64.sys [1526488 2013-12-18] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-01-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-01-11] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\IPSDefs\20140130.001\IDSvia64.sys [521944 2014-01-20] (Symantec Corporation)
R3 irstrtdv; C:\Windows\System32\DRIVERS\irstrtdv.sys [26504 2012-02-22] (Intel Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\VirusDefs\20140130.023\ENG64.SYS [126040 2014-01-11] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\VirusDefs\20140130.023\EX64.SYS [2099288 2014-01-11] (Symantec Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1501000.012\SRTSP64.SYS [858200 2013-09-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1501000.012\SRTSPX64.SYS [36952 2013-07-30] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1501000.012\SYMDS64.SYS [493656 2013-07-31] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1501000.012\SYMEFA64.SYS [1147480 2013-09-26] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-01-11] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS [264280 2013-07-30] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1501000.012\SYMNETS.SYS [590936 2013-09-25] (Symantec Corporation)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-06-20] (Anchorfree Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-31 06:54 - 2014-01-31 06:54 - 00018615 _____ C:\Users\eransadot\Downloads\FRST.txt
2014-01-31 06:54 - 2014-01-31 06:54 - 00000000 ____D C:\FRST
2014-01-31 06:53 - 2014-01-31 06:53 - 02079744 _____ (Farbar) C:\Users\eransadot\Downloads\FRST64.exe
2014-01-31 06:48 - 2014-01-31 06:49 - 00000000 ____D C:\AdwCleaner
2014-01-31 06:48 - 2014-01-31 06:48 - 01166132 _____ C:\Users\eransadot\Downloads\adwcleaner.exe
2014-01-30 21:33 - 2014-01-30 21:33 - 00020780 _____ C:\Users\eransadot\Downloads\J Amer College Surgeons (1).ens
2014-01-30 21:32 - 2014-01-30 21:32 - 00000000 ____D C:\Users\eransadot\Documents\EndNote
2014-01-30 21:31 - 2014-01-30 21:32 - 00020860 _____ C:\Users\eransadot\Downloads\J Amer College Surgeons.ens
2014-01-27 21:49 - 2014-01-27 21:52 - 00683868 _____ C:\Users\eransadot\Downloads\BCLM_SSO Poster_Jan-22-14 - simplified.pptx
2014-01-27 21:32 - 2014-01-27 21:32 - 00011165 _____ C:\Users\eransadot\Desktop\attach.txt
2014-01-27 21:32 - 2014-01-27 21:31 - 00026985 _____ C:\Users\eransadot\Desktop\dds.txt
2014-01-27 21:31 - 2014-01-27 21:31 - 00688992 ____R (Swearware) C:\Users\eransadot\Downloads\dds.scr
2014-01-27 20:35 - 2014-01-27 20:35 - 04954736 _____ (Microsoft Corporation) C:\Users\eransadot\Downloads\WindowsUpgradeAssistant.exe
2014-01-27 20:20 - 2014-01-31 06:36 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-27 20:20 - 2014-01-30 23:22 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-27 20:20 - 2014-01-27 20:26 - 00003900 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-01-27 20:20 - 2014-01-27 20:26 - 00003648 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-01-27 19:00 - 2014-01-27 19:00 - 00000000 ____D C:\Users\eransadot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anvisoft
2014-01-27 19:00 - 2014-01-27 19:00 - 00000000 ____D C:\Program Files (x86)\Anvisoft
2014-01-26 21:11 - 2014-01-26 22:13 - 00000000 ____D C:\Users\eransadot\AppData\Local\NPE
2014-01-26 19:36 - 2014-01-27 20:20 - 00000000 ____D C:\Users\eransadot\AppData\Local\Deployment
2014-01-26 19:36 - 2014-01-26 19:36 - 00000000 ____D C:\Users\eransadot\AppData\Local\Apps\2.0
2014-01-26 19:30 - 2014-01-26 19:30 - 00116955 _____ C:\Users\eransadot\Documents\bookmarks_1_26_14.html
2014-01-25 16:29 - 2014-01-25 16:29 - 00144896 _____ C:\Users\eransadot\Downloads\RECIST_response_criteria_solid_tumors.ppt
2014-01-25 16:27 - 2014-01-25 16:27 - 00144384 _____ C:\Users\eransadot\Downloads\Neoadjuvant_therapy_for_borderline_resectable_pancreatic_cancer.ppt
2014-01-25 15:18 - 2014-01-25 15:18 - 00251904 _____ C:\Users\eransadot\Downloads\FOLFIRINOX_for_metastatic_pancreatic_cancer.ppt
2014-01-25 14:53 - 2014-01-25 14:53 - 00128512 _____ C:\Users\eransadot\Downloads\Treatment_algorithm_non_metastatic_exocrine_pancreatic_cancer.ppt
2014-01-24 21:42 - 2014-01-24 21:42 - 00263114 _____ C:\Users\eransadot\Downloads\International_Surgical_Oncology_Fellowship.zip
2014-01-23 12:24 - 2014-01-23 12:24 - 00269448 _____ C:\Windows\Minidump\012314-5522-01.dmp
2014-01-23 07:35 - 2014-01-27 17:26 - 00000000 ____D C:\Program Files (x86)\iTunes
2014-01-23 07:35 - 2014-01-23 07:35 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-23 07:35 - 2014-01-23 07:35 - 00000000 ____D C:\Program Files\iTunes
2014-01-23 07:35 - 2014-01-23 07:35 - 00000000 ____D C:\Program Files\iPod
2014-01-23 07:35 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2014-01-23 07:33 - 2014-01-23 07:34 - 148904784 _____ (Apple Inc.) C:\Users\eransadot\Downloads\iTunes64Setup (1).exe
2014-01-22 21:35 - 2014-01-22 21:35 - 00008637 _____ C:\Users\eransadot\Downloads\שכר דירה מזור עזריאל (1).xlsx
2014-01-22 21:09 - 2014-01-22 21:09 - 00000000 ___HD C:\ProgramData\CanonBJ
2014-01-22 21:09 - 2012-04-16 05:00 - 00389120 _____ (CANON INC.) C:\Windows\system32\CNMLMBC.DLL
2014-01-22 21:09 - 2012-02-08 16:36 - 00363520 _____ (CANON INC.) C:\Windows\system32\CNC_BCL.dll
2014-01-22 21:09 - 2012-01-26 10:19 - 00081920 _____ C:\Windows\system32\CNC1765D.TBL
2014-01-22 21:09 - 2012-01-16 14:21 - 00287744 _____ (CANON INC.) C:\Windows\system32\CNC_BCC.dll
2014-01-22 21:09 - 2012-01-16 14:20 - 00106496 _____ (CANON INC.) C:\Windows\system32\CNC_BCI.dll
2014-01-22 21:09 - 2008-08-25 18:02 - 00017920 _____ (CANON INC.) C:\Windows\system32\CNHMCA6.dll
2014-01-18 17:58 - 2014-01-18 17:59 - 10196039 _____ C:\Users\eransadot\Downloads\documents-export-2014-01-18.zip
2014-01-17 08:50 - 2014-01-17 08:50 - 00866859 _____ C:\Users\eransadot\Downloads\reeransadotwarrenfellowshipapplication (1).zip
2014-01-16 13:29 - 2007-02-21 05:37 - 111881637 _____ C:\Users\eransadot\Desktop\Surgical Anatomy - Skandalakis (2004).chm
2014-01-15 12:12 - 2013-11-26 20:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 12:12 - 2013-11-26 20:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 12:12 - 2013-11-26 20:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 12:12 - 2013-11-26 20:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 12:12 - 2013-11-26 20:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 12:12 - 2013-11-26 20:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 12:12 - 2013-11-26 20:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 12:12 - 2013-11-26 06:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 12:12 - 2013-11-26 05:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-14 12:43 - 2014-01-14 12:43 - 00135398 _____ C:\Users\eransadot\Downloads\20130615_CRCLM miR qPCR data analysis.xlsx
2014-01-13 21:37 - 2014-01-13 21:37 - 00032855 _____ C:\Users\eransadot\Downloads\transplant for statistics.xlsx
2014-01-13 18:04 - 2014-01-13 18:05 - 00728757 _____ C:\Users\eransadot\Downloads\BCLM_SSO Poster_Jan-10-14 - simplified.pptx
2014-01-11 19:44 - 2014-01-11 19:45 - 14474757 _____ C:\Users\eransadot\Downloads\happynewyear.zip
2014-01-11 19:42 - 2014-01-11 19:44 - 19955030 _____ C:\Users\eransadot\Downloads\attachments (11).zip
2014-01-11 17:44 - 2014-01-11 17:44 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security
2014-01-11 17:31 - 2014-01-11 17:44 - 00003234 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2014-01-11 17:31 - 2014-01-11 17:44 - 00000000 ____D C:\Windows\system32\Drivers\NISx64
2014-01-11 17:31 - 2014-01-11 17:31 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2014-01-11 17:31 - 2014-01-11 17:31 - 00008222 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2014-01-11 17:31 - 2014-01-11 17:31 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2014-01-11 17:31 - 2014-01-11 17:31 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security
2014-01-11 17:22 - 2014-01-11 17:22 - 00000000 ____D C:\ProgramData\PCSettings
2014-01-10 22:07 - 2014-01-10 22:07 - 00198733 _____ C:\Users\eransadot\Downloads\TS104001551.potx
2014-01-10 12:52 - 2014-01-10 12:52 - 00064431 _____ C:\Users\eransadot\Downloads\HCC_HCA RNA extraction.xlsx
2014-01-10 11:02 - 2014-01-10 11:02 - 00058082 _____ C:\Users\eransadot\Downloads\remicrorna.zip
2014-01-09 17:24 - 2014-01-09 17:24 - 00018178 _____ C:\Users\eransadot\Downloads\EWL.tif
2014-01-08 19:13 - 2014-01-08 19:13 - 00028306 _____ C:\Users\eransadot\Downloads\failure.tif
2014-01-08 19:06 - 2014-01-08 19:06 - 00047267 _____ C:\Users\eransadot\Downloads\fwdsurgicalendoscopymanuscriptcentralpasswordreques.zip
2014-01-08 18:53 - 2014-01-08 18:53 - 00593580 _____ C:\Users\eransadot\Downloads\DataLine Results - SUR8332 - Amended 1-8-14.xlsx
2014-01-08 14:39 - 2014-01-08 14:39 - 00000000 ____D C:\Users\Public\Documents\EndNote
2014-01-08 14:39 - 2014-01-08 14:39 - 00000000 ____D C:\Program Files\Common Files\ResearchSoft
2014-01-08 14:39 - 2014-01-08 14:39 - 00000000 ____D C:\Program Files (x86)\EndNote X7
2014-01-08 14:35 - 2013-05-23 17:00 - 00027080 _____ C:\Users\eransadot\Documents\EAT.nfo
2014-01-08 14:20 - 2014-01-08 14:20 - 13471101 _____ C:\Users\eransadot\Downloads\EndNoteX701UpdateInstaller.zip
2014-01-07 22:35 - 2014-01-20 12:00 - 00000518 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2014-01-07 06:39 - 2014-01-07 06:39 - 00001202 _____ C:\Users\Public\Desktop\Acer Docs.lnk
2014-01-07 06:39 - 2014-01-07 06:39 - 00000000 ____D C:\Users\eransadot\AppData\Local\Doc
2014-01-07 06:38 - 2014-01-07 06:38 - 00000000 ____D C:\Users\eransadot\AppData\Local\ClearfiMedia
2014-01-07 06:37 - 2014-01-07 06:37 - 00000000 ____D C:\Users\eransadot\AppData\Local\ClearfiPhoto
2014-01-07 06:36 - 2014-01-07 06:36 - 00000000 ____D C:\Users\eransadot\AppData\Local\AcerCloud
2014-01-07 06:35 - 2014-01-07 12:44 - 00000000 ____D C:\Users\eransadot\AppData\Local\clear.fi
2014-01-07 06:35 - 2014-01-07 06:35 - 00000880 _____ C:\Users\Public\Desktop\Acer Theft Shield.lnk
2014-01-07 06:35 - 2014-01-07 06:35 - 00000000 ____D C:\Windows\System32\Tasks\Theft Shield
2014-01-07 06:35 - 2014-01-07 06:35 - 00000000 ____D C:\Users\eransadot\AppData\Local\Acer
2014-01-03 11:26 - 2014-01-03 11:27 - 100400976 _____ (Apple Inc.) C:\Users\eransadot\Downloads\iTunes64Setup.exe
2014-01-02 08:38 - 2014-01-02 08:38 - 00014784 _____ C:\Users\eransadot\Downloads\travel form example (3).xlsx
2014-01-02 08:38 - 2014-01-02 08:38 - 00000000 ____D C:\Users\eransadot\AppData\OICE_15_974FA576_32C1D314_1019
2014-01-01 14:02 - 2014-01-01 14:29 - 00000000 ____D C:\Users\eransadot\Desktop\RMC - Tissue Bank
2014-01-01 14:01 - 2014-01-01 14:01 - 00088512 _____ C:\Users\eransadot\Downloads\fwdfw5218001208_.zip

==================== One Month Modified Files and Folders =======

2014-01-31 06:54 - 2014-01-31 06:54 - 00018615 _____ C:\Users\eransadot\Downloads\FRST.txt
2014-01-31 06:54 - 2014-01-31 06:54 - 00000000 ____D C:\FRST
2014-01-31 06:53 - 2014-01-31 06:53 - 02079744 _____ (Farbar) C:\Users\eransadot\Downloads\FRST64.exe
2014-01-31 06:52 - 2013-07-17 01:18 - 00000000 ____D C:\ProgramData\Babylon
2014-01-31 06:49 - 2014-01-31 06:48 - 00000000 ____D C:\AdwCleaner
2014-01-31 06:48 - 2014-01-31 06:48 - 01166132 _____ C:\Users\eransadot\Downloads\adwcleaner.exe
2014-01-31 06:40 - 2009-07-13 23:45 - 00024416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-31 06:40 - 2009-07-13 23:45 - 00024416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-31 06:38 - 2009-07-14 00:13 - 00782058 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-31 06:37 - 2013-07-15 00:59 - 01217040 _____ C:\Windows\WindowsUpdate.log
2014-01-31 06:36 - 2014-01-27 20:20 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-31 06:34 - 2013-07-15 23:24 - 00000000 ____D C:\Users\eransadot\AppData\Roaming\Dropbox
2014-01-30 23:23 - 2013-12-24 11:13 - 00000000 ___RD C:\Users\eransadot\SkyDrive
2014-01-30 23:23 - 2013-07-15 23:26 - 00000000 ___RD C:\Users\eransadot\Desktop\Dropbox
2014-01-30 23:22 - 2014-01-27 20:20 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-30 23:22 - 2013-07-15 00:58 - 00000828 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2014-01-30 23:22 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-30 23:22 - 2009-07-13 23:51 - 00089945 _____ C:\Windows\setupact.log
2014-01-30 21:33 - 2014-01-30 21:33 - 00020780 _____ C:\Users\eransadot\Downloads\J Amer College Surgeons (1).ens
2014-01-30 21:32 - 2014-01-30 21:32 - 00000000 ____D C:\Users\eransadot\Documents\EndNote
2014-01-30 21:32 - 2014-01-30 21:31 - 00020860 _____ C:\Users\eransadot\Downloads\J Amer College Surgeons.ens
2014-01-30 14:44 - 2013-07-15 00:58 - 00000830 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2014-01-27 21:52 - 2014-01-27 21:49 - 00683868 _____ C:\Users\eransadot\Downloads\BCLM_SSO Poster_Jan-22-14 - simplified.pptx
2014-01-27 21:32 - 2014-01-27 21:32 - 00011165 _____ C:\Users\eransadot\Desktop\attach.txt
2014-01-27 21:31 - 2014-01-27 21:32 - 00026985 _____ C:\Users\eransadot\Desktop\dds.txt
2014-01-27 21:31 - 2014-01-27 21:31 - 00688992 ____R (Swearware) C:\Users\eransadot\Downloads\dds.scr
2014-01-27 21:04 - 2010-11-20 22:47 - 00373790 _____ C:\Windows\PFRO.log
2014-01-27 20:35 - 2014-01-27 20:35 - 04954736 _____ (Microsoft Corporation) C:\Users\eransadot\Downloads\WindowsUpgradeAssistant.exe
2014-01-27 20:26 - 2014-01-27 20:20 - 00003900 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-01-27 20:26 - 2014-01-27 20:20 - 00003648 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-01-27 20:23 - 2013-07-14 22:30 - 00000000 ____D C:\Users\eransadot\AppData\Local\Google
2014-01-27 20:23 - 2013-07-14 22:30 - 00000000 ____D C:\Program Files (x86)\Google
2014-01-27 20:20 - 2014-01-26 19:36 - 00000000 ____D C:\Users\eransadot\AppData\Local\Deployment
2014-01-27 19:00 - 2014-01-27 19:00 - 00000000 ____D C:\Users\eransadot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anvisoft
2014-01-27 19:00 - 2014-01-27 19:00 - 00000000 ____D C:\Program Files (x86)\Anvisoft
2014-01-27 17:26 - 2014-01-23 07:35 - 00000000 ____D C:\Program Files (x86)\iTunes
2014-01-26 22:13 - 2014-01-26 21:11 - 00000000 ____D C:\Users\eransadot\AppData\Local\NPE
2014-01-26 21:12 - 2013-07-15 01:57 - 00000000 ____D C:\ProgramData\Norton
2014-01-26 19:36 - 2014-01-26 19:36 - 00000000 ____D C:\Users\eransadot\AppData\Local\Apps\2.0
2014-01-26 19:30 - 2014-01-26 19:30 - 00116955 _____ C:\Users\eransadot\Documents\bookmarks_1_26_14.html
2014-01-25 16:29 - 2014-01-25 16:29 - 00144896 _____ C:\Users\eransadot\Downloads\RECIST_response_criteria_solid_tumors.ppt
2014-01-25 16:27 - 2014-01-25 16:27 - 00144384 _____ C:\Users\eransadot\Downloads\Neoadjuvant_therapy_for_borderline_resectable_pancreatic_cancer.ppt
2014-01-25 15:18 - 2014-01-25 15:18 - 00251904 _____ C:\Users\eransadot\Downloads\FOLFIRINOX_for_metastatic_pancreatic_cancer.ppt
2014-01-25 14:53 - 2014-01-25 14:53 - 00128512 _____ C:\Users\eransadot\Downloads\Treatment_algorithm_non_metastatic_exocrine_pancreatic_cancer.ppt
2014-01-24 21:42 - 2014-01-24 21:42 - 00263114 _____ C:\Users\eransadot\Downloads\International_Surgical_Oncology_Fellowship.zip
2014-01-23 12:24 - 2014-01-23 12:24 - 00269448 _____ C:\Windows\Minidump\012314-5522-01.dmp
2014-01-23 12:24 - 2013-07-23 22:07 - 00000000 ____D C:\Windows\Minidump
2014-01-23 10:41 - 2013-12-22 14:06 - 00004988 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for eransadot-PC-eransadot eransadot-PC
2014-01-23 07:35 - 2014-01-23 07:35 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-23 07:35 - 2014-01-23 07:35 - 00000000 ____D C:\Program Files\iTunes
2014-01-23 07:35 - 2014-01-23 07:35 - 00000000 ____D C:\Program Files\iPod
2014-01-23 07:35 - 2013-07-15 15:19 - 00000000 ____D C:\ProgramData\Apple
2014-01-23 07:34 - 2014-01-23 07:33 - 148904784 _____ (Apple Inc.) C:\Users\eransadot\Downloads\iTunes64Setup (1).exe
2014-01-22 21:35 - 2014-01-22 21:35 - 00008637 _____ C:\Users\eransadot\Downloads\שכר דירה מזור עזריאל (1).xlsx
2014-01-22 21:09 - 2014-01-22 21:09 - 00000000 ___HD C:\ProgramData\CanonBJ
2014-01-20 18:27 - 2013-07-15 23:25 - 00000442 _____ C:\Windows\wininit.ini
2014-01-20 18:27 - 2013-07-15 01:27 - 00000000 ___RD C:\Users\eransadot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-20 18:26 - 2013-07-15 23:24 - 00000000 ____D C:\Users\eransadot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-20 12:00 - 2014-01-07 22:35 - 00000518 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2014-01-18 17:59 - 2014-01-18 17:58 - 10196039 _____ C:\Users\eransadot\Downloads\documents-export-2014-01-18.zip
2014-01-17 08:50 - 2014-01-17 08:50 - 00866859 _____ C:\Users\eransadot\Downloads\reeransadotwarrenfellowshipapplication (1).zip
2014-01-16 20:57 - 2013-07-14 22:34 - 00000000 ____D C:\Users\eransadot\Desktop\Eran
2014-01-15 16:13 - 2009-07-13 23:45 - 00498936 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-15 12:15 - 2013-07-15 13:41 - 00000000 ____D C:\Windows\system32\MRT
2014-01-15 12:15 - 2013-07-15 08:26 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-15 12:15 - 2009-07-13 21:34 - 00000545 _____ C:\Windows\win.ini
2014-01-15 12:14 - 2013-07-15 12:20 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-14 12:43 - 2014-01-14 12:43 - 00135398 _____ C:\Users\eransadot\Downloads\20130615_CRCLM miR qPCR data analysis.xlsx
2014-01-13 21:58 - 2013-07-15 01:27 - 00000000 ____D C:\Users\eransadot
2014-01-13 21:37 - 2014-01-13 21:37 - 00032855 _____ C:\Users\eransadot\Downloads\transplant for statistics.xlsx
2014-01-13 18:05 - 2014-01-13 18:04 - 00728757 _____ C:\Users\eransadot\Downloads\BCLM_SSO Poster_Jan-10-14 - simplified.pptx
2014-01-11 19:45 - 2014-01-11 19:44 - 14474757 _____ C:\Users\eransadot\Downloads\happynewyear.zip
2014-01-11 19:44 - 2014-01-11 19:42 - 19955030 _____ C:\Users\eransadot\Downloads\attachments (11).zip
2014-01-11 17:44 - 2014-01-11 17:44 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security
2014-01-11 17:44 - 2014-01-11 17:31 - 00003234 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2014-01-11 17:44 - 2014-01-11 17:31 - 00000000 ____D C:\Windows\system32\Drivers\NISx64
2014-01-11 17:31 - 2014-01-11 17:31 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2014-01-11 17:31 - 2014-01-11 17:31 - 00008222 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2014-01-11 17:31 - 2014-01-11 17:31 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2014-01-11 17:31 - 2014-01-11 17:31 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security
2014-01-11 17:22 - 2014-01-11 17:22 - 00000000 ____D C:\ProgramData\PCSettings
2014-01-11 12:46 - 2013-07-14 22:41 - 00000000 ____D C:\Program Files (x86)\WinRAR
2014-01-10 22:07 - 2014-01-10 22:07 - 00198733 _____ C:\Users\eransadot\Downloads\TS104001551.potx
2014-01-10 12:52 - 2014-01-10 12:52 - 00064431 _____ C:\Users\eransadot\Downloads\HCC_HCA RNA extraction.xlsx
2014-01-10 11:02 - 2014-01-10 11:02 - 00058082 _____ C:\Users\eransadot\Downloads\remicrorna.zip
2014-01-09 18:22 - 2013-07-15 01:43 - 00000000 ____D C:\Users\eransadot\Desktop\Interesting New Articles
2014-01-09 17:24 - 2014-01-09 17:24 - 00018178 _____ C:\Users\eransadot\Downloads\EWL.tif
2014-01-08 19:13 - 2014-01-08 19:13 - 00028306 _____ C:\Users\eransadot\Downloads\failure.tif
2014-01-08 19:06 - 2014-01-08 19:06 - 00047267 _____ C:\Users\eransadot\Downloads\fwdsurgicalendoscopymanuscriptcentralpasswordreques.zip
2014-01-08 18:53 - 2014-01-08 18:53 - 00593580 _____ C:\Users\eransadot\Downloads\DataLine Results - SUR8332 - Amended 1-8-14.xlsx
2014-01-08 14:39 - 2014-01-08 14:39 - 00000000 ____D C:\Users\Public\Documents\EndNote
2014-01-08 14:39 - 2014-01-08 14:39 - 00000000 ____D C:\Program Files\Common Files\ResearchSoft
2014-01-08 14:39 - 2014-01-08 14:39 - 00000000 ____D C:\Program Files (x86)\EndNote X7
2014-01-08 14:39 - 2013-07-15 23:57 - 00000000 ____D C:\ProgramData\Thomson.ResearchSoft.Installers
2014-01-08 14:20 - 2014-01-08 14:20 - 13471101 _____ C:\Users\eransadot\Downloads\EndNoteX701UpdateInstaller.zip
2014-01-07 12:44 - 2014-01-07 06:35 - 00000000 ____D C:\Users\eransadot\AppData\Local\clear.fi
2014-01-07 06:39 - 2014-01-07 06:39 - 00001202 _____ C:\Users\Public\Desktop\Acer Docs.lnk
2014-01-07 06:39 - 2014-01-07 06:39 - 00000000 ____D C:\Users\eransadot\AppData\Local\Doc
2014-01-07 06:39 - 2012-04-12 22:40 - 00000000 __SHD C:\OEM
2014-01-07 06:39 - 2012-04-12 22:19 - 00000000 ____D C:\Program Files (x86)\Acer
2014-01-07 06:38 - 2014-01-07 06:38 - 00000000 ____D C:\Users\eransadot\AppData\Local\ClearfiMedia
2014-01-07 06:37 - 2014-01-07 06:37 - 00000000 ____D C:\Users\eransadot\AppData\Local\ClearfiPhoto
2014-01-07 06:36 - 2014-01-07 06:36 - 00000000 ____D C:\Users\eransadot\AppData\Local\AcerCloud
2014-01-07 06:35 - 2014-01-07 06:35 - 00000880 _____ C:\Users\Public\Desktop\Acer Theft Shield.lnk
2014-01-07 06:35 - 2014-01-07 06:35 - 00000000 ____D C:\Windows\System32\Tasks\Theft Shield
2014-01-07 06:35 - 2014-01-07 06:35 - 00000000 ____D C:\Users\eransadot\AppData\Local\Acer
2014-01-07 06:35 - 2012-04-12 22:19 - 00000000 ____D C:\Program Files\Acer
2014-01-07 06:35 - 2012-04-12 22:10 - 00000000 ____D C:\ProgramData\oem
2014-01-03 11:27 - 2014-01-03 11:26 - 100400976 _____ (Apple Inc.) C:\Users\eransadot\Downloads\iTunes64Setup.exe
2014-01-02 08:38 - 2014-01-02 08:38 - 00014784 _____ C:\Users\eransadot\Downloads\travel form example (3).xlsx
2014-01-02 08:38 - 2014-01-02 08:38 - 00000000 ____D C:\Users\eransadot\AppData\OICE_15_974FA576_32C1D314_1019
2014-01-01 14:29 - 2014-01-01 14:02 - 00000000 ____D C:\Users\eransadot\Desktop\RMC - Tissue Bank
2014-01-01 14:01 - 2014-01-01 14:01 - 00088512 _____ C:\Users\eransadot\Downloads\fwdfw5218001208_.zip

Files to move or delete:
====================
C:\Users\eransadot\AppData\Roaming\Camdata.ini
C:\Users\eransadot\AppData\Roaming\CamLayout.ini
C:\Users\eransadot\AppData\Roaming\CamShapes.ini


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-30 10:04

==================== End Of Log ============================
machiavelli2
Member+
 
Posts: 21
Joined: January 26th, 2014, 11:25 pm

Re: bootable device not found & google redirect

Unread postby machiavelli2 » January 31st, 2014, 7:56 am

Addition.TXT:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-01-2014 01
Ran by eransadot at 2014-01-31 06:54:48
Running from C:\Users\eransadot\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Norton Internet Security (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

clear.fi SDK - MVP 2 (x32 Version: 2.0.1505 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.0.1502 - CyberLink Corp.) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
6500_E709_eDocs (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
6500_E709_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
6500_E709a (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
Acer Backup Manager (x32 Version: 3.0.0.100 - NTI Corporation)
Acer Crystal Eye Webcam (x32 Version: 1.5.2624.00 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.5.2624.00 - CyberLink Corp.) Hidden
Acer Docs (x32 Version: 1.03.2002 - Acer Incorporated)
Acer ePower Management (x32 Version: 6.00.3010 - Acer Incorporated)
Acer eRecovery Management (x32 Version: 5.00.3507 - Acer Incorporated)
Acer Games (x32 Version: 1.0.2.5 - WildTangent)
Acer Instant Update Service (Version: 1.00.3001 - Acer Incorporated)
Acer Registration (x32 Version: 1.04.3506 - Acer Incorporated)
Acer ScreenSaver (x32 Version: 20.12.0307.1154 - Acer Incorporated)
Acer Theft Shield (Version: 1.01.3006 - Acer Incorporated)
Acer Updater (x32 Version: 1.02.3501 - Acer Incorporated)
Acer VCM (x32 Version: 4.05.3501 - Acer Incorporated)
Adobe AIR (x32 Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.6.0.19120 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (x32 Version: 11.0.06 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Atheros Bluetooth Suite (64) (Version: 7.4.0.126 - Atheros)
AX88772B Windows 7 Drivers (x32 Version: 1.0.1.1 - ASIX Electronics Corporation)
AX88772B Windows 7 Drivers (x32 Version: 1.0.1.1 - ASIX Electronics Corporation) Hidden
Babylon (x32 Version: - Babylon)
Backup Manager V3 (x32 Version: 3.0.0.100 - NTI Corporation) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bing Bar (x32 Version: 7.0.765.0 - Microsoft Corporation)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Browser Repair Tool 1.0.39 (x32 Version: 1.0.39 - Anvisoft)
BufferChm (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
CamStudio 2.7.2 (Version: 2.7.2 - CamStudio Open Source)
Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
clear.fi Media (x32 Version: 2.00.3004 - Acer Incorporated)
clear.fi Photo (x32 Version: 2.00.3004 - Acer Incorporated)
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink MediaEspresso (x32 Version: 6.5.1720_38230 - CyberLink Corp.)
CyberLink MediaEspresso (x32 Version: 6.5.1720_38230 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition (Version: - Microsoft)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
DocMgr (x32 Version: 140.0.65.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.100.000 - Hewlett-Packard) Hidden
Dolby Home Theater v4 (x32 Version: 7.2.7000.7 - Dolby Laboratories Inc)
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dropbox (HKCU Version: 2.4.11 - Dropbox, Inc.)
eBay Worldwide (x32 Version: 2.2.0409 - OEM)
EndNote X7 (x32 Version: 17.0.0.7072 - Thomson Reuters)
ETDWare PS/2-X64 10.6.9.8_WHQL (Version: 10.6.9.8 - ELAN Microelectronic Corp.)
Evernote v. 4.5.2 (x32 Version: 4.5.2.5866 - Evernote Corp.)
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Fax (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fooz Kids (x32 Version: 3.1.2 - FUHU, Inc.)
Fooz Kids (x32 Version: 3.1.2 - FUHU, Inc.) Hidden
Fooz Kids Platform (x32 Version: 2.1 - FUHU, Inc.)
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (x32 Version: 32.0.1700.102 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
GPBaseService2 (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (Version: 14.0 - HP)
HP Document Manager 2.0 (Version: 2.0 - HP)
HP Imaging Device Functions 14.0 (Version: 14.0 - HP)
HP Officejet 6500 E709 Series (Version: 14.0 - HP)
HP Smart Web Printing 4.60 (Version: 4.60 - HP)
HP Solution Center 14.0 (Version: 14.0 - HP)
HP Update (x32 Version: 5.005.000.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPProductAssistant (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
IBM SPSS Statistics 21 (Version: 21.0.0.0 - IBM Corp)
iCloud (Version: 3.0.2.163 - Apple Inc.)
Identity Card (x32 Version: 1.00.3501 - Acer Incorporated)
Intel(R) Manageability Engine Firmware Recovery Agent (x32 Version: 1.0.0.35342 - Intel Corporation)
Intel(R) Management Engine Components (x32 Version: 8.0.4.1441 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (x32 Version: - Intel Corporation)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2653 - Intel Corporation)
Intel(R) Rapid Start Technology (x32 Version: 1.0.0.1022 - Intel Corporation)
Intel(R) Rapid Storage Technology (x32 Version: 11.0.0.1032 - Intel Corporation)
Intel(R) Turbo Boost Technology Monitor 2.5 (Version: 2.5.1.0 - Intel)
Intel(R) USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.4.220 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.23.605.1 - Intel Corporation)
iTunes (Version: 11.1.3.8 - Apple Inc.)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (x32 Version: 5.1.15 - Acer Inc.)
MarketResearch (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Access MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Access Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft DCF MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Excel MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Groove MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Lync MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office 32-bit Components 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Español (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Outlook Personal Folders Backup (x32 Version: 1.10.0.0 - Microsoft Corporation)
Microsoft PowerPoint MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Word MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker Suite (x32 Version: 4.0.14.19 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.19 - Egis Technology Inc.) Hidden
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
newsXpresso (x32 Version: 1.0.0.40 - esobi Inc.)
newsXpresso (x32 Version: 1.0.0.40 - esobi Inc.) Hidden
NOOK for PC (x32 Version: 2.5.6.9575 - Barnesandnoble.com)
Norton Internet Security (x32 Version: 21.1.0.18 - Symantec Corporation)
Norton Online Backup (x32 Version: 2.1.17869 - Symantec Corporation)
OCR Software by I.R.I.S. 14.0 (Version: 14.0 - HP)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
ProductContext (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
Qualcomm Atheros WiFi Driver Installation (x32 Version: 3.1 - Qualcomm Atheros)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6597 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7601.39025 - Realtek Semiconductor Corp.)
ResearchSoft Direct Export Helper (x32 Version: - Thomson Reuters)
Scan (x32 Version: 140.0.167.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (Version: 14.0 - HP)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype™ 6.6 (x32 Version: 6.6.106 - Skype Technologies S.A.)
Sleep Memory Optimizer (x32 Version: 1.00.3004 - Acer Incorporated)
Smart Timer (x32 Version: 1.00.3004 - Acer Incorporated)
SmartWebPrinting (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.256.000 - Hewlett-Packard) Hidden
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
TrayApp (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Update for Microsoft Access 2013 (KB2768008) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Access 2013 (KB2827233) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft InfoPath 2013 (KB2837648) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Lync 2013 (KB2817678) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2726954) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2726996) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2738038) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760224) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760242) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760267) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760539) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760553) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760610) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2767845) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2768016) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817314) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817316) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817490) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817626) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2826004) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2827225) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2827227) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2827230) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2827239) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2837626) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2837637) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2837638) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2837655) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2850066) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft OneNote 2013 (KB2850063) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Outlook 2013 (KB2850061) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2767850) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Project 2013 (KB2727085) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Publisher 2013 (KB2837635) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft SkyDrive Pro (KB2817495) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft SkyDrive Pro (KB2837652) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Visio 2013 (KB2817306) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2768338) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2837647) 64-Bit Edition (Version: - Microsoft)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden
WebReg (x32 Version: 140.0.213.017 - Hewlett-Packard) Hidden
Welcome Center (x32 Version: 1.02.3507 - Acer Incorporated)
WildTangent Games App (Acer Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden
Winamp (x32 Version: 5.64 - Nullsoft, Inc)
Winamp Detector Plug-in (HKCU Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR archiver (x32 Version: - )
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Restore Points =========================


==================== Hosts content: ==========================

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {084E3E00-6291-4226-8097-0D9E9A6DB467} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-02-06] (Acer Incorporated)
Task: {3FA9980E-C36B-434B-9F5A-648E417E0AA6} - System32\Tasks\Microsoft Office 15 Sync Maintenance for eransadot-PC-eransadot eransadot-PC => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2013-09-10] (Microsoft Corporation)
Task: {4603CE32-267F-40F3-B3E2-EA5AB6424C19} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2011-03-28] (Egis Technology Inc.)
Task: {592F1A3A-BDF5-4312-9B2D-7E2E0045F75A} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {5F7CEF26-3A31-4A67-A526-B2C3A00CDE99} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {62C63718-2371-49E2-8A8B-F6F14BBE9B03} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {6BD82D97-6296-41E1-93CB-D06BE2A9A0E2} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2011-03-28] (Egis Technology Inc.)
Task: {6F08CC4D-C98E-452A-9363-6EC7C8CBA4CD} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {775220EC-60C4-4A00-8F72-390514B2DB79} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {7E887DF8-F62F-405A-A129-B2C61B30BD68} - System32\Tasks\Smart Timer Task Scheduler => Smart_Timer.exe
Task: {7EF588D6-8E7C-46AF-AB41-4561B07FBC4E} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\Cyberlink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2011-05-20] (CyberLink)
Task: {8B7B8C03-0281-4860-AFEE-60215513C2D3} - System32\Tasks\Theft Shield\AcerTheftShieldTask => C:\Program Files\Acer\Acer Theft Shield\USecuAppLauncher.exe [2012-11-12] (Acer Incorporated)
Task: {A0A64400-ECC9-46C9-A681-72DF9062582F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-27] (Google Inc.)
Task: {ABBE9E06-196C-4DD8-BFD6-DEDE3C9D7511} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {BAECAFF1-71E7-423E-8658-604D89E80887} - System32\Tasks\{E24B57FA-512A-4EE1-95E5-2794BA78471F} => Chrome.exe http://ui.skype.com/ui/0/6.6.0.106/en/g ... Error=1618
Task: {DCDA601F-A577-4F5F-BA2B-A12AC8D45764} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {E9097238-9E70-4CE7-B9BD-6669144D0EFD} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2012-02-24] (Intel)
Task: {F52D0771-FC29-403B-8375-A11B10D6F6EE} - System32\Tasks\{2A698282-B7E1-47EB-8223-9A42644AFA18} => Chrome.exe http://ui.skype.com/ui/0/6.6.0.106/en/g ... Error=1618
Task: {F54C27EF-2AFD-456A-9A64-D00BB1448DA0} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {FD6C813F-46EB-4C07-9792-CE6B4C611F67} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\WSCStub.exe [2013-10-08] (Symantec Corporation)
Task: {FFEB98A4-1F7A-443B-BC86-FBE8AF2FF35F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-27] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe

==================== Loaded Modules (whitelisted) =============

2013-10-17 11:25 - 2013-10-17 11:25 - 08866472 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2009-01-21 18:45 - 2009-01-21 18:45 - 01401856 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll
2013-07-15 01:47 - 2012-02-14 12:53 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-01-05 16:22 - 2012-01-05 16:22 - 00465344 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2012-01-05 16:22 - 2012-01-05 16:22 - 01081368 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2012-01-05 16:22 - 2012-01-05 16:22 - 00125464 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2013-10-18 18:55 - 2013-10-18 18:55 - 25100288 _____ () C:\Users\eransadot\AppData\Roaming\Dropbox\bin\libcef.dll
2013-07-17 01:19 - 2010-03-29 07:02 - 00520234 _____ () C:\ProgramData\Babylon\sqlite3.dll
2013-10-17 11:25 - 2013-10-17 11:25 - 08866472 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-01-27 20:23 - 2014-01-23 00:56 - 00715544 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\libglesv2.dll
2014-01-27 20:23 - 2014-01-23 00:56 - 00100120 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\libegl.dll
2014-01-27 20:23 - 2014-01-23 00:56 - 04055320 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\pdf.dll
2014-01-27 20:23 - 2014-01-23 00:57 - 00399640 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll
2014-01-27 20:23 - 2014-01-23 00:55 - 01634584 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ffmpegsumo.dll
2013-07-15 00:58 - 2012-03-07 09:27 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/31/2014 06:40:01 AM) (Source: Office Software Protection Platform Service) (User: )
Description: Failed to schedule Software Protection service for re-start at 2014-02-19T16:23:01Z. Error Code: 0x80041321.

Error: (01/31/2014 06:34:49 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 998

Error: (01/31/2014 06:34:49 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 998

Error: (01/31/2014 06:34:49 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/30/2014 09:23:04 PM) (Source: Office Software Protection Platform Service) (User: )
Description: Failed to schedule Software Protection service for re-start at 2014-02-19T16:23:04Z. Error Code: 0x80041321.

Error: (01/30/2014 09:01:17 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1014

Error: (01/30/2014 09:01:17 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1014

Error: (01/30/2014 09:01:17 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/30/2014 06:49:20 PM) (Source: Office Software Protection Platform Service) (User: )
Description: Failed to schedule Software Protection service for re-start at 2014-02-19T16:23:20Z. Error Code: 0x80041321.

Error: (01/30/2014 06:02:32 PM) (Source: Office Software Protection Platform Service) (User: )
Description: Failed to schedule Software Protection service for re-start at 2014-02-19T16:23:32Z. Error Code: 0x80041321.


System errors:
=============
Error: (01/31/2014 06:34:51 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (01/30/2014 11:22:50 PM) (Source: Microsoft-Windows-Eventlog) (User: NT AUTHORITY)
Description: The event logging service encountered an error (res=1117) while initializing logging resources for channel Microsoft-Windows-Application-Experience/Program-Inventory.

Error: (01/30/2014 11:22:49 PM) (Source: iaStor) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (01/30/2014 11:22:48 PM) (Source: iaStor) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (01/30/2014 11:22:46 PM) (Source: iaStor) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (01/30/2014 11:22:45 PM) (Source: Service Control Manager) (User: )
Description: The McAfee SiteAdvisor Service service failed to start due to the following error:
%%2

Error: (01/30/2014 11:22:43 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 10:30:28 PM on ‎1/‎30/‎2014 was unexpected.

Error: (01/30/2014 10:30:01 PM) (Source: iaStor) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (01/30/2014 10:30:00 PM) (Source: iaStor) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (01/30/2014 10:29:59 PM) (Source: iaStor) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.


Microsoft Office Sessions:
=========================
Error: (01/31/2014 06:40:01 AM) (Source: Office Software Protection Platform Service)(User: )
Description: 0x800413212014-02-19T16:23:01Z

Error: (01/31/2014 06:34:49 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 998

Error: (01/31/2014 06:34:49 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 998

Error: (01/31/2014 06:34:49 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/30/2014 09:23:04 PM) (Source: Office Software Protection Platform Service)(User: )
Description: 0x800413212014-02-19T16:23:04Z

Error: (01/30/2014 09:01:17 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1014

Error: (01/30/2014 09:01:17 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1014

Error: (01/30/2014 09:01:17 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/30/2014 06:49:20 PM) (Source: Office Software Protection Platform Service)(User: )
Description: 0x800413212014-02-19T16:23:20Z

Error: (01/30/2014 06:02:32 PM) (Source: Office Software Protection Platform Service)(User: )
Description: 0x800413212014-02-19T16:23:32Z


==================== Memory info ===========================

Percentage of memory in use: 45%
Total physical RAM: 3934.36 MB
Available physical RAM: 2143.64 MB
Total Pagefile: 7866.89 MB
Available Pagefile: 5559.13 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:95.52 GB) (Free:20.39 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: 40A382D8)
Partition 1: (Not Active) - (Size=16 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=104 GB) - (Type=OF Extended)

==================== End Of Log ============================
machiavelli2
Member+
 
Posts: 21
Joined: January 26th, 2014, 11:25 pm

Re: bootable device not found & google redirect

Unread postby machiavelli2 » January 31st, 2014, 8:02 am

SystemLook 04.09.10 by jpshortstuff
Log created at 06:58 on 31/01/2014 by eransadot
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Searchnu*"
No files found.

Searching for "*Searchqu*"
No files found.

Searching for "*iLivid*"
No files found.

Searching for "*whitesmoke*"
No files found.

Searching for "*datamngr*"
No files found.

Searching for "*trolltech*"
No files found.

Searching for "*babylon*"
C:\Program Files\Babylon\Babylon-Pro\BabylonHelper64.exe --a---- 129024 bytes [02:34 20/08/2013] [15:31 11/06/2013] 59941B0C9FEF8D0683B63C597341C154
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\plug_ins\Babylon\BabylonRPI.api --a---- 198144 bytes [06:19 17/07/2013] [10:25 20/06/2013] BEAC78099C05CDDC6E370C1B81FCEAE9
C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe -ra---- 3590224 bytes [02:34 20/08/2013] [01:47 17/07/2013] 1CB4D90DC6498787B0B6BE7A4AAA6571
C:\Program Files (x86)\Babylon\Babylon-Pro\Data\Babylon.dat --a---- 12821 bytes [02:19 20/08/2013] [10:21 20/06/2013] 025C3A3938170E94171C9B0145260546
C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonChrome.crx --a---- 104021 bytes [02:34 20/08/2013] [12:33 17/06/2013] AD7C78502E44D5B4B7F2F5159B2CC99F
C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonDocTranslation64PI.dll --a---- 194048 bytes [02:34 20/08/2013] [10:26 20/06/2013] C4C9DAB2D6C006E4652AFF6FA717D6F0
C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonDocTranslationPI.dll --a---- 164864 bytes [02:34 20/08/2013] [10:25 20/06/2013] 5A97B2C1AE51E70897D3C46AB843605E
C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll --a---- 302160 bytes [02:34 20/08/2013] [10:26 20/06/2013] 9F81ADC3DC1564A8253153085DCC7151
C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonOffice64PI.dll --a---- 454656 bytes [02:34 20/08/2013] [10:26 20/06/2013] 0AB51E7850E1BC61798C09DFC93F00C7
C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonOfficePI.dll --a---- 361472 bytes [02:34 20/08/2013] [10:25 20/06/2013] D4F1AF0BE576D0AD0F25632C8E35743B
C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonRPI.api --a---- 198144 bytes [02:34 20/08/2013] [10:25 20/06/2013] BEAC78099C05CDDC6E370C1B81FCEAE9
C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\ocr@babylon.com\chrome\skin\babylon.png --a---- 2712 bytes [08:56 30/04/2013] [08:56 30/04/2013] 4A22F008B3235FB76D8F6D5715C0F1D7
C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\stahlregen + geiss + shifter - babylon.milk --a---- 26473 bytes [20:18 28/04/2009] [20:18 28/04/2009] FD56279AD850D3AA87454766302DACF1
C:\ProgramData\Babylon\Gloss\Babylon_English.bdc --a---- 36761421 bytes [06:21 17/07/2013] [06:22 17/07/2013] 3A46ADB3D4651611B0AE9E1B28AB4471
C:\ProgramData\Babylon\Gloss\Babylon_English_Hebrew.bdc --a---- 31874091 bytes [06:21 17/07/2013] [06:22 17/07/2013] 050B7EA4369505260A8B52DCBDC26A50
C:\ProgramData\Babylon\Gloss\Babylon_Hebrew_English.bdc --a---- 14550620 bytes [06:21 17/07/2013] [06:21 17/07/2013] D5744A46C2E8D6164ECC2A6DCA82487D
C:\ProgramData\Babylon\Gloss\Babylon_Hebrew_Thesaurus.bdc --a---- 16285469 bytes [06:21 17/07/2013] [06:21 17/07/2013] 83ED1041E7C788DCC564EE82276B8E21
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Babylon\Babylon.lnk --a---- 1167 bytes [02:34 20/08/2013] [02:34 20/08/2013] 155104505791EE32B67C1040A216EC15
C:\Users\All Users\Babylon\Gloss\Babylon_English.bdc --a---- 36761421 bytes [06:21 17/07/2013] [06:22 17/07/2013] 3A46ADB3D4651611B0AE9E1B28AB4471
C:\Users\All Users\Babylon\Gloss\Babylon_English_Hebrew.bdc --a---- 31874091 bytes [06:21 17/07/2013] [06:22 17/07/2013] 050B7EA4369505260A8B52DCBDC26A50
C:\Users\All Users\Babylon\Gloss\Babylon_Hebrew_English.bdc --a---- 14550620 bytes [06:21 17/07/2013] [06:21 17/07/2013] D5744A46C2E8D6164ECC2A6DCA82487D
C:\Users\All Users\Babylon\Gloss\Babylon_Hebrew_Thesaurus.bdc --a---- 16285469 bytes [06:21 17/07/2013] [06:21 17/07/2013] 83ED1041E7C788DCC564EE82276B8E21
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Babylon\Babylon.lnk --a---- 1167 bytes [02:34 20/08/2013] [02:34 20/08/2013] 155104505791EE32B67C1040A216EC15
C:\Users\eransadot\AppData\Local\Babylon\Babylon_English.BGL --a---- 7690671 bytes [06:21 17/07/2013] [06:21 17/07/2013] A7844A4EBFB3404B9A7647F7CE8C3C8F
C:\Users\eransadot\AppData\Local\Babylon\Babylon_English_Hebrew.BGL --a---- 6782845 bytes [06:21 17/07/2013] [06:21 17/07/2013] 2AC99E44A96B789E3332E37D7C0686FE
C:\Users\eransadot\AppData\Local\Babylon\Babylon_English_Hebrew_sub.BGL --a---- 5289 bytes [06:19 17/07/2013] [06:19 17/07/2013] 680A9163BE5BEE95BC2DC3384BCD262A
C:\Users\eransadot\AppData\Local\Babylon\Babylon_English_sub.BGL --a---- 5856 bytes [06:19 17/07/2013] [06:19 17/07/2013] 78E821A20FCE30AD033838D11F2D859E
C:\Users\eransadot\AppData\Local\Babylon\Babylon_Hebrew_English.BGL --a---- 3162310 bytes [06:21 17/07/2013] [06:21 17/07/2013] 57356ACF39F2355B1BDD4C3FCE56B451
C:\Users\eransadot\AppData\Local\Babylon\Babylon_Hebrew_English_sub.BGL --a---- 1059 bytes [06:19 17/07/2013] [06:19 17/07/2013] 44079AA1E07DDB8B1D19E0A5E6318718
C:\Users\eransadot\AppData\Local\Babylon\Babylon_Hebrew_Thesaurus.BGL --a---- 3906150 bytes [06:21 17/07/2013] [06:21 17/07/2013] F98E6E2C22C0C2C2F903A428CD070080
C:\Users\eransadot\AppData\Local\Babylon\Babylon_Hebrew_Thesaurus_sub.BGL --a---- 1206 bytes [06:19 17/07/2013] [06:19 17/07/2013] 1EE4FC10DED905181988D2EB4DC7AD99
C:\Users\eransadot\AppData\Local\CrashDumps\Babylon.exe.2372.dmp --a---- 1210147 bytes [23:15 18/08/2013] [23:15 18/08/2013] 53A17F8EA54E7A0CEA96737089AF383A
C:\Users\eransadot\AppData\Local\CrashDumps\Babylon.exe.5004.dmp --a---- 1207075 bytes [21:08 19/08/2013] [21:08 19/08/2013] 4C7E0CAB8958E89176AF052FEA8BFB09
C:\Users\eransadot\AppData\Local\CrashDumps\Babylon.exe.5444.dmp --a---- 1210147 bytes [02:14 20/08/2013] [02:14 20/08/2013] 5FCA82FEEB569A0AAC4F1B2FA98E1F39
C:\Users\eransadot\AppData\Local\CrashDumps\Babylon.exe.8484.dmp --a---- 1210147 bytes [23:45 18/08/2013] [23:45 18/08/2013] E93E49BA1B4F854436C82D88AC6235EB
C:\Users\eransadot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Babylon.lnk --a---- 1173 bytes [06:19 17/07/2013] [02:34 20/08/2013] 06B24867AEBA26AADA3B6E0A5E5A55E9

Searching for "*conduit*"
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll --a---- 1323336 bytes [07:32 07/01/2014] [07:32 07/01/2014] 3F20CCDAC6969CBB898D88BB4F5CC22E
C:\Users\eransadot\Desktop\Eran\מצגות\General Surgery\Journal Club\Gastric ischemic conditioning\Ischemic conditioning of the gastric conduit prior to esophagectomy improves mucosal oxygen saturation.pdf --a---- 547470 bytes [03:40 15/07/2013] [22:41 22/12/2010] 43402B0E634ADA0AD287A5F3301DE911
C:\Users\eransadot\Desktop\Eran\מצגות\General Surgery\Journal Club\Gastric ischemic conditioning\Schroder_WJS 2010_Ivor-Lewis esophagectomy with and without laparoscopic conditioning of the gastric conduit.pdf --a---- 177321 bytes [03:40 15/07/2013] [12:47 25/12/2010] B59800B5F09BB4B5B19663D51FEDCDD1

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchnu*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*iLivid*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
No folders found.

Searching for "*trolltech*"
No folders found.

Searching for "*babylon*"
C:\Program Files\Babylon d------ [02:34 20/08/2013]
C:\Program Files\Babylon\Babylon-Pro d------ [02:34 20/08/2013]
C:\Program Files (x86)\Babylon d------ [18:31 15/07/2013]
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\plug_ins\Babylon d------ [06:19 17/07/2013]
C:\Program Files (x86)\Babylon\Babylon-Pro d------ [02:34 20/08/2013]
C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\ocr@babylon.com d------ [02:34 20/08/2013]
C:\ProgramData\Babylon d------ [06:18 17/07/2013]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Babylon d------ [02:34 20/08/2013]
C:\Users\All Users\Babylon d------ [06:18 17/07/2013]
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Babylon d------ [02:34 20/08/2013]
C:\Users\eransadot\AppData\Local\Babylon d------ [06:19 17/07/2013]
C:\Users\eransadot\AppData\Roaming\Babylon d------ [06:18 17/07/2013]

Searching for "*conduit*"
No folders found.

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchnu"
No data found.

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5072148C-DE7A-4826-965C-812AB676E0A4}]
@="IUccUserSearchQuery"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{54562FBC-5A84-4461-8BC9-590737E5DE13}]
@="IUccUserSearchQueryEvent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{94F59D79-583A-4547-A620-EAD932A2F2EB}]
@="_IUccUserSearchQueryEvents"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

Searching for "iLivid"
No data found.

Searching for "whitesmoke"
No data found.

Searching for "datamngr"
No data found.

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-1034326956-1357763203-238898109-1001\Software\Trolltech]
[HKEY_USERS\S-1-5-21-1034326956-1357763203-238898109-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]

Searching for "babylon"
[HKEY_CURRENT_USER\Software\Babylon]
[HKEY_CURRENT_USER\Software\Babylon\Babylon Client]
[HKEY_CURRENT_USER\Software\Binary Noise\mPlayer\BabylonAgent.exe]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon]
@="res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon]
@="res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm"
[HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Addins\BabylonOfficeAddin.OfficeAddin64]
[HKEY_CURRENT_USER\Software\Microsoft\Office\Excel\Addins\BabylonOfficeAddin.OfficeAddin]
[HKEY_CURRENT_USER\Software\Microsoft\Office\Excel\Addins\BabylonOfficeAddin.OfficeAddin]
"FriendlyName"="Babylon Translator Addin"
[HKEY_CURRENT_USER\Software\Microsoft\Office\Excel\Addins\BabylonOfficeAddin.OfficeAddin]
"Description"="Babylon Translator Office Addin"
[HKEY_CURRENT_USER\Software\Microsoft\Office\Excel\Addins\BabylonOfficeAddin.OfficeAddin64]
[HKEY_CURRENT_USER\Software\Microsoft\Office\Excel\Addins\BabylonOfficeAddin.OfficeAddin64]
"FriendlyName"="Babylon Translator Addin"
[HKEY_CURRENT_USER\Software\Microsoft\Office\Excel\Addins\BabylonOfficeAddin.OfficeAddin64]
"Description"="Babylon Translator Office Addin"
[HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\Addins\BabylonOfficeAddin.OfficeAddin64]
[HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\Addins\BabylonOfficeAddin.OfficeAddin64]
"FriendlyName"="Babylon Translator Addin"
[HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\Addins\BabylonOfficeAddin.OfficeAddin64]
"Description"="Babylon Translator Office Addin"
[HKEY_CURRENT_USER\Software\Microsoft\Office\PowerPoint\Addins\BabylonOfficeAddin.OfficeAddin]
[HKEY_CURRENT_USER\Software\Microsoft\Office\PowerPoint\Addins\BabylonOfficeAddin.OfficeAddin]
"FriendlyName"="Babylon Translator Addin"
[HKEY_CURRENT_USER\Software\Microsoft\Office\PowerPoint\Addins\BabylonOfficeAddin.OfficeAddin]
"Description"="Babylon Translator Office Addin"
[HKEY_CURRENT_USER\Software\Microsoft\Office\PowerPoint\Addins\BabylonOfficeAddin.OfficeAddin64]
[HKEY_CURRENT_USER\Software\Microsoft\Office\PowerPoint\Addins\BabylonOfficeAddin.OfficeAddin64]
"FriendlyName"="Babylon Translator Addin"
[HKEY_CURRENT_USER\Software\Microsoft\Office\PowerPoint\Addins\BabylonOfficeAddin.OfficeAddin64]
"Description"="Babylon Translator Office Addin"
[HKEY_CURRENT_USER\Software\Microsoft\Office\Word\Addins\BabylonOfficeAddin.OfficeAddin]
[HKEY_CURRENT_USER\Software\Microsoft\Office\Word\Addins\BabylonOfficeAddin.OfficeAddin]
"FriendlyName"="Babylon Translator Addin"
[HKEY_CURRENT_USER\Software\Microsoft\Office\Word\Addins\BabylonOfficeAddin.OfficeAddin]
"Description"="Babylon Translator Office Addin"
[HKEY_CURRENT_USER\Software\Microsoft\Office\Word\Addins\BabylonOfficeAddin.OfficeAddin64]
[HKEY_CURRENT_USER\Software\Microsoft\Office\Word\Addins\BabylonOfficeAddin.OfficeAddin64]
"FriendlyName"="Babylon Translator Addin"
[HKEY_CURRENT_USER\Software\Microsoft\Office\Word\Addins\BabylonOfficeAddin.OfficeAddin64]
"Description"="Babylon Translator Office Addin"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bof\OpenWithList]
"a"="Babylon.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\DDECache\Babylon]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\DDECache\Babylon\Open_file]
"ProcessName"="Babylon.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\DDECache\Babylon\Open_file]
"WindowName"="Babylon"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\DDECache\Babylon\Open_file]
"WindowClassName"="Babylon"
[HKEY_CURRENT_USER\Software\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}]
@="IBabylonFF"
[HKEY_CURRENT_USER\Software\Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}\1.0\0\win32]
@="C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe\1"
[HKEY_CURRENT_USER\Software\Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}\1.0\HELPDIR]
@="C:\Program Files (x86)\Babylon\Babylon-Pro"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}]
@="IBabylonFF"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\BabylonHelper.EXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\BabylonIEPI.DLL]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}]
@="BabylonHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}]
@="BabylonIEPI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BabyDict]
@="Babylon Dictionary"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BabyDict\DefaultIcon]
@="C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe,1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BabyDict\shell\open\command]
@=""C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BabyDict\shell\open\ddeexec\Application]
@="Babylon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BabyGloss]
@="Babylon Glossary"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BabyGloss\DefaultIcon]
@="C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe,1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BabyGloss\shell\open\command]
@=""C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BabyGloss\shell\open\ddeexec\Application]
@="Babylon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho]
@="Babylon IE plugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho\CurVer]
@="BabylonIEPI.BabylonIEBho.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho.1]
@="Babylon IE plugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin\CurVer]
@="BabylonOfficeAddin.OfficeAddin.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin64]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin64\CurVer]
@="BabylonOfficeAddin.OfficeAddin64.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin64.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BabyOptFile]
@="Babylon Options File"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BabyOptFile\DefaultIcon]
@="C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe,1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BabyOptFile\shell\open\command]
@=""C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BabyOptFile\shell\open\ddeexec\Application]
@="Babylon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64B00DAC-870D-4E6A-8D34-3A6E3E427A30}\LocalServer32]
@=""C:\Program Files\Babylon\Babylon-Pro\BabylonHelper64.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{947217BD-E967-400A-B14A-BA851A8EDCBB}\InprocServer32]
@="C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonDocTranslation64PI.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B5E7C3E9-37BF-4b5c-8234-F5DC02111B23}\InprocServer32]
@="C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonOffice64PI.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B5E7C3E9-37BF-4b5c-8234-F5DC02111B23}\ProgID]
@="BabylonOfficeAddin.OfficeAddin64.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B5E7C3E9-37BF-4b5c-8234-F5DC02111B23}\VersionIndependentProgID]
@="BabylonOfficeAddin.OfficeAddin64"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}]
@="IBabylonIEBho"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A1489C85-4F6F-48C4-AC9E-18B63AF4703E}\1.0]
@="BabylonIEPI 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A1489C85-4F6F-48C4-AC9E-18B63AF4703E}\1.0\0\win32]
@="C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A1489C85-4F6F-48C4-AC9E-18B63AF4703E}\1.0\HELPDIR]
@="C:\Program Files (x86)\Babylon\Babylon-Pro\Utils"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AD79BAD6-9504-4F09-ACEC-7B319584A4C1}\1.0\0\win32]
@="C:\Program Files (x86)\Babylon\Babylon-Pro\Agent\BDesktopAgent.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AD79BAD6-9504-4F09-ACEC-7B319584A4C1}\1.0\HELPDIR]
@="C:\Program Files (x86)\Babylon\Babylon-Pro\Agent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F310F027-15CB-4A7F-B10D-3A4AFB5013A5}\1.0\0\win32]
@="C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonOfficePI.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F310F027-15CB-4A7F-B10D-3A4AFB5013A5}\1.0\0\win64]
@="C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonOffice64PI.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F310F027-15CB-4A7F-B10D-3A4AFB5013A5}\1.0\HELPDIR]
@="C:\Program Files (x86)\Babylon\Babylon-Pro\Utils"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6AC0BB10-C922-45e2-857D-2A368FE749E5}\InprocServer32]
@="C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonOfficePI.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6AC0BB10-C922-45e2-857D-2A368FE749E5}\ProgID]
@="BabylonOfficeAddin.OfficeAddin.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6AC0BB10-C922-45e2-857D-2A368FE749E5}\VersionIndependentProgID]
@="BabylonOfficeAddin.OfficeAddin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{947217BD-E967-400A-B14A-BA851A8EDCBB}\InprocServer32]
@="C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonDocTranslationPI.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}]
@="Babylon IE plugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}\InprocServer32]
@="C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}\ProgID]
@="BabylonIEPI.BabylonIEBho.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}\VersionIndependentProgID]
@="BabylonIEPI.BabylonIEBho"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C430996F-4AA8-4AA8-81DE-F54432CD5786}\InprocServer32]
@="C:\Program Files (x86)\Babylon\Babylon-Pro\Agent\BDesktopAgent.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}]
@="IBabylonIEBho"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\BabylonHelper.EXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\BabylonIEPI.DLL]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}]
@="BabylonHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}]
@="BabylonIEPI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{A1489C85-4F6F-48C4-AC9E-18B63AF4703E}\1.0]
@="BabylonIEPI 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{A1489C85-4F6F-48C4-AC9E-18B63AF4703E}\1.0\0\win32]
@="C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{A1489C85-4F6F-48C4-AC9E-18B63AF4703E}\1.0\HELPDIR]
@="C:\Program Files (x86)\Babylon\Babylon-Pro\Utils"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{AD79BAD6-9504-4F09-ACEC-7B319584A4C1}\1.0\0\win32]
@="C:\Program Files (x86)\Babylon\Babylon-Pro\Agent\BDesktopAgent.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{AD79BAD6-9504-4F09-ACEC-7B319584A4C1}\1.0\HELPDIR]
@="C:\Program Files (x86)\Babylon\Babylon-Pro\Agent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{F310F027-15CB-4A7F-B10D-3A4AFB5013A5}\1.0\0\win32]
@="C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonOfficePI.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{F310F027-15CB-4A7F-B10D-3A4AFB5013A5}\1.0\0\win64]
@="C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonOffice64PI.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{F310F027-15CB-4A7F-B10D-3A4AFB5013A5}\1.0\HELPDIR]
@="C:\Program Files (x86)\Babylon\Babylon-Pro\Utils"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Babylon.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Babylon.exe]
"Path"="C:\Program Files (x86)\Babylon\Babylon-Pro"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Babylon.exe]
@="C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{947217BD-E967-400A-B14A-BA851A8EDCBB}"="Babylon Translation Menu Extension"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
"C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\uninstbb.exe"="VISTARTM"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MsiCorruptedFileRecovery\CorruptedFiles\C:/Program Files (x86)/Babylon/Babylon-Pro/Babylon.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Babylon]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Babylon\Babylon Client]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb]
"path"="C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonChrome.crx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Babylon_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Babylon_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Babylon Client"="C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe -AutoStart"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{947217BD-E967-400A-B14A-BA851A8EDCBB}"="Babylon Translation Menu Extension"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Babylon]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Babylon]
"UninstallString"="C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\uninstbb.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Babylon]
"DisplayName"="Babylon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Babylon]
"Publisher"="Babylon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Babylon]
"DisplayIcon"="C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\Babylon.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\Babylon.exe]
"Path"="C:\Program Files (x86)\Babylon\Babylon-Pro"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\Babylon.exe]
@="C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mozilla\Firefox\Extensions]
"ocr@babylon.com"="C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\ocr@babylon.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{6AC0BB10-C922-45e2-857D-2A368FE749E5}\InprocServer32]
@="C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonOfficePI.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{6AC0BB10-C922-45e2-857D-2A368FE749E5}\ProgID]
@="BabylonOfficeAddin.OfficeAddin.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{6AC0BB10-C922-45e2-857D-2A368FE749E5}\VersionIndependentProgID]
@="BabylonOfficeAddin.OfficeAddin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{947217BD-E967-400A-B14A-BA851A8EDCBB}\InprocServer32]
@="C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonDocTranslationPI.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}]
@="Babylon IE plugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}\InprocServer32]
@="C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}\ProgID]
@="BabylonIEPI.BabylonIEBho.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}\VersionIndependentProgID]
@="BabylonIEPI.BabylonIEBho"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{C430996F-4AA8-4AA8-81DE-F54432CD5786}\InprocServer32]
@="C:\Program Files (x86)\Babylon\Babylon-Pro\Agent\BDesktopAgent.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}]
@="IBabylonIEBho"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\BabylonHelper.EXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\BabylonIEPI.DLL]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}]
@="BabylonHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}]
@="BabylonIEPI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{A1489C85-4F6F-48C4-AC9E-18B63AF4703E}\1.0]
@="BabylonIEPI 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{A1489C85-4F6F-48C4-AC9E-18B63AF4703E}\1.0\0\win32]
@="C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{A1489C85-4F6F-48C4-AC9E-18B63AF4703E}\1.0\HELPDIR]
@="C:\Program Files (x86)\Babylon\Babylon-Pro\Utils"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{AD79BAD6-9504-4F09-ACEC-7B319584A4C1}\1.0\0\win32]
@="C:\Program Files (x86)\Babylon\Babylon-Pro\Agent\BDesktopAgent.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{AD79BAD6-9504-4F09-ACEC-7B319584A4C1}\1.0\HELPDIR]
@="C:\Program Files (x86)\Babylon\Babylon-Pro\Agent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{F310F027-15CB-4A7F-B10D-3A4AFB5013A5}\1.0\0\win32]
@="C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonOfficePI.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{F310F027-15CB-4A7F-B10D-3A4AFB5013A5}\1.0\0\win64]
@="C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonOffice64PI.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{F310F027-15CB-4A7F-B10D-3A4AFB5013A5}\1.0\HELPDIR]
@="C:\Program Files (x86)\Babylon\Babylon-Pro\Utils"
[HKEY_USERS\S-1-5-21-1034326956-1357763203-238898109-1001\Software\Babylon]
[HKEY_USERS\S-1-5-21-1034326956-1357763203-238898109-1001\Software\Babylon\Babylon Client]
[HKEY_USERS\S-1-5-21-1034326956-1357763203-238898109-1001\Software\Binary Noise\mPlayer\BabylonAgent.exe]
[HKEY_USERS\S-1-5-21-1034326956-1357763203-238898109-1001\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon]
[HKEY_USERS\S-1-5-21-1034326956-1357763203-238898109-1001\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon]
@="res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm"
[HKEY_USERS\S-1-5-21-1034326956-1357763203-238898109-1001\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon]
[HKEY_USERS\S-1-5-21-1034326956-1357763203-238898109-1001\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon]
@="res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm"
[HKEY_USERS\S-1-5-21-1034326956-1357763203-238898109-1001\Software\Microsoft\Office\15.0\Outlook\Addins\BabylonOfficeAddin.OfficeAddin64]
[HKEY_USERS\S-1-5-21-1034326956-1357763203-238898109-1001\Software\Microsoft\Office\Excel\Addins\BabylonOfficeAddin.OfficeAddin]
[HKEY_USERS\S-1-5-21-1034326956-1357763203-238898109-1001\Software\Microsoft\Office\Excel\Addins\BabylonOfficeAddin.OfficeAddin]
"FriendlyName"="Babylon Translator Addin"
[HKEY_USERS\S-1-5-21-1034326956-1357763203-238898109-1001\Software\Microsoft\Office\Excel\Addins\BabylonOfficeAddin.OfficeAddin]
"Description"="Babylon Translator Office Addin"
[HKEY_USERS\S-1-5-21-1034326956-1357763203-238898109-1001\Software\Microsoft\Office\Excel\Addins\BabylonOfficeAddin.OfficeAddin64]
[HKEY_USERS\S-1-5-21-1034326956-1357763203-238898109-1001\Software\Microsoft\Office\Excel\Addins\BabylonOfficeAddin.OfficeAddin64]
"FriendlyName"="Babylon Translator Addin"
[HKEY_USERS\S-1-5-21-1034326956-1357763203-238898109-1001\Software\Microsoft\Office\Excel\Addins\BabylonOfficeAddin.OfficeAddin64]
"Description"="Babylon Translator Office Addin"
[HKEY_USERS\S-1-5-21-1034326956-1357763203-238898109-1001\Software\Microsoft\Office\Outlook\Addins\BabylonOfficeAddin.OfficeAddin64]
[HKEY_USERS\S-1-5-21-1034326956-1357763203-238898109-1001\Software\Microsoft\Office\Outlook\Addins\BabylonOfficeAddin.OfficeAddin64]
"FriendlyName"="Babylon Translator Addin"
[HKEY_USERS\S-1-5-21-1034326956-1357763203-238898109-1001\Software\Microsoft\Office\Outlook\Addins\BabylonOfficeAddin.OfficeAddin64]
"Description"="Babylon Translator Office Addin"
[HKEY_USERS\S-1-5-21-1034326956-1357763203-238898109-1001\Software\Microsoft\Office\PowerPoint\Addins\BabylonOfficeAddin.OfficeAddin]
[HKEY_USERS\S-1-5-21-1034326956-1357763203-238898109-1001\Software\Microsoft\Office\PowerPoint\Addins\BabylonOfficeAddin.OfficeAddin]
"FriendlyName"="Babylon Translator Addin"
[HKEY_USERS\S-1-5-21-1034326956-1357763203-238898109-1001\Software\Microsoft\Office\PowerPoint\Addins\BabylonOfficeAddin.OfficeAddin]
"Description"="Babylon Translator Office Addin"
[HKEY_USERS\S-1-5-21-1034326956-1357763203-238898109-1001\Software\Microsoft\Office\PowerPoint\Addins\BabylonOfficeAddin.OfficeAddin64]
[HKEY_USERS\S-1-5-21-1034326956-1357763203-238898109-1001\Software\Microsoft\Office\PowerPoint\Addins\BabylonOfficeAddin.OfficeAddin64]
"FriendlyName"="Babylon Translator Addin"
[HKEY_USERS\S-1-5-21-1034326956-1357763203-238898109-1001\Software\Microsoft\Office\PowerPoint\Addins\BabylonOfficeAddin.OfficeAddin64]
"Description"="Babylon Translator Office Addin"
[HKEY_USERS\S-1-5-21-1034326956-1357763203-238898109-1001\Software\Microsoft\Office\Word\Addins\BabylonOfficeAddin.OfficeAddin]
[HKEY_USERS\S-1-5-21-1034326956-1357763203-238898109-1001\Software\Microsoft\Office\Word\Addins\BabylonOfficeAddin.OfficeAddin]
"FriendlyName"="Babylon Translator Addin"
[HKEY_USERS\S-1-5-21-1034326956-1357763203-238898109-1001\Software\Microsoft\Office\Word\Addins\BabylonOfficeAddin.OfficeAddin]
"Description"="Babylon Translator Office Addin"
[HKEY_USERS\S-1-5-21-1034326956-1357763203-238898109-1001\Software\Microsoft\Office\Word\Addins\BabylonOfficeAddin.OfficeAddin64]
[HKEY_USERS\S-1-5-21-1034326956-1357763203-238898109-1001\Software\Microsoft\Office\Word\Addins\BabylonOfficeAddin.OfficeAddin64]
"FriendlyName"="Babylon Translator Addin"
[HKEY_USERS\S-1-5-21-1034326956-1357763203-238898109-1001\Software\Microsoft\Office\Word\Addins\BabylonOfficeAddin.OfficeAddin64]
"Description"="Babylon Translator Office Addin"
[HKEY_USERS\S-1-5-21-1034326956-1357763203-238898109-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bof\OpenWithList]
"a"="Babylon.exe"
[HKEY_USERS\S-1-5-21-1034326956-1357763203-238898109-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\DDECache\Babylon]
[HKEY_USERS\S-1-5-21-1034326956-1357763203-238898109-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\DDECache\Babylon\Open_file]
"ProcessName"="Babylon.exe"
[HKEY_USERS\S-1-5-21-1034326956-1357763203-238898109-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\DDECache\Babylon\Open_file]
"WindowName"="Babylon"
[HKEY_USERS\S-1-5-21-1034326956-1357763203-238898109-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\DDECache\Babylon\Open_file]
"WindowClassName"="Babylon"
[HKEY_USERS\S-1-5-21-1034326956-1357763203-238898109-1001\Software\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}]
@="IBabylonFF"
[HKEY_USERS\S-1-5-21-1034326956-1357763203-238898109-1001\Software\Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}\1.0\0\win32]
@="C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe\1"
[HKEY_USERS\S-1-5-21-1034326956-1357763203-238898109-1001\Software\Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}\1.0\HELPDIR]
@="C:\Program Files (x86)\Babylon\Babylon-Pro"
[HKEY_USERS\S-1-5-21-1034326956-1357763203-238898109-1001\Software\Classes\Wow6432Node\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}]
@="IBabylonFF"
[HKEY_USERS\S-1-5-21-1034326956-1357763203-238898109-1001_Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}]
@="IBabylonFF"
[HKEY_USERS\S-1-5-21-1034326956-1357763203-238898109-1001_Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}\1.0\0\win32]
@="C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe\1"
[HKEY_USERS\S-1-5-21-1034326956-1357763203-238898109-1001_Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}\1.0\HELPDIR]
@="C:\Program Files (x86)\Babylon\Babylon-Pro"
[HKEY_USERS\S-1-5-21-1034326956-1357763203-238898109-1001_Classes\Wow6432Node\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}]
@="IBabylonFF"

Searching for "conduit"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966]
"E78D5FE2DB7BF85448824E0D8B4B6EC5"="C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966\E78D5FE2DB7BF85448824E0D8B4B6EC5]
"File"="iSyncConduit.dll"

-= EOF =-
machiavelli2
Member+
 
Posts: 21
Joined: January 26th, 2014, 11:25 pm

Re: bootable device not found & google redirect

Unread postby Gary R » January 31st, 2014, 7:16 pm

OK, lets get started on your cleanup, there's a lot of stuff to remove, so it might take a couple of passes to remove it all.

First ...

  • Double click AdwCleaner.exe to run it.
  • Click Scan and allow the scan to finish.
  • Now click Clean to remove the items found.
  • Click OK to the prompt.
  • The tool will run & your computer will be rebooted automatically. A logfile will open after the restart.
  • Post the contents of the logfile with your next reply.
  • You can also find the logfile at C:\AdwCleaner[s1].txt.

Next ...

  • Click Start
  • Type notepad.exe in the search programs and files box and clcik Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad. (do not include Code: Select all)
Code: Select all
(Babylon Ltd.) C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe
(Babylon) C:\Program Files\Babylon\Babylon-Pro\BabylonHelper64.exe
HKLM-x32\...\Run: [Babylon Client] - C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe [3590224 2013-07-16] (Babylon Ltd.)
CHR HKLM-x32\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonChrome.crx [2013-08-19]
2014-01-31 06:52 - 2013-07-17 01:18 - 00000000 ____D C:\ProgramData\Babylon
C:\Users\eransadot\AppData\Roaming\Camdata.ini
C:\Users\eransadot\AppData\Roaming\CamLayout.ini
C:\Users\eransadot\AppData\Roaming\CamShapes.ini
C:\Program Files\Babylon
reg: reg.exe delete "HKEY_CURRENT_USER\Software\Trolltech"
reg: reg.exe delete "HKEY_USERS\S-1-5-21-1034326956-1357763203-238898109-1001\Software\Trolltech"
reg: reg.exe delete "HKEY_CURRENT_USER\Software\Babylon"
reg: reg.exe delete "HKEY_CURRENT_USER\Software\Binary Noise\mPlayer\BabylonAgent.exe"
reg: reg.exe delete "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon"
reg: reg.exe delete "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon"
reg: reg.exe delete "HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Addins\BabylonOfficeAddin.OfficeAddin64"
reg: reg.exe delete "HKEY_CURRENT_USER\Software\Microsoft\Office\Excel\Addins\BabylonOfficeAddin.OfficeAddin"
reg: reg.exe delete "HKEY_CURRENT_USER\Software\Microsoft\Office\Excel\Addins\BabylonOfficeAddin.OfficeAddin64"
reg: reg.exe delete "HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\Addins\BabylonOfficeAddin.OfficeAddin64"
reg: reg.exe delete "HKEY_CURRENT_USER\Software\Microsoft\Office\PowerPoint\Addins\BabylonOfficeAddin.OfficeAddin"
reg: reg.exe delete "HKEY_CURRENT_USER\Software\Microsoft\Office\Word\Addins\BabylonOfficeAddin.OfficeAddin"
reg: reg.exe delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\DDECache\Babylon"
reg: reg.exe delete "HKEY_CURRENT_USER\Software\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}"
reg: reg.exe delete "HKEY_CURRENT_USER\Software\Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}"
reg: reg.exe delete "HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}"
reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\BabylonHelper.EXE"
reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\BabylonIEPI.DLL"
reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}"
reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}"
reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BabyDict"
reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BabyGloss"
reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho"
reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho.1"
reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin"
reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin.1"
reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin64"
reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin64.1"
reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BabyOptFile"
reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64B00DAC-870D-4E6A-8D34-3A6E3E427A30}"
reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{947217BD-E967-400A-B14A-BA851A8EDCBB}"
reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B5E7C3E9-37BF-4b5c-8234-F5DC02111B23}"
reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}"
reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A1489C85-4F6F-48C4-AC9E-18B63AF4703E}"
reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AD79BAD6-9504-4F09-ACEC-7B319584A4C1}"
reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F310F027-15CB-4A7F-B10D-3A4AFB5013A5}"
reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6AC0BB10-C922-45e2-857D-2A368FE749E5}"
reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{947217BD-E967-400A-B14A-BA851A8EDCBB}"
reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}"
reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C430996F-4AA8-4AA8-81DE-F54432CD5786}"
reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}"
reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\BabylonHelper.EXE"
reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\BabylonIEPI.DLL"
reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}"
reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}"

    • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe.

Next ....

Please run a new scan with SystemLook ....

  • Double-click SystemLook.exe to run it.
  • Copy and paste the contents of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *trolltech*
    *babylon*
    
    :folderfind
    *trolltech*
    *babylon*
    
    :Regfind
    trolltech
    babylon
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan.
  • Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Summary of the logs I need from you in your next post:
  • AdwCleaner[s1].txt
  • fixlog.txt
  • SystemLook.txt


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21870
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: bootable device not found & google redirect

Unread postby machiavelli2 » February 1st, 2014, 4:44 pm

AdwCleaner[s0].txt:
# AdwCleaner v3.018 - Report created 01/02/2014 at 15:31:15
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : eransadot - ERANSADOT-PC
# Running from : C:\Users\eransadot\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Babylon
Folder Deleted : C:\Program Files (x86)\Babylon
Folder Deleted : C:\Program Files\Babylon
Folder Deleted : C:\Users\eransadot\AppData\Local\Babylon
Folder Deleted : C:\Users\eransadot\AppData\Roaming\Babylon
Folder Deleted : C:\Users\eransadot\AppData\Roaming\OpenCandy

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [ocr@babylon.com]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon
Key Deleted : HKCU\Software\Microsoft\Office\Powerpoint\Addins\babylonofficeaddin.officeaddin
Key Deleted : HKCU\Software\Microsoft\Office\Word\Addins\babylonofficeaddin.officeaddin
Key Deleted : HKLM\SOFTWARE\Classes\.bdc
Key Deleted : HKLM\SOFTWARE\Classes\.bgl
Key Deleted : HKLM\SOFTWARE\Classes\.bof
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonIEPI.DLL
Key Deleted : HKLM\SOFTWARE\Classes\BabyDict
Key Deleted : HKLM\SOFTWARE\Classes\BabyGloss
Key Deleted : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho
Key Deleted : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho.1
Key Deleted : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin
Key Deleted : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin.1
Key Deleted : HKLM\SOFTWARE\Classes\BabyOptFile
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Babylon.exe
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Babylon Client]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6AC0BB10-C922-45E2-857D-2A368FE749E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A1489C85-4F6F-48C4-AC9E-18B63AF4703E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F310F027-15CB-4A7F-B10D-3A4AFB5013A5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{64B00DAC-870D-4E6A-8D34-3A6E3E427A30}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
Key Deleted : HKCU\Software\anchorfree
Key Deleted : HKCU\Software\Babylon
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Babylon

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Google Chrome v32.0.1700.102

[ File : C:\Users\eransadot\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [4524 octets] - [31/01/2014 06:48:54]
AdwCleaner[R1].txt - [4584 octets] - [01/02/2014 15:27:02]
AdwCleaner[S0].txt - [4367 octets] - [01/02/2014 15:31:15]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4427 octets] ##########
machiavelli2
Member+
 
Posts: 21
Joined: January 26th, 2014, 11:25 pm

Re: bootable device not found & google redirect

Unread postby machiavelli2 » February 1st, 2014, 4:45 pm

fixlog.txt:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-02-2014 04
Ran by eransadot at 2014-02-01 15:38:19 Run:1
Running from C:\Users\eransadot\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
(Babylon Ltd.) C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe
(Babylon) C:\Program Files\Babylon\Babylon-Pro\BabylonHelper64.exe
HKLM-x32\...\Run: [Babylon Client] - C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe [3590224 2013-07-16] (Babylon Ltd.)
CHR HKLM-x32\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonChrome.crx [2013-08-19]
2014-01-31 06:52 - 2013-07-17 01:18 - 00000000 ____D C:\ProgramData\Babylon
C:\Users\eransadot\AppData\Roaming\Camdata.ini
C:\Users\eransadot\AppData\Roaming\CamLayout.ini
C:\Users\eransadot\AppData\Roaming\CamShapes.ini
C:\Program Files\Babylon
reg: reg.exe delete "HKEY_CURRENT_USER\Software\Trolltech"
reg: reg.exe delete "HKEY_USERS\S-1-5-21-1034326956-1357763203-238898109-1001\Software\Trolltech"
reg: reg.exe delete "HKEY_CURRENT_USER\Software\Babylon"
reg: reg.exe delete "HKEY_CURRENT_USER\Software\Binary Noise\mPlayer\BabylonAgent.exe"
reg: reg.exe delete "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon"
reg: reg.exe delete "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon"
reg: reg.exe delete "HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Addins\BabylonOfficeAddin.OfficeAddin64"
reg: reg.exe delete "HKEY_CURRENT_USER\Software\Microsoft\Office\Excel\Addins\BabylonOfficeAddin.OfficeAddin"
reg: reg.exe delete "HKEY_CURRENT_USER\Software\Microsoft\Office\Excel\Addins\BabylonOfficeAddin.OfficeAddin64"
reg: reg.exe delete "HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\Addins\BabylonOfficeAddin.OfficeAddin64"
reg: reg.exe delete "HKEY_CURRENT_USER\Software\Microsoft\Office\PowerPoint\Addins\BabylonOfficeAddin.OfficeAddin"
reg: reg.exe delete "HKEY_CURRENT_USER\Software\Microsoft\Office\Word\Addins\BabylonOfficeAddin.OfficeAddin"
reg: reg.exe delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\DDECache\Babylon"
reg: reg.exe delete "HKEY_CURRENT_USER\Software\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}"
reg: reg.exe delete "HKEY_CURRENT_USER\Software\Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}"
reg: reg.exe delete "HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}"
reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\BabylonHelper.EXE"
reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\BabylonIEPI.DLL"
reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}"
reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}"
reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BabyDict"
reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BabyGloss"
reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho"
reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho.1"
reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin"
reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin.1"
reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin64"
reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin64.1"
reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BabyOptFile"
reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64B00DAC-870D-4E6A-8D34-3A6E3E427A30}"
reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{947217BD-E967-400A-B14A-BA851A8EDCBB}"
reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B5E7C3E9-37BF-4b5c-8234-F5DC02111B23}"
reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}"
reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A1489C85-4F6F-48C4-AC9E-18B63AF4703E}"
reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AD79BAD6-9504-4F09-ACEC-7B319584A4C1}"
reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F310F027-15CB-4A7F-B10D-3A4AFB5013A5}"
reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6AC0BB10-C922-45e2-857D-2A368FE749E5}"
reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{947217BD-E967-400A-B14A-BA851A8EDCBB}"
reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}"
reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C430996F-4AA8-4AA8-81DE-F54432CD5786}"
reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}"
reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\BabylonHelper.EXE"
reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\BabylonIEPI.DLL"
reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}"
reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}"
*****************

C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe => No running process found
C:\Program Files\Babylon\Babylon-Pro\BabylonHelper64.exe => No running process found
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Babylon Client => Value not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb => Key not found.
"C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonChrome.crx" => File/Directory not found.
"C:\ProgramData\Babylon" => File/Directory not found.
C:\Users\eransadot\AppData\Roaming\Camdata.ini => Moved successfully.
C:\Users\eransadot\AppData\Roaming\CamLayout.ini => Moved successfully.
C:\Users\eransadot\AppData\Roaming\CamShapes.ini => Moved successfully.
"C:\Program Files\Babylon" => File/Directory not found.

========= reg.exe delete "HKEY_CURRENT_USER\Software\Trolltech" =========

Permanently delete the registry key HKEY_CURRENT_USER\Software\Trolltech (Yes/No)? The operation completed successfully.



========= End of Reg: =========


========= reg.exe delete "HKEY_USERS\S-1-5-21-1034326956-1357763203-238898109-1001\Software\Trolltech" =========

Permanently delete the registry key HKEY_USERS\S-1-5-21-1034326956-1357763203-238898109-1001\Software\Trolltech (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg.exe delete "HKEY_CURRENT_USER\Software\Babylon" =========

Permanently delete the registry key HKEY_CURRENT_USER\Software\Babylon (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg.exe delete "HKEY_CURRENT_USER\Software\Binary Noise\mPlayer\BabylonAgent.exe" =========

Permanently delete the registry key HKEY_CURRENT_USER\Software\Binary Noise\mPlayer\BabylonAgent.exe (Yes/No)? The operation completed successfully.



========= End of Reg: =========


========= reg.exe delete "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon" =========

Permanently delete the registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg.exe delete "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon" =========

Permanently delete the registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg.exe delete "HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Addins\BabylonOfficeAddin.OfficeAddin64" =========

Permanently delete the registry key HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Addins\BabylonOfficeAddin.OfficeAddin64 (Yes/No)? The operation completed successfully.



========= End of Reg: =========


========= reg.exe delete "HKEY_CURRENT_USER\Software\Microsoft\Office\Excel\Addins\BabylonOfficeAddin.OfficeAddin" =========

Permanently delete the registry key HKEY_CURRENT_USER\Software\Microsoft\Office\Excel\Addins\BabylonOfficeAddin.OfficeAddin (Yes/No)? The operation completed successfully.



========= End of Reg: =========


========= reg.exe delete "HKEY_CURRENT_USER\Software\Microsoft\Office\Excel\Addins\BabylonOfficeAddin.OfficeAddin64" =========

Permanently delete the registry key HKEY_CURRENT_USER\Software\Microsoft\Office\Excel\Addins\BabylonOfficeAddin.OfficeAddin64 (Yes/No)? The operation completed successfully.



========= End of Reg: =========


========= reg.exe delete "HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\Addins\BabylonOfficeAddin.OfficeAddin64" =========

Permanently delete the registry key HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\Addins\BabylonOfficeAddin.OfficeAddin64 (Yes/No)? The operation completed successfully.



========= End of Reg: =========


========= reg.exe delete "HKEY_CURRENT_USER\Software\Microsoft\Office\PowerPoint\Addins\BabylonOfficeAddin.OfficeAddin" =========

Permanently delete the registry key HKEY_CURRENT_USER\Software\Microsoft\Office\PowerPoint\Addins\BabylonOfficeAddin.OfficeAddin (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg.exe delete "HKEY_CURRENT_USER\Software\Microsoft\Office\Word\Addins\BabylonOfficeAddin.OfficeAddin" =========

Permanently delete the registry key HKEY_CURRENT_USER\Software\Microsoft\Office\Word\Addins\BabylonOfficeAddin.OfficeAddin (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg.exe delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\DDECache\Babylon" =========

Permanently delete the registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\DDECache\Babylon (Yes/No)? The operation completed successfully.



========= End of Reg: =========


========= reg.exe delete "HKEY_CURRENT_USER\Software\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}" =========

Permanently delete the registry key HKEY_CURRENT_USER\Software\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2} (Yes/No)? The operation completed successfully.



========= End of Reg: =========


========= reg.exe delete "HKEY_CURRENT_USER\Software\Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}" =========

Permanently delete the registry key HKEY_CURRENT_USER\Software\Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890} (Yes/No)? The operation completed successfully.



========= End of Reg: =========


========= reg.exe delete "HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}" =========

Permanently delete the registry key HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2} (Yes/No)? The operation completed successfully.



========= End of Reg: =========


========= reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\BabylonHelper.EXE" =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\BabylonHelper.EXE (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\BabylonIEPI.DLL" =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\BabylonIEPI.DLL (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}" =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3} (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}" =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48} (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BabyDict" =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BabyDict (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BabyGloss" =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BabyGloss (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho" =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho.1" =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho.1 (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin" =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin.1" =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin.1 (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin64" =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin64 (Yes/No)? The operation completed successfully.



========= End of Reg: =========


========= reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin64.1" =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin64.1 (Yes/No)? The operation completed successfully.



========= End of Reg: =========


========= reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BabyOptFile" =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BabyOptFile (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64B00DAC-870D-4E6A-8D34-3A6E3E427A30}" =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64B00DAC-870D-4E6A-8D34-3A6E3E427A30} (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{947217BD-E967-400A-B14A-BA851A8EDCBB}" =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{947217BD-E967-400A-B14A-BA851A8EDCBB} (Yes/No)? The operation completed successfully.



========= End of Reg: =========


========= reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B5E7C3E9-37BF-4b5c-8234-F5DC02111B23}" =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B5E7C3E9-37BF-4b5c-8234-F5DC02111B23} (Yes/No)? The operation completed successfully.



========= End of Reg: =========


========= reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}" =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020} (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A1489C85-4F6F-48C4-AC9E-18B63AF4703E}" =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A1489C85-4F6F-48C4-AC9E-18B63AF4703E} (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AD79BAD6-9504-4F09-ACEC-7B319584A4C1}" =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AD79BAD6-9504-4F09-ACEC-7B319584A4C1} (Yes/No)? The operation completed successfully.



========= End of Reg: =========


========= reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F310F027-15CB-4A7F-B10D-3A4AFB5013A5}" =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F310F027-15CB-4A7F-B10D-3A4AFB5013A5} (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6AC0BB10-C922-45e2-857D-2A368FE749E5}" =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6AC0BB10-C922-45e2-857D-2A368FE749E5} (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{947217BD-E967-400A-B14A-BA851A8EDCBB}" =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{947217BD-E967-400A-B14A-BA851A8EDCBB} (Yes/No)? The operation completed successfully.



========= End of Reg: =========


========= reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}" =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C430996F-4AA8-4AA8-81DE-F54432CD5786}" =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C430996F-4AA8-4AA8-81DE-F54432CD5786} (Yes/No)? The operation completed successfully.



========= End of Reg: =========


========= reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}" =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020} (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\BabylonHelper.EXE" =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\BabylonHelper.EXE (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\BabylonIEPI.DLL" =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\BabylonIEPI.DLL (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}" =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{6536801B-F50C-449B-9476-093DFD3789E3} (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}" =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48} (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


==== End of Fixlog ====
machiavelli2
Member+
 
Posts: 21
Joined: January 26th, 2014, 11:25 pm

Re: bootable device not found & google redirect

Unread postby machiavelli2 » February 1st, 2014, 4:45 pm

SystemLook.txt:
SystemLook 04.09.10 by jpshortstuff
Log created at 15:39 on 01/02/2014 by eransadot
Administrator - Elevation successful

========== filefind ==========

Searching for "*trolltech*"
No files found.

Searching for "*babylon*"
C:\AdwCleaner\Quarantine\C\Program Files\Babylon\Babylon-Pro\BabylonHelper64.exe.vir --a---- 129024 bytes [02:34 20/08/2013] [15:31 11/06/2013] 59941B0C9FEF8D0683B63C597341C154
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe.vir --a---- 3590224 bytes [02:34 20/08/2013] [01:47 17/07/2013] 1CB4D90DC6498787B0B6BE7A4AAA6571
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Babylon\Babylon-Pro\Data\Babylon.dat.vir --a---- 12821 bytes [02:19 20/08/2013] [10:21 20/06/2013] 025C3A3938170E94171C9B0145260546
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonChrome.crx.vir --a---- 104021 bytes [02:34 20/08/2013] [12:33 17/06/2013] AD7C78502E44D5B4B7F2F5159B2CC99F
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonDocTranslation64PI.dll.vir --a---- 194048 bytes [02:34 20/08/2013] [10:26 20/06/2013] C4C9DAB2D6C006E4652AFF6FA717D6F0
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonDocTranslationPI.dll.vir --a---- 164864 bytes [02:34 20/08/2013] [10:25 20/06/2013] 5A97B2C1AE51E70897D3C46AB843605E
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll.vir --a---- 302160 bytes [02:34 20/08/2013] [10:26 20/06/2013] 9F81ADC3DC1564A8253153085DCC7151
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonOffice64PI.dll.vir --a---- 454656 bytes [02:34 20/08/2013] [10:26 20/06/2013] 0AB51E7850E1BC61798C09DFC93F00C7
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonOfficePI.dll.vir --a---- 361472 bytes [02:34 20/08/2013] [10:25 20/06/2013] D4F1AF0BE576D0AD0F25632C8E35743B
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonRPI.api.vir --a---- 198144 bytes [02:34 20/08/2013] [10:25 20/06/2013] BEAC78099C05CDDC6E370C1B81FCEAE9
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Babylon\Babylon-Pro\Utils\ocr@babylon.com\chrome\skin\babylon.png.vir --a---- 2712 bytes [08:56 30/04/2013] [08:56 30/04/2013] 4A22F008B3235FB76D8F6D5715C0F1D7
C:\AdwCleaner\Quarantine\C\ProgramData\Babylon\Gloss\Babylon_English.bdc.vir --a---- 36761421 bytes [06:21 17/07/2013] [06:22 17/07/2013] 3A46ADB3D4651611B0AE9E1B28AB4471
C:\AdwCleaner\Quarantine\C\ProgramData\Babylon\Gloss\Babylon_English_Hebrew.bdc.vir --a---- 31874091 bytes [06:21 17/07/2013] [06:22 17/07/2013] 050B7EA4369505260A8B52DCBDC26A50
C:\AdwCleaner\Quarantine\C\ProgramData\Babylon\Gloss\Babylon_Hebrew_English.bdc.vir --a---- 14550620 bytes [06:21 17/07/2013] [06:21 17/07/2013] D5744A46C2E8D6164ECC2A6DCA82487D
C:\AdwCleaner\Quarantine\C\ProgramData\Babylon\Gloss\Babylon_Hebrew_Thesaurus.bdc.vir --a---- 16285469 bytes [06:21 17/07/2013] [06:21 17/07/2013] 83ED1041E7C788DCC564EE82276B8E21
C:\AdwCleaner\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\Babylon\Babylon.lnk.vir --a---- 1167 bytes [02:34 20/08/2013] [02:34 20/08/2013] 155104505791EE32B67C1040A216EC15
C:\AdwCleaner\Quarantine\C\Users\eransadot\AppData\Local\Babylon\Babylon_English.BGL.vir --a---- 7690671 bytes [06:21 17/07/2013] [06:21 17/07/2013] A7844A4EBFB3404B9A7647F7CE8C3C8F
C:\AdwCleaner\Quarantine\C\Users\eransadot\AppData\Local\Babylon\Babylon_English_Hebrew.BGL.vir --a---- 6782845 bytes [06:21 17/07/2013] [06:21 17/07/2013] 2AC99E44A96B789E3332E37D7C0686FE
C:\AdwCleaner\Quarantine\C\Users\eransadot\AppData\Local\Babylon\Babylon_English_Hebrew_sub.BGL.vir --a---- 5289 bytes [06:19 17/07/2013] [06:19 17/07/2013] 680A9163BE5BEE95BC2DC3384BCD262A
C:\AdwCleaner\Quarantine\C\Users\eransadot\AppData\Local\Babylon\Babylon_English_sub.BGL.vir --a---- 5856 bytes [06:19 17/07/2013] [06:19 17/07/2013] 78E821A20FCE30AD033838D11F2D859E
C:\AdwCleaner\Quarantine\C\Users\eransadot\AppData\Local\Babylon\Babylon_Hebrew_English.BGL.vir --a---- 3162310 bytes [06:21 17/07/2013] [06:21 17/07/2013] 57356ACF39F2355B1BDD4C3FCE56B451
C:\AdwCleaner\Quarantine\C\Users\eransadot\AppData\Local\Babylon\Babylon_Hebrew_English_sub.BGL.vir --a---- 1059 bytes [06:19 17/07/2013] [06:19 17/07/2013] 44079AA1E07DDB8B1D19E0A5E6318718
C:\AdwCleaner\Quarantine\C\Users\eransadot\AppData\Local\Babylon\Babylon_Hebrew_Thesaurus.BGL.vir --a---- 3906150 bytes [06:21 17/07/2013] [06:21 17/07/2013] F98E6E2C22C0C2C2F903A428CD070080
C:\AdwCleaner\Quarantine\C\Users\eransadot\AppData\Local\Babylon\Babylon_Hebrew_Thesaurus_sub.BGL.vir --a---- 1206 bytes [06:19 17/07/2013] [06:19 17/07/2013] 1EE4FC10DED905181988D2EB4DC7AD99
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\plug_ins\Babylon\BabylonRPI.api --a---- 198144 bytes [06:19 17/07/2013] [10:25 20/06/2013] BEAC78099C05CDDC6E370C1B81FCEAE9
C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\stahlregen + geiss + shifter - babylon.milk --a---- 26473 bytes [20:18 28/04/2009] [20:18 28/04/2009] FD56279AD850D3AA87454766302DACF1
C:\Users\eransadot\AppData\Local\CrashDumps\Babylon.exe.2372.dmp --a---- 1210147 bytes [23:15 18/08/2013] [23:15 18/08/2013] 53A17F8EA54E7A0CEA96737089AF383A
C:\Users\eransadot\AppData\Local\CrashDumps\Babylon.exe.5004.dmp --a---- 1207075 bytes [21:08 19/08/2013] [21:08 19/08/2013] 4C7E0CAB8958E89176AF052FEA8BFB09
C:\Users\eransadot\AppData\Local\CrashDumps\Babylon.exe.5444.dmp --a---- 1210147 bytes [02:14 20/08/2013] [02:14 20/08/2013] 5FCA82FEEB569A0AAC4F1B2FA98E1F39
C:\Users\eransadot\AppData\Local\CrashDumps\Babylon.exe.8484.dmp --a---- 1210147 bytes [23:45 18/08/2013] [23:45 18/08/2013] E93E49BA1B4F854436C82D88AC6235EB
C:\Users\eransadot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Babylon.lnk --a---- 1173 bytes [06:19 17/07/2013] [02:34 20/08/2013] 06B24867AEBA26AADA3B6E0A5E5A55E9

========== folderfind ==========

Searching for "*trolltech*"
No folders found.

Searching for "*babylon*"
C:\AdwCleaner\Quarantine\C\Program Files\Babylon d------ [20:31 01/02/2014]
C:\AdwCleaner\Quarantine\C\Program Files\Babylon\Babylon-Pro d------ [20:31 01/02/2014]
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Babylon d------ [20:31 01/02/2014]
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Babylon\Babylon-Pro d------ [20:31 01/02/2014]
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Babylon\Babylon-Pro\Utils\ocr@babylon.com d------ [20:31 01/02/2014]
C:\AdwCleaner\Quarantine\C\ProgramData\Babylon d------ [20:31 01/02/2014]
C:\AdwCleaner\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\Babylon d------ [20:31 01/02/2014]
C:\AdwCleaner\Quarantine\C\Users\eransadot\AppData\Local\Babylon d------ [20:31 01/02/2014]
C:\AdwCleaner\Quarantine\C\Users\eransadot\AppData\Roaming\Babylon d------ [20:31 01/02/2014]
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\plug_ins\Babylon d------ [06:19 17/07/2013]

========== Regfind ==========

Searching for "trolltech"
No data found.

Searching for "babylon"
[HKEY_CURRENT_USER\Software\Microsoft\Office\PowerPoint\Addins\BabylonOfficeAddin.OfficeAddin64]
[HKEY_CURRENT_USER\Software\Microsoft\Office\PowerPoint\Addins\BabylonOfficeAddin.OfficeAddin64]
"FriendlyName"="Babylon Translator Addin"
[HKEY_CURRENT_USER\Software\Microsoft\Office\PowerPoint\Addins\BabylonOfficeAddin.OfficeAddin64]
"Description"="Babylon Translator Office Addin"
[HKEY_CURRENT_USER\Software\Microsoft\Office\Word\Addins\BabylonOfficeAddin.OfficeAddin64]
[HKEY_CURRENT_USER\Software\Microsoft\Office\Word\Addins\BabylonOfficeAddin.OfficeAddin64]
"FriendlyName"="Babylon Translator Addin"
[HKEY_CURRENT_USER\Software\Microsoft\Office\Word\Addins\BabylonOfficeAddin.OfficeAddin64]
"Description"="Babylon Translator Office Addin"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bof\OpenWithList]
"a"="Babylon.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{947217BD-E967-400A-B14A-BA851A8EDCBB}"="Babylon Translation Menu Extension"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
"C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\uninstbb.exe"="VISTARTM"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MsiCorruptedFileRecovery\CorruptedFiles\C:/Program Files (x86)/Babylon/Babylon-Pro/Babylon.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{947217BD-E967-400A-B14A-BA851A8EDCBB}"="Babylon Translation Menu Extension"
[HKEY_USERS\S-1-5-21-1034326956-1357763203-238898109-1001\Software\Microsoft\Office\PowerPoint\Addins\BabylonOfficeAddin.OfficeAddin64]
[HKEY_USERS\S-1-5-21-1034326956-1357763203-238898109-1001\Software\Microsoft\Office\PowerPoint\Addins\BabylonOfficeAddin.OfficeAddin64]
"FriendlyName"="Babylon Translator Addin"
[HKEY_USERS\S-1-5-21-1034326956-1357763203-238898109-1001\Software\Microsoft\Office\PowerPoint\Addins\BabylonOfficeAddin.OfficeAddin64]
"Description"="Babylon Translator Office Addin"
[HKEY_USERS\S-1-5-21-1034326956-1357763203-238898109-1001\Software\Microsoft\Office\Word\Addins\BabylonOfficeAddin.OfficeAddin64]
[HKEY_USERS\S-1-5-21-1034326956-1357763203-238898109-1001\Software\Microsoft\Office\Word\Addins\BabylonOfficeAddin.OfficeAddin64]
"FriendlyName"="Babylon Translator Addin"
[HKEY_USERS\S-1-5-21-1034326956-1357763203-238898109-1001\Software\Microsoft\Office\Word\Addins\BabylonOfficeAddin.OfficeAddin64]
"Description"="Babylon Translator Office Addin"
[HKEY_USERS\S-1-5-21-1034326956-1357763203-238898109-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bof\OpenWithList]
"a"="Babylon.exe"

-= EOF =-
machiavelli2
Member+
 
Posts: 21
Joined: January 26th, 2014, 11:25 pm

Re: bootable device not found & google redirect

Unread postby Gary R » February 1st, 2014, 6:11 pm

Still a few items to deal with ....

  • Click Start
  • Type notepad.exe in the search programs and files box and clcik Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad. (don't include Code: Select all)
Code: Select all
C:\Users\eransadot\AppData\Local\CrashDumps\Babylon.exe.2372.dmp
C:\Users\eransadot\AppData\Local\CrashDumps\Babylon.exe.5004.dmp
C:\Users\eransadot\AppData\Local\CrashDumps\Babylon.exe.5444.dmp 
C:\Users\eransadot\AppData\Local\CrashDumps\Babylon.exe.8484.dmp
C:\Users\eransadot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Babylon.lnk
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\plug_ins\Babylon
Reg: reg.exe delete "HKEY_CURRENT_USER\Software\Microsoft\Office\PowerPoint\Addins\BabylonOfficeAddin.OfficeAddin64"
Reg: reg.exe delete "HKEY_CURRENT_USER\Software\Microsoft\Office\Word\Addins\BabylonOfficeAddin.OfficeAddin64"
Reg: reg.exe delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bof\OpenWithList /v a"
Reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}"
Reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}"
Reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}"
Reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved /v {947217BD-E967-400A-B14A-BA851A8EDCBB}"
Reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers v "C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\uninstbb.exe""
Reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MsiCorruptedFileRecovery\CorruptedFiles\C:/Program Files (x86)/Babylon/Babylon-Pro/Babylon.exe"
Reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}"
Reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}"
Reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}"
Reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved /v {947217BD-E967-400A-B14A-BA851A8EDCBB}"
Reg: reg.exe delete "HKEY_USERS\S-1-5-21-1034326956-1357763203-238898109-1001\Software\Microsoft\Office\PowerPoint\Addins\BabylonOfficeAddin.OfficeAddin64"
Reg: reg.exe delete "HKEY_USERS\S-1-5-21-1034326956-1357763203-238898109-1001\Software\Microsoft\Office\Word\Addins\BabylonOfficeAddin.OfficeAddin64"
Reg: reg.exe delete "HKEY_USERS\S-1-5-21-1034326956-1357763203-238898109-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bof\OpenWithList /v a"

    • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe.

Next ...

Please run a scan with ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go HERE then click on Run ESET Online Scanner
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed click on Start to start the scan.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed you will be presented with a list of found threats ....
    • Click on the List of found threats link
    • Click on Export to text file
    • Save as ESET.txt to your Desktop
  • Exit out of ESET Online Scanner.
  • Post me the contents of ESET.txt please.

Summary of the logs I need from you in your next post:
  • fixlog.txt
  • eset.txt
  • Let me know how your computer is behaving now please.


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21870
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: bootable device not found & google redirect

Unread postby machiavelli2 » February 1st, 2014, 7:07 pm

fixlog.txt:


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-02-2014 04
Ran by eransadot at 2014-02-01 18:06:48 Run:2
Running from C:\Users\eransadot\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Users\eransadot\AppData\Local\CrashDumps\Babylon.exe.2372.dmp
C:\Users\eransadot\AppData\Local\CrashDumps\Babylon.exe.5004.dmp
C:\Users\eransadot\AppData\Local\CrashDumps\Babylon.exe.5444.dmp
C:\Users\eransadot\AppData\Local\CrashDumps\Babylon.exe.8484.dmp
C:\Users\eransadot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Babylon.lnk
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\plug_ins\Babylon
Reg: reg.exe delete "HKEY_CURRENT_USER\Software\Microsoft\Office\PowerPoint\Addins\BabylonOfficeAddin.OfficeAddin64"
Reg: reg.exe delete "HKEY_CURRENT_USER\Software\Microsoft\Office\Word\Addins\BabylonOfficeAddin.OfficeAddin64"
Reg: reg.exe delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bof\OpenWithList /v a"
Reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}"
Reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}"
Reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}"
Reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved /v {947217BD-E967-400A-B14A-BA851A8EDCBB}"
Reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers v "C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\uninstbb.exe""
Reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MsiCorruptedFileRecovery\CorruptedFiles\C:/Program Files (x86)/Babylon/Babylon-Pro/Babylon.exe"
Reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}"
Reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}"
Reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}"
Reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved /v {947217BD-E967-400A-B14A-BA851A8EDCBB}"
Reg: reg.exe delete "HKEY_USERS\S-1-5-21-1034326956-1357763203-238898109-1001\Software\Microsoft\Office\PowerPoint\Addins\BabylonOfficeAddin.OfficeAddin64"
Reg: reg.exe delete "HKEY_USERS\S-1-5-21-1034326956-1357763203-238898109-1001\Software\Microsoft\Office\Word\Addins\BabylonOfficeAddin.OfficeAddin64"
Reg: reg.exe delete "HKEY_USERS\S-1-5-21-1034326956-1357763203-238898109-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bof\OpenWithList /v a"
*****************

C:\Users\eransadot\AppData\Local\CrashDumps\Babylon.exe.2372.dmp => Moved successfully.
C:\Users\eransadot\AppData\Local\CrashDumps\Babylon.exe.5004.dmp => Moved successfully.
C:\Users\eransadot\AppData\Local\CrashDumps\Babylon.exe.5444.dmp => Moved successfully.
C:\Users\eransadot\AppData\Local\CrashDumps\Babylon.exe.8484.dmp => Moved successfully.
C:\Users\eransadot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Babylon.lnk => Moved successfully.
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\plug_ins\Babylon => Moved successfully.

========= reg.exe delete "HKEY_CURRENT_USER\Software\Microsoft\Office\PowerPoint\Addins\BabylonOfficeAddin.OfficeAddin64" =========

Permanently delete the registry key HKEY_CURRENT_USER\Software\Microsoft\Office\PowerPoint\Addins\BabylonOfficeAddin.OfficeAddin64 (Yes/No)? The operation completed successfully.



========= End of Reg: =========


========= reg.exe delete "HKEY_CURRENT_USER\Software\Microsoft\Office\Word\Addins\BabylonOfficeAddin.OfficeAddin64" =========

Permanently delete the registry key HKEY_CURRENT_USER\Software\Microsoft\Office\Word\Addins\BabylonOfficeAddin.OfficeAddin64 (Yes/No)? The operation completed successfully.



========= End of Reg: =========


========= reg.exe delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bof\OpenWithList /v a" =========

Permanently delete the registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bof\OpenWithList /v a (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}" =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B} (Yes/No)? The operation completed successfully.



========= End of Reg: =========


========= reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}" =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} (Yes/No)? The operation completed successfully.



========= End of Reg: =========


========= reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}" =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC} (Yes/No)? The operation completed successfully.



========= End of Reg: =========


========= reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved /v {947217BD-E967-400A-B14A-BA851A8EDCBB}" =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved /v {947217BD-E967-400A-B14A-BA851A8EDCBB} (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers v "C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\uninstbb.exe"" =========

ERROR: Invalid syntax.
Type "REG DELETE /?" for usage.


========= End of Reg: =========


========= reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MsiCorruptedFileRecovery\CorruptedFiles\C:/Program Files (x86)/Babylon/Babylon-Pro/Babylon.exe" =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MsiCorruptedFileRecovery\CorruptedFiles\C:/Program Files (x86)/Babylon/Babylon-Pro/Babylon.exe (Yes/No)? The operation completed successfully.



========= End of Reg: =========


========= reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}" =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B} (Yes/No)? The operation completed successfully.



========= End of Reg: =========


========= reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}" =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} (Yes/No)? The operation completed successfully.



========= End of Reg: =========


========= reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}" =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC} (Yes/No)? The operation completed successfully.



========= End of Reg: =========


========= reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved /v {947217BD-E967-400A-B14A-BA851A8EDCBB}" =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved /v {947217BD-E967-400A-B14A-BA851A8EDCBB} (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg.exe delete "HKEY_USERS\S-1-5-21-1034326956-1357763203-238898109-1001\Software\Microsoft\Office\PowerPoint\Addins\BabylonOfficeAddin.OfficeAddin64" =========

Permanently delete the registry key HKEY_USERS\S-1-5-21-1034326956-1357763203-238898109-1001\Software\Microsoft\Office\PowerPoint\Addins\BabylonOfficeAddin.OfficeAddin64 (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg.exe delete "HKEY_USERS\S-1-5-21-1034326956-1357763203-238898109-1001\Software\Microsoft\Office\Word\Addins\BabylonOfficeAddin.OfficeAddin64" =========

Permanently delete the registry key HKEY_USERS\S-1-5-21-1034326956-1357763203-238898109-1001\Software\Microsoft\Office\Word\Addins\BabylonOfficeAddin.OfficeAddin64 (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg.exe delete "HKEY_USERS\S-1-5-21-1034326956-1357763203-238898109-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bof\OpenWithList /v a" =========

Permanently delete the registry key HKEY_USERS\S-1-5-21-1034326956-1357763203-238898109-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bof\OpenWithList /v a (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


==== End of Fixlog ====
machiavelli2
Member+
 
Posts: 21
Joined: January 26th, 2014, 11:25 pm

Re: bootable device not found & google redirect

Unread postby machiavelli2 » February 1st, 2014, 7:38 pm

my computer crashed during the ESET scan and gave me "no bootable device found" ...but this time it easly restarted
I'll re-scan and update you
sorry for the delay,
thank you for your professionality
machiavelli2
Member+
 
Posts: 21
Joined: January 26th, 2014, 11:25 pm

Re: bootable device not found & google redirect

Unread postby machiavelli2 » February 1st, 2014, 7:53 pm

my computer crashed again during the ESET scan and gave the same massage
so far it found 3 threats: 2 related to babylon and the 3rd I don't remember
I'll try again later and update you
thank you
M
machiavelli2
Member+
 
Posts: 21
Joined: January 26th, 2014, 11:25 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 28 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware